What is cybersecurity?

Cybersecurity protects digital systems and data against unauthorized access, damage, or theft. This practice uses multifaceted digital defenses, including firewalls, encryption protocols, and intrusion detection systems, similar to a physical bank's use of vaults, guards, and surveillance. Cybersecurity analysts are critical in the effort to ensure the ongoing integrity and protection of valuable digital assets.

Cybersecurity is critically important for individuals, governments, and businesses alike, as cyberattacks can profoundly disrupt operations, cause significant financial loss, and inflict lasting reputational damage. It's a common misconception that only large, well-known organizations are at risk, but in reality, every business, person, or object connected to the internet is a potential target.

Cybercriminals are constantly scanning the digital landscape looking for two types of targets:

• A target of intent is specifically singled out due to its high profile or valuable data.
• A target of opportunity is defined by an unpatched system or unprotected network.

Regardless of size or fame, the digital risks are real for everyone. For example, consider the "WannaCry" cyberattack in 2017. This was a widespread assault involving ransomware, a type of malicious software (malware) that makes a system’s data or files inaccessible until a payment (ransom) is paid.

WannaCry rapidly infected hundreds of thousands of computer systems across more than 150 countries and notably brought down parts of the U.K.'s National Health Service (NHS). Organizations hit by WannaCry faced a difficult choice: pay the criminals, attempt a difficult data recovery process, or wipe their systems. This single event reportedly led to billions of dollars in losses and severely disrupted essential health services, showing just how thoroughly such a cyberattack can cripple business operations.

Beyond direct attacks on an organization, the interconnected nature of modern business means that a breach in one company can ripple through its entire network of customers and partners, impacting even seemingly unrelated entities in a phenomenon referred to as a “supply chain attack.” This aspect highlights the expanded attack surface and the shared responsibility in today's digital ecosystem.

As you see, cybersecurity professionals are essential for organizations that want to ensure continuous operation and client confidence in the face of evolving cyber threats.

Cybersecurity is an indispensable field, valued across all industries, and for many, a dynamic and rewarding career path. Some of the most common attacks a professional would prevent, encounter and defend against include:

• Phishing: Deceptive emails or messages sent by cybercriminals attempting to trick you into revealing sensitive information, such as passwords, banking details, or personal data.

• Malware: A broad term for malicious software or code designed to damage, disrupt, or gain unauthorized access to computer systems.

• Ransomware: A specific and highly disruptive type of malware that works by locking a computer's files, making them completely inaccessible until a ransom payment is made.

• Social engineering: Psychological manipulation techniques used to trick people into revealing confidential information or performing actions that compromise security.

• Data breaches: Security incidents when sensitive or confidential information is accessed, stolen, or exposed by unauthorized individuals.

• Denial-of-service (DOS) attacks: Cyberattacks designed to overwhelm a system, network, or website with excessive traffic, making it unavailable to legitimate users.

While the threat landscape is complex, adopting fundamental cybersecurity practices can significantly reduce your risk and help prevent many of these attacks. Fundamental practices include:

• Keep your software and operating systems updated regularly.

• Use strong, unique passwords for all accounts, and use a secure digital password manager.

• Enable multi-factor authentication (MFA) wherever possible for an extra layer of security.

• Exercise caution with suspicious emails, messages, and links.

• Perform regular data backups to an external drive or cloud service, so you can restore your information if it's lost or locked by ransomware.

• Use reputable antivirus or anti-malware software and keep it updated to detect and remove malicious programs.

As you've learned, cyber threats can emerge from many directions. Effectively protecting an organization means defending across multiple fronts simultaneously. That's why many cybersecurity professionals specialize in specific domains, much like doctors specialize in disciplines such as cardiology or pediatrics. Here are some of the key domains within cybersecurity:

Security and risk management

Professionals in this domain lay the groundwork for an organization's defenses. They create robust security policies, develop strategies to reduce potential risks, and ensure the organization complies with relevant regulations.

Asset security

Asset security specialists focus on protecting an organization's valuable resources. Their expertise covers tracking assets like customer data, computer servers, or software applications throughout the product lifecycle. They focus on implementing appropriate protection methods, and ensuring secure disposal when assets reach end-of-life. Asset security specialists constantly evaluate which assets require the highest levels of protection based on their value and sensitivity.

Security architecture and engineering

Experts in this domain design the fundamental systems that keep data safe. A core principle is the layering of defenses, meaning multiple protective measures work together so that if one safeguard fails, others remain in place. For example, an organization might require that all employees install multi-factor authentication (MFA), and they may also have a network firewall to prohibit logins from unusual locations.

