What is Cyber Security

How often are you online? A dozen or more times a day, most likely. We live in a fast-paced, technology-driven, interconnected world. But there's a downside to the internet that costs people, businesses, and governments billions of dollars each year and can even put lives at risk. 

Data is the new currency, whether personal information, business-confidential, industry-private, or government-classified. Cybercriminals work around the clock to obtain it. There are several types of evolving cyber security threats, and not knowing the when, how, or who of a cyber threat can make protecting yourself or your company a challenge. Let's look at how to identify a threat and best practices for minimizing the risk of a cyber security breach. 

What is Cyber Security?

Cyber security protects critical and sensitive digital information on computer networks from being stolen, altered, or otherwise compromised. Every network system, personal computer, and even smart device that utilizes the internet is a target. And cyber attacks can be orchestrated by anyone, from small-time hackers to foreign governments. 

There are several motivating factors for cyber attacks:

  • Financial gain through selling data

  • Business disruption

  • Disgruntled employees

  • Socio-political or "hacktivism"

  • Espionage

An effective cyber security strategy involves detecting and preventing unauthorized access through an evolving multi-layer approach and creating an immediate and actionable incident response plan to protect and recover sensitive information.

How The Pandemic Impacted Cybersecurity

The COVID-19 pandemic was a huge game changer for cyber security. Pre-pandemic, workers accessed company information via onsite computers on a monitored infrastructure. However, once lockdowns were mandated, workers remotely accessed company infrastructure on unmonitored personal computers and devices and unprotected internet connections. 

Not only did this increase the chances of a data breach, but regular security updates pushed through company computers overnight depended on employees manually downloading and installing them.

Five Common Cyber Security Threats

For decades, protecting your information from threats meant installing computer antivirus software. Times have changed. Systems have become more sophisticated and so too have cybercriminals. The goal is to stop hackers but to do that, cyber security professionals must remain vigilant to new tricks and monitor old favorites.

Phishing

This is the most common type of cyber attack. Hackers pretend to be reputable companies, like Apple, Amazon, your cell phone company, and even your bank, to trick you into clicking on the link so they can steal your passwords, usernames, credit card information, and more.

Malware 

Malware may be the old-school approach, but hackers have refined this method over the years. When you click on a link or attachment, malware software is immediately installed on your computer or device that activates the virus, worm, adware, spyware, or ransomware. Malware can make your computer do anything, giving full access to the hacker, and the user is unaware it's happening. 

Ransomware 

This cyber attack is often reserved for extorting money, where hackers block access to files or whole networks until the ransom is paid. However, payment doesn't guarantee that the business or entity can restore the system or recover lost files. 

Social Engineering 

Hackers use this tactic to get you to give up your personal information by offering services like cleaning your computer or telling you something is wrong with your bank account or credit card access.

Man in the Middle (MITM)

This technique is also an old one, but still often successful; it involves changing a two-party transaction to steal data. The hacker may put up an official-looking wifi network that you use. Once you connect, the hacker installs malware, and it's off to the bank (their bank, of course).

Cyber security is a global issue, and each year the numbers reflect the insidiousness of this crime. Below are some surprising and disturbing quick facts about recent cyber threats:

  1. There are 300,000 malware programs created daily, adding up to more than two million weekly. 

  2. Education and research are the most targeted sectors to date.

  3. 84% of attacks happen through email.

  4. There is a ransomware attack every 11 seconds.

  5. A study found that, on average, 93% of a company's network can be accessed by hackers in two-days time.

Ways to Improve Your Cyber Security

Awareness is the first step to preventing a cyber attack. Luckily, people are beginning to pay attention. According to a poll by The Pearson Institute and The Associated Press-NORC Center for Public Affairs Research in late 2021, nearly 9 out of 10 Americans are at least somewhat concerned about hacks involving identity theft, financial institutions, and government agencies. 

Cyber security should be a daily strategy, constantly updated and tested, rather than a routine approach. Here are some best practices for securing a network. 

  • Keep your software up to date by downloading and installing automatic updates for your operating system.

  • Use strong passwords that are not easy to guess, up to 16 characters long.

  • Multi-factor authentication (MFA) has been effective against threats by requiring at least two ID components, like sending a code to your phone when you log in.

  • Be careful opening unknown or unexpected emails, and always check the sender's email address carefully when major companies contact you asking for information. 

  • Create a culture of awareness, develop educational resources, and train workers on cyber security protection.

What is the CIA Triad?

In the CIA triad, CIA stands for Confidentiality, Integrity, and Availability. 

  • Confidentiality keeps an organization's data private. 

  • Integrity means that data and its sources are authentic and reliable. 

  • Availability means the data should function as it's supposed to. 

The CIA triad is a basis for developing security solutions. When used as a checklist, threats can be monitored and prevented, and weak points in any three areas can be identified and addressed.

Cyber Security vs. Information Security

Cyber security and information security (IS) are terms often used interchangeably, but they have key differences. Cyber security is a subset of information security that deals specifically with protecting electronic information. But not all data storage is digital. 

Like gatekeepers, information security professionals prevent unauthorized access, use, disclosure, and disruption of sensitive data and information, including digital assets, physical database storage units, data centers, and critical infrastructure.

Types Of Information Security

The move to remote work challenged IS professionals. In addition to preventing unauthorized access to physical equipment, cloud-based applications, and network infrastructure, IS professionals also conduct audits, routinely test protections, and develop long-term security solutions. They do this in a few ways:

  • Access Controls - Allow or restrict users according to company rules and confidentiality.

  • Compliance Controls - The IS team manages, assesses, and implements the ever-changing federal protection laws that require changes for data security.

  • Procedural Controls - Identify and minimize risks to physical resources like data centers, develop compliance training and awareness education for workers, and create an incident response plan.

  • Technical Controls - These are the layers of security protection like passwords, multi-factor authentication, antivirus software, firewalls, etc. 

Become A Cybersecurity Professional 

Like many jobs in the technology sector, cyber security is in demand. The U.S. Bureau of Labor predicts the need for cyber security analysts will increase by 33% through 2030. The need for qualified, job-ready workers is outpacing the current job force, with other experts saying 65% growth is needed to defend critical data and sensitive information from cyber-attacks.
You can be trained as a cybersecurity professional in as little as six months. University of Maryland Global Campus Cybersecurity Bootcamp will teach you technical, risk management, data privacy and security, and threat intelligence skills you can apply immediately upon program completion. Reach out to UMGS recruiters today to learn more about the start dates, scholarship opportunities, or curriculum-based questions.

Categories