What Is cyber security? What you need to know


Cyber security is the state or process of protecting and recovering networks, devices and programs from any type of cyberattack. Learn more.

Cyber security is the state or process of protecting and recovering networks, devices, and programs from any type of cyberattack.

Cyberattacks are an evolving danger to organizations, employees, and consumers. These attacks may be designed to access or destroy sensitive data or extort money.  They can, in effect, destroy businesses and damage your financial and personal lives —  especially if you’re the victim of identity theft.

Cyberattacks also are on the rise. According to an Identity Theft Resource Center (ITRC)  2021 annual data breach report, there was a 68 percent increase in reported  U.S. data compromises from 2020 to 2021. Moreover, breaches related to cyberattacks  represented more attacks than all other forms.

What’s your best defense? A strong cyber security system has multiple layers of  protection that are spread across computers, devices, networks, and programs. This  guide can help you decide if you need one of the cyber security plans offered by  companies, and which kind may be right for you.

However, a strong cyber security system doesn’t rely solely on cyber defense  technology; it also relies on people like you making smart cyber defense choices. The  good news is that you don’t need to be a cyber security specialist to understand and  practice good cyber defense tactics. This article can help.

In this article, you’ll learn about:

  • cyber security and what it entails
  • different types of cyber security
  • three categories of cyber threats
  • how to recognize, avoid, and defend yourself against cyber threats
  • Key steps you can take to boost your cyber security
  • what to consider when choosing a cyber security plan
  • cyber security FAQs

Cyber security vs. computer security vs. IT security

Cyber security is the practice of defending your electronic systems, networks, computers, mobile devices, programs, and data from malicious digital attacks.  Cybercriminals can deploy a variety of attacks against individual victims or businesses  that can include accessing, changing, or deleting sensitive data; extorting payment; or  interfering with business processes.

How is cyber security achieved? An umbrella of cyber security can be attained through an infrastructure that’s divided into three key components: IT security, cyber security, and computer security.

  • Information technology (IT) security, also known as electronic information  security or InfoSec, is the protection of data — both where it is stored and  while it’s moving through a network. While cyber security only protects digital  data, IT security protects both digital and physical data — essentially data in  any form — from unauthorized access, use, change, disclosure, deletion, or  other forms of malicious intent from intruders.
  • Cyber security is a subset of IT security. While IT security protects both physical  and digital data, cyber security protects the digital data on your networks,  computers, and devices from unauthorized access, attack, and destruction.
  • Network security, or computer security, is a subset of cyber security. This type  of security uses hardware and software to protect any data that’s sent through  your computer and other devices to the network. Network security serves to  protect the IT infrastructure and guard against information being intercepted  and changed or stolen by cybercriminals. Examples of network security include the implementation of two-factor authentication (2FA) and new, strong  passwords.

Additional types of cyber security

Knowing the different types of cyber security is critical for ensuring better overall  protection. In addition to the three primary types of cyber security mentioned above,  there are five other kinds of cyber security that you should know.

  • Critical infrastructure security consists of cyber-physical systems such as  electricity grid and water purification systems.
  • Application security uses software and hardware to defend against external  threats that may present themselves in an application’s development stage.  Examples of application security include antivirus programs, smart firewalls, and  encryption.        
  • Cloud security is a software-based tool that protects and monitors your data in  the cloud to help eliminate the risks associated with on-premises attacks.
  • Data loss prevention consists of developing policies and processes for handling  and preventing the loss of data, along with developing recovery policies in the  event of a cyber security breach. This includes setting network permissions and policies for data storage.
  • End-user education acknowledges that cyber security systems are only as  strong as their potentially weakest links: the people who use them. End-user  education involves teaching users to follow best practices like not clicking on  unknown links or downloading suspicious attachments in emails — which  could let in malware and other forms of malicious software.

Types of cyber threats: 3 categories

There are many types of cyber threats that can attack your devices and networks, but  they generally fall into three categories: attacks on confidentiality, integrity, and availability.

