What are the types of Cyber security?

Cybersecurity relates to the protection of computers and computer systems from prohibited access and damage. Cybersecurity covers the protection of all digital devices including PCs, mobile devices, servers, and any and all other IT related devices.

Cybersecurity does not only relate to external threats posed by malicious bad actors, but also from internal actions within businesses, either deliberately or accidental.

Cybersecurity is essential as it prevents personal data from being stolen which could cause significant damage to a business or their customers. Businesses that fall prey to cybersecuirty breaches can suffer sometimes irreparable damage to their reputation and/or significant damages in terms of fines and litigation fees and payouts.

If a business fails to properly insulate themselves from cyber security threats they may stand to be accused of negligence. A business that has done all they can to protect against data loss, and that has a disaster recovery plan in place in the event of an attack, will significantly mitigate the impact of any cybersecurity incidents that arise.

Cybersecurity Categories

The general categories of cybersecurity are:

• Information Security: This is protecting personal data ensuring it is kept private.
• Application Security: This is were digital devices and software are kept free of threats that look to steal, destroy, corrupt or access data.
• Network Security: This is where a computer network is secured from intruders, by detecting, prohibiting and responding to malicious threats.
• Operational Security: This relates to how information is classified and the processes used to protect and access that information, and how and where that information is stored.
• Disaster recovery & business continuity: this determines what happens in an cybersecurity incident, how a business is able to continue functioning, and how data may be retrieved and damage mitigated.
• End User Education: This relates to how individuals interact with devices and software. Often cybersecurity breaches are related to user actions, such as opening an infected file, or providing security data to a malicious actor. End user education can dramatically reduce risks posed to a business and individuals.

Typical types of attacks include Ransomware, Malware, or Social Engineering attacks..

Ransomware

Ransomeware is where a computer system is shut down, and will only be unlocked if a ransom is paid. The most recent and wide-scale example of this was the WannaCry Ransomware that shut down computers across the globe. WannaCry took advantage of a defect in an older version of Microsoft’s Windows operating system. Microsoft had issued a patch at the time, but many end-users had failed to implement the patch, making their computers vulnerable to attack. It is estimated that the costs, just to the National Health Services (NHS) in the UK, was £92 million. The attack was believed to have come from North Korea, but the exploit was originally built by the US National Security Agency (NSA).

Malware

Malware is is a malicious software that can cause damage to a file or software, this can take the form of worms, viruses, or trojans. A Trojan horse, for example, will disguise itself as a legitimate file or program. Once activated, Trojan horses can enable cyber-criminals to spy on you, steal sensitive data, and/or gain a backdoor to your system.

Social engineering

Social engineering is an attack that tricks end-users into providing security information so that the malicious actor can gain access to private data, such as banking details. Examples of social engineering attacks include vishing, phishing, spear phishing or smishing.