What Is Cyber security? What you need to know

Cyber security is the state or process of protecting and recovering networks, devices, and programs from any type of cyberattack.

Cyberattacks are an evolving danger to organizations, employees, and consumers. These attacks may be designed to access or destroy sensitive data or extort money.  They can, in effect, destroy businesses and damage your financial and personal lives —  especially if you’re the victim of identity theft.

Cyberattacks also are on the rise. According to an Identity Theft Resource Center (ITRC)  2021 annual data breach report, there was a 68 percent increase in reported  U.S. data compromises from 2020 to 2021. Moreover, breaches related to cyberattacks  represented more attacks than all other forms.

What’s your best defense? A strong cyber security system has multiple layers of  protection that are spread across computers, devices, networks, and programs. This  guide can help you decide if you need one of the cyber security plans offered by  companies, and which kind may be right for you.

However, a strong cyber security system doesn’t rely solely on cyber defense  technology; it also relies on people like you making smart cyber defense choices. The  good news is that you don’t need to be a cyber security specialist to understand and  practice good cyber defense tactics.

Cyber security vs. computer security vs. IT security

Cyber security is the practice of defending your electronic systems, networks, computers, mobile devices, programs, and data from malicious digital attacks.  Cybercriminals can deploy a variety of attacks against individual victims or businesses  that can include accessing, changing, or deleting sensitive data; extorting payment; or  interfering with business processes.

How is cyber security achieved? An umbrella of cyber security can be attained through an infrastructure that’s divided into three key components: IT security, cyber security, and computer security.

• Information technology (IT) security, also known as electronic information  security or InfoSec, is the protection of data — both where it is stored and  while it’s moving through a network. While cyber security only protects digital  data, IT security protects both digital and physical data — essentially data in  any form — from unauthorized access, use, change, disclosure, deletion, or  other forms of malicious intent from intruders.
• Cyber security is a subset of IT security. While IT security protects both physical  and digital data, cyber security protects the digital data on your networks,  computers, and devices from unauthorized access, attack, and destruction.
• Network security, or computer security, is a subset of cyber security. This type  of security uses hardware and software to protect any data that’s sent through  your computer and other devices to the network. Network security serves to  protect the IT infrastructure and guard against information being intercepted  and changed or stolen by cybercriminals. Examples of network security include the implementation of two-factor authentication (2FA) and new, strong  passwords.

Additional types of cyber security

Knowing the different types of cyber security is critical for ensuring better overall  protection. In addition to the three primary types of cyber security mentioned above,  there are five other kinds of cyber security that you should know.

• Critical infrastructure security consists of cyber-physical systems such as  electricity grid and water purification systems.
• Application security uses software and hardware to defend against external  threats that may present themselves in an application’s development stage.  Examples of application security include antivirus programs, firewalls, and  encryption.
• Cloud security is a software-based tool that protects and monitors your data in  the cloud to help eliminate the risks associated with on-premises attacks.
• Data loss prevention consists of developing policies and processes for handling  and preventing the loss of data, along with developing recovery policies in the  event of a cyber security breach. This includes setting network permissions and policies for data storage.
• End-user education acknowledges that cyber security systems are only as  strong as their potentially weakest links: the people who use them. End-user  education involves teaching users to follow best practices like not clicking on  unknown links or downloading suspicious attachments in emails — which  could let in malware and other forms of malicious software.

Types of cyber threats: 3 categories

There are many types of cyber threats that can attack your devices and networks, but  they generally fall into three categories: attacks on confidentiality, integrity, and availability.

• Attacks on confidentiality. These attacks can be designed to steal personally identifiable information (PII) like your Social Security number, along  with your bank account, or credit card information. Following these attacks,  your information can be sold or traded on the dark web for others to purchase and use.
• Attacks on integrity. These attacks consist of personal or enterprise sabotage  and are often called leaks. A cybercriminal will access and release sensitive information for the purposes of exposing the data and influencing the  public to lose trust in a person or an organization.
• Attacks on availability. The aim of this type of cyberattack is to block users from accessing their own data until they pay a fee or ransom. Typically, a  cybercriminal will infiltrate a network and formerly authorized parties from accessing important data, demanding that a ransom be paid. Companies  sometimes pay the ransom and fix the cyber vulnerability afterward so that  they can avoid halting business activities.