Communication and network security

As data flows across networks, specialists in communication and network security ensure it remains protected at every step. They monitor traffic patterns, establish secure channels for information exchange, and manage security across physical network infrastructure, wireless communications, and cloud environments. Their expertise is crucial for bridging the complex boundaries of today's hybrid workforces.

Identity and access management

Professionals in identity and access management control who can access which resources within an organization. They implement authentication systems, manage user credentials, and enforce the principle of "least privilege," ensuring individuals only have access to the resources absolutely necessary for their role.

Security assessment and testing

Cybersecurity professionals in this domain proactively hunt for weaknesses in systems before attackers can exploit them. They achieve this through methods like penetration testing, vulnerability scanning, and security audits, continuously evaluating defenses and recommending improvements.

Security operations

Security operations professionals are on the front lines, leading responses when security incidents occur. Their daily responsibilities include monitoring security tools, investigating alerts, coordinating incident response, and implementing recovery procedures to get systems back online.

Cybersecurity professionals face complex threats. To simplify defense, they use security frameworks to understand what to protect and how to protect it. There are many security frameworks out there, each one outlining core concepts and strategies for implementing, maintaining, and improving cybersecurity. The specific tools and techniques used are called “controls.”

The National Institute of Standards and Technology (NIST) is a U.S. government agency that provides standards, guidelines, and best practices to help organizations strengthen their security posture. They also developed one of the more widely-used frameworks, known as the NIST Cybersecurity Framework (CSF). This framework outlines five core functions:

• Govern: Governance is key to establishing policies, procedures, and processes that manage cybersecurity risks. This function includes defining roles and responsibilities, allocating resources, and ensuring compliance with regulatory requirements.

• Identify: Identification is the process of determining which assets are most important to protect, such as customer information, financial records, or network infrastructure like company servers. It also involves identifying key threats to those assets, such as cyberattack vectors or physical vulnerabilities.

• Protect: Protection requires implementing safeguards that help secure identified assets from risks. In this stage, the controls might be installing firewalls and antivirus software, training employees on cybersecurity best practices, or putting your servers behind locked doors with CCTV monitoring.

• Detect: Detection promotes a vigilant security posture capable of detecting security incidents as they unfold. The specific controls could be things like monitoring network traffic, analyzing security logs, and setting up alerts for potential security breaches.

• Respond: Response outlines actions to take to contain and mitigate the impact of a security incident. This includes the tools and techniques needed to isolate infected systems, remove malware, and notify affected parties.

• Recover: Recovery focuses on restoring systems to normal working order. This includes specific actions like restoring systems from backups, analyzing the security incident for insight into your own defenses, and making adjustments to be better prepared for the future.

Successful cybersecurity professionals blend highly-specific technical knowledge with strong non-technical skills to collaborate effectively with other members of their organization.

Technical skills

Technical cybersecurity work requires mastery over a few specialized areas. Effective security professionals need to know how to monitor systems to track potential threats, develop programming knowledge for automation, and be aware of system fundamentals to identify vulnerabilities. A technical foundation for cybersecurity typically includes:

• Security information and event management (SIEM) tools: These tools help collect, analyze, and manage security data to detect and respond to potential threats in real time.

• Programming languages like Structured Query Language (SQL) and Python: Programming knowledge enables analysts to automate tasks, query databases, and develop custom security solutions.

• Networking fundamentals: Understanding how networks operate allows professionals to identify vulnerabilities and implement effective security measures.

• Linux: Many servers and security tools run on Linux, so familiarity with this operating system is often critical for managing and securing systems.

• General awareness of the threat landscape: Staying informed about emerging threats helps professionals anticipate risks and adapt their defenses accordingly.

Transferable skills

Beyond technical expertise, effective security professionals also need well-developed soft skills. For example, clear communication helps translate complex concepts for both technical and non-technical audiences. Other soft skills for a cybersecurity role include:

• Problem-solving: The ability to think critically and creatively is key for addressing unexpected challenges and mitigating security incidents.

• Collaboration: Working effectively with team members across departments helps align security measures with organizational goals.

• Analysis: Strong analytical skills are necessary for interpreting data, identifying patterns, and making informed decisions to improve security strategies.

Cybersecurity is a complex, exciting field. As technology continues to advance, from artificial intelligence to quantum computing to blockchain, so do the tools and techniques used by both attackers and defenders. You’ve just learned how cybersecurity professionals defend against cyber threats. If you’re interested in going deeper into the subject, the Grow with Google Cybersecurity Certificate offers hands-on, in-depth training into the core concepts and skills needed to launch your cybersecurity career.