What Are the Types of Cybersecurity?

by | Aug 17, 2020 | Blogs | 0 comments

What are the Types of Cyber Security?

What would your life look like without your electronics? Could you cope? Probably not. Our mobile devices, computers, and other devices are nearly inseparable from us. Individuals and businesses alike rely on electronics to function and perform daily activities.

With the importance of your devices reaffirmed, how far would you go to protect them and consequently yourself in the process? Many parallels can be drawn from a real-life hostage situation when it comes to cybercrime. If someone was to lock you out of your phone or laptop, that would seriously hamper your work and social life. The more malignant attacks may make you lose everything or expose your personal details to the public domain. Privacy is everything in today’s hyper-connected world.

Attacks rarely have good intentions. Sabotage, extortion, and vendettas are the more driving forces. Even if you are not the primary target, you can still be a cyberattack victim if your hospital, government, employer, or bank gets hit. Why? They hold a lot of your personal information. With that in mind, it is important to learn about the types of cybersecurity threats and the different types of cybersecurity. As always, the best place to start is the start. Let’s talk about cybersecurity.

What is Cybersecurity?

Cybersecurity is the process or practice of ensuring and maintaining the integrity, confidentiality, and availability of data and information. It involves the protection of computers and computer systems, networks, mobile devices, data, and applications (programs) from cyberattacks. As alluded to earlier, these attacks are aimed at interrupting normal business proceedings, obtaining or destroying information, and extortion or ransom.

Cybersecurity effectively involves numerous layers to cover the many entry points that may be chosen. Physical devices, connected networks, and data, for instance, should all be covered.

 

The components of Cybersecurity are:

Processes

This is how you or any organization responds to attacks, whether just attempted or successful. It helps guide on how to identify them, protect yourself against them, recover from them, and prevent them altogether. For organization, this is captured in the ICT Policies and Business Continuity Plan/Process (BCPs).

Technology

Technology is the sword/ shield you wield against cyberattacks. It is part of the processes. These are the various tools you will make use of in mitigating attacks. This can be at the device level, at the network level, or for cloud infrastructure. Antivirus software, firewalls, Intrusion Detection, and Intrusion Prevention Systems (IPS & IDS), and DNS Filters all are examples of technology.

Users

The first two components heavily rely on this one. Users, even with the best-formulated processes and bleeding-edge technology, can easily self-sabotage and make all that moot. The basics are essential: strong and unique passwords, not exposing those passwords, checking email addresses, watching out for fishy attachments, and regular backups. Having a 26-character password is useless if it is written down on a real or virtual sticky note on your real or virtual desktop.

Types of Cybersecurity

Protection against the different types of cybersecurity attacks requires that you know the different types of cybersecurity. The different types often work in tandem to give end-to-end security.

  • Application Security: The use of both software and hardware to ensure that applications are protected from external threats, even when in development. Applications require constant updates to stay up to date with any potential threats. Bugs and loopholes can be exploited to devastating effect.
  • Information Security: InfoSec refers to protecting your data or the data belonging to clients whether stored or in transit. It involves protecting data in any form, digital or otherwise, from (unrestricted) access, manipulation, destruction, or disclosure/ distribution. In short, data availability, privacy, and confidentiality.
  • Operational Security: These are the processes involved when dealing with data security. Handling, access permissions, networking, data transmission, and data storage.
  • Network Security: This all the processes involved in ensuring that the network is protected from unauthorized access and external intrusions. A secure networking infrastructure ensures that the internal network (intranet) remains uncompromised.
  • Endpoint Security: While remote access is a necessary component of workflows and business models nowadays, endpoint security ensures that it does not become a liability. Endpoint devices are ‘easier’ targets especially if the users are not sensitized to the risks and necessary cautionary steps.
  • Identity Management: Issuing rights and system access needs to be a well-document and closely-monitored process. At all times, all user access levels should be monitored and logged, with 2-step security measures employed to prevent impersonator access.
  • Disaster Recovery/ BCP: Business Continuity Plans (BCPs) are policies that stipulate the course of action in the event of an attack and/ or loss of data. This includes setting up off-premise sites for regular backups and to reduce the impact of attacks on business continuity.
  • End-user Education: The strength of a robust cybersecurity system is only as strong as the weakest entry point. Users must be educated on cybersecurity best practices like regular password change, two-factor authentication, and using VPNs when connecting remotely.
  • Infrastructure Security: This covers the physical aspects of computer infrastructure like a well-regulated power delivery system, good physical security, fire extinguishers, and the like.

