No matter what they tell you, it just isn’t true
2021 has been a true roller-coaster ride in the world of cybersecurity. It all started with the fallout of the SolarWinds hack, then migrated to the rise and fall of REvil, and culminated in the absolutely massive log4j exploit. The rapid pace of events, to say nothing of the astronomical scale each event encompassed, demonstrates the need for clarity and a clear path for those interested in a career in the field to enter in.
Despite this, when you take a trip to any cybersecurity forum or segment of social media, clarity and a clear path is often the last thing displayed. Let’s try to clear some things up and identify 3 cybersecurity myths that you may come across, specifically as someone interested in the field, wether for a career or as an academic interest.
- You Need To Know How To Code To Work In Infosec
Despite what some people might say, no, you don’t have to know how to code to work in Infosec. Coding is a great skill to have, and it certainly wouldn’t hurt to at least be familiar with a language and know the basics of how it works, but it is by no means a requirement.
What might help, instead, is to be familiar with the logic behind coding languages. Knowing things like the different types of loops, what a boolean statement is, and the various logic statements, will not only make it easy to pick up a coding language later on if you choose to do so, but it can also help with reviewing code that someone else wrote. That said, these are things that help and are “nice to have”, but not “need to have”.
While some may claim that you will have to code in any given cybersecurity job, the fact is the industry is too broad for that to be the case. This field does include some roles where knowing how to code is helpful, but there are other roles where you may never come close to touching code. Governance, Risk, and Compliance (GRC) roles serve a critical function in cybersecurity, and succeeding in those roles requires a greater understanding of word-smithing, leadership, and understanding regulatory requirements. Blue team roles like Incident Response or Threat Intelligence have a higher requirement for troubleshooting, identifying threats, and working in a team than knowing how to build a program.
There exists a stigma that, because someone works in tech or cybersecurity, that they must know how to code. As demonstrated, this industry is too broad for that to be true, and the issue arises where people who would have been excellent cybersecurity professionals are turned away based on this fallacy.
2. Cyber Threats Don’t Care About You
If 2021 has shown anything, it’s that cyber threats care about anything they can get their hands on and make money from. Wether that’s in the form of Internet of Things (IoT) devices in your home using default passwords or a major software provider that supplies thousands of clients worldwide.
Attackers used to be interested in hacking large numbers of devices (be it IoT devices or insecure cameras, to your home computer) to build botnets (robot networks), which could be used to perform Distributed Denial of Service (DDoS) attacks on websites and services. Recently, however, attackers have pivoted to deploying ransomware, extorting targets to pay money to recover their systems.
Ransomware is by no means a new development. In 2017 Wannacry demonstrated the true devastation that ransomware can have on people, businesses, governments, and societies. Ransomware crippled hospitals and businesses alike, and showed the cybersecurity community that that ransomware is a very real and emerging threat. It also showed threat actors that there could be a very big payout at the end of a ransomware event.
In 2021, REvil, a Russia-based hacking group became famous for the Kaseya and JBL Foods hacks, raking in millions of dollars in payouts. While they no longer appear to be active, other groups routinely attempt to exploit weaknesses in individuals and organizations alike, hoping to one day strike it big. This may seem like they will largely focus on organizations, but many attackers will go after targets of opportunity, making individuals that are not implementing good security practices an easy target.
Not only will attackers deploy ransomware, but they’ve also begun to deploy crypto-miners on the systems they hack. While this seems innocent enough, the demand on your system’s CPU can create a noticeable decline in performance and battery life and become more than a simple annoyance.
3. Cybersecurity Is Hard
We’ve already established that you don’t have to know how to code, and that attackers are, in fact, interested in you. It may still seem like cybersecurity is hard. The truth is that it is not, especially for the end user.
There are a number of things you can do to implement better security practices, but the top three, in my opinion, are:
- Use long, complex, unique passwords
- Enable Multi-Factor Authentication (MFA) on your accounts
- Avoid links in suspicious emails or texts unless you absolutely know the sender and can confirm the link is safe
Just those three steps will set you apart from most individuals. It will take you from being a potential target of opportunity to being a cybersecurity advocate. These are practices that are each simple and easy enough but require a daily exercise.
In 2022, threat actors will not slow down and allow people to catch up. It is important for everyone to level up their cybersecurity game before it’s too late. It’s also important to be completely clear and honest about cybersecurity, and that starts by letting people know that this field isn’t locked behind a magic wall of knowledge that starts with learning C.
2021 was an intense year in terms of cyberattacks and events. In demystifying cybersecurity and providing clear direction for people to enter in, we can not only make the world a safer place, but we can also help foster and grow the next generation of tech and cybersecurity leaders.
If you’re reading this and you’re interested in leveling up your cybersecurity game with stronger passwords in 2022, check this video out.
Be sure to check out my YouTube channel where I cover cybersecurity topics, news, and Security+ material. Also follow me on Twitter @sec_studio, where you can tell me about how you passed the Security+!
