You have probably heard the term “cyber security”. The importance of cyber security is constantly being brought up, usually with recommendations to improve your cyber security by buying antivirus software! However, not everyone is familiar with what exactly cyber security is. In this guide, we will explain what cyber security is, the types of threats that cyber security combats, and how you can make sure that your personal and/or business cyber security is up to scratch.
What is cyber security?
Cyber security (also known as IT security or electronic information security) is the protection of computers, devices, servers, networks, systems, and data from cyber threats and attacks. Cyber security encompasses a wide range of practices, systems, and methods across a wide variety of devices from personal computers to mobile devices and cloud applications.
Why is cyber security important?
Thousands of cyber attacks happen every single day. While there have been some highly publicized data breaches of large businesses and systems, the vast majority affect small businesses or individuals and remain unreported.
Cybercrime cost the world an estimated 3 trillion US dollars in the year 2015, and it is estimated by the International Data Corporation that global spending on cyber security solutions could total almost $140 billion US dollars by the year 2022! Cybercrime is constantly rising year by year, and this means that cyber security technology and practices must evolve at a fast rate to keep up. With so much money being invested in cyber security solutions by governments and businesses around the world, it is no wonder that in recent years many educational institutions have begun to offer cyber security certifications. Working in cyber security can be an incredibly profitable career path!
In addition to the financial cost of cybercrime, there are also legal repercussions, which can be disastrous for businesses. Data breaches by cybercriminals can expose potentially sensitive customer data to criminals, leading to reduced trust in the business’ reputation and even legal challenges from customers or clients.
The number of data breaches rises each year. The sectors that are most vulnerable to breaches are retailers, medical providers, and public entities. Organizations that store medical or financial data are targeted frequently due to the financial value of this information, but all kinds of customer data are targeted. Most successful data breaches are carried out by experienced cybercriminals. More and more organizations are studying for cyber security certifications to be prepared for this.
Who needs to be aware of cyber security?
It may seem like cyber security is something that only needs to be considered by managers, technicians, and business owners. While it is true that if you own your own business, you will most likely need to have a strong grasp and understanding of cyber security, you will also need to have at least a basic understanding of it as an employee or even just as someone who uses a computer or mobile device in everyday life (which, let’s be honest, is pretty much everyone). It is not just businesses in the technology sector that are at risk from cyber threats!
Cyber attacks and data breaches affect organizations of all kinds and of all sizes. The increasingly large and vital role that the Internet and online communication and data storage play in the working operations and functioning of most businesses means that it is increasingly important to have a solid grasp of cyber security. Having cyber security certifications is a good way of ensuring this.
Understanding cyber security and ensuring that your personal data and that of your family is kept safe is vital, especially if you store online banking details on your computer or use Internet-connected devices for activities such as shopping or banking.
If you are a business owner, it is even more important to be aware of cyber security, as it is not just your data that you are responsible for!
We are not saying that every single person in an organization needs to go and spend months or years getting cyber security certifications; however, we certainly recommend that at least one person in an organization is qualified in cyber security. Alternatively, you can use the services of a company or individual that has cyber security certifications.
Different types of cyber security
There are various types of security that come under the cyber security umbrella.
Network security refers to keeping computer networks (communication systems between devices in an organization) safe from attackers or malware (more on malware and other types of cyber threats later).
Application security refers to the security of the software itself, which is used by an organization. Corrupted or compromised applications can grant access to data to bad actors such as cybercriminals or rival businesses and spell disaster for an organization. Information security relates to the privacy of data in storage or in transit between systems or devices.
Operational security is more to do with company procedures. The processes that are used to handle and protect data make up operational security. Operational security can be increased and stabilized by granting different users different permissions over a network. This is where having a robust data security policy comes in: having a Data Protection Officer with cyber security certifications is highly recommended.
Disaster recovery is the way that an organization reacts to data breaches or any other cyber security issue and gets back up and running as before. Disaster recovery practices are an important aspect of a strong data security policy. Business continuity refers to how the organization operates in the meantime if certain systems or resources are temporarily unavailable due to a security breach or other issue.
End-user education is perhaps the most vital yet easily overlooked aspect of cyber security. End-user education means educating all users of a device or system, regardless of their level of technical knowledge, on how to use these systems and devices safely and in a secure way. This includes recognizing phishing attempts, only using audited devices, and using strong passwords. End-user education is another vital component of a good company data security policy.
What types of cyber threats are there?
There are various types of cyber threats, some more well-known than others. Sufficient cyber security certifications are one way that you can become more aware of what threats are out there.
Malware is the most common cyber threat. Malware is an umbrella term that refers to various harmful programs. The word “malware” is a shortening of “malicious software”, and this is exactly what it is. Cybercriminals and hackers create and spread malware in various ways, such as through hidden email attachments.