 

  • Cloud Security: Cloud services are being incorporated into more business models and as such, need to be well configured to prevent any successful attacks.

The Need for Cybersecurity

There is a need to curb the different types of attacks in cybersecurity. Most individuals have access to more than one electronic, the default being a smartphone. Devices outnumber people and offer up millions, if not billions, of targets for attackers.

Individually, the threat may not seem as huge when compared to the reports of large corporations being hit. The fact is that you are just as prone, and it may lead to blackmail, identity theft, the loss of years of memories in digital memorabilia, and the financial implications when your devices are rendered useless.

Attacks on large organizations are more publicized, but even small companies get hit. Data breaches in large corporations expose millions of personal records, which could lead to more attacks. Attacks on hospitals may lead to fatalities as more equipment gets connected to the internet. It is the same case for power plants, who’s outage has rippling effects across multiple industries, including the aforementioned hospitals. Society is highly dependent on continuously functional infrastructure.

A recent Data Breach QuickView report states that between January and September of 2019, a reported 5,183 data breaches exposed 7.9 billion records, with a projected mark of 8.5 billion seen as highly probable. Of the over 5,000 breaches, only six accounted for 3.1 billion of those records between the start of Jul and the end of September.

Findings from the report were that medical services, public bodies, and retailers were the hardest hit. It was also noted that hacking was the most frequent form of attack.

In another report, the First Official Annual Cybercrime Report by Cybersecurity ventures, it was predicted that the global cost brought on by cybercrime will grow from $3 trillion in 2015 to $6 trillion by 2021. By cybercrime, it meant data loss, money loss, productivity loss, loss of intellectual property, fraud, embezzlement, investigation costs, data restoration costs, and loss of reputation with clients. It also predicted that global spending on cybersecurity products and services would surpass a trillion dollars cumulatively from 2017 to 2021.

With the need thoroughly articulated, the (summarized) benefits of embracing cybersecurity are:

  • End-user protection: It is paramount to not disappoint all the users who have trusted you with their data in the name of acquiring your services.
  • Improved client confidence: There is an air of assurance for corporates and organizations that put hold data security in high regard.
  • Business protection: Ensured business continuity at all times without any losses in time or resources.
  • Improved recovery times: A properly laid-out recovery plan ensures that in the event of a cyberattack, the business will recover as fast and as efficiently as possible.
  • Data and network security: Data and internal networks should always remain out of reach to intruders, external or internal, and embracing cybersecurity is one step closer to that.

Types of Cybersecurity Threats

The world is currently data-driven, and all cyber-attacks can be placed into the following categories:

Attack on Data Availability

Remember being virtually held hostage? Attacks in data availability aim to ensure that you are not able to access your data, or that the end-user is unable to. This may be purely malicious and just an attempt to completely disrupt business or more probably to ask for a fee to relinquish access. A lot of organizations have ended up paying attackers so that they can regain access to their data.

Attack on Data Integrity

Integrity can either be of an organization or the data itself. If a rogue student hacks into the school’s database and changes all the grades, the data integrity has been compromised. If an attacker gains access to an organization’s database and leaks all the records online, the integrity of that organization has been severely compromised—especially in the eyes of the people whose data it held.

Attack on Data Confidentiality

Personal information should be private. If anyone, internal or external gains unauthorized access to your information, then its confidentiality has been compromised. This happens a lot on an individual level, even in our homes and places of work.

