What is cyber security?

Cybersecurity is the practice of defending computers, servers, mobile devices, electronic systems, networks and data from malicious attacks. It is also known as information technology security or electronic information security. The term is applied in different contexts, from business to mobile computing, and can be divided into some common categories.

Network security is the practice of protecting a computer network from intruders, whether targeted attackers or opportunistic malware.

Application security focuses on keeping software and devices free from threats. A compromised application could provide access to the data it is meant to protect. Effective security begins at the design stage, long before a program or device is deployed.

Information security protects the integrity and privacy of data, both in storage and in transit.

Operational security includes the processes and decisions to manage and protect data resources. The permissions that users have to access a network and the procedures that determine how and where data can be stored or shared fall into this category.

Disaster recovery and business continuity define how an organization responds to a cybersecurity incident or any other event that causes its operations to stop or data to be lost. Disaster recovery policies dictate how the organization restores its operations and information to return to the same operational capacity as before the event. Business continuity is the plan the organization turns to when it attempts to operate without certain resources.

End-user training addresses the most unpredictable cybersecurity factor: people. If good security practices are breached, anyone can accidentally introduce a virus into an otherwise secure system. Teaching users to delete suspicious email attachments, not to plug in unidentified USB drives and other important lessons is critical to the security of any organization.

The spread of cyber threats

Global cyber threats continue to develop at a rapid pace, with an increasing number of data breaches each year. In a report by RiskBased Security, it was revealed that an alarming 7.9 billion records have been exposed by data breaches in the first nine months of 2019 alone. This is more than double (112%) the number of records exposed in the same period during 2018.

Medical services, retailers and public entities suffered the most breaches, with malicious criminals responsible for the majority of incidents. Some of these sectors are more attractive to cybercriminals as they collect financial and medical data, although all companies using the networks can be targeted to steal customer data from them, conduct corporate espionage or launch attacks on their customers.

With the extent of cyber threats steadily increasing, the International Data Corporation predicts that global spending on cybersecurity solutions will reach a staggering $133.7 billion by 2022. Governments around the world have responded to the growing cyber threats with guidance to help organizations implement effective cybersecurity practices.

In the United States, the National Institute of Standards and Technology (NIST) has created a cybersecurity framework. To counter the proliferation of malicious code and aid in early detection, the framework recommends continuous, real-time monitoring of all electronic resources.

The importance of systems monitoring is reflected in the "10 Steps to Cybersecurity," guidance provided by the UK Government's National Cyber Security Centre. In Australia, the Australian Cyber Security Centre (ACSC) regularly issues guidance on how organizations can counter the latest cybersecurity threats.

Types of cyber threats

The threats facing cybersecurity are threefold:

Cybercrime involves individual actors or groups attacking systems for financial gain or disruption.

Cyber attacks often involve information gathering for political purposes.

Cyberterrorism aims to weaken electronic systems to cause panic or fear.

But how do malicious actors gain control of computer systems? Here are some of the common methods used to threaten cybersecurity:

Malware

"Malware" refers to malicious software. As one of the most common cyber threats, malware is software that a cybercriminal or hacker has created to disrupt or damage a legitimate user's computer. Often spread through an unsolicited email attachment or legitimate-looking download, malware can be used by cybercriminals to make money or to conduct cyberattacks for political purposes.

There are different types of malware, including the following:

Virus: a program capable of reproducing itself, which embeds a clean file and spreads throughout the computer system and infects files with malicious code.

Trojans: a type of malware that masquerades as legitimate software. Cybercriminals trick users into loading Trojans onto their computers, where they cause damage or collect data.

Spyware: a program that secretly records what a user does so that cybercriminals can make use of this information. For example, spyware could capture credit card details.

Ransomware: malware that locks a user's files and data, threatening to delete them unless a ransom is paid.

Adware: advertising software that can be used to spread malware.

Botnets: networks of malware-infected computers that cybercriminals use to perform online tasks without the user's permission.

SQL code injection

A SQL (Structured Query Language) injection is a type of cyberattack used to take control and steal data from a database. Cybercriminals exploit vulnerabilities in data-driven applications to insert malicious code into a database using a malicious SQL statement. This gives them access to sensitive information contained in the database.

