Cybersecurity is rapidly growing because of emerging technology that is producing an ever-changing threat-scape. There is a reason for the rapid growth of technology, and it's outside of the next cool Clubhouse or Tinder app or that new self-driving car that picks up self-drinking slushies. It lies within history.
As you may have heard in history class, history educates us about our future. This is true even within cybersecurity. The world leaders are driven by one thing, what is that? Power! How has power historically been obtained? Typically, and sometimes the most prevalent example is war. As cyber has emerged, so has a new type of warfare called cyberwar, which is ongoing.
The battlespace and the soldiers have changed. As technology emerges and grows, so have the world powers seated at the executive table. China in 2019 was the first country to send an unmanned rover to the far side of the moon. We have self-driving cars and the prediction is that in 5 years, we could take trips to Mars. Technology is growing and maturing in unimaginable ways.
Understanding why cybersecurity is advancing in all sectors to include phone apps and smart TVs will help you grasp the projected technological growth and prepare you for a cyber career. It's crucial you understand the maturing threat-scape and vulnerabilities that exist everywhere.
Here are some things to consider related to the cybersecurity industry:
- Hackers are becoming more advanced.
- Tools for amateur hackers continue to get simpler.
- Cybercrime is exploding (and it's expensive for organizations).
- Automation is the future.
- Vulnerabilities are endless.
In 2020, many careers were impacted due to the global health crisis and pandemic called COVID-19, while cybersecurity jobs remained in demand. A primary reason is because everyone went from working in a controlled office space with secured networks and on-premises monitoring to working on grandma's 100/100 Wi-Fi with a default password that was 4 years old.
This new workforce left a lot of employees and companies extremely vulnerable to a cyberattack. There was a considerable increase in ransomware attacks during 2019-2020 because attackers exploited these vulnerabilities. This meant more job opportunities for penetration testers and cybersecurity professionals to protect the new remote workforce.
Cybersecurity is not going away because cybercriminals will always find more creative ways to lure their victims to "click", which keeps you in a cyber job long after your first marriage.
Cyber laws and regulations
Before we jump into the next section, we will cover some of the cyber laws that influence the overall cyber growth and impact this field.
As we are writing this book, cybersecurity laws and legislation are a sticky topic. Congressional leaders are uncertain on how to address them because they don't know how to manage the cyber growth and the World Wide Web. The threat-scape is changing quickly, making it very challenging to determine what to address. Many of the cyber laws we have today are reactionary laws, meaning something happened, then a law was developed and enacted trying to prevent it from happening again.
An example of a reactionary law is when the first significant data breach happened to Yahoo in 2016, when hackers stole approximately 500 million accounts dating back to 2014. This breach then sparked the need for data protection and next came the Consumer Privacy Protection Act of 2017.
The challenge is knowing what laws you need before something happens. How can you create a law to predict something that has happened yet?
In 2020, the average cost for a large business data breach was more than $150 million. In 2019, the average breach was only around $3.92 million.
To understand the purpose of cybersecurity regulations, we will give you a law overview to help you better understand the current state of cyber legislation.
Quick cyber law class
The United States legislative system falls within three broad categories: criminal, civil, and administrative law. Cybersecurity regulation comprises directives from the Executive Branch while legislation comes from Congress designed to safeguard information technology and computer systems. The purpose of cybersecurity regulations is to force organizations to protect consumer data from being stolen and used for malicious means.
It wasn't till the Computer Fraud and Abuse Act (CFAA) of 1984 that the US saw any significant legislation specific to cyber law. This law covered general crimes such as malicious damage to federal computer systems of more than $1,000, trafficking of computer passwords, and modification of medical records. CFAA received its first amendment in 1994 when Congress recognized the face of computer security had drastically changed since 1984; this amendment was called the Computer Abuse Amendment Act.
The Computer Abuse Amendment Act considered more sophisticated actors that could target organizations through malicious code. It would allow for offenders' imprisonment, regardless of whether they intended to cause damage or not. There were more amendments in 1989, 1994, 1996, 2002, and the final one in 2008. Nevertheless, the laws was still very vague. This law also led to Aaron Schwartz's well-known case of 2009 and eventually his arrest a couple of years later in 2011. Mr. Schwartz was prosecuted for downloading many academic research papers from the MIT database.
Recently, in April 2020, the Supreme Court finally reviewed the CFAA for the first time to make it more current with today's cyber activity.
Here is a brief list of current cyber legislation you will likely hear more about as you move through your cyber career:
- Health Insurance Portability and Accountability Act (HIPPA) of 1996: Designed to protect individual health records.
- Consumer Privacy Protection Act of 2017: This law was developed shortly after the large Yahoo breach in 2016 and was designed to protect customer information to avoid identity theft.
- General Data Protection Regulation (GDPR) of 2018: This is the European Union's most stringent privacy and security law globally, and it impacts US activities.
- California Consumer Privacy Act (CCPA) of 2018: This was the first US-specific bill passed to protect the consumer's rights by giving them more control of personal information shared.
In recent years, the US government also used specific bills and laws to strengthen its effort with communication and data sharing.
This includes the following bills and organization:
- Cybersecurity Information Sharing Act (CISA) of 2014: CISA provides a platform for information sharing through an open source platform while spreading cyber activity awareness.
- Cybersecurity Enhancement Act of 2014: Voluntary collaboration platform for public-private partners to improve cybersecurity through research, education, and public awareness.
- Federal Exchange Data Breach Notification Act of 2015: Requires health insurance to notify any individual whose personal data was subject to unauthorized access, such as a data breach.
- National Cybersecurity Protection Advancement Act of 2015: This was an amendment to the Homeland Security Act of 2002 to allow other entities such as tribal, private, and non-federal representatives within the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC).
The following is a message from the United States Department of Justice on who to report cybercrimes to, dated April 1, 2021:
"Internet-related crime, like any other crime, should be reported to appropriate law enforcement investigative authorities at the local, state, federal, or international levels, depending on the scope of the crime. Citizens who are aware of federal crimes should report them to local offices of federal law enforcement."
– Justice.gov
Now that you understand why cybersecurity is the trending career field and the laws that govern it, we will move into the foundations of cybersecurity.
Free Chapter
