What Is Cybersecurity, And What Does It Involve? Par :Alana Walker April 28, 2023 Updated July 23, 2024 Estimated reading time: 7 minutes. Cybercrime used to be a pretty low-level, easy-to-spot phishing scam. Chances are the down-on-his-luck prince from a faraway country isn't who he says he is and just wants to take your $500. Nowadays, cybercriminals are more sophisticated at breaking through security barriers and splintering and exploiting a system in just over an hour. With more and more data going online and companies storing their information in "the cloud," how do we make sense of it all, and how can we protect ourselves from malicious actors and data breaches? We break down the basics of cyber security, a few ways to protect yourself against attacks, and some career suggestions if you're considering joining this rapidly-expanding job field. Jump to a section Types of cybersecurity The most common types of cyberattacks Recent trends The scale of cybersecurity attacks Common cybersecurity myths Cybersecurity careers What is cybersecurity? At the heart of cybersecurity is protecting networks and digital infrastructures from cyberattacks, ransomware, and hacks. It also involves post-attack analysis to prevent future instances and help companies and individuals better protect themselves against cybercrime. Types of cybersecurity Critical infrastructure security The term 'critical' refers to the protection of networks and systems necessary to the function and safety of a nation, its economy, and public health. Application Security Every application is built on code, and application security protects those original lines from being stolen. It also puts barriers in place to protect the app after deployment. Network security Network security is more extensive in that it refers to any activity done to protect the integrity of a network and its data. It targets various threats and stops them from entering or spreading through a network. It also controls who can access the network. Cloud security More individuals and organizations are storing their information in the cloud. Cloud security protects this cache and the tools and services that make up their infrastructure. Internet of Things (IoT) security IoT security refers to protecting a network and the devices connected to it. It monitors threats by identifying risks while helping to fix vulnerabilities that pop up among the various devices. The most common types of cyberattacks Malware For a malware attack, the software must be installed on the targeted device. This implies that the intended victim has to allow the malware to take effect, so it's essential to remember which types of software to avoid and avoid clicking on unverified links. Ransomware Similar to traditional kidnapping for a ransom, in ransomware attacks, the hackers hold the victim's system hostage until they agree to pay a desired sum to the attacker. Once the payment has been received, the attacker sends instructions telling the victim how to regain control of their system. Usually, the target downloads the ransomware containing code that takes advantage of any system vulnerabilities. Phishing Attacks With phishing, the attacker sends emails that appear to come from a legitimate source to receive confidential information from the target, usually financial data. The name comes from the malicious actor "fishing" for personal information, using their fake appearance as a trusted course as "bait." Social Engineering Social engineering takes phishing to a whole new level. The malicious actor uses information often found on social media channels to trick their victim into handing over sensitive information. The attacker then uses phishing techniques posing as an employer, friend, or familiar company to get the victim to divulge the desired information. Recent trends Cybercrime is on the rise, and those behind attacks are getting more cunning, proving their abilities to adapt to defensive measures. CrowdStrike Intelligence, an agency that monitors the cyberscape and the preparedness of companies to defend against attacks, reported that ransomware affiliates moved to new ransomware-as-a-service (RaaS) operations. More than 2,500 advertisements for access were found in the criminal underground, a 112% increase from 2021. Fortinet, another cybersecurity firm conducted a survey interviewing 500 Operational Technology (OT) professionals and found that 3% of organizations had one or more intrusions in the past year; 78% had three or more. 61% of intrusions impacted OT systems. Their report also found that organizations are moving too slowly to be fully protected against attacks. Only half of the respondents tracked basic security metrics. Cloud exploitation With an increasing number of companies turning to cloud storage, attacks in this area have increased by 95%. CrowdStrike noticed that cloud attackers are moving away from more basic forms of invasion, like deactivating antivirus technologies, to sophisticated methods, like modifying authentication processes. Attackers are becoming more malicious by adding actions like account access removal, data destruction, and service stoppage to their arsenals. Example Falcon OverWatch observed valid credentials used by an unknown adversary to gain access to Windows endpoints via a third-party cloud management tool. The attacker then used PowerShell to download software to the endpoints. Nation-state-related hacking With the ongoing conflict between Russia and Ukraine, CrowdStrike noticed a high level of activity coming from the former, like collecting large swaths of intelligence, information manipulation to influence public opinion, and destructive attacks against government networks. Example On January 14, 2022, before Russia invaded Ukraine, consistent intelligence destruction was carried out against the Ukrainian government to interfere with their systems and instil fear in the Ukrainian people revealing weaknesses in the government's defence systems. Multiple attacks