What is cyber security? What you need to know
Cyber security is the state or process of protecting and recovering networks, devices and programs from any type of cyberattack.
Cyberattacks are an evolving danger to organizations, employees and consumers. They may be designed to access or destroy sensitive data or extort money. They can, in effect, destroy businesses and damage your financial and personal lives — especially if you’re the victim of identity theft.
What’s the best defense? A strong cyber security system has multiple layers of protection spread across computers, devices, networks and programs. But a strong cyber security system doesn’t rely solely on cyber defense technology; it also relies on people making smart cyber defense choices.
The good news? You don’t need to be a cyber security specialist to understand and practice good cyber defense tactics. This guide can help. You’ll learn more about cyber security and how to help defend yourself against cyber threats, and how to recognize and avoid threats before they infiltrate your network or devices.
Cyber security vs. computer security vs. IT security
As mentioned above, cyber security is the practice of defending your electronic systems, networks, computers, mobile devices, programs and data from malicious digital attacks. Cybercriminals can deploy a variety of attacks against individual victims or businesses that can include accessing, changing or deleting sensitive data; extorting payment; or interfering with business processes.
How is cyber security achieved? Through an infrastructure that’s divided into three key components: IT security, cyber security, and computer security.
- Information technology (IT) security, also known as electronic information security, is the protection of data both where it is stored and while moving through a network. While cyber security only protects digital data, IT security protects both digital and physical data from intruders.
- Cyber security is a subset of IT security. While IT security protects both physical and digital data, cyber security protects the digital data on your networks, computers and devices from unauthorized access, attack and destruction.
- Network security, or computer security, is a subset of cyber security. This type of security uses hardware and software to protect any data that’s sent through your computer and other devices to the network. Network security serves to protect the IT infrastructure and guard against information being intercepted and changed or stolen by cybercriminals.
Types of cyber security
In order to be better protected, it’s important to know the different types of cybersecurity. These include critical infrastructure security, network security, application security, information security, cloud security, data loss prevention, and end-user education.
Critical infrastructure security: Consists of cyber-physical systems such as electricity grid and water purification systems.
Network security: Protects internal networks from intruders by securing infrastructure. Examples of network security include the implementation of two-factor authentication (2FA) and new, strong passwords.
Application security: Uses software and hardware to defend against external threats that may present themselves in an application’s development stage. Examples of application security include antivirus programs, firewalls and encryption.
Information security: Also known as InfoSec, protects both physical and digital data—essentially data in any form—from unauthorized access, use, change, disclosure, deletion, or other forms of malintent.
Cloud security: A software-based tool that protects and monitors your data in the cloud, to help eliminate the risks associated with on-premises attacks.
Data loss prevention: Consists of developing policies and processes for handling and preventing the loss of data, and developing recovery policies in the event of a cyber security breach. This includes setting network permissions and policies for data storage.
End-user education: Acknowledges that cyber security systems are only as strong as their potentially weakest links: the people that are using them. End-user education involves teaching users to follow best practices like not clicking on unknown links or downloading suspicious attachments in emails—which could let in malware and other forms of malicious software.
Types of cyber threats
There are many types of cyberthreats that can attack your devices and networks, but they generally fall into three categories. The categories are attacks on confidentiality, integrity and availability.
- Attacks on confidentiality. These attacks can be designed to steal your personal identifying information and your bank account or credit card information. Following these attack, your information can be sold or traded on the dark web for others to purchase and use.
- Attacks on integrity. These attacks consist of personal or enterprise sabotage, and are often called leaks. A cybercriminal will access and release sensitive information for the purpose of exposing the data and influencing the public to lose trust in a person or an organization.
- Attacks on availability. The aim of this type of cyberattack is to block users from accessing their own data until they pay a fee or ransom. Typically, a cybercriminal will infiltrate a network and authorized parties from accessing important data, demanding that a ransom be paid. Companies sometimes pay the ransom and fix the cyber vulnerability afterward so that they can avoid halting business activities.
Here are a few types of cyber threats that fall into the three categories listed above.
Social engineering, a type of attack on confidentiality, is the process of psychologically manipulating people into performing actions or giving away information. Phishing attacks are the most common form of social engineering. Phishing attacks usually come in the form of a deceptive email with the goal of tricking the recipient into giving away personal information.
APTs (advanced persistent threats), a type of attack on integrity, where an unauthorized user infiltrates a network undetected and stays in the network for a long time. The intent of an APT is to steal data and not harm the network. APTs often happen in sectors with high-value information, such as national defense, manufacturing, and the finance industry.
Malware, or malicious software, is a type of attack on availability. It refers to software that is designed to gain access to or damage a computer without the knowledge of the owner. Malware can do everything from stealing your login information and using your computer to send spam, to crashing your computer system. Several common types of malware include spyware, keyloggers, true viruses, and worms.
Ransomware, another form of malicious software, also is a type of attack on availability. Its goal is to lock and encrypt your computer or device data—essentially holding your files hostage—and then demand a ransom to restore access. A victim typically must pay the ransom within a set amount of time or risk losing access to the information forever. Common types of ransomware include crypto malware, lockers and scareware.
Scale of cyber security threats
While cyber-defense tactics are evolving, so are cyber security threats, with malicious software and other dangers taking new forms. And cyber security threats don’t discriminate. All individuals and organizations that use networks are potential targets. To help protect yourself, it’s important to know the three different types of cyber security threats: cybercrime, cyberattacks, and cyberterrorism.
- Cybercrime is committed by one or more individuals who target your system to cause havoc or for financial gain.
- Cyberattacks are often committed for political reasons and may be designed to collect and often distribute your sensitive information.
- Cyberterrorism is designed to breach electronic systems to instill panic and fear in its victims.
How to help protect against cyber security attacks
Follow these steps to help increase your cyber safety knowledge.
- Only use trusted sites when providing your personal information. A good rule of thumb is to check the URL. If the site includes “https://,” then it’s a secure site. If the URL includes “http://,” — note the missing “s” — avoid entering sensitive information like your credit card data or Social Security number.
- Don’t open email attachments or click links in emails from unknown sources. One of the most common ways networks and users are exposed to malware and viruses is through emails disguised as being sent by someone you trust.
- Always keep your devices updated. Software updates contain important patches to fix security vulnerabilities. Cyber attackers can also target outdated devices which may not be running the most current security software.
- Back up your files regularly for extra protection in the event of a cyber security attacks. If you need to wipe your device clean due to a cyberattack, it will help to have your files stored in a safe, separate place.
Cyber security is constantly evolving, which can make it difficult to stay up to date. Staying informed and being cautious online are two of the best ways to help protect yourself, your networks and devices, and your business.
Copyright © 2020 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.