Phishing

Phishing is when cybercriminals target victims with emails that appear to be from a legitimate company requesting confidential information. Phishing attacks are often used to induce people to hand over their credit card details and other personal information.

Man-in-the-middle attack

A man-in-the-middle attack is a type of cyber threat in which a cybercriminal intercepts communication between two individuals to steal data. For example, on an unsecured Wi-Fi network, an attacker could intercept data being transmitted from the victim's device and the network.

Denial-of-service attack

A denial-of-service attack is when cybercriminals prevent a computer system from fulfilling legitimate requests by overloading networks and servers with traffic. This renders the system unusable and prevents an organization from performing vital functions.

Latest cyber threats

What are the latest cyber threats that individuals and organizations need to protect against? Here are some of the most recent cyber threats reported by the U.S., Australian and U.K. governments.

Dridex Malware

In December 2019, the U.S. Department of Justice (DoJ) charged the leader of an organized cybercriminal group for their involvement in a global Dridex malware attack. This malicious campaign affected the public, government, infrastructure and businesses around the world.

Dridex is a financial Trojan that has different functionalities. Since 2014, it has been affecting victims and infecting computers through phishing emails or existing malware. It is capable of stealing passwords, banking data and personal data that can be used in fraudulent transactions, and has caused massive financial losses totaling hundreds of millions of dollars.

In response to the Dridex attacks, the UK's National Cyber Security Center advises people to "ensure devices are up to date and anti-virus is enabled and up to date, and files are backed up."

Romance Scams

In February 2020, the FBI warned U.S. citizens to beware of confidence fraud committed by cybercriminals through dating sites, chat rooms and apps. Perpetrators prey on people looking for new partners and trick victims into providing their personal information.

The FBI reports that romance cyberthreats affected 114 New Mexico victims during 2019, whose financial losses totaled $1 600 000.

Emotet Malware

In late 2019, the Australian Cyber Security Centre warned national organizations about the widespread global cyber threat of Emotet malware.

Emotet is a sophisticated Trojan that can steal data and also load other malware. Emotet preys on unsophisticated passwords and is a reminder of the importance of creating a strong password to protect against cyber threats.

End-user protection

End-user protection or endpoint security is a fundamental aspect of cybersecurity. After all, it is often an individual (the end user) who accidentally loads malware or another form of cyber threat onto their desktop, laptop or mobile device.

So how do cybersecurity measures protect end users and systems? First, cybersecurity relies on cryptographic protocols to encrypt emails, files and other critical data. Cybersecurity not only protects information in transit, it also provides protection against loss or theft.

In addition, end-user security software scans computers for malicious code, quarantines this code and removes it from the computer. Security programs can even detect and remove malicious code hidden in the master boot record (MBR) and are designed to encrypt or erase data from the computer's hard drive.

Electronic security protocols also focus on real-time malware detection. Many use heuristic and behavioral analysis to monitor the behavior of a program and its code to defend against viruses or Trojans that can change shape with each execution (polymorphic and metamorphic malware). Security programs can restrict programs that may be malicious in a virtual bubble separate from the user's network to analyze their behavior and learn how to better detect new infections.

Security programs continue to develop new defenses as cybersecurity professionals identify new threats and ways to combat them. To get the most out of end-user security software, employees must learn how to use it. The bottom line is to keep it up and running and update it frequently so it can protect users from the latest cyber threats.

Cybersecurity tips: protect yourself from cyberattacks

How can businesses and individuals protect themselves against cyber threats? Here are our top cybersecurity tips:

Update your software and operating system: this means you will take advantage of the latest security patches.

Use antivirus software: security solutions, such as Kaspersky Total Security, will detect and remove threats. Keep your software up to date for the best level of protection.

Use strong passwords: make sure your passwords are not easy to guess.

Do not open email attachments from unknown senders: they could be infected with malware.

Do not click on links in emails from unknown senders or websites: this is a common way for malware to spread.

Avoid using unsecured Wi-Fi networks in public places: unsecured networks leave you vulnerable to man-in-the-middle attacks.