Cybersecurity

What is Cybersecurity?

Cybersecurity is the practice of protecting computing devices and networks from external threats. For purposes of this article, “cybersecurity” refers to practices that IT and security professionals use to protect the systems they’re in charge of, or whole groups of employees. The related term “security” is more general, and can also refer to practices an individual might take to stay safe online or a business might use to secure the buildings they use.

What are cybersecurity threats?

Devices and networks connected to the Internet are constantly under threat from malicious entities. These intruders range from small-time solo hackers, all the way up to national intelligence agencies. Their goals vary widely, but they can be grouped into several common categories:

• To collect private information. There are many types of private information, all of which may be the target of hackers—passwords, credit card numbers, messages, legal documents, and so on. A hacker could steal someone’s personal messages and then extort the person, or publish the messages to harm the person’s reputation. They might do the same with a company’s trade secrets. Intelligence agencies try to steal secrets from rival agencies, and monitor people and groups they consider of interest or dangerous.
• Financial gain. The most straightforward example of hacking for financial gain is to simply steal money by breaking into a bank account. Another example is ransomware: malicious software that encrypts your device, basically “locking” it and rendering it unusable; the ransomware operator will offer to decrypt (or “unlock”) your device in exchange for payment. Other less complicated attacks use spam to trick users acting as customer support so the victim will pay the hacker.
• Disruption. A common example of this category is denial-of-service (DoS) attacks: flooding a website with traffic, which overwhelms and crashes the site for all users. The attacker doesn’t necessarily gain anything; their aim may simply be to create chaos or gain credibility within underground hacking communities.

Broadly, there are two methods by which hackers try to accomplish these goals:

• By exploiting flaws in software and software configuration. For example, a hacker might be able to exploit a bug in an email app to install malware on someone’s device via sending them a malicious email attachment. The malware can then give the hacker access to the person’s device.
• By manipulating people into doing things they shouldn’t. This is often called “social engineering,” and it can involve trickery, threats, or bribery. For example, a hacker might try to steal a company employee’s password by calling them, impersonating a company tech support worker, and directly asking the employee for their password.

Why is cybersecurity important?

The data that a company or person holds can be a highly valuable asset for them, and a valuable target for intruders. Often, a company’s data includes the personal information of its users or customers, and those people are indirectly at risk from security breaches that allow an intruder to steal or destroy that data.

If users’ or customers’ data is compromised in a breach, they may be harmed too: Their private information may be exposed, including private messages, passwords, or credit card numbers. In modern society, everyone bears this risk: It’s virtually impossible to go through life without your personal information being held in electronic form somewhere.

Poor cybersecurity can expose a company to financial and, more recently, legal risk. If they suffer a breach that gets publicized, their reputation may suffer and they may lose business (which is why some companies may try to hide a breach). If the company’s trade secrets or other confidential information is exposed, their business may suffer. They may be held liable under laws or regulations, depending on where they operate.

What are cybersecurity practices?

• Configuring the organization’s networks and IT infrastructure appropriately. This can include restricting the available ways to access the networks from inside and outside the organization (such as with a VPN), and installing intrusion detection systems.
• Keeping all software up to date to ensure security fixes are applied as soon as they’re available.
• Making sure data is stored securely. This includes ensuring that data is encrypted, restricting access so that employees can only access the data they need for their jobs, and ensuring that all access is logged.
• Responding to possible breaches by assessing what happened, repairing damage, and taking steps to prevent a similar breach from happening again. Organizations may also work with authorities or external companies to try to determine who was responsible for the breach.
• Working with external security firms to evaluate the organization’s cybersecurity. This often includes “penetration tests,” in which the external firm acts like an intruder, attempts to break into the organization’s systems, and helps the organization fix any problems they find.
• Educating employees on best practices for security, and setting policies to make sure those best practices are followed. This can include rules on choosing longer passwords, using multi-factor authentication, identifying and avoiding phishing attempts, and keeping software up to date.