were carried out against financial institutions disrupting citizens' everyday lives and sowing more fear. Some of these attacks were later confirmed to have come from the General Armed Forces of Russia. Hacktivism Hacktivists, or those who release pertinent information to the public for a socially motivated cause, are on the rise and likely to continue increasing, particularly in countries with civil unrest. This is seen most strongly in the Russia/Ukraine war. Data theft and exploitation In 2022, CrowdStrike Intelligence observed a 20% increase in adversaries conducting data theft and extortion campaigns without deploying ransomware. Example Over February and March 2022, a malicious actor conducted data theft and extortion against large tech companies like Microsoft, Nvidia, Okta, and Samsung. The adversary collected source code, employee credentials, and personally identifiable information using the companies' public Telegram channels. Although ransom demands were made, there is no indication that these demands were met, and the adversary slipped under the rug after the involvement of law enforcement. The scale of cybersecurity attacks When cybercriminals hit, they hit hard, usually shutting down whole systems and stealing sensitive information. For example, Eastern European hackers launched ransomware attacks on Colonial Pipeline in May and June of 2021, stopping its entire pipeline and threatening gasoline and jet fuel distribution across the US east coast. The hackers stole 100 gigabytes of data before shutting the computers down with ransomware and demanding payment to the tune of 5 million dollars. Thankfully, most of the money has since been recovered. After news of the attacks broke, people began "panic buying" gasoline in the southwestern United States, leading to shortages. The worst part of the attack? The adversaries were able to gain access to the system by stealing a single password. CEO Joseph Blount told the US Senate Committee that the attack occurred using a VPN that did not have multi-factor authentication in place, a basic security measure that requires confirmation via text. CrowdStrike reports that responding to an attack quickly can minimize the damages and costs that come along with it, following the 1-10-60 rule. Detect threats within the first minute, understand the threats within 10 minutes, and respond in 60 minutes. Responding within this timeframe is crucial as the average time it takes to move within the system after the initial intrusion declined from 98 minutes in 2021 to 84 minutes in 2022. Common cybersecurity myths Cyberattacks aren't just for big business. Individuals can fall prey to online crime because they believe the following myths about cybersecurity. Installing anti-virus is enough Anti-virus software isn't strong enough on its own; it works best when partnered with other measures like VPNs and MFA. Phishing scams are easily spotted Cybercriminals are refining their efforts when it comes to phishing attempts. Using social engineering, fraudsters can more easily find out about you and craft authentic-looking emails. Cyber threats only target large companies This one is big. Although more is gained from attacking a large industry, not all cybercriminals focus their attention there. They'll use any personal information a hacker can get their hands on. Cybersecurity is too complex for me to understand You don't need complicated firewalls and a team of experts to start taking steps toward safer internet usage. Things like keeping your private information secure using a VPN, using multi-factor authentication, changing your passwords often, and not connecting to sensitive sites like online banking over public WiFi are all great! Cybersecurity careers So you think you may want to work in cybersecurity? A quick LinkedIn or Indeed search will bring up thousands of positions. So what can you do with cybersecurity training? We can't guarantee you'll be the next Mr. Robot. Still, you will be helping businesses and individuals keep their information safe, and that's pretty heroic. Cybersecurity Specialist/Technician A Cybersecurity Specialist is an expert in the field of information technology security. You'll work to make sure systems networks are secure from external threats like hackers who want to gain access for malicious intentions. Cybersecurity Incident Analyst/Responder You're the person who investigates once an attack has occurred (although there's more to the job than that). You'll complete post-mortems after an attack to see what went wrong or what vulnerabilities in the system allowed the incident to happen. Once you've documented your findings, it's up to you to implement strategies to prevent further problems. Cybersecurity Analyst Security analysts monitor, prevent and stop attacks on sensitive data. In this role, you can expect to spend your days designing and implementing firewalls and other digital security software systems to protect data and network systems across an organization. Security Researcher Security researchers hold one of the most essential roles in cybersecurity. They design security protocols and study the evolution of unique malware strains that allow other cybersecurity professionals to monitor and detect vulnerabilities in their networks. IT Security Architect Architects provide cybersecurity guidance to IT team members. They also lead team members in putting security procedures and protocols in place and responding to security breaches. Chief Information Security Officer (CISO) As a CISO, you're a senior-level executive responsible for developing and implementing an information security program. This includes policies and systems that protect communications, systems, and assets. Are you ready to start your own cybersecurity career? Our Cybersecurity Program gives you the skills you need to succeed in the long term, teaching you the basics to get your foot in the door and on your way to a limitless future. Start your Cybersecurity Journey Here