What Is cyber security? What you need to know
April 28, 2022
Cyber security is the state or process of protecting and recovering networks, devices, and programs from any type of cyberattack.
Cyberattacks are an evolving danger to organizations, employees, and consumers. These attacks may be designed to access or destroy sensitive data or extort money. They can, in effect, destroy businesses and damage your financial and personal lives — especially if you’re the victim of identity theft.
Cyberattacks also are on the rise. According to an Identity Theft Resource Center (ITRC) 2021 annual data breach report, there was a 68 percent increase in reported U.S. data compromises from 2020 to 2021. Moreover, breaches related to cyberattacks represented more attacks than all other forms.
What’s your best defense? A strong cyber security system has multiple layers of protection that are spread across computers, devices, networks, and programs. This guide can help you decide if you need one of the cyber security plans offered by companies, and which kind may be right for you.
However, a strong cyber security system doesn’t rely solely on cyber defense technology; it also relies on people like you making smart cyber defense choices. The good news is that you don’t need to be a cyber security specialist to understand and practice good cyber defense tactics. This article can help.
In this article, you’ll learn about:
- cyber security and what it entails
- different types of cyber security
- three categories of cyber threats
- how to recognize, avoid, and defend yourself against cyber threats
- Key steps you can take to boost your cyber security
- what to consider when choosing a cyber security plan
- cyber security FAQs
Cyber security vs. computer security vs. IT security
Cyber security is the practice of defending your electronic systems, networks, computers, mobile devices, programs, and data from malicious digital attacks. Cybercriminals can deploy a variety of attacks against individual victims or businesses that can include accessing, changing, or deleting sensitive data; extorting payment; or interfering with business processes.
How is cyber security achieved? An umbrella of cyber security can be attained through an infrastructure that’s divided into three key components: IT security, cyber security, and computer security.
- Information technology (IT) security, also known as electronic information security or InfoSec, is the protection of data — both where it is stored and while it’s moving through a network. While cyber security only protects digital data, IT security protects both digital and physical data — essentially data in any form — from unauthorized access, use, change, disclosure, deletion, or other forms of malicious intent from intruders.
- Cyber security is a subset of IT security. While IT security protects both physical and digital data, cyber security protects the digital data on your networks, computers, and devices from unauthorized access, attack, and destruction.
- Network security, or computer security, is a subset of cyber security. This type of security uses hardware and software to protect any data that’s sent through your computer and other devices to the network. Network security serves to protect the IT infrastructure and guard against information being intercepted and changed or stolen by cybercriminals. Examples of network security include the implementation of two-factor authentication (2FA) and new, strong passwords.
Additional types of cyber security
Knowing the different types of cyber security is critical for ensuring better overall protection. In addition to the three primary types of cyber security mentioned above, there are five other kinds of cyber security that you should know.
- Critical infrastructure security consists of cyber-physical systems such as electricity grid and water purification systems.
- Application security uses software and hardware to defend against external threats that may present themselves in an application’s development stage. Examples of application security include antivirus programs, firewalls, and encryption.
- Cloud security is a software-based tool that protects and monitors your data in the cloud to help eliminate the risks associated with on-premises attacks.
- Data loss prevention consists of developing policies and processes for handling and preventing the loss of data, along with developing recovery policies in the event of a cyber security breach. This includes setting network permissions and policies for data storage.
- End-user education acknowledges that cyber security systems are only as strong as their potentially weakest links: the people who use them. End-user education involves teaching users to follow best practices like not clicking on unknown links or downloading suspicious attachments in emails — which could let in malware and other forms of malicious software.
Types of cyber threats: 3 categories
There are many types of cyber threats that can attack your devices and networks, but they generally fall into three categories: attacks on confidentiality, integrity, and availability.
- Attacks on confidentiality. These attacks can be designed to steal personally identifiable information (PII) like your Social Security number, along with your bank account, or credit card information. Following these attacks, your information can be sold or traded on the dark web for others to purchase and use.
- Attacks on integrity. These attacks consist of personal or enterprise sabotage and are often called leaks. A cybercriminal will access and release sensitive information for the purposes of exposing the data and influencing the public to lose trust in a person or an organization.
