What is cyber security?

Cyber security is the practice of defending computer systems, networks, cloud infrastructures, and more from cyber-attacks. Cyber-attacks have increased with the expansion of the internet and digital services such as cloud computing, data storage, and digital applications. This increase in digital activity opens the door for individuals to commit a wider range and more profitable cyber-crimes. This involves actions like phishing, email spam, account takeover fraud, and more.

A cyber-attack can cause an organization or individual harm in the form of financial loss, identity theft, legal liability, reputational damage, and more. To maintain company integrity, cyber security has become a mainstay in modern business and a form of literacy for individuals who are actively connected to the internet.

A cyber-attack occurs when an individual hacker or a group of hackers compromise a digital system. In rare instances, however, cyber-attacks may be accidental, like when insider threat leads to unintentional data leakage.  

Cyber-attackers have different motives. Mostly, a cyber-attacker is seeking financial gain, but it is not uncommon for an attacker to be motivated by political reasons also known as “hacktivisim,” and personal recognition or achievement.  

Malware

Malware is malicious software designed by cyber-criminals to infiltrate a device or system and disrupt, steal, or exploit sensitive information. There are many types of malware and each involve a different method of exploitation. However, in most cases the cyber-criminal wants to access the sensitive information to financially benefit themselves through the form of ransom or identity theft.

Ransomware

Ransomware is a type of malware that encrypts valuable files on a victim’s device, denies the account holder access, and demands money in exchange for the encryption key. Ransomware has been increasingly difficult to deal with, especially with ransom payments made in crypto currency, which is largely untraceable. Ransomware can enter a system by clicking a link dangerous or downloading malicious files.

Supply chain attacks

‍A cyber-criminal can target a supply chain by developing an understanding of business operations and associated parties/vendors to compromise one or multiple parts of the chain. To do so, cyber-criminals use a variety of tactics to solicit information, obtain account details, or install malware on a victim’s device. Once access to the supply chain is obtained, the cyber-criminal can begin to spread malicious content or cause disruption throughout the supply chain.  

Identity theft

‍Identity theft occurs when a cyber-criminal solicits sensitive information that certifies a victim’s identity. This could include a social security number, driver’s license information, credit card numbers, account passwords, and anything else that helps verify the victim’s identity to third parties.  

Phishing

The process of sending fraudulent emails while posing as legitimate sender to convince people to reveal sensitive information such as passwords, social security numbers, bank account information, and more.  

Smishing

Smishing, short for "SMS phishing," is a cyber-attack that uses text messages to trick people into revealing sensitive information or installing malware on their devices. Smishing attacks often involve sending fraudulent messages that appear to be from a legitimate source, such as a bank, social media site, or other trusted organization.

Account takeover

‍Account compromise refers to a cyber-criminal’s gaining control of a legitimate account. This can happen when a threat actor successfully obtains an individual’s login credentials. Account takeover can be detrimental to business operations at any organization because with a legitimate account, attackers can operate covertly and credibility and authority, depending on who’s account is compromised.

Botnet

‍Short for “robot network” a botnet is a network of devices that are under control of an attacker or attacking party. When a system or computer is compromised it becomes a “bot” and is controlled by the “bot-herder” or “bot-master.” The devices in the botnet can then be used to commit Distributed Denial of Service (DDoS) attacks.

DDoS attack (Distributed Denial of Service)

A DDoS attack occurs when an attacker floods a server with traffic using a botnet, making that server inaccessible to users. This is particularly harmful to organizations who have public facing sites through which they conduct business activity, such as e-commerce businesses.

Email security

Email security is the practice of protecting email communication and accounts from unauthorized activity, account compromise, phishing scams, spam emails, and more. Because email is one of the primary forms of communication for businesses, maintaining a strong email security posture is critical for the continuity of a modern business. Securing email systems can be done in several ways including: educating members of an organization to recognize common threats and best practices to prevent cyber-attacks, using Secure Email Gateways (SEGs), and purchasing advanced email security solutions like Darktrace/Email.

Network security

‍A network is a combination of devices that share information. To protect devices within a network, organizations can implement network security measures. This includes detection and response systems that will notify or stop an attack, VPNs, firewalls, or preventative measures, and more.  

Application security

‍Applications are Software-as-a-Service (SaaS) that perform a specific function. Application security involves protecting these applications from being exploited by a cyber-criminal. These applications can be attacked through software vulnerabilities to steal data or install malware. Because these devices can be exploited through unpatched systems, it is vital to keep these applications up to date.

IT/OT security

‍IT/OT refers to the intersection between information and operational technology. Industrial environments such as energy grids, water systems, transportation systems, and more require the operation of physical machinery. These machines are controlled through technological systems and these technologies require unique security parameters that have distinct visibility and synergy between systems to avoid cyber-attacks.

Endpoint security

Endpoint security solutions can be effective against attacks that involve malware on the host. They can detect and block malicious software from running on the device.  

Cloud security

‍Cloud-based environments are computing services that are connected to the internet and can be accessed on demand. Cloud security focuses specifically on data, procedures, and controls within these cloud-based environments. The data and applications in cloud environments are controlled by a third party, and modern security solutions may require integration features to help security teams protect information stored there. Some cloud providers offer their own inbuilt or optional security solutions.

제로 트러스트

‍Zero trust is a cyber security paradigm designed for data and resource security amidst the growth of the remote workforce and cloud-based data storage. A zero-trust model implies no digital activity should be trusted and that all access and digital activity need to be continuously validated through authentication measures. The goal of zero trust is to protect data and services from unauthorized access.

Internet of Things (IoT) security

IoT security refers to the protection of IoT devices in a network. These internet-facing devices can allow cyber-criminals to gain entry into an organization’s network and are particularly vulnerable to cyber-threats because of their limited native security features. For example, IoT devices include lighting systems, home appliances, industrial control systems, or medical devices.

AI security

AI-powered security solutions can detect and block cyber-attacks in real-time, using machine learning algorithms to identify and respond to threats before they can cause damage or spread to multiple devices. Some AI security systems have autonomous detection and response systems that have the capability to stop an attack from escalating by identifying and containing infected devices without human intervention. Similarly, Self-Learning AI can be used to analyze an organization’s “pattern of life” and identify unusual behaviors that may indicate a cyber-attack.

Encryption

This is a method of security which ensures that only the intended recipient of an email will be able to read its contents. This is done by converting the contents of an email message into a coded language that can only be deciphered by someone with the decryption key. This way, if the email is intercepted while being sent, the information remains secure.

Firewall

This is a system that protects the network from unwanted traffic. Based on what the organization or security operators have identified as unwanted, the firewall system can stop all traffic that corresponds with these rules.

Secure email gateway (SEG)

A SEG or a secure email server (SEC) is a type of email security software that sits between inbound and outbound email communication. Every email that is sent to and from an organization passes through this gateway to ensure that its contents are not malicious or a sign of a data leak. It prevents unwanted emails in user inboxes like spam, phishing emails, emails containing malware, etc. In many ways, email gateways are the first line of defense for email security.

Penetration testing (pentesting):

Penetration testing is a method that organizations use to identify vulnerabilities in their networks and systems by simulating cyber-attacks.

Automated detection and response

‍Nuanced, AI-powered cyber-security solutions offer automated detection and response systems that are able to spot cyber-threats and respond to attacks in real time. This can greatly benefit an organization’s overall security posture and provide substantial support to security teams as they defend against sophisticated cyber-attacks.  

Prevention

‍Cyber-attack prevention involves the steps organizations take to harden their security systems before an attack happens. This can include penetration testing, attack path analysis, vulnerability checks, updating software, security awareness training, and more.  

Security and awareness training

Most organizations implement security awareness training to keep their employees up to date on the best practices to avoid cyber risk. This involves educating users on how to recognize and avoid phishing attacks, create strong passwords, determine what information is safe to share with people outside the company, and other practices.

A vulnerability, in cyber security, refers to an aspect of a digital system that is exposed or at risk of a cyber-attack. Cyber-criminals specifically look for vulnerabilities in systems and can infiltrate and damage systems or networks through vulnerabilities.

To manage vulnerabilities, it is ideal for security teams to have clear visibility of their attack surfaces, including third-party technologies used, and any potential attack paths that attackers may exploit to enter the systems. Preventative cyber security measures like attack path analysis, penetration testing, or vulnerability scanners can help defenders identify their vulnerabilities and beef up their defenses.  

Darktrace PREVENT™ is Darktrace’s preventative security product that allows defenders to see their most critical attack paths and understand potential vulnerabilities through an analysis of both internal and external facing assets. Watch the Vixxo customer story video to learn more about Darktrace PREVENT.

Darktrace PREVENT™ allows the security team to identify, prioritize, and test vulnerabilities, reducing risk and hardening defenses both inside the organization and outside on the attack surface – continuously and autonomously.

Darktrace DETECT™ delivers instant visibility into the most advanced threats like novel malware strains by understanding what’s normal in your organization, to identify what’s not.  

Darktrace RESPOND™ delivers autonomous, always-on action to contain and disarm attacks within seconds. When a threat is detected, RESPOND leverages Darktrace’s understanding of “self” to pinpoint signs of an emerging attack, stopping malicious activity while allowing normal business to continue. 

Darktrace HEAL™ automates remediation and recovery planning, decisions, actions, and communications while identifying assets affected by a cyber attack, their condition, and how best to restore them during and after an attack.