Cybersecurity refers to actions adopted to protect individuals, systems, and devices against malicious cyberattacks. It is a branch of information security.
Cybersecurity practices safeguard individuals and organizations from cyberattacks, which take advantage of digital vulnerabilities to invade systems to steal and alter data or files.
Just like other aspects of security, one of the main agents of cybersecurity is the user, who must be aware of the risks involved and avoid behaviors that could expose vulnerabilities to be exploited.
In terms of professional career, it is an opportunity for those who want to become an expert in cyberattack prevention mechanisms.
The role of a cybersecurity analyst has grown over time as technology and devices have constantly and significantly evolved.
This article explains what cybersecurity is and how to become an expert in this field, covering the following topics:
- What cybersecurity is
- Cybersecurity x Information security
- Importance of cybersecurity
- Main cybersecurity threats
- Main cybersecurity methods
- How to become a cybersecurity analyst
- Responsibilities of a cybersecurity analyst
- Books, movies, and TV shows about cybersecurity
Enjoy the article!
What cybersecurity is
The purpose of cybersecurity is to prevent cyberattacks.
Cybersecurity, like digital security, is a branch of information security.
Cybersecurity involves practices to prevent malicious attacks that take advantage of system flaws to invade devices and networks and steal or alter data or files, making them unavailable.
According to a survey conducted by DFNDR, Brazil is the second nation most affected by global cyberattacks, with more than 120 million incidents reported in 2018.
Cybersecurity x Information security
As mentioned above, cybersecurity is a branch of information security. Therefore, information security involves broader and more comprehensive practices.
- Cybersecurity: involves prevention and protection of the cyberspace, that is, when a user is connected to the internet or when a network connects computers or other devices.
- Information security: involves prevention and protection against all types of physical or digital risks, controlling people’s access to locations, file access permissions, among other things.
Importance of cybersecurity
Cybersecurity refers to a set of actions to prevent cyberattacks to devices and networks. It supports information security (which has a more strategic plan) deploying technical mechanisms to mitigate failures.
With the emergence of IoT devices and the constant evolution of technological devices used in people’s everyday lives, cybersecurity is essential for companies to ensure data confidentiality, integrity and availability.
But we should remember that cybersecurity has an important role not only in organizations, but also in personal life.
Educating people about the precautions required to prevent cyberattacks can protect adults and children from dangerous and frightening situations.
Main cybersecurity threats
Cybersecurity prevents cyberattacks. The most common types of cyberattacks are:
A virus is a computer program or software (malware) that, when executed, can infect all computers connected to a network. It can steal data, corrupt files and send spams to email contacts (extending the attack), or even control the computer remotely.
Worms are an older type of cyberattack. They are sent as email attachments. Unlike a virus, it doesn’t require any user action (besides opening the email).
Have you ever accessed a suspicious website and had many ads popped up on your screen? Or, before starting that pirated movie, a screen is displayed asking you to install a program to reproduce the movie?
Watch out! This is a cyberattack called adware, that is, a malware “disguises itself” as an advertisement to attract your attention. After you click it, it starts a malicious action.
Ransomware is data hijacking software. When executed, it invades the system, steals data, and asks for money (in a cryptocurrency) as a ransom.
Main cybersecurity methods
To prevent cyberattacks, a cybersecurity analyst must adopt precautions and measures, which may be described in a security policy adopted by the company. This policy should be shared with all employees.
This way, the employees can understand their responsibilities and duties while using systems and technologies and minimize damages.
Some of the main cybersecurity methods commonly adopted are:
This solution is largely known. Devices must have an installed antivirus application to detect an invasion attempt.
However, an antivirus product doesn’t act alone all the time. A good asset management system shall be in place, so that IT and cybersecurity managers can properly update and maintain equipment and programs.
This precaution significantly minimizes vulnerabilities and, therefore, reduces the possibilities of attack.
Encryption is a system that converts data into codes to prevent the access of unauthorized people or programs.
It is a method to protect data storage and transactions between the users of an organization. A digital signature, for example, uses encryption to ensure its integrity.
With the growing number of smart devices, a company needs to foresee in its security policy methods to ensure control over such devices.
For companies that use IoT devices, the cybersecurity analyst must be aware of tests and other attack prevention methods.
VPN is a type of external connection to the network, acting as a ‘tunnel’ to ensure a safe access to users when they access confidential information and documents.
The company must have a rigorous backup process of its files and documents to ensure data availability in case of failure and threat.
An alternative to backup is to have specific servers that store exact copies of all folders and applications from all computers.