A virus is one form of malware. Contrary to how the term is often used, a computer “virus” does not refer to any piece of harmful software installed onto your computer without your permission. A virus is a specific type of program that corrupts a clean file and self-replicates, spreading through a system in the same way a virus does through the body.
Named after the Trojan Horse of Greek mythology, a Trojan is a form of malware that disguises itself as a piece of legitimate software, which is then downloaded willingly onto a computer that it can then damage.
Spyware refers to any malicious computer program that monitors and records a user’s activity. Spyware often targets credit card and banking details so that criminals can steal them.
Ransomware does what its name suggests: it holds your files to “ransom”! Ransomware is a form of malware that denies a user access to their own files until a ransom is paid (although often payment does not result in access!).
Adware is malware that takes over your computer and displays constant ads while you are trying to use applications. Some adware is primitive and easy to spot, while other adware is more subtle.
Botnets are networks of computers that have been infected with malware. Cybercriminals can use these networks to communicate with each other.
Malware is not the only form of cyber threat. Another extremely common threat that you have most likely come across if you use email is phishing. Phishing is a form of scam where criminals disguise themselves as legitimate companies and request information (i.e. bank details) from a user via email. Most phishing emails are usually caught out in email spam folders, but some are sophisticated enough to slip through the cracks, and you have probably seen them before. If you have ever been told that you simply need to share your bank details with a company so that they can give you a prize of a million dollars, you have encountered a phishing scam!
SQL injections are a less common form of cyberattack, where criminals insert malicious code into databases using SQL (structured language query) statements. These are used to gain access to information that is stored in databases.
Denial-of-service (or DOS) attacks are where criminals or bad actors target a site or system with an overwhelming amount of traffic that the network cannot cope with, rendering the system completely unusable. DOS, or DDOS, attacks are often used by groups to prevent organizations from operating.
A man-in-the-middle attack is a threat where a cybercriminal manages to intercept communications between two users on a network with the intention of stealing data that is sent from one to the other. These attacks often happen on unsecured Wi-Fi networks.
How have cyber threats changed in recent years?
Cyber threats are constantly evolving as technology advances, software develops, and cybercriminals find new ways to breach systems and avoid security measures. For example, at the end of 2019, an organized criminal group was charged by the US Department of Justice for using Dridex malware to attack a variety of government and business infrastructures worldwide.
Dridex is a type of Trojan that infects systems through existing malware or through phishing emails, and steals passwords, financial information, and personal data. It has caused financial losses totaling hundreds of millions of dollars. Another type of sophisticated Trojan is the Emotet Trojan, which the Australian Cyber Security Centre warned various organizations about in late 2019.
Another type of threat that has existed for many years is romance scams, where criminals fraudulently pretend to be potential romantic partners to persuade users to send them money or bank details. These are often used to target older people. Although these have been around since the advent of the Internet, in February 2020 a huge increase in fraudulent activity on dating sites and social media sites led to the FBI issuing a warning to US citizens.
Ransomware has also become more advanced over the past couple of years, with attacks targeting highly specific businesses and local government organizations. Cybercriminals have increasingly begun to spend time gathering intelligence on targets before deploying these ransomware attacks.
Mobile malware has also sharply risen, and phishing scams have increasingly begun to use SMS or social media messages to deceive users. The advent of 5G networks is also resulting in a much wider range of devices being connected to networks and clouds, many of which are not protected by antivirus software or other cyber security solutions and/or do not have strong cyber security certifications or capabilities. These devices are likely to become ripe targets for cybercrime!
How can you protect against cyberattacks in 2020?
Thankfully, there are many steps that you can take to keep your personal and/or business systems secure. We have listed some of the top tips here:
- Use antivirus software: There are many different companies offering antivirus software, and the most recommended software changes constantly, but it is important to always use some form of antivirus software! You should keep any antivirus software (and your operating system) regularly updated with the latest security patches.
- Use strong passwords: Don’t just use “password” or the name of your pet: use a password that nobody would guess, and don’t leave it on a post-it note that anyone can find either.
- Be careful with opening email attachments: Email attachments from unknown senders can often contain malware, so it is best to steer clear.
- Avoid using unsecured networks: Using unsecured Wi-Fi networks can leave your device open to all kinds of cyberattacks. If you absolutely have to use one of these networks, consider using a VPN.
Taking all these steps is vital for anyone who uses a computer or Internet-capable device. If you are a business owner, you will also need to make sure that every member of staff does the same!
Cyber security certifications
An effective way of keeping your business’ cyber security impenetrable is by hiring a skilled Data Protection Officer who is qualified in cybersecurity. There are plenty of cyber security certifications available out there, and a trained DPO can design and implement a strong company security policy for every employee to follow. As well as cyber security certifications, regular security audits of all software, devices, and processes used by the company are also highly recommended.
The world of cyber security can seem baffling, and there is a lot that you can learn about it! For most people, following the basics is what is needed, but if you are interested in learning more, online cyber security certifications can help you become even more confident that you are safe from any threats.