  • Attacks on confidentiality. These attacks can be designed to steal personally identifiable information (PII) like your Social Security number, along  with your bank account, or credit card information. Following these attacks,  your information can be sold or traded on the dark web for others to purchase and use.
  • Attacks on integrity. These attacks consist of personal or enterprise sabotage  and are often called leaks. A cybercriminal will access and release sensitive information for the purposes of exposing the data and influencing the  public to lose trust in a person or an organization.
  • Attacks on availability. The aim of this type of cyberattack is to block users from accessing their own data until they pay a fee or ransom. Typically, a  cybercriminal will infiltrate a network and formerly authorized parties from accessing important data, demanding that a ransom be paid. Companies  sometimes pay the ransom and fix the cyber vulnerability afterward so that  they can avoid halting business activities. 

Here are a few types of cyber threats that fall into the three categories listed above.

Social engineering

Social engineering, a type of attack on confidentiality, is the process of psychologically  manipulating people into performing actions or giving away information. Phishing attacks are the most common form of social engineering. Phishing attacks  usually come in the form of a deceptive email with the goal of tricking the recipient into giving away personal information.

Advanced persistent threats

Advanced persistent threats (APTs), are a type of attack on integrity where an unauthorized user infiltrates a network undetected and stays in the network for a  long time. The intent of an APT is to steal data and not harm the network. APTs often  happen in sectors with high-value information, such as national defense, manufacturing, and the finance industry.


Malware, or malicious software, is a type of attack on availability. It refers to software that is designed to gain access to or damage a computer without the knowledge of the  owner. Malware can do everything from stealing your login information and using your computer, to sending spam or decompression bombs, and crashing your computer system. Some of the common  types of malware are known as spyware, keyloggers, true viruses, and worms.


Ransomware, another form of malicious software, also is a type of attack on  availability. Ransomware is one to keep a close eye on, as these attacks are expected to be the top cause of data compromises by the end of 2022. Ransomware’s goal is to  lock and encrypt your computer or device data — essentially holding your files  hostage — and then demand a ransom to restore access. A victim typically must pay  the ransom within a set amount of time or risk losing access to the information forever. Common types of ransomware include crypto malware, lockers, and scareware.

Scale of cyber security threats

While cyber-defense tactics are evolving, so are cyber security threats as malicious  software and other dangers take new forms. It’s smart to remember that cyber security threats don’t discriminate. All individuals and organizations that use networks are  potential targets. To help protect yourself against cyberthreats, it’s important to know  the three different types of cyber security threats: cybercrime, cyberattacks, and cyberterrorism.

  • Cybercrime is committed by one or more individuals who target your system to cause havoc or for financial gain.
  • Cyberattacks are often committed for political reasons and may be designed to  collect and often distribute your sensitive information.
  • Cyberterrorism is designed to breach electronic systems to instill panic and fear in its victims. 

Why should you consider cyber security now?

While you seek safety and convenience in your digital life, the bad guys seek  vulnerabilities. You may not think you’re vulnerable, but if you own a device that’s  connected to the internet, you’re at risk.

Think of it this way. How many devices do you own? Cell phones, computers, tablets,  gaming systems, smart thermostats, video doorbells, nursery monitors, and pet  feeders may be just the beginning. As more and more smart products are created, the list will keep growing.

Indeed, the same devices that can make your life more convenient may make it more  vulnerable if they possess sensitive personal information. Think: computer viruses,  ransomware, identity theft, and a lot more.

How to help protect against cyber security attacks

There are some key steps that can help boost your cyber safety knowledge.

  1. Only use trusted sites when providing your personal information. A good rule of thumb is to check the URL. If the site includes “https://,” then it’s a secure site. If the URL includes “http://,” — note the missing “s” — avoid entering sensitive information like your credit card data or Social Security number.
  2. Don’t open email attachments or click on links in emails from unknown  sources. One of the most common ways networks and users are exposed to  malware and viruses is through emails that are disguised as being sent by  someone you trust. An important rule of thumb is to visit the website itself rather than clicking on an email link to a website.
  3. Always keep your devices updated. Software updates contain important  patches to fix security vulnerabilities. Cyber attackers can also target outdated  devices which may not be running the most current security software.
  4. Back up your files regularly for extra protection in the event of a cyber security  attacks. If you need to wipe your device clean due to a cyberattack — or have  access to your data in the event of a ransomware attack, it will help to have  your files stored in a safe, separate place.

Considering a cyber security plan? Do these 6 things first

You may believe that you’re safe, as you are already taking steps to help protect your  digital life. You might run a virus-detection program on your computer. Or you might  keep an eye on your credit score for signs of identity theft.