- Attacks on availability. The aim of this type of cyberattack is to block users from accessing their own data until they pay a fee or ransom. Typically, a cybercriminal will infiltrate a network and formerly authorized parties from accessing important data, demanding that a ransom be paid. Companies sometimes pay the ransom and fix the cyber vulnerability afterward so that they can avoid halting business activities.
Here are a few types of cyber threats that fall into the three categories listed above.
Social engineering, a type of attack on confidentiality, is the process of psychologically manipulating people into performing actions or giving away information. Phishing attacks are the most common form of social engineering. Phishing attacks usually come in the form of a deceptive email with the goal of tricking the recipient into giving away personal information.
Advanced persistent threats
Advanced persistent threats (APTs), are a type of attack on integrity where an unauthorized user infiltrates a network undetected and stays in the network for a long time. The intent of an APT is to steal data and not harm the network. APTs often happen in sectors with high-value information, such as national defense, manufacturing, and the finance industry.
Malware, or malicious software, is a type of attack on availability. It refers to software that is designed to gain access to or damage a computer without the knowledge of the owner. Malware can do everything from stealing your login information and using your computer, to sending spam and crashing your computer system. Some of the common types of malware are known as spyware, keyloggers, true viruses, and worms.
Ransomware, another form of malicious software, also is a type of attack on availability. Ransomware is one to keep a close eye on, as these attacks are expected to be the top cause of data compromises by the end of 2022. Ransomware’s goal is to lock and encrypt your computer or device data — essentially holding your files hostage — and then demand a ransom to restore access. A victim typically must pay the ransom within a set amount of time or risk losing access to the information forever. Common types of ransomware include crypto malware, lockers, and scareware.
Scale of cyber security threats
While cyber-defense tactics are evolving, so are cyber security threats as malicious software and other dangers take new forms. It’s smart to remember that cyber security threats don’t discriminate. All individuals and organizations that use networks are potential targets. To help protect yourself against cyberthreats, it’s important to know the three different types of cyber security threats: cybercrime, cyberattacks, and cyberterrorism.
- Cybercrime is committed by one or more individuals who target your system to cause havoc or for financial gain.
- Cyberattacks are often committed for political reasons and may be designed to collect and often distribute your sensitive information.
- Cyberterrorism is designed to breach electronic systems to instill panic and fear in its victims.
Why should you consider cyber security now?
While you seek safety and convenience in your digital life, the bad guys seek vulnerabilities. You may not think you’re vulnerable, but if you own a device that’s connected to the internet, you’re at risk.
Think of it this way. How many devices do you own? Cell phones, computers, tablets, gaming systems, smart thermostats, video doorbells, nursery monitors, and pet feeders may be just the beginning. As more and more smart products are created, the list will keep growing.
Indeed, the same devices that can make your life more convenient may make it more vulnerable if they possess sensitive personal information. Think: computer viruses, ransomware, identity theft, and a lot more.
How to help protect against cyber security attacks
There are some key steps that can help boost your cyber safety knowledge.
- Only use trusted sites when providing your personal information. A good rule of thumb is to check the URL. If the site includes “https://,” then it’s a secure site. If the URL includes “http://,” — note the missing “s” — avoid entering sensitive information like your credit card data or Social Security number.
- Don’t open email attachments or click on links in emails from unknown sources. One of the most common ways networks and users are exposed to malware and viruses is through emails that are disguised as being sent by someone you trust. An important rule of thumb is to visit the website itself rather than clicking on an email link to a website.
- Always keep your devices updated. Software updates contain important patches to fix security vulnerabilities. Cyber attackers can also target outdated devices which may not be running the most current security software.
- Back up your files regularly for extra protection in the event of a cyber security attacks. If you need to wipe your device clean due to a cyberattack — or have access to your data in the event of a ransomware attack, it will help to have your files stored in a safe, separate place.
Considering a cyber security plan? Do these 6 things first
You may believe that you’re safe, as you are already taking steps to help protect your digital life. You might run a virus-detection program on your computer. Or you might keep an eye on your credit score for signs of identity theft.
What’s different about cyber security? Remember, cyber security is that vast blanket. It can even be an all-in-one package that can help protect against an assortment of threats.
What you do to help protect yourself is a personal decision. It’s smart to know your options.
Cyber security companies are offering consumers cyber security plans — a package of solutions, often for a monthly fee. For instance, a plan might include security protection for your devices and identity theft protection services.
