What is Cyber Security? 

Security Fundamentals / July 17, 2022
woman looking at vpn on laptop screen
Photo by Dan Nelson from Pexels
Spread the love

While cyber security is a relatively new field, it is constantly evolving to keep up with the latest threats. As more and more businesses move their operations online (especially in an increasingly remote/work-from-home culture), cyber security is now the top priority in protecting people and information from harm.

We hear the word cyber security thrown around almost every single day, but what is cyber security?

Cyber security refers to the collection of tools, policies, and offensive and defensive techniques used to safeguard electronic data from unauthorized access or theft.

Data can include everything from personal information to confidential business records. In today’s interconnected world, no one can afford to ignore cyber security if they want to keep their data safe from online threats.

Cyber security encompasses a wide range of activities, from developing secure software to training employees on how to spot phishing scams. Some common cyber security measures include firewalls, intrusion detection systems, and encryption. By implementing these and other security measures, individuals and businesses can protect themselves from cyber attacks.

Why is cyber security important? 

In today’s digital age, cyber security (also spelled as cyber security) is more important than ever before. With so much of our lives and businesses being conducted online, it’s essential to have strong security measures in place to protect our data from being hacked or stolen.

Everyone needs cyber security: individuals, businesses, and governments alike. By taking steps to secure our electronic data, we can help prevent data breaches, identity theft, and other cyber crimes.

In addition to protecting personal or business information, cyber security is also crucial for national security. In an increasingly interconnected world, countries need to work together to secure cyberspace and protect against the threat of global-scale cyber attacks.

What are the 3 major types of cyber security? 

Conventionally, cyber security has been categorized into three main sub-areas: network security, application security, and critical infrastructure security. However, due to an ever-expanding reliance on cloud computing and the extensive use of smart devices, two more areas of cyber security have become equally as fundamental: cloud security and IoT (Internet of Things) security.

green dots on waves - cyber security resources for women

What is Network Security?

Network security is the appliances, software, behaviors, and guidelines that are applied to a computer network to monitor and protect it and the devices (also called endpoints) connected to it from unauthorized access, corruption, improper use, and downtime.

Network security is a vast field unto itself. It requires constant vigilance and innovation, which is why network security engineers are so well-compensated.

The most common implementations of network security include:

  • Firewalls
  • Security Information and Event Management (SIEM)
  • Intrusion Detection and Prevention Systems (IDPS)
  • Endpoint Detection and Response (EDR)
  • Encryption
  • Honeypots
  • Access Control
  • Anti-Malware Applications
  • Data Loss Prevention (DLP)
  • Mobile Device Management

And the list goes on! As you can see, it’s a lot to keep up with.

finger tapping heart on phone - cyber security resources for women

What is Application Security?

Application security (also called AppSec) is the process of protecting applications from unauthorized access, use, disclosure, disruption, or destruction. Application security measures are designed to defend against attacks that exploit vulnerabilities in an application’s code, design, or deployment.

Common application security measures include:

  • Secure Code Design
  • Code Auditing
  • Input Validation
  • Data Encryption
  • Authentication and Authorization
  • Application Firewalls
  • Web Application Firewalls (WAFs)
  • IDPS
  • SIEM
  • Vulnerability Testing and Management

Although there is some overlap with network security measures, application security is a distinct and critical component of an organization’s overall cyber security posture and cannot be overlooked.

bustling city - cyber security resources for women

What is Critical Infrastructure Security?

Critical infrastructure security (also called critical infrastructure protection or CIP) is the protection of systems and assets that are essential to the functioning of a society or economy. Critical infrastructure includes things like power plants, water treatment facilities, telecommunication networks, and transportation systems.

Due to their importance, critical infrastructure systems are often targeted by hackers and other cybercriminals. However, nature can wreak spontaneous havoc on critical systems by way of hurricanes, earthquakes, floods, and the like.

A successful attack or natural disaster on a critical infrastructure system can have devastating consequences for an entire country or region, which is why CIP is a huge component of cyber security.

Common CIP measures include:

  • Risk Assessment and Management
  • Vulnerability Testing and Management
  • Incident Response Planning
  • Asset Identification and Protection
  • SIEM
  • Firewalls
  • Encryption
  • Access Control
  • Physical Security Measures

Like application security, CIP overlaps with other cyber security measures. But because the takedown of critical infrastructure has the potential to affect entire nations, this area of cyber security could arguably be the one that requires the most layers of protection.

clouds moving across blue sky - cyber security resources for women

What is Cloud Security? 

Thanks to the exponential rise of cloud computing, the cloud is now a highly vulnerable and valuable target for cyber attacks. That’s because the cloud is often used to store sensitive data and confidential information that beforehand would have been stored on personal computers or in-house servers.

