Cybersecurity 101

chains with lock

Cybersecurity, or information technology security, is the protection of systems, networks, programs, data, hardware, and software on internet connected systems from cyberthreats and attacks. These threats or attacks are often aimed at accessing, altering, or damaging sensitive data and information to disrupt the normal flow of business, or even to extort money from victims of these attacks. These crimes can target anyone from average internet users to small businesses to large government organizations. Cybercrime is the fastest growing type of crime in our technology-driven modern world, with damages projecting to reach $6 trillion globally this year and $10.5 trillion annually by 2025.

There are many types of cyberattacks or threats, and more are being created every day as old threats are defeated. A few types of cyberattacks include -

Malware - malicious software that can be used to harm a computer user. Examples of malware are worms, trojans, viruses, and spyware. 1 in 13 web requests lead to malware, and the world's most dangerous malware, Emotet, has caused around $2 billion in damages globally.

Ransomware - a type of malware that locks the victim's files through encryption to demand payment to decrypt them. In 2019, the healