Cyber security is the practice of protecting computer systems, networks, and data by using a variety of different strategies and tools. Many large companies hire entire teams devoted to maintaining cyber security, whereas smaller organizations often rely on third-party vendors to provide cyber security services. Like physical security, cyber security must be constantly monitored to minimize risk to business resources and assets.
Cyber security has been a major topic in the technology industry for several decades.
Many cybercrime techniques that are common today are rooted in pre-computer threats. For example, phone phreaking was a technique used to infiltrate phone lines in the 1950s, 60s, and 70s. Phone phreaks would study the tone patterns used to route long distance calls and then reverse engineer devices that mimicked the tones to evade expensive long distance call charges. The goal of phreaking was less nefarious than that of today’s cybercriminals, but the tactics are similar.
In the late 1960s, IBM invited high school students to access their new APL network. The students were free to explore the computer system, and they quickly used what they learned to push past the parts of the system that were readily accessible. Once the students successfully hacked the system, IBM realized it needed to create a defensive strategy to protect the safety of their system. Thus the beginning of ethical hacking was born.
Formal computer security started with the ARPANET, a precursor to the internet. In 1971, Bob Thomas, a researcher at the Advanced Research Projects Agency (ARPA), developed a program called Creeper. Although it wasn’t inherently malicious, this program would self-replicate across the ARPANET and leave a message that read “I’M THE CREEPER; CATCH ME IF YOU CAN.”
Ray Tomlinson, another ARPA researcher, later developed a similar program called Reaper. Reaper’s purpose was to delete any instance of Creeper in the ARPANET. Creeper and Reaper are the first known examples of a computer worm and an antivirus program, respectively.
As computers entered the commercial market, so too did commercial cyber security products. Several consumer-grade antivirus software manufacturers launched in 1987, including Ultimate Virus Killer (UVK) for Atari ST and McAfee VirusScan. 1987 also saw the first cases of malware in the wild with the notable Vienna and Cascade viruses.
With the rise of the internet, cyber security took on a whole new meaning. Cyber criminals developed new viruses and malware to target computers and networks in record numbers.
To make matters worse, widespread adoption of email software in the late 1990s provided an unprecedented opportunity to launch cyber attacks with no real protections in place. One of the fastest spreading and largest scale viruses was the Melissa virus, which targeted Microsoft Outlook users in 1999. In total, damages caused by the Melissa virus were estimated to exceed $80 million.
As more data entered the digital realm in the 2000s, the stakes for protecting said data rose exponentially for businesses of all sizes. Especially as software, interconnected networks, and databases replaced manual processes, cybercrime organizations introduced new types of threats like zero day and denial of service (DoS) attacks.
Today’s cyber security best practices are constantly evolving to address new threats. Despite high profile hacks and data breaches that make the news on a regular basis, cyber security companies introduce new cutting-edge solutions to address these threats each day. Cloud security tools help engineers tackle the challenge of monitoring systems and data that are not maintained on-premises. Similarly, SecOps professionals have placed a greater emphasis on personal security best practices, like password health and privacy controls.
Read More: Top Cybersecurity Startups
The CIA Triad is a concept in cyber security that helps security engineers evaluate an organization’s security posture and develop policies accordingly. It is not related to the U.S. Central Intelligence Agency, but instead represents the three goals of cyber security. Ultimately, the CIA concept helps make sure an organization’s data is usable and protected.
The first part of the CIA triad is Confidentiality. This component focuses on who has access to what information and what they’re able to do with it. Confidentiality usually involves segmenting data into specific groups and authenticating users’ identities before they can gain access.
The second part of the CIA triad is Integrity. This component seeks to protect data from modification or other forms of tampering by unauthorized sources. Integrity usually involves activity logging and data backup/recovery.
The third part of the CIA triad is Availability. This component ensures that the appropriate data is available to authorized users whenever they need it. Availability usually involves maintaining software updates, monitoring network bandwidth, and creating/updating business continuity plans.
Cyber security can apply more narrowly to the various subsections of technology.
Application security applies to the various software tools businesses use to complete day-to-day tasks. Usually, developers of these applications are responsible for addressing any security vulnerabilities, but the businesses that use them are also responsible for deploying any and all updates as they become available. Otherwise, a cybercriminal would be able to exploit the vulnerabilities and gain access to sensitive information.
The largest categories of application security tools are security testing and application shielding products. These tools help probe applications for errors or weaknesses in the code and create defensive measures against common threats.
Information security applies to an organization’s data. Using the CIA Triad principles above, businesses use a wide range of tools in addition to organization-wide policies to maintain information security. These policies address the technical measures that protect data internally as well as the security measures that protect the physical location where the data is stored.
Network security applies to the hardware and software used to create corporate networks. It works in tandem with endpoint security to prevent unauthorized access to and misuse of the devices and applications that live on an organization’s network.
Network security often involves three phases: protection, detection, and response. Protection refers to the configuration of network settings as well as those of each device or application on the network. Detection refers to the constant monitoring of network activity to identify anomalies and concerning patterns. Last but not least, response refers to the procedures and automated reactions in place that address potential issues.
Network security tools include vulnerability scanning applications, identity and access management (IAM) software, virtual private networks (VPNs), and user and entity behavior analytics (UEBA) tools.