What’s different about cyber security? Remember, cyber security is that vast blanket. It  can even be an all-in-one package that can help protect against an assortment of  threats.

What you do to help protect yourself is a personal decision. It’s smart to know your options.

Cyber security companies are offering consumers cyber security plans — a package of solutions, often for a monthly fee. For instance, a plan might include security protection for your devices and identity theft protection services.

A cyber security plan should offer protection that covers your PC, Mac®, tablet, and mobile devices; a Wi-Fi VPN; identity theft; your home network, and all internet devices.

The next step is deciding if a particular cyber security plan is right for you. The following six considerations can help you decide.

  1. Take inventory. Take stock of your digital life. How many connected devices do you have? How widely do you share personal information online with companies, friends, or family? Do you feel confident that your digital life is safe? 
  2. Weigh the risks. You probably know there are a lot of ways you can become a victim of identity theft and fraud. What is your tolerance for risk? Where do you think you might be vulnerable? Are you equipped to respond if you  become the victim of a data hack or identity theft?
  3. Check the coverage. Protection comes in different shapes and sizes. What’s included? Which plan is right for you? How much protection do you  need to feel safe?
  4. Do the math. Cyber security plans cover different things. Comprehensive packages typically cost more. But consider how much each  part of a protection package would cost if it were purchased separately. That  might include things like virus protection, identity theft protection services, and a secure router. Will an integrated package save you money and time?
  5. Consider convenience. Do-it-yourselfers might thrive on complexity. Do you?  Consider the effort it takes to research products, to purchase and connect  devices, and then get them all to work together. A cyber security plan might be  a simpler solution. How valuable is that to you?
  6. Find out what to expect after you buy. No one can guarantee cyber security. But if something goes wrong, it’s nice to know someone will be there to help you. Before you buy, check out what kind of support is included in a cyber  security plan. Will you be able to call a customer service rep? 

Cyber security vs. cyber insecurity

The bottom line? You want to feel your information is secure and protected. That’s the idea behind cyber security. It’s a way to help protect your digital life at home and across your connected devices.

Consider the amount of cyber insecurity in the world — hacks, breaches, viruses, ransomware, identity theft.

Cyber security for consumers brings cyber threats down to a personal level. It’s all about your and your family’s data, identities, and your home network — and someone to stand behind you if you’re ever a victim.

Cyber security is constantly evolving, which can make it difficult to stay up to date. Staying informed and being cautious online are two of the best ways to help protect  yourself, your networks and devices, and your business.

Frequently asked questions about cyber security

What is cyber security?

Cyber security is the state or process of protecting and recovering networks, devices, and programs from any type of cyberattack.

How does cyber security work?

Cyber security can be attained through an infrastructure that’s divided into three key components: IT security, cyber security, and computer security.

What are the different types of cyber security?

The different types of cyber security include critical infrastructure security, network security, application security, information security, cloud security, data loss prevention, and end-user education.

What are the different types of cyber threats?

There are many kinds of cyber threats that can attack your devices and networks, but  they generally fall into three categories: attacks on confidentiality, integrity, and availability.

How can I protect myself against a cyber security attack?

One of the most important ways to help protect yourself is by becoming cyber security savvy. This means doing things like keeping your devices updated, guarding your  personal information, and not opening unsecure things like email attachments from unknown sources.

What does a cyber security plan cover, and do I need one?

Cyber security plans can offer an umbrella of extra protection such as Wi-Fi VPN  security and identity theft protection.

The takeaway? Cyberattacks are constantly evolving, and the result of their reach can  be devastating. Putting the steps in place to help ensure your own cyber security is  critical. Your best defense is an up-to-date cyber security system that is protected by an umbrella of layers, `along with your own cyber savvy actions.

Try Norton 360 FREE 7-Day Trial* - Includes Norton Secure VPN

7 days of FREE* comprehensive antivirus, device security and online privacy with Norton Secure VPN.

Join today. Cancel anytime.
*Terms Apply

Alison Grace Johansen
  • Alison Grace Johansen
  • Freelance writer
Alison Grace Johansen is a freelance writer who covers cybersecurity and consumer topics. Her background includes law, corporate governance, and publishing.

Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc. 


    Want more?

    Follow us for all the latest news, tips and updates.