What is cybersecurity and why is it important?

13 min read
Osman

I like to think about the impact that the internet has on humanity. In my free time, I'm wolfing down pasta.

A presumably cyber secure padlock.

As the internet economy broadens, with products and services increasingly shifting to web platforms, it’s more important than ever to safeguard critical information and data from nefarious entities looking to make a quick buck.

In this article, we’ll discuss the definition of cybersecurity, look at why it’s important, and offer some cybersecurity tips and recommendations.

[Keep up with the latest in privacy and security. Sign up for the ExpressVPN blog newsletter.]  

What is cybersecurity?

Cybersecurity refers to the practice of safeguarding internet-connected systems, such as hardware devices, data centers, and software, from malicious actors.

Such actors might aim to extract financial data or steal proprietary information from enterprises, thereby compromising their competitiveness and ruining their corporate image. Others pilfer personally identifiable information (PII) in order to sell it on the dark web or to third-party advertisers. Some of these acts are political in nature, such as when government-sponsored hackers aim to discredit activists, whistleblowers, or political opponents in order to malign their image.

The goal of cybersecurity is to minimize these risks and prevent hackers from carrying out these attacks to both digital and physical assets.

While attackers can certainly penetrate your systems using brute force or malware attacks, there are threats found in hardware, too. For example, an infected USB drive could easily unleash a virus inside your network. In this situation, even the strongest algorithms would be powerless to prevent the virus from wreaking havoc.

Strong cybersecurity systems incorporate multiple layers of protection with ongoing stress tests to identify chinks in the armor.

It’s important to realize that cybersecurity is an evolving field. The overall threat landscape isn’t static by any means; thousands of new vulnerabilities are identified every day, which means cybersecurity professionals must constantly keep up to date and test their systems against new and emerging threats.

Types of cybersecurity

The common types of cybersecurity are as follows:

Application security

The proliferation of cloud-based apps means many organizations almost entirely rely on SaaS (software as a service) products for their respective workflows. What this also means is that said apps store an immense amount of proprietary data about the organization—data that might be eyed by hackers.

Application security focuses on strengthening an app’s internal defenses against any attempts to infiltrate its perimeters and execute a malicious payload. While most of this takes place during the development stage, application security also includes patches, updates, and code audits to update and improve existing defenses.

No application is perfect and 100% secure. Plus, cyber threats evolve quickly and things like zero-day vulnerabilities are a real phenomenon. Humans can make mistakes while writing software. So it is imperative to constantly test for vulnerabilities and fine tune as necessary.

Intrusion detection

The job of an intrusion detection system (IDS) is to identify network activity that might turn hostile. It’s a specific type of software that’s trained to monitor behavior which seems suspicious and out of the ordinary. An IDS will log suspected violations in a centralized security and event management system.

Not all IDS’ are created equal. Some may have more sophisticated functions, such as the ability to quell a detected intrusion. Therefore they can both monitor threats and go on a counter-offensive if needed. Such systems are called intrusion prevention systems (IPS).

An IDS will have its own unique method of raising the alarm and responding to an imminent threat. A network intrusion detection system (NIDS) usually focuses on analyzing incoming network traffic and checking for suspicious deviations. Another IDS, known as the host-based intrusion detection system (HIDS), will keep a watchful eye on important system files to ensure they’re not compromised or under attack.

Regardless of the type of IDS, the tools they use to identify and quash threats can be pooled into two broad categories. The first one is signature-based, which means the IDS will identify a threat based on previously identified malware patterns and instruction sequences. However, signature-based tools aren’t very effective against zero-day vulnerabilities, for which no pattern has been identified.

The second type is known as anomaly-based, which relies on a machine-learning algorithm that creates patterns of trustworthy behavior. This behavior is compared against any new behavior detected in the system. While anomaly-based is more effective against malware and zero-day threats, it is relatively prone to alerting for false positives, i.e., legitimate activity classified as a threat.

Data loss prevention

Data loss prevention (DLP) mechanisms are predetermined processes and tools that ensure sensitive data isn’t accessed by unauthorized users or uploaded to unsecured servers outside the company.

For example, a robust DLP would prevent an employee from forwarding a business email outside of the corporate domain, thereby preventing the exposure of data to an unauthorized entity. Similarly, DLP software can also guard against storing data on third-party cloud servers such as Dropbox and Google Drive.