Endpoint security applies to all of the end user devices that exist on a corporate network. The most common endpoints include smartphones, laptops, desktops, tablets, and IoT devices. Endpoints pose the largest threat to an organization’s cyber security because they are the most difficult to monitor effectively without disrupting productivity. Endpoint security solutions include endpoint protection platforms (EPPs) and endpoint detection and response (EDR) software.
Internet security applies to platforms that are accessed via the internet and devices that use the internet to complete certain tasks. The majority of cyber security threats come from online activities, which makes internet security one of the most important variables in the cyber security ecosystem. Internet security tools include password managers, firewalls, and antivirus software.
As cyber security measures evolve to address new cyber threats, new cyber threats emerge to evade established security tools. Below are some of the most common threats security engineers face.
A virus is a malicious program or piece of code that spreads to a computer from a host file or document. When the computer issues a command that activates the virus, it attaches itself to other programs on the device. It can also spread to external devices on the computer’s network. Viruses can cause a computer to behave incorrectly, and in more extreme circumstances, they can corrupt or destroy data and cause permanent damage to the device or network.
A worm is a type of malware that replicates itself across a computer network. Worms operate autonomously, meaning they don’t need a host file to gain control over a computer’s resources. This type of threat finds vulnerabilities in a computer’s operating system to install itself. From there, the worm makes copies of itself and finds additional holes in the device until it can gain access to the network and cause similar problems as a virus would.
Phishing is a form of social engineering that targets victims through email, telephone, SMS, and social media. A phishing attacker’s goal is to deceive their victims by posing as a trustworthy entity, such as a co-worker, boss, or government agency like the IRS. Usually, the attacker asks the victim to take some type of action, like clicking a link or downloading an attachment that’s laced with malware. A phishing attacker may also request sensitive information from their victim, like their social security number or credit card details.
A trojan horse is a type of malware that disguises itself as an innocent file or application. When the user downloads the trojan horse, it executes the actions the attacker coded to the file. These actions can range in severity from keylogging to subsequent DDoS attacks. It does not self-replicate or spread to other devices like worms and viruses.
A botnet is a network of compromised devices that are used to execute a range of large-scale attacks. Botnets are commonly deployed in DDoS attacks intended to overwhelm specific servers, but they can also be used in cryptocurrency scams, brute force attacks, and phishing schemes. Botnet devices are usually infected by trojan horses.
A rootkit is a collection of software that provides an attacker with covert access to a device’s operating system. Rootkits can disguise a wide variety of other cyber threats, including malware, keylogging, and botnets. Rootkits can be used in benevolent circumstances, like combating piracy or enforcing digital rights management, but these instances are less common.
Spyware is a type of malware that allows an attacker to collect information from the host device. Attackers sometimes embed spyware in freeware or shareware so they can gain access to a user’s passwords, accounts, and other sensitive information. Spyware is also used to analyze a user’s data and behavior and sell that information to third parties for advertising purposes.
Ransomware is a type of malware that renders a user’s computer inoperable until the user pays a specified ransom. Attackers often use worms or trojans to install ransomware on their target’s devices. Compared to other cyber threats, ransomware attacks can have a national or global impact, as evidenced by the Colonial Pipeline attack of May 2021 or the international WannaCry attack of May 2017.
The cyber security industry is a massive market with new tools and vendors added each day. The most prominent categories of cyber security solutions include firewalls, EDR software, SIEM software, and cloud security.
A firewall is a barrier between a private network and an outer network, usually the internet, that manages traffic passing between the two networks. They set and enforce rules for what kind of traffic is allowed or blocked by analyzing the data packets that request entry. Firewalls are often considered the bare minimum for network security. Looking ahead, next generation firewalls (NGFWs) are becoming an industry standard for organizations that want to combine traditional firewall capabilities with advanced threat protection, intrusion prevention, and deep-packet inspection.
Compare top NGFW software on eSecurity Planet.
Endpoint detection and response (EDR) is a tool that provides continuous endpoint monitoring and automated response when it detects a cyber threat. They are designed to track endpoint diagnostics and provide detailed reports that help security engineers investigate and address potential threats. Some advanced solutions like security information and event management (SIEM) software include capabilities for EDR in addition to other security features.
Compare top EDR software on eSecurity Planet.
Security information and event management (SIEM) is packaged as a network security solution that incorporates a wide range of endpoint, information, and application security features. It is primarily reserved for large organizations that can run this software on their own on-premises servers. Smaller organizations rarely have the budget or manpower to maintain servers in-house, so they usually adopt a managed SIEM model or opt for less advanced cyber security measures.
Compare top SIEM software on eSecurity Planet.
A cloud access security broker (CASB) is a type of software that monitors access and usage with an organization’s cloud infrastructure. CASB tools create a barrier between an organization’s cloud resources and the external users who access them. It ensures that a company’s employees, partners, and customers, can access the same cloud resources without jeopardizing their own security.
Compare top CASB software on eSecurity Planet.
Strong cyber security has a number of benefits for organizations of all sizes. First and foremost, it prevents sensitive information from falling into the wrong hands. A company’s data is its most valuable asset and the ultimate goal of any cyber security system is to prevent costly data breaches and leaks.
Cyber security also preserves productivity. Most malware has a side effect of making computers and applications run slower, so eliminating malicious threats before they can latch onto a system has the added benefit of preventing productivity barriers.
Additionally, cyber security makes an organization’s systems, data, and processes more reliable. It ensures that the tools and information a business needs to operate are available when needed. Ultimately, cyber security and business continuity go hand in hand.
This article was updated May 2021 by Kaiti Norton.