The attack types that perpetrate these three attacks on data are:

  • Phishing: You have probably been the target of several phishing attempts. Hopefully, they were all unsuccessful. Phishing is sending out fake emails that resemble emails from a genuine source. Your bank will email, asking for your credit card info. Your boss will email, asking for certain credentials or with a fishy attachment. They come in many forms, The trick is to make the email appear as close to genuine as possible, except maybe for one letter in the email address. It is very easy to fall prey to phishing, and it is the most common type of attack.
  • Malware: This is software created to grant unauthorized access to a device/ system or cause predetermined harm to a device. Viruses fall into this group. Malware can be bundled with downloads, cracked software, clicked ads, browser extensions, and, email attachments. Antivirus software may detect and clean malware, but the delivery channels are getting more cunning and may be bypassed.
  • Social Engineering: This is the least technical attack but also arguably the most sophisticated. Social engineering attacks aim to obtain sensitive information from you without you realizing it. You will tell strangers the name of your favorite pet, your mother’s maiden name, and your favorite teacher back in high school. Combined with the other attacks in this list, an attacker can wreak havoc in your life.
  • Ransomware: Ransomware is software that blocks your access to your data or encrypts it such that it is unusable without a decryption key. The aim of this attack is mainly financial compensation, mainly in the form of bitcoin to avoid tracing. There is no guarantee that paying the attacker will get you your data back, but you are probably desperate at that point.
  • Advanced Persistent Threats: An attacker may gain access to a system/ network and remain there undetected and under the radar. This can end in very many different ways.

Mitigation of Cybersecurity Attacks

At this point, the world has embraced technology and the novel challenges that come with it. Knowing the different types of data breaches helps put in place the necessary protective measures. There is a lot to lose but not much to gain, but the goal is to maintain the status quo as pertains to data privacy and business operations. Taking the following steps goes a long way in maintaining it.

  • VA and Pen-tests: Organizations should schedule regular vulnerability assessment and penetration tests to determine how secure the infrastructure truly is. Any discovered loopholes should be documented and patched.
  • DR & BCP: All organizations should have disaster recovery and business continuity plans. This should include switch-over dry-runs to ensure that the personnel is ready at any time to efficiently initiate the move of operations from the primary site to the DR site and that the organization is up and running in no time.
  • User Education and Training: Employees need to be trained on the importance of vigilance when it comes to cybersecurity. Phishing and social engineering should be vividly illustrated.
  • User-rights Management/ IAM: Identity and Access Management helps administrators keep track of who has access to what and under which circumstances. This close control enforces data security and helps easily identify anomalies.
  • Cloud Security: With more and more business going the cloud route, it is important to ensure that your cloud provider is capable of keeping your data completely safe and always available.
  • IDS and IPS: A combination of Intrusion Prevention and Intrusion Detection systems keep intruders at bay while making their intentions known early enough.
  • Regular Backups: Regular backups prevent against data loss, giving you a fall back should anything happen to your primary device.
  • Secure Web Practices: Safe web browsing involves only using secure sites, not clicking on ads and pop-ups, watching what you download, and not answering emails that promise you wealth.
  • Device Updates and Security Patches: Devices updates and security are important in mitigating cybersecurity attacks. They ensure all discovered loopholes are covered.
  • Incident Management: Any cybersecurity incident should be well documented and communicated. This provides a log that proves effective when finding ways to improve on existing cybersecurity controls.
  • Removable Media Controls: Staff may willingly or unwillingly walk malware into the premises and the network via removable media. There need to be strict and well-documented controls that everyone is aware of.

 

While there is a lot on cybersecurity, being aware of the threats is the first step towards mitigating any and all threats. For more information on how you can detect malicious attempts and protect your business’s data in Minnesota contact Asher Security. We are Minnesota’s cyber security experts. Schedule an appointment or give us a call on 952-228-6173. Stay informed, stay safe!

 

Submit a Comment

7 Ways to Improve Your Cybersecurity Reporting to Executives and the Board of Directors

A guide for cybersecurity leaders that will help you gain the reputation of a solid leader, while preventing you from making the mistakes I made when I was projected into reporting. This guilde will equip you and remove the stress and anxiety so that you can be clear and bold in your opportunity to prove you're the right person for the role, and your plan is on track!

You have Successfully Subscribed!