Cloud security refers to how to protect data that is stored on a third-party’s server (which is often virtual) and accessed via the Internet. The term is often used with cloud computing, which is where users access applications and data remotely over the Internet.

Just like data on personal computers and networks, cloud-based data is vulnerable to hacking, malware, and other cyber threats. As such, businesses and individuals must ensure that their cloud security measures are up-to-date and effective by encrypting data, using secure passwords, and limiting access to authorized users.

The many ways to implement cloud security include:

  • End-to-End Encryption
  • Identity and Access Management (IAM)
  • Cloud Access Security Brokers (CASBs)
  • Data Governance and Compliance Policies
  • Data Segmentation
  • Business Continuity and Disaster Recovery Plans
  • Intrusion Detection and Prevention
  • SIEM
  • Firewalls
  • Penetration Testing

Because of cloud computing’s continually growing popularity, cloud security is one of the fastest-growing areas of cyber security. Expertise in this niche won’t lead to a shortage of opportunities.

green lines forming circle - cyber security resources for women

What is IoT Security?

Internet of Things or IoT devices are often unsecured and lack proper security controls, making them easy prey for even the most amateur of hackers. These devices are networked items that have become ingrained in our daily lives – like smart home security systems, smart locks, smart medical devices, smart refrigerators, smart home hubs, and too many other devices with smart in their names to list!

The biggest pitfall people make with IoT devices is not changing the default password that came with it or not setting a password for the device at all. And with smart devices, you have to regularly update them with the latest available security patches and updates.

The focus of IoT security is to ensure that these Internet-connected devices and their corresponding mobile, desktop, or web apps are properly configured, patched, and updated.

The following are some of the most common IoT security tactics:

  • Data Encryption
  • Secure Passwords
  • IoT Device Management Platforms
  • IoT Security Software and Updates
  • Firewalls

Of the types of cyber security outlined above, organizations must carefully consider which threats they are most vulnerable to in order to choose the right mix of security measures.

Network security focuses on protecting the data that flows between devices, while application security helps to protect the software that users interact with.

Critical infrastructure security is responsible for safeguarding the systems that keep our society running, such as power plants and water treatment facilities.

And cloud security helps to protect the data that is stored on remote servers, with IoT security helping secure the ever-growing network of interconnected devices. By understanding the different types of cyber security, we can all better protect ourselves from constantly evolving threats.

What is a cyber threat?

A cyber threat is any type of online threat that can jeopardize the security or integrity of electronic data. Cyber threats come in many different forms, including malware, phishing scams, and Denial of Service (DoS) attacks – just to name only a few.

We’ll go over today’s top cyber threats so that you’ll know what to be on the lookout for to keep your data safe in your personal and professional digital environments.

Malware

Malware is a type of software that is designed to harm or disable computers and computer networks. It can be installed on a computer without the user’s knowledge or consent and can cause a wide range of damage, including data and identity theft, system crashes, and loss of access to critical data.

Examples of different types of malware are trojan horses, worms, ransomware, spyware, adware, and good old-fashioned viruses.

Malware prevention steps to take involve:

  • Installing anti-virus/anti-malware software on all endpoints and keeping the software up-to-date.
  • Ensuring operating systems are updated timely and have the latest security patches installed.
  • Never plugging any unknown USB sticks or devices into a computer.
  • Being wary of emails, pop-ups, or websites that ask you to click on a link or open an attachment.

Phishing Scams

Speaking of emails, phishing scams are probably the biggest bain of any company’s existence today. A phishing scam is a type of online fraud that uses email or other forms of communication to trick the recipient into revealing personal or financial information.

These scams often take the form of an email from a legitimate-looking organization, such as a bank or government agency, that asks the recipient to click on a link or open an attachment. Once the recipient does so, they are taken to a fake website that collects sensitive data or their computer is infected with malware.

Some tips to avoid falling for phishing scams are:

  • Do not click on any links in an email unless you are absolutely sure that they are legitimate. One way to quickly check the validity of a link is to plug it into a free URL scanner website like VirusTotal or URLVoid.
  • If an email looks suspicious, even if it is from a legitimate organization, do not reply to it or click on any links. Instead, find the organization’s contact information online and reach out to them directly to ask if the email is legitimate.
  • Be extra wary of any emails that contain typos or other grammatical errors. These are often glaring signs that the email is not legitimate.
  • Always inspect the email’s header to make sure the sender really is who they say they are.

Denial of Service (DoS) Attacks

A DoS attack is a type of cyber attack that seeks to render a website or online service unavailable to users by flooding it with traffic from multiple sources. DoS attacks are often launched as a way to retaliate against or punish a company or individual for some perceived slight.

