What is Cybersecurity and Why is It Important?

by Nicholas Patterson

Cybersecurity is all about keeping computer systems and electronic data safe. As cybercrime becomes more frequent, cybersecurity practitioners are increasingly needed to protect people, organizations and their information.

In recent years, headlines about cybersecurity have become increasingly common. Thieves steal customer social security numbers from corporations’ computer systems. Unscrupulous hackers grab passwords and personal information from social media sites or pluck company secrets from the cloud. For companies of all sizes, keeping information safe is a growing concern.

That’s where cybersecurity comes in.

What is Cybersecurity in Simple Words?

Cybersecurity consists of all the technologies and practices that keep computer systems and electronic data safe. And, in a world where more and more of our business and social lives are online, there are many types of cybersecurity roles to consider.

“Cybersecurity aims to protect devices, networks, software and data from external cyberthreats,” said Rodney Royster, a cybersecurity adjunct instructor at Southern New Hampshire University (SNHU) with more than 20 years of information security experience in both the federal and private sectors. “This (protection) is accomplished with the use of practices and tools that can mitigate or reduce the impact of these threats.”

Then What is Information Security?

Information security and cybersecurity are often confused. “These two terms are closely related and cross into one another along the way,” Royster said. While you may find them used interchangeably, there are some key differences.

Information security is broader, according to Royster, and it considers encryption, endpoint security and physical security. “(It) ensures the overall protection of data, including its confidentiality, integrity and availability, across various environments,” Royster said.

Everything is connected by computers and the internet, including communication, entertainment, transportation, shopping, medicine and more. A copious amount of personal information is stored among these various services and apps, which is why both cybersecurity and information security are critical.

Why is Cybersecurity So Important?

Getting hacked isn’t just a direct threat to the confidential data companies need. It can also ruin their relationships with customers and even place them in significant legal jeopardy. With new technology, from self-driving cars to internet-enabled home security systems, the dangers of cybercrime become even more serious.

So, it’s no wonder that international research and advisory firm Gartner predicts worldwide security spending will hit $184 billion in 2024. Gartner also predicts the market will reach $294 billion by 2028.

“Most businesses, whether they’re large or small, will have an online presence,” said Jonathan Kamyck, a senior associate dean of STEM programs at SNHU and former information security officer. “Some of the things you would do in the old days with a phone call or face-to-face now happen through email or teleconference, and that introduces lots of complicated questions with regard to information.”

These days, the need to protect confidential information is a pressing concern at the highest levels of government and industry. State secrets can be stolen from the other side of the world. Companies whose whole business models depend on control of customer data can find their databases compromised. In just one high-profile 2017 case, personal information for 147 million people was compromised in a breach of a credit reporting company, according to the Federal Trade Commission (FTC).

What Are Cyberattacks?

A cyberattack is a malicious effort to access computer systems without authorization with the intent to steal, expose, modify, disable or eradicate information, according to International Business Machines (IBM).

There could be many reasons behind a cyberattack, according to Royster, including political motivations or revenge. “But I believe the main one is financial gain because an attacker could gain a tremendous amount of money during these attacks,” he said.

What Are Some Types of Cyberattacks and Threats?

Cyberattacks can be carried out in a variety of ways. Three of the most common types Royster sees include phishing, ransomware and social engineering.

Phishing

“Phishing is a type of cyberattack where victims are lured or tricked into something malicious,” Royster said.

He said these attacks often involve fraudulent links and can be done through a variety of channels, such as email, text, social media and websites. The goal of the attack may be for a victim to download viruses or malware (short for malicious software) onto their devices.

Ransomware

Ransomware involves the encryption of an individual or organization’s data through malware, according to Royster, which restricts access to their own files, systems or networks.

“It is called ransomware because the attacker will request a ransom in order for the company to get their data back,” he said. Even riskier, paying the ransom does not necessarily mean you’ll get your data back.

According to security organization Astra, ransomware attacks have increased 13% in the last five years, with an average cost of $1.85 million per incident. In addition, 13% of small and medium businesses reported a ransomware attack in the past year, with 24% of respondents reporting at least one attack ever, according to security software provider Datto

Social Engineering

Social engineering often involves impersonation. “(It) is an attack to retrieve sensitive information by deceiving users,” Royster said. “This could be by an attacker calling you on the phone, pretending to be someone else, such as an IT person from your mobile company, wanting your password.”

Who is Behind Cyberattacks?

Attacks against enterprises can come from a variety of sources, such as criminal organizations, state actors and private persons, according to IBM. An easy way to classify these attacks is by outsider versus insider threats.

Outsider or external threats include organized criminals, professional hackers and amateur hackers, IBM reported.

Insider threats are typically those who have authorized access to a company’s assets and abuse them deliberately or accidentally, according to IBM, and these threats include employees who are careless of security procedures, disgruntled current or former employees, and business partners or clients with system access.

Developing Cyber Awareness

With so many types of cyberthreats and attackers, it’s important for individuals and organizations to take security measures to protect themselves and their data.

“One concept I like is the ‘defense in depth’ method where you are applying multiple layers of security in order to protect your assets from attackers,” Royster said. Just as you might take multiple precautions to protect your physical valuables, you can use security tools to protect yourself in the cyber world, according to Royster.

Some of these tools include:

1. Antivirus software

2. Encryption

3. Firewalls

4. Intrusion detection systems (IDS)

5. Intrusion prevention systems (IPS)

You can also take preventative measures by creating strong passwords with a variety of upper and lowercase letters, characters and numbers. “Along with this, you should regularly change your password every 60 to 90 days, use multi-factoring authentication and use an antivirus product,” Royster said.

And if you do find yourself a victim of a cybercrime, report it. Royster said you can report a variety of concerns through the FTC, including:

1. Fraud

2. Identity theft

3. Ransomware

4. Unwanted phone calls

There are also many resources relating to cybersecurity awareness readily available on the Cybersecurity and Infrastructure Security Agency (CISA) government website based on your needs.

What Are the Types of Cybersecurity?

Here are some common types of cybersecurity available:

1. Cloud Security: Cloud security encompasses the collection of technologies and strategies designed to protect business security from both internal and external sources while balancing productivity and security, according to IBM.

2. Infrastructure Security: Critical infrastructure security describes the physical and cyber systems that are so vital to society that their incapacity would have a debilitating impact on our physical, economic or public health and safety, according to CISA.

3. Internet of Things (IoT) Security: IoT is the concept of connecting any device to the internet and other connected devices. The IoT is a network of connected things and people, all of which share data about the way they are used and their environments, reports IBM. These devices include appliances, sensors, televisions, routers, printers and countless other home network devices.

4. Network Security: Network security is the protection of network infrastructure from unauthorized access, abuse or theft, according to CISCO, and these security systems involve creating a secure infrastructure for devices, applications and users to work together.