Cyber security is a term whose meaning continues to evolve as the cyber threat landscape grows more serious.
What is cyber security? In essence, it refers to the complete universe of tools, practices, and rules that protect data assets from malicious actors. It’s an upgrading of the traditional concept of information security (InfoSec), which viewed security simply as a corporate issue, rather than a problem affecting consumers and national security (and life itself, on some level).
Cybersecurity comprises three core elements:
- People – Almost every cyberattack is targeted at people, even if the ostensible victim is a business or government institution. Hackers are invariably after private information about people or seeking to disrupt people’s lives. People thus need to be aware of their role in reducing and preventing threats.
- Processes - Organizations need to create policies and processes that reduce threats. They need to adapt to the shifting cybersecurity landscape. Regulations are part of this mix. Laws like GDPR and data breach notification statutes help protect people and businesses from cyberattacks.
- Technology - People and companies need to invest in technology that protects them from cyberattacks. The attackers use tech, so the defenders must as well. These include things like firewalls, encryption, intrusion detection and so forth.
Why is cyber security so important? This falls into the category of, “if you aren’t worried, you aren’t paying attention.” The elevation of the old InfoSec to the new, more serious and broader cyber security is a reflection of how bad things have gotten. For recent, shocking, cyber security statistics, check out our article on the subject.
It’s easy to forget, but until a few years ago, we didn’t experience major data breaches on a daily basis. What is a data breach? It’s an attack that results in the theft of private, usually confidential data. Even when they’re extreme, they now seem like minor distractions. For example, last month, Marriot disclosed that it had let 500,000,000 customer records get stolen in an attack that they didn’t notice for four years! The public reaction was essentially a yawn. This is a mistake. Let’s not allow our acceptance of catastrophic events to dull our sense of cyber security’s importance.
The 3 Types of Cyber Security
While the cyber security field encompasses a vast range of tools and techniques, it falls into three rough categories:
- Data security – Hackers are often after data. They want to see or steal information that’s off limits. Their reasons vary. In some cases, the hacker is simply stealing information like credit card numbers to sell on the black market (The “Dark Web”). Other times, the information thief wants to embarrass the target by revealing private conversations (e.g. Sony Pictures) or spy on a geopolitical enemy. Data security involves protecting data from unauthorized access. It includes data encryption, data access control technologies and policies.
- Network security – In order for a cyberattack to work, in almost every situation it is first necessary for the hacker to gain access to the target’s network. Protecting networks is one of the most serious areas of cyber security and typically the focus of significant investment. Network security is the province of firewalls, bastion hosts, appliance hardening, intrusion detection systems (IDS), security incident and event management (SIEM) systems and so forth.
- Application security – Hackers also like to get inside software applications like Enterprise Resource Planning (ERP), CRM, email servers and the like. Sitting inside an app is a great way to spy on the target or disrupt its operations. Application security has many facets, but it usually combines policies (e.g. who is allowed to access the application and its administrative “back end”) and controls over the Application Programming Interfaces (APIs) that let other software programs gain access to the app.
7 Common Types of Cyber Security Threats
What are cyber threats? A cyber threat is a method of attacking a data asset. It’s not the actual attack. It’s more like the blueprint for an attack. There are literally hundreds of millions of cyber threats out there. In general, though, they come in seven categories:
- Viruses/Malware – A virus is a form of malicious software (malware) code that installs itself on your device. Once implanted, a virus can do a number of different bad things, including freezing the system, stealing data or even hijacking the device for criminal purposes like mining cryptocurrencies without your permission, e.g. “crypto-jacking.”
- Identity theft – Identity theft is a crime where a hacker steals enough of your private, personal information (e.g. Social security number, birth date, address, etc.) so he or she can impersonate you. Pretending to be you, the hacker may be able to steal money from your bank account, open credit card accounts in your name and more.
- Password attacks – If a hacker has your password, he or she can get into your accounts. Password attacks use special software to guess at passwords, often trying thousands of possibilities before hitting the correct one.
- Trojans – Like the famed Trojan Horse of ancient times, a Trojan is a cyber attack that gets inside the target’s network under false pretenses. For example, a hacker might embed a virus into a PDF document and send it to you as an email attachment. When you open the PDF, the file implants the virus into your system while the document opens in Acrobat Reader.
- Ransomware – Ransomware is a variant of malware that encrypts your data and makes you pay a ransom, usually in Bitcoin, to unlock it.
- Phishing – A phishing attack is an attempt, usually via email, to trick you into clicking on a hyperlink that will put malware on your computer. A more sophisticated form of the attack, known as Spear Phishing, involves the attacker impersonating a friend or coworker, usually with the goal of getting you to share account login credentials.
- Advanced Persistent Threat (APT) – APTs are arguably the most potent cyber threats. They are often the product of national intelligence agencies, so they have the absolute best brains behind them. An APT is designed to penetrate stealthily and then lurk inside your network for months, undetected. It moves laterally, installing itself over and over in different parts of your infrastructure until it is activated. Then, it can do incredible damage.
How to Maintain Effective Cyber Security Practices
Achieving and maintaining cyber security can be quite challenging. It’s not a push-button process. No single element will do it all, but a weakness in one area can spell disaster for everyone. And, the bigger and more complex the organization, the bigger and more complex the cyber security program will have to be.
While security is inherently technical in nature, it relies on a foundation of security policy. These are the rules and guidelines that dictate how cyber security will be implemented and maintained. For example, security policy might state that passwords must be of a certain length, containing multiple character types. Security policy can define who has access to which system—and who can approve or reject access requests. A lawyer should get involved, too, to make sure processes are aligned and compliant with relevant regulations.
Security is also a matter of organization and people. Security managers oversee policy definition and enforcement. They manage security operations, which usually includes system monitoring and incident response process.
Starting with a strong foundation, policies and people, the next key element is a strategic tech stack for cyber security. There are myriad options here, and the right choices will depend a lot on the size of the organization. Robust network security is a must, however. With that, intrusion detection and network monitoring are especially helpful.
Cyber security is an urgently important topic for individuals, businesses and public sector organizations. Privacy, finances and even personal safety are at stake. There are many different kinds of cyber threats, some of which can severely affect your ability to function in the digital world. To defend against cyber attacks, it’s necessary to adopt a multi-layered strategy. Success in cyber defense requires investing in people, processes, policies and technology. There may never be 100% cyber security, but it is possible to achieve a high level of defense with the right amount of effort and focus.