A cyber security plan should offer protection that covers your PC, Mac®, tablet, and mobile devices; a Wi-Fi VPN; identity theft; your home network, and all internet devices.
The next step is deciding if a particular cyber security plan is right for you. The following six considerations can help you decide.
- Take inventory. Take stock of your digital life. How many connected devices do you have? How widely do you share personal information online with companies, friends, or family? Do you feel confident that your digital life is safe?
- Weigh the risks. You probably know there are a lot of ways you can become a victim of identity theft and fraud. What is your tolerance for risk? Where do you think you might be vulnerable? Are you equipped to respond if you become the victim of a data hack or identity theft?
- Check the coverage. Protection comes in different shapes and sizes. What’s included? Which plan is right for you? How much protection do you need to feel safe?
- Do the math. Cyber security plans cover different things. Comprehensive packages typically cost more. But consider how much each part of a protection package would cost if it were purchased separately. That might include things like virus protection, identity theft protection services, and a secure router. Will an integrated package save you money and time?
- Consider convenience. Do-it-yourselfers might thrive on complexity. Do you? Consider the effort it takes to research products, to purchase and connect devices, and then get them all to work together. A cyber security plan might be a simpler solution. How valuable is that to you?
- Find out what to expect after you buy. No one can guarantee cyber security. But if something goes wrong, it’s nice to know someone will be there to help you. Before you buy, check out what kind of support is included in a cyber security plan. Will you be able to call a customer service rep?
Cyber security vs. cyber insecurity
The bottom line? You want to feel your information is secure and protected. That’s the idea behind cyber security. It’s a way to help protect your digital life at home and across your connected devices.
Consider the amount of cyber insecurity in the world — hacks, breaches, viruses, ransomware, identity theft.
Cyber security for consumers brings cyber threats down to a personal level. It’s all about your and your family’s data, identities, and your home network — and someone to stand behind you if you’re ever a victim.
Cyber security is constantly evolving, which can make it difficult to stay up to date. Staying informed and being cautious online are two of the best ways to help protect yourself, your networks and devices, and your business.
Frequently asked questions about cyber security
What is cyber security?
Cyber security is the state or process of protecting and recovering networks, devices, and programs from any type of cyberattack.
How does cyber security work?
Cyber security can be attained through an infrastructure that’s divided into three key components: IT security, cyber security, and computer security.
What are the different types of cyber security?
The different types of cyber security include critical infrastructure security, network security, application security, information security, cloud security, data loss prevention, and end-user education.
What are the different types of cyber threats?
There are many kinds of cyber threats that can attack your devices and networks, but they generally fall into three categories: attacks on confidentiality, integrity, and availability.
How can I protect myself against a cyber security attack?
One of the most important ways to help protect yourself is by becoming cyber security savvy. This means doing things like keeping your devices updated, guarding your personal information, and not opening unsecure things like email attachments from unknown sources.
What does a cyber security plan cover, and do I need one?
Cyber security plans can offer an umbrella of extra protection such as Wi-Fi VPN security and identity theft protection.
The takeaway? Cyberattacks are constantly evolving, and the result of their reach can be devastating. Putting the steps in place to help ensure your own cyber security is critical. Your best defense is an up-to-date cyber security system that is protected by an umbrella of layers, `along with your own cyber savvy actions.
Try Norton 360 FREE 30-Day Trial* - Includes Norton Secure VPN
30 days of FREE* comprehensive antivirus, device security and online privacy with Norton Secure VPN.
Join today. Cancel anytime.
Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.
Copyright © 2022 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.
No one can prevent all identity theft or cybercrime. Not all products, services and features are available on all devices or operating systems. System requirement information on norton.com.
*Important Subscription, Pricing and Offer Details:
- The price quoted today may include an introductory offer. After that, your membership will automatically renew and be billed at the applicable monthly or annual renewal price found here.
- You can cancel your subscription at my.norton.com or by contacting Member Services & Support. For more details, please visit the Refund Policy.
- Your subscription may include product, service and /or protection updates and features may be added, modified or removed subject to the acceptance of the Customer Agreement.
The number of supported devices allowed under your plan are primarily for personal or household use only. Not for commercial use. If you have issues adding a device, please contact Member Services & Support.
§ Dark Web Monitoring in Norton 360 plans defaults to monitor your email address only. Please login to the portal to review if you can add additional information for monitoring purposes.