External hard drives (HDs) can also be used for file storage, although this option has some limitations. Finally, for some years now, cloud storage has been used for backup purposes. It has become widely used and a good option due to its recognized security.
How to become a cybersecurity analyst
Cybersecurity analyst is a role that is highly regarded by companies. Online training and college courses are available to people who want to become a cybersecurity analyst.
We provide below some interesting information about this role (training, certification, assignments), so perhaps you can find an opportunity in the cybersecurity market.
There are courses of all types and levels for those who want to learn more about cybersecurity. We list some of them below:
- Udemy: short online courses;
- Educa+Brasil: degree of cybersecurity technologist; this is a 3-year course, on average, for students with a degree in courses related to information technology. The schools also offer graduate courses in cybersecurity;
- Inmetro – Instituto Nacional de Metrologia, Qualidade e Tecnologia: The National Institute of Metrology, Quality and Technology, of the Federal Government, offers a technical cybersecurity course for students attending or who have finished high school;
- Escola Superior de Redes: this course has both in-person classes and online sessions for any question the students may have; it is an 80-hour program;
- Unifor: the Universidade Federal de Fortaleza offers an MBA degree in cybersecurity for students with a degree in Computer Science or related fields;
- Fiap: it is an online 2-year course called Cyber Defense and offers a technologist degree.
There is no specific certification for the cybersecurity professionals, but some certifications are sought by professionals who want more relevant roles. However, some of them require minimum experience.
See the most common certifications in information security and related roles:
- CEH: Certified Ethical Hacker
- ECSA: EC-Council Certified Security Analyst
- GSEC / GCIH / GCIA: GIAC Security Certifications
- CISSP: Certified Information Systems Security Professional
Responsibilities of a cybersecurity analyst
The main role of a cybersecurity analyst is to ensure the prevention of threats. It includes running several tests and developing applications to protect the company’s systems.
The assignments of a cybersecurity analyst include the following:
- Plan and implement security parameters;
- Develop a security policy to prevent unauthorized access;
- Create contingency plans in case of a system invasion;
- Continuously monitor systems and files to ensure data security;
- Run tests to detect digital vulnerabilities;
- Conduct audits to confirm the applicability of existing security policies;
- Manage the network for early detection of potential intrusion;
- Recommend and implement risk management systems;
- Organize a safe environment for exchange with suppliers;
- Train company’s employees to ensure they will use proper procedures to prevent cyberattacks.
Books, movies, and TV shows about cybersecurity
Want to expand your cybersecurity studies? See below some books and movies/TV shows that address this topic and show the reality of professionals who work in this area.
The books below are not exclusively about cybersecurity, some are about information security in general, but are good sources anyway.
- Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon, by Kim Zetter: the book is about a malware called Stuxnet, which went beyond the digital environment and caused physical destruction of equipment;
- Certificação Security+: Da prática para o exame SY0-401, by Yuri Diógenes & Daniel Mauser: this bestseller covers topics such as network security; compliance; operational security; threats and vulnerabilities; application, data and host security; access control and identity management; and encryption;
- Certificação de Analista em Segurança Cibernética CSA+ Preparatório para o Exame COMPTIA Cs0-001, by Yuri Diógenes: despite being a preparation for the exam, the book is also a good source for those who want to expand their cybersecurity knowledge;
- Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime, by Kevin Poulsen, a former hacker. He is now a journalist recognized by his cyber world investigations;
- Crimes Cibernéticos – Ameaças e procedimentos de investigação, by Emerson Wendt & Higor Vinicius Nogueira Jorge: the book presents the steps of electronic crime investigation. With simple language, it provides clear information to people who don’t have knowledge in this field.
Movies and TV shows
Cybersecurity has also been a hot topic in the film industry. With TV shows and movies produced in different countries, and with the current popularity of Netflix, it’s a good way to warn people of the dangers affecting ordinary computer users.
- Black Mirror: each episode is a science fiction story that shows the dark side of technology, the extent to which we are observed and controlled.
- Cam: a young model earns money with private shows over the internet. One day, she finds herself replaced by a clone and doesn’t know if it is the result of a hacker action or a virus;
- Citizenfour: this documentary shows journalist Glenn Greenwald visiting Edward Snowden. The file disclosure shows a global surveillance scheme set up by US security agencies;
- Swordfish: John Travolta is the leader of an anti-terrorist organization that seeks revenge against the American government after his operation was put aside. To get even, he hires a famous hacker.
Now you understand that cybersecurity must be a priority in the company, as it ensures strategic information will not be lost.
The team can count on specialized professionals – cybersecurity analysts – to implement actions and run tests that prevent attacks.