Every square IS a rectangle because a square is a quadrilateral with all four angles being right angles. Similarly, cybersecurity IS a part of the IT security umbrella, along with its counterparts, physical security and information security. But not every rectangle is a square, since the criteria to qualify as a square means all sides must be the same length. The point is, that not all IT security measures qualify as cybersecurity, as cybersecurity has its own distinct assets to protect. Of course, the threat to these electronic assets is hackers who have malicious intent to steal proprietary data and information via data breaches. Thus, it would seem the fully realized definition should include an evolving set of cybersecurity tools designed to protect confidential data from unauthorized access. To do so, it’s necessary to consider how people, processes, and technology all play equally important roles in keeping information safe.
What Is IT Security?
Physical security:
Focuses on how you keep people and infrastructure safe. In this category, you focus on securing buildings, server rooms, and wiring closets. You focus on proper lighting for buildings and parking lots, for example. It also involves understanding how to use camera guards, as well as actual guards and even guard dogs.
Information security:
Focuses on keeping all data and derived information safe. This includes physical data (e.g., paper, computers) as well as electronic information. In this category, individuals focus on data backups, as well as monitoring techniques to make sure that no one has tampered with data or exfiltrated information. This category focuses less on the actual equipment and computing resources because it focuses on the data itself. And, yes, I’m distinguishing between data and information: data is raw and unprocessed. Information is derived from data after quite a bit of scrubbing, processing, and handling.
Cybersecurity:
Focuses on protecting electronic assets – including the Internet, WAN, and LAN resources – used to store and transmit that information. Cybersecurity tends to focus on how malicious actors use these resources to attack information. Those individuals interested in cybersecurity are the ones interested in making sure that hackers can’t use electronic means to gain improper access to data and information.
Cybersecurity Important
One of the many advantages of living in a world where every device is connected is convenience. It’s incredibly easy to conduct work, manage your social calendar, shop and make appointments from your smartphone or device. That’s why it’s become second nature to many of us. But, of course, the convenience of connected data also means threats from bad actors can do a lot of damage. Cybersecurity initiatives are essential to protecting our data and thus, our way of life.
Types of Cybersecurity
Critical infrastructure security
Application security
Network security
Cloud security
Internet of Things (IoT) security
Processes
When employees outside of the IT department are trained, IT pros can focus on the process. The processes by which cybersecurity professionals go about protecting confidential data are multi-faceted. In short, these IT pros are tasked with detecting and identifying threats, protecting information, and responding to incidents as well as recovering from them. Putting processes into place not only ensures each of these buckets is being continuously monitored, but if cybersecurity attacks happen, referencing a well-documented process can save your company time, money, and the trust of your most valuable asset – your customers. The National Institute of Standards and Technology (NIST) under the U.S. Commerce Department has developed the cybersecurity framework for private-sector companies to use as a guide in creating their own best practices. The standards were compiled by NIST after former U.S. President Barack Obama signed an executive order in 2014. It’s a great resource to use as you work to combat your cybersecurity risk.
Technology
1) The technology you’ll use to prevent and combat cybersecurity attacks, like DNS filtering, malware protection, antivirus software, firewalls, and email security solutions.
2) The technology your data lives on that needs your protection, like computers, smart devices, routers, networks & the cloud.
Back in the day, cybersecurity initiatives focused on defensive measures inside the boundaries of traditional tech. But today, policies, like Bring Your Own Device (BYOD), have blurred those lines and handed hackers a much broader realm to penetrate. Remembering cybersecurity basics like locking all of your doors, windows, elevators, and skylights will keep you from joining the cyber-crime statistics.
Cybersecurity Threats
Malware
Malware is software that has been created to intentionally cause damage. Commonly known as a virus (among other things), malware can cause harm simply by opening the wrong attachment or clicking on the wrong link.
Ransomware
Ransomware is actually a type of malware. The difference here is that ransomware infects a network or steals confidential data and then demands a ransom (typically currency of some sort) in exchange for access to your systems.
Phishing Attacks
Phishing is just like it sounds. Hackers throw a line out there hoping that you’ll bite, and when you do, they steal sensitive information like passwords, credit card numbers, and more. Phishing attacks usually come in the form of emails that look legitimate and encourage you to reply.
Social Engineering
Social engineering involves malicious human interaction. This is a case of people outright lying and manipulating others to divulge personal information. Often, these people obtain information from social media profiles and posts.