This is an excerpt from our discussion with Andela’s Senior Software Engineer, Anu Onifade on Twitter. In January, our theme for the month is ‘Cyber Security’ for startups.
What is Cybersecurity?
Cyber security is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. It’s also known electronic information security.
Why is it important today?
The damage caused by cybercrime is estimated to hit $6 trillion by the year 2021. This has led to a forecast that there will be an estimated increase in spending by companies for cyber security between the periods of 2017 and 2021 to $1 trillion.
What are the top Cyberthreats today?
1. Malwares: Malware means malicious software. One of the most common cyber threats, malware is software that a cybercriminal or hacker has created to disrupt or damage a legitimate user’s computer.
There are different kinds or malware out there. Examples are Virus, Trojans, Spyware, Ransomware, Adware, Botnets etc. They all have different ways they operate and are meant for different purposes. Botnets if on your device perform task online without your permission
2. Phishing: Phishing is when cybercriminals target victims with emails or websites that appear to be from a legitimate company asking for sensitive information. Phishing attacks are often used to dupe people into handing over sensitive data and other personal information.
3. Man-in-the-middle attack: Is a type of cyber threat where a cybercriminal intercepts communication between two individuals in order to steal data. For example, on an unsecure WiFi network, an attacker could intercept data being passed from the victim’s device and the network.
5. Denial-of-service attack: Is where cybercriminals prevent a computer system from fulfilling legitimate requests by overwhelming the networks and servers with traffic. This renders the system unusable, preventing an organisation from carrying out vital functions.
6. Social Engineering: Social engineering is the art of manipulating people so they give up confidential information. The types of information these criminals are seeking can vary, but when individuals are targeted the criminals are usually trying to trick you into giving them your passwords or bank information, or access your computer to secretly install malicious software–that will give them access to your passwords and bank information as well as giving them control over your computer.
Criminals use social engineering tactics because it is usually easier to exploit your natural inclination to trust than it is to discover ways to hack your software.
For example, it is much easier to fool someone into giving you their password than it is for you to try hacking their password (unless the password is really weak).
How do you stay safe?
1. Update your software and operating system: This means you benefit from the latest security patches.
2. Use anti-virus software: Security solutions will detect and remove threats. Keep your software updated for the best level of protection.
3. Use strong passwords: Ensure your passwords are not easily guessable.
4. Do not open email attachments from unknown senders: These could be infected with malware.
5. Do not click on links in emails from unknown senders or unfamiliar websites:This is a common way that malware is spread.
6. Avoid using unsecure WiFi networks in public places: Unsecure networks leave you vulnerable to man-in-the-middle attacks. So looking at all these threats and possible spending in the area of Cybersecurity, I believe the question is how you can take advantage of this. If you intend to take the route of Entrepreneurship, consultancy or career, you have many opportunities in the area of Cybersecurity and the good thing is that it is a growing area and so this is the best time to be part of it. Let’s identity some of the opportunities.
Career Paths In CyberSecurity
1. Security Auditing: Companies especially financial institutions and companies that manages sensitive data are pay millions of dollars to consult security auditors.
An IT security auditor helps clients test the effectiveness of systems and their security components. It is the information gotten from here that he reports to his client enabling the client knows the next step to take.
2. Application penetration Tester: An application penetration tester is also known as an ethical hacker especially as you are paid to probe for, as well as exploit security vulnerabilities in the client’s applications, which could be web-based or mobile or even both.
3. Data Architects: Play very important role, as they create blueprints that can be used for data management systems. They usually assess a company’s potential data source – both internal and external as well as design a plan that would integrate, protect, centralize and maintain it.
Other paths include, Incident Responder, Exploit Developer, Malware Analyst, Information Security Analyst, Cyber Security Specialist, Security architect, Disaster Recovery Consultant, Vulnerability Researcher etc.
All these and many more are areas you can either build a career or start a business in cybersecurity