Cyber Security is the practice of defending networks, systems, and applications from cyberthreats
Digital data and operations are already at the core of most modern organizations, and this trend is only increasing. But with this reliance on computerized systems comes a variety of cyberthreats. These risks may be internal, originating with employees and contractors. They may be external, the result of activity by cybercriminals or even your own customers. They may be deliberate acts of data theft or disruption, or they may simply be caused by human error and negligence.
No matter where or why a cyberthreat originates, it has the potential to be devastating to companies, their employees, and their customers. That’s why it’s important to understand cyber security practices and tactics for effectively defending against hazards in the digital world.
Different types of cyber security
While cyber security often involves digital protective measures, such as antivirus software and user privilege limitations, there are also physical and offline components that can help ensure complete protection against a variety of threats.
Some of the primary types of cyber security include:
• Application security — preventing data and code in business-critical software (both in use and in development) from being stolen or hijacked, such as by addressing risks identified through assessments and encryption
• Information security — protecting physical and digital data from unauthorized access and manipulation, both on-site and through remote systems
• Infrastructure security — ensuring that the structures and facilities you rely on, such as electrical grids and data centers, are access-controlled and guarded against physical harm or disruption
• Network security — securing internal networks against unauthorized access, with tools like remote access management and two-factor authentication (2FA)
• User education — teaching employees and customers best practices for recognizing and avoiding cyberthreats, such as malware and phishing attacks
Examples of cyberthreats
There are many types of cyberthreats — malicious acts that threaten to damage or steal data, or to otherwise disrupt workloads and services. No matter the type or the origin, cyberthreats are a serious hazard to business health and operations. Some of the more common variations include:
• Distributed denial of service (DDoS) attacks
• SQL injection
Malware — shorthand for “malicious software” — is an application that’s intended to cause damage to systems, steal data, gain unauthorized access to networks, or otherwise wreak havoc. Malware infection is the most common type of cyberthreat. While it’s often employed for financial gain, malware is also used as a weapon by nation-states, as a form of protest by hacktivists, or to test the security posture of a system.
Malware is a collective term and refers to a number of malicious software variants, including:
• Viruses — the most distributed form of malware. Much like their biological namesake, viruses attach themselves to clean files, replicate, and spread to other files. They may delete files, force reboots, join machines to a botnet, or enable remote backdoor access to infected systems.
• Worms — similar to viruses, but without the need for a host file. Worms infect systems directly and reside in memory, where they self-replicate and spread to other systems on the network.
• Backdoors — a stealthy method of bypassing normal authentication or encryption. Backdoors are used by attackers to secure remote access to infected systems, or to obtain unauthorized access to privileged information. While many backdoors are strictly malicious, deliberate variants may be built into hardware or operating systems for legitimate purposes — such as restoring access to a user who has forgotten their password.
• Trojans — named for the famous wooden horse from the story of the Trojan War. Trojans may disguise themselves as a legitimate application, or simply hide within one. They discretely open backdoors to give attackers easy access to infected systems, often enabling the loading of other malware.
• Ransomware is also a form of malware, though one that warrants special focus due to its ubiquity. Originally, ransomware was designed to encrypt data and lock victims out of their systems — that is, until they paid their attackers a ransom in order to restore access. Modern ransomware variants tend to take this a step further, with attackers exfiltrating copies of the victim’s data and threatening to release it publicly if their demands are not met. This usually increases the pressure on victims considerably, as stolen data often contains personally-identifiable information (PII) of customers and employees, sensitive financial details, or trade secrets.
• Ransomware distribution campaigns often rely on social engineering techniques such as phishing, tricking users into downloading a dropper that retrieves and installs the payload. More aggressive ransomware variants, such as NotPetya, exploit gaps in security to infect systems without the need for trickery.
• Once on the system, ransomware finds all files of a specific type locally and across the network, encrypting — and often stealing — them. The original files, recovery points, and backups are then deleted to prevent users from restoring the system on their own. Ransomware usually changes the file extension, (e.g. myFile.doc.encrypted) and adds a “help” file, explaining how victims can pay to recover their data.
• Phishing is a common attack technique, and a form of social engineering: the strategy of manipulating people into taking unsafe actions or divulging sensitive information.
• In phishing campaigns, attackers use deceptive communications — email, instant messages, SMS, and websites — to impersonate a trustworthy person or organization, such as a legitimate business or government institution. Taking advantage of users’ trust, attackers trick them into clicking malicious links, downloading malware-laden attachments, or disclosing sensitive personal information.
• A more focused approach is “spear phishing”, in which attackers target a specific individual — or a small group of individuals, such as employees in a specific role at a specific company. These cyberthreats are generally tailored to their target based on insider knowledge or information available on the web (e.g. through social media). As an example, an attack might be directly addressed to the victim and disguised as an email from their direct manager or their company’s IT department. Though they require extra effort to create, spear phishing attacks tend to be quite convincing and are more likely to succeed.
Distributed denial of service (DDoS) attacks
• Distributed denial of service attacks target servers, services, or networks in order to disrupt traffic flow, preventing users from accessing these resources. DDoS attacks are most commonly intended to cause financial or reputational damage to an organization or government body.
• Such attacks often use large networks of malware-infected systems — both computers and IoT devices — that the attacker controls. Individual devices in these networks are commonly referred to as “bots” (or “zombies”), and a collection of them is known as a “botnet”.
• Attackers use these botnets against servers or networks, having each bot send repeated requests to the target’s IP address. This ultimately causes the server or network to become overloaded and unavailable to normal traffic. Remediation is usually difficult, as the bots are legitimate Internet devices — making it hard to separate the attackers from innocuous users.
SQL injection (SQLI)
• Structured Query Language (SQL) is a standard language for building and manipulating databases, often used in web and other servers. SQL injection attacks insert malicious SQL code into a server, manipulating it to display database information that the attacker shouldn’t be authorized to access. This information may include sensitive corporate data, user credentials, and employees’ and customers’ personally identifiable information.
• While SQL injection can be used to attack any SQL-based database, such techniques mainly target websites. A malicious actor could carry out an attack simply by submitting an SQL command into a vulnerable website’s search box, potentially retrieving all of the web app’s user accounts.
The importance of cyber security
Data has become the world’s most valuable resource. It’s at the core of business operations, and data volumes in need of protection are growing at explosive rates. Cyber security is essential to protect the systems that make it possible to generate, manage, store, and transfer data. Today’s organizations face critical challenges with respect to cyber security. Data creation, processing, and storage is increasingly done at the edge, growing operational complexity and making data flows harder to track. Meanwhile, ever-greater computing power and AI are widely accessible, allowing cybercriminals to target businesses more effectively than ever before. These cybercriminals are highly-motivated, driven by the prospect of multi-million-dollar rewards from businesses that often can’t afford not to pay for the restoration of services or the recovery of lost data. Any organization that uses modern technology must contend with the risk of cyberthreats. Taking steps to address this risk is crucial for the health and operational security of businesses. Data breaches and attacks against business services have the potential to cause catastrophic financial and reputational damage, and the unauthorized access of Personally Identifiable Information can have severe impacts on the lives of employees and customers.