These attacks can be very costly, not only in terms of the damage they cause but also in the resources required to mitigate them. In some cases, DoS attacks have resulted in websites being down for days or even weeks.

DoS attack prevention methods include:

  • Having strong network security protocols in place.
  • Monitoring network traffic for unusual activity.
  • Blocking or rate-limiting traffic from suspicious IP addresses.
  • Using a content delivery network (CDN) to distribute website traffic across multiple servers.
  • Using a hardware, software, cloud-based, or hybrid DoS prevention system.

Man-in-the-Middle Attacks

Man-in-the-middle (MITM) attacks are a type of cyberattack where the attacker inserts themselves into communications between two victims to eavesdrop on or manipulate the data being exchanged.

MITM attacks can take different forms, but they all have one thing in common: the attacker needs to be able to intercept the traffic between the two victims to successfully carry out the attack.

The attacker has several means to accomplish this interception, such as by using a malicious Wi-Fi hotspot, spoofing the MAC address of another device on the network, or simply by being on the same network as the victims and using a packet sniffer to intercept the traffic.

There are a few different ways to protect against MITM attacks, which include:

  • Encrypting all communications using a VPN or other similar technology.
  • Using public key infrastructure (PKI) to authenticate devices and users.
  • Only accessing websites or services over HTTPS.
  • Never conducting any personal or financial business on a public Wi-Fi network.
  • Monitoring network traffic for suspicious activity.
  • Following a zero trust security model.

SQL Injection

SQL injection is a type of cyberattack that allows attackers to execute malicious SQL code on a database. This code can be used to modify data, delete data, or even drop the entire database.

SQL injections are one of the most common types of attacks on websites and are often used to steal sensitive information, such as credit card numbers or login credentials.

Protecting against SQL injection attacks requires both technical and non-technical measures.

Some of the technical measures to prevent a SQL injection attack include:

  • Ensuring all user input is validated.
  • Whitelisting user input.
  • Using prepared statements with parameterized queries.

Non-technical prevention against SQL injection include:

  • Educating website and database users about SQL injection attacks.
  • Making sure employees understand proper online data handling procedures.

Organizations should also have an incident response plan in place in case a SQL injection attack is successful. This plan should include steps for identifying and containing the breach, as well as steps for restoring any data that may have been lost or corrupted.

These attack vectors are just a few types of cyber threats. There are several more, and hobbyist hackers and actual cybercriminals are coming up with new ones almost every week it seems. We need cyber security experts who are continuously educating themselves on cyber threats and how to protect against them since that is how we’ll stand a chance of keeping our systems and data safe and our society functioning.

What is information security?

This question may sound redundant as a lot of people consider information security and cyber security to be synonymous. However, NIST (the National Institute of Standards and Technology) defines information security or InfoSec as:

“The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.”

InfoSec can be thought of as a larger umbrella term – under which cyber security lives. InfoSec is concerned with protecting information in all its forms, from physical buildings and hard copies of paper and disks to digital bits and bytes floating through the air and over wires. Whereas cyber security is focused on protecting data and systems by mitigating digital and online risks.

What good is an internal network that abides by several cyber security best practices in implementing strong network security but is housed in a building with security guards who are not trained to recognize a dangerous social engineering scheme like tailgating? Security has to be handled holistically because there would be no cyber security without the all-encompassing aspect of InfoSec.

Is cyber security a good career? 

Here’s the short answer: yes!

A career in cyber security is rife with benefits. For starters, there are several well-paying roles. According to Payscale.com, the average salary for a cyber security position is $91,000.

But aside from the lucrative compensation, a career in cyber security also offers a high level of job satisfaction. A recent study by (ISC)² found that 77% of cyber security professionals are satisfied with their jobs. This is likely because most people who enter the field do so to make a positive difference in our world. They want to help protect people and organizations from cyber attacks that could dismantle society.

In addition, a career in cyber security offers a high level of job security. The same (ISC)² study found that “the global cyber security workforce needs to grow by 145%” before security infrastructures essentially start falling apart. As the world becomes more digital, the need for people who can protect against cyber attacks is already at a deficit, so aside from growing their ranks, many cyber security teams are focused on member retention.

It’s also now easier than ever to get free cyber security training online or in-person. Most public libraries offer online, instructor-led introductory cyber security courses, and there are a growing number of workforce development nonprofits that provide weeks-long security training.

If you enjoy trying to figure out how hackers hack and have a deep desire to keep digital information safe, then now would be a great time to finally take the leap into a cyber security career.

Related Articles:
– How To Stop Spam Texts
– Good Passwords: How to Protect Yourself from Hackers 

Twitter Pinterest

Leave a Comment

Your email address will not be published. Required fields are marked *