DLP software is most relevant in regulated industries that deal with high volumes of personal data. It maintains the integrity of the information held by the organization while ensuring compliance with regulatory mandates under HIPAA, GDPR, and more.

A DLP serves a dual purpose of both monitoring and controlling data streams and endpoint activities as well as reporting to meet audit and compliance formalities.

Cloud security

Cloud security refers to a system of safeguards and checks and balances that help protect cloud infrastructure, data, and applications. These consist of policies, controls, procedures, and technologies that work in tandem to prevent unauthorized data exposure, leaks, flimsy access controls, and downtime.

Cloud security is necessary to protect client privacy, ensure adherence to regulatory compliance procedures, safeguard proprietary corporate data, and set access rules for individual users. Robust cloud security mechanisms can keep a watchful eye on the safety and security of systems, identify incoming threats, and respond to a potential intrusion.

Since cloud environments can vary between public, private, and hybrid infrastructures, the exact type of security protocols will deviate too.

End-user training

Nine out of ten corporate cyberattacks are caused by human error or negligence. Therefore, an effective cybersecurity program must involve employee training so that they are aware of the importance of adhering to security best practices and how to identify threats on their devices.

End-user training comes in various forms, such as in-class training, instructional videos, quizzes, and gamification approaches. The goal, however, is to gain awareness of some or all of the following best practices:

Anti-phishing and social engineering: Phishing scams are a common method deployed by hackers to gain access into otherwise well-protected systems. Such scams are successful because they tend to impersonate people whom the targeted users know and trust. Employees trained on how to identify suspicious emails are able to stay clear and, by extension, keep the company secure too.

Password management: Many users don’t go through the trouble of setting strong passwords. What’s more, some may share their passwords with others. An end-user training program should address these matters. The cloud security team can also create password vaults for better moats.

Email management: While most aspects of cloud security focus on incoming emails, the fact is employees send emails too, and often to those outside the corporate network. End-user training should educate employees about the kinds of emails and attachments that should never be forwarded. For example, employees should refrain from sending confidential spreadsheets to their personal email accounts so that they can work on them over the weekend.

VPNs: With the growing prevalence of remote work facilitated by cloud-based apps, employees should be made aware that unsecured public Wi-Fi networks can be compromised by hackers. As such, they should use a VPN if trying to access company servers and resources from remote locations to significantly reduce the possibility of interception.

Software patches and updates: While users often ignore software update notifications on personal devices, promising to get to it later when it’s convenient, the same principle cannot apply in a corporate environment. Your security team should educate users on the importance of updating their devices, especially when a critical patch is received. The security team can take a proactive approach too, by enforcing updates through policies and making it impossible to disable them.

Types of cyberattacks

Now that we’ve discussed some of the common methods organizations take to implement cybersecurity, let’s take a closer look at the ways criminals try to engineer attacks.

Malware

Malicious software, or malware for short, refers to unwanted computer programs that aim to get access to proprietary information, take control of internal systems, or serve advertisements. It’s software that you don’t want on your device, doing things that you haven’t agreed to.

Malware includes, but isn’t limited to, spyware, adware, keyloggers, trojans, and ransomware. They’re used to achieve varying outcomes, from financial extortion to data tracking.

Phishing attacks

Phishing attacks involve tricking users into revealing confidential information, such as log-in details. For example, hackers might try to impersonate a bank you know and trust in an email. Once you click on the link, it directs you to a site looking similar to your banking log in, tricking you into revealing your username, password, 2FA token, or other confidential information.

Phishing attacks commonly exploit human vulnerabilities and can cause havoc even with the presence of robust cybersecurity software. That’s why it’s crucial to train employees to stay wary of this technique.

Advanced persistent threats

An advanced persistent threat (APT) is a highly sophisticated intrusion using a combination of social engineering and hacking techniques to stay undetected in a network for as long as possible in order to steal the maximum amount of data. Advanced persistent threats are usually carried out by nation states, militaries, or sophisticated criminal organizations that have the financial resources and technical nous to bypass defenses and stay under the radar as they carry out their work.

Unlike malware, which uses a broad-based approach to infiltrate devices, APTs are usually directed at a specific, high-value target, mostly in defense manufacturing, financial services, and government agencies. Therefore, they are usually customized to breach the defenses of a specific organization and may incorporate specific code to carry out the dirty work.

