What is Cybersecurity?

Cybersecurity is a broad term that encompasses all of the techniques used in order to secure data, devices, and systems from unauthorized access and use. Just about every aspect of modern life is centered around technology. The email you use to receive messages and sign up for services, your cell phone that allows you to talk to anyone in the world and access the internet from anywhere, even the power grid that supplies you with the energy to power your refrigerator and watch TV, they all depend on cybersecurity to stay up and running.

What happens when the level of cybersecurity is insufficient?

When there is not enough cybersecurity being practiced, everyone from governments to individuals can be at risk in one way or another. Nations can lose access to critical services or have top secret data leaked, leading to any number of consequences. Corporations which become compromised could similarly have their intellectual property leaked, or have their bank accounts drained by hackers. If an individual fails to practice good cybersecurity, they could be at risk for having their identity stolen, potentially leading to fraudulent loans or leaking of their personal data.

Obviously the goal is to avoid this entirely, however impossible it may be. That being said, we should always learn from the past. A great example to study is a ransomware attack that occurred in Dallas, Texas earlier this year. According to an article from the CBS News website, “The City of Dallas confirmed that a ransomware attack compromised a number of servers in its system, including the Dallas Police Department's website.” The article went on to describe other parts of the attack, including the fact that 911 operators were forced to “manually write down” their work and correspondence was limited to phones. Without diving too deep into this attack, we can easily draw a simple conclusion, cybersecurity is important.

To give you a bit of an idea of what some of the most common cyber attacks look like, check out these different attack vectors (types) and techniques for their prevention.

Malware

Short for malicious software, malware is code that is written with malicious intent. This code can end up on your device or system in countless different ways. Despite the fact that this is a never ending threat, here are three techniques that we can use to help prevent a malware infection.

1. Keep your operating systems and apps up to date. It is very common for hackers to look for outdated operating systems in order to take advantage of exploits that have already been patched (fixed). In order to prevent this risk, turn on auto-updates for applications and your operating system so you do not miss any crucial security patches.
2. Implement an antivirus or antimalware solution with scheduled scans. One of the most common cybersecurity products is software that can compare the files on your computer to known malware in order to identify malicious files. In order to get the best protection set up automated scans to run on a regular basis, usually at least once a week.
3. Exercise caution when using the internet. An easy way to get infected is by not paying attention to what links you are clicking. All that a hacker needs you to do is click their link and… BOOM, their malware is on your machine. Make sure you trust the source of any link you are clicking and keep your eyes peeled for any unsolicited downloads.

Denial of Service or (DOS)

These types of attacks are focused on overwhelming your systems and networks to the point that legitimate users lose access or functionality. While these attacks usually do not compromise any data or require a ransom for resolution, they cost time, and time is money. Whenever an organization is operating below peak performance they are at risk to lose profits, this is the goal of denial of service. Here are a few ways to reduce the risk and consequences of these attacks.

1. Know what your network’s traffic should look like and configure firewalls accordingly. Firewalls allow for specific types of connections and requests to be blocked. This gives organizations the power to prevent network traffic that falls outside of their regular operations, potentially preventing a DOS attack from reaching a system.
2. Create a scalable network or server. In order to compensate for a spike in traffic, you can configure cloud infrastructure to automatically allocate and deallocate resources when required.
3. Come up with a response plan. A plan to get back to normal operation can be very effective in the case that an organization is successfully hit with a DOS.

Phishing

Another extremely common way for hackers to break through cybersecurity is known as phishing. The name comes from the fact that hackers are essentially fishing for targets that hopefully take their bait. This typically looks like a convincing email that is impersonating a legitimate person or organization, the bait is usually a link disguised as something you would want to click on. Here are some straightforward steps to preventing a compromise through phishing.

1. Do not click links in emails or engage with unsolicited messages. Often it is very hard to discern a phishing attempt from a legitimate email. It is considered best practice not to click any links in emails unless you are completely confident that it is not a phishing attempt.
2. Read emails carefully for mistakes, including the address and domain of the sender. Often there will be minor grammar or spelling mistakes. In addition, the domain of the sender is often close, but not quite correct.

Conclusion

Now that you have a general understanding of what cybersecurity is, your mission should be to learn more. There are endless free resources out there to help you start your journey. While I myself started with a bootcamp years ago, I would recommend doing your best to exhaust all free resources. Feel free to check out my article covering the different branches of cybersecurity known as domains, this will help you start to grasp the industry as a whole. I have also written an article covering one of my favorite resources, TryHackMe.com.

It is a long and weary road you are embarking on but do not, and I repeat, do not be afraid. Everyone who has made it has been down this road and most would love to help, but first you have to take the initiative to learn what you can. I wish you luck on your journey and hope that we cross paths one day.

This is just the start, so stay curious.

Path2Sec is committed to helping beginners get into cybersecurity, whether that means teaching them some of the basics, pointing them in the right direction, or giving them a platform to show their passion for cybersecurity.

• contact@path2sec.org