As worldwide concern over cybersecurity grows, cybersecurity professionals are playing an increasingly critical role in nearly every industry. Cybersecurity engineers ensure that technology systems stay secure, analyzing and anticipating possible security threats and designing networks and systems that can withstand them.
Here are four examples ripped from the news headlines of how cybersecurity engineers have made important contributions to network and data security across a variety of industries.
1. Discovering a vulnerability in BlackBerry’s emergency alert system.
Nolan Kennedy, a graduate of WGU’s cybersecurity program, recently made headlines by uncovering a vulnerability in AtHoc, which is BlackBerry’s emergency notification system.
AtHoc is meant to alert and track members of an organization during a crisis event, like an active shooter or natural disaster. A wide variety of industries use the platform, from private businesses to military, government, transportation, and healthcare.
During Kennedy’s test of a new AtHoc installation, he discovered authenticated attackers could read files off of the AtHoc underlying server. This kind of attack could lead to leaks of confidential data, denial of service, request forgery, and port scanning. An authenticated attacker could have the means to completely shut down or get sensitive information through the emergency alert system.
Because of Kennedy’s discovery, BlackBerry and AdHoc are working to find ways to secure vulnerabilities in their software, so organizations can continue to use this alert system when needed.
2. Uncovering a flaw in google's door security.
While looking for possible vulnerabilities in the company's internal systems, Google cybersecurity engineer David Tomaschik, ZDNet reports, discovered a flaw in the tech giant's physical security network that would allow hackers to circumvent the door security and enter the Google campus.
When Tomaschik explored encrypted messages sent across Google's network by devices from Software House, the company that supplies Google's door security system, he learned the messages weren't randomized. Digging further, he uncovered the encryption key that every Software House device used. With this information at his disposal, he was able to hijack the campus door security system, locking and unlocking the doors in Google's offices at will.
Thanks to Tomaschik's sleuthing, Google reported the issue to Software House, and Software House fixed the issue before cyberattackers discovered and exploited this vulnerability—saving Google money and resources and preventing the embarrassing loss of important user and company data.
3. Securing connected cars
Many cars can now connect to the internet, which enables features such as lane-keeping assistance, GPS, collision avoidance, and automatic 911 calls. But the auto industry must do more to make sure these smart features can't be hacked, Synopsys cybersecurity engineer Chris Clark tells Forbes.
Clark, much like many of his contemporaries, is looking to make connected cars more secure. Synopsys co-commissioned a study that analyzed the security of the technology behind these systems and identified the lack of comprehensive data needed to understand the auto industry's capability to address software security risks inherent in connected vehicles.
In the article, Clark says the auto industry must integrate security testing throughout the product development lifecycle, not just at the end of the process. He also says that automakers must realize that security testing is an investment that will pay dividends by significantly reducing the risk to owners. Clark's diligent investigation into these issues could prevent a major headache in the industry.
4. Improving the security of medical devices.
Because they contain sensitive patient information and outdated software and operating systems, medical devices are attractive targets for hackers. The risks that connected medical devices pose to healthcare organizations are growing, but cybersecurity engineer Sue Wang is among those working to prevent cyber attacks that would result in the compromising of patients' health data.
During a panel discussion at the national Safeguarding Health Information conference in October 2018, Wang, principal cybersecurity engineer for the MITRE Corporation, described how her organization is working with the National Cybersecurity Center of Excellence (NCCoE) to mitigate the security risks inherent in connected medical devices.
At the conference, HealthITSecurity reports, Wang noted that the NCCoE published a guide to help hospitals and healthcare organizations secure wireless infusion pumps that deliver fluids into a patient's body, and that its latest project is working to make Picture Archiving and Communications System technologies more secure. Wang's diligence is a perfect example of the important work that cybersecurity engineers provide to organizations.
A promising career.
Cybersecurity professionals are at the forefront of efforts to prevent cyber attacks across a broad spectrum of industries. With cybercrime damages expected to cost $6 trillion annually by 2021, as Cybersecurity Ventures reports, cybersecurity professionals are more important now than ever before. But even though cybersecurity engineers are some of the highest-paid IT employees, there is a massive shortage of qualified engineers as the demand for their services continues to rise.
Online bachelor’s and master's degree programs in Cybersecurity and Information Assurance, which include courses such as Cybersecurity Management and Cybersecurity Architecture and Engineering, can provide you with the skills needed to protect organizations and sensitive information from cyber attackers. If you're interested in a well-paying career with tremendous prospects and the chance to make a real impact, these programs might be just what you're looking for. Who knows—maybe one day you could make the news, too.