ANS Blog

What Is Cybersecurity?

December 14, 2018 in Cyber Response Plan

What Is Cybersecurity?

Cybersecurity is the practice of protecting systems, networks, and programs from attacks; typically referred to as “cyberattacks.” The goal of a cyberattack is usually to access, remove or destroy sensitive information, extort money, or interrupt business operations. Cybersecurity is sometimes also referred to as information technology security.

Why Cybersecurity Is Important

Cybersecurity threats adversely affect us all. All people. All businesses in all industries, regardless of size. All government entities. In a highly interconnected world, where there are more devices than people, the opportunities for data theft and other forms of cybercrime are growing and attackers are becoming more sophisticated and innovative.  

When you consider how digital information now supports almost every aspect of our lives, you realize that protecting it is essential to keeping our society functioning.  On a personal level, a cybersecurity attack can result in anything from identity theft, to extortion, to the loss of important data like family photos. On a business level, an attack can result in bank fraud, exposure of personnel and customer information, or the theft of intellectual property or other assets. A cybersecurity attack on our government could mean the compromise and/or disabling of critical infrastructure like power plants, internet access and public safety, theft of military secrets, or the disruption of political processes.

What Cybersecurity is All About

Cybersecurity is all about building defenses against cybercrime. But, it’s important to realize that cybercrime is not one thing—it’s actually many different things. So, defending against it requires an understanding of the various shapes and forms it comes in as well as the risks each form poses.  Below are some of the most common types of cyber threats:

Social engineering is the process of psychologically manipulating people into performing actions or giving away information. Phishing attacks are the most common form of social engineering. They’re attacks that usually come in the form of a deceptive email that tricks the user into giving away sensitive or confidential information or downloading malware that provides access to your computer and other network resources.

Malware is a broad term used to describe a type of malicious software designed to gain unauthorized access or to cause damage to a computer. Ransomware is a type of malware that is designed to extort money by blocking access to files or the computer system until the ransom is paid. Paying the ransom does not guarantee that the files will be recovered or the system restored. Viruses, worms, trojans, and spyware are other common types of malware.

APTs (Advanced Persistent Threats) are where a cybercriminal infiltrates a network (via a malware or other method) and stays undetected within the network for an extended of time. The intent of an APT is to steal data and not harm the network. APTs happen most often in industries with high-value information, such as financial services, manufacturing and national defense.

Vulnerability exploits occur when cybercriminals identify new vulnerabilities in systems or applications to misuse/abuse. Using automated attack methods, cybercriminals target organizations that use outdated (unpatched) software—which can be an application, OS, or firmware—then take advantage of vulnerabilities to bring entire systems down. A zero-day exploit can occur when a vulnerability is made public before a patch or solution has been rolled out by the developer. 

DoS (denial-of-service) attacks attempt to disrupt normal web traffic and take a site offline by flooding a system, server or network with more requests than it can handle.

MITM (man-in-the-middle) attacks occur when a hacker inserts themselves between the communications of a client (device) and a server. MITM attacks often happen when a user logs on to an insecure public Wi-Fi network. Attackers are able to insert themselves between a visitor’s device and the network. The user will then unknowingly pass information through the attacker.

How to Effectively Address Cybersecurity

A successful approach to cybersecurity includes multiple layers of protection that are spread across an entire organization. This means an effective defense against cyberattacks will incorporate people, processes, and technology. Users need to understand and comply with basic data security principles like choosing strong passwords, how to spot and respond to suspicious emails, and why not to plug in an unidentified USB drive. At the same time, organizations need to have a security framework and enforce policies for dealing with data and systems security. Employing next-generation technology solutions is also important in order to provide the security tools needed to defend against cyberattacks. In the event of a successful attack, there is no substitute for having a plan in place to respond to threats, restore operations, and re-establish an organization’s good name.

The most difficult challenge in cyber security is the ever-evolving nature of security risks themselves. The traditional approach taken by both the private and public sectors has focused a large portion of resources on perimeter security to protect the most critical system components and defend against known threats.

Today, that approach isn’t enough because the threats advance and change more quickly than organizations can keep up with. This means keeping pace with cybersecurity strategy and operations is becoming a bigger and more dangerous issue. As a result, industry advisory organizations like the NIST and National Cyber Security Alliance promote more proactive approaches to cybersecurity. They recommend the use of an integrated, automated Next-Generation Security Program, like the one offered by Advanced Network Systems, that’s built on a platform that provides consistent, prevention-based protection. Our Managed Security Services Program includes continuous, real-time monitoring of all network resources, data correlation, expert threat intelligence, real-time assessments and incident notification. By focusing on detection and prevention, our program helps organizations drastically reduce the impact of cyberthreats on their network, and reduce their overall cybersecurity risk to a manageable degree.