The initial breach attempt, however, might be through a malware or social engineering attack, designed to gain access to the system by masquerading as a trusted connection. Once inside, the threat may lie low for a period of time so that cyber defenses aren’t alerted to the possible intrusion. It uses this time to gain a better understanding of the organization’s warning systems and may alter its plan of attack to steal the most data and wreak maximum havoc.

Why is cybersecurity important?

The need to protect data, information, and enterprise applications has increased rapidly over the past few years simply because we’re increasingly reliant on internet-enabled products and services.

The age of physical record keeping and files is well and truly behind us. The modern organization enables its employees to access documents and critical applications through a number of devices and from anywhere with a functional internet connection.

And it’s not just companies that exhibit this trend. Consumers use the internet to log in to their bank accounts, transfer money to one another, and engage in e-commerce transactions. Simply put, we’ve shifted a bulk of our sensitive activity over to the internet and cloud-based applications.

Hackers realize this. They know organizations in almost every sector—including healthcare, finance, law, telecommunications, and real estate—store customer information and sensitive internal data in the cloud. If they were to get access to this data, they could potentially sell it for a profit or extort the company into paying a ransom.

The average cost of cyber breaches swelled by 72% between 2013 and 2018 to 13 million USD, according to an Accenture study. The increase comes because of two factors: a higher propensity for businesses to store their data in the cloud and used cloud-based mission critical apps as well as increasingly sophisticated methods deployed by hackers, causing greater material losses.

Common cybersecurity challenges

Because security risks evolve continually and attack vectors become more sophisticated, it’s necessary for professionals to stay at the top of their game. This is one of the biggest challenges of cybersecurity.

The lack of trained personnel is a major problem, too. According to a 2019 study, the number of unfilled cybersecurity jobs globally stands at over 4 million, up from 2.93 million a year earlier.

According to the report, 51% of cybersecurity professionals find that their organization is at risk of cyberattacks due to a lack of experienced personnel. And the staffing shortage isn’t expected to go away anytime soon: Insufficient dedicated training programs and a small talent pool are significant hurdles that need to be addressed first.

What is cybersecurity: Tips and recommendations

When it comes to ways of improving cybersecurity, there are certain best practices that you can follow.

1. Keep your devices up to date

The existence of zero-day vulnerabilities means that there are threats out there without an existing patch. Thousands of new malware strains are released in the wild every single day, some of which could make their way into your device.

The best way to guard against zero-day threats is to accept automatic updates. Whenever developers see new threats, they’ll ship improved code to quash the bug. By not updating your devices, you’re putting yourself at risk.

2. Avoid clicking on unsafe links and unsolicited emails

We mentioned above that phishing scams are one of the most common ways criminals breach defenses. It’s generally recommended that you thoroughly vet each email that asks you to click on a link or download a specific software.

Even if the email appears to be from someone you know and trust, be sure to double check its authenticity. You can also take it a step further and never click on links in emails, navigating to the site in question using a bookmark instead.

While many email providers will label an email if they believe it to be suspicious, it’s possible that some might evade their filters.

3. Use strong passwords and authentication

One of the worst things you can do is keep a weak password such as “admin,” “password,” or “123456.” And if you don’t change the password that came out of the box, that’s another possible attack vector.

If you don’t want to remember all the passwords for different services, consider using a password manager. If you’re stuck on coming up with a good password, then use a password generator. Enable two-factor authentication whenever possible to add an extra layer of security.

4. Only connect to secure Wi-Fi

While office networks are usually secure, it’s still a good idea to check with your system administrator about the security measures the company has implemented. However, most home Wi-Fi networks don’t come with the same security safeguards, and public Wi-Fi networks such as those in malls and coffee shops are even riskier.

To ensure that there’s always an encrypted connection, make sure to connect to a VPN first. That’ll keep hackers and other intrusive entities at bay.

5. Operate with a safety-first mindset

To improve cybersecurity, you must operate with the assumption that there could be threats anywhere. So while it may seem like a good idea to share pictures of your workspace and meeting rooms on Facebook, you must assume that someone could use that information to spy on you.

At the same time, it’s not recommended that you share any personally identifiable information such as social security numbers or credit card details over email, text messages, or a phone call. Cybercriminals are adept at making websites and impersonating others, so stay guarded at all times.

I like to think about the impact that the internet has on humanity. In my free time, I'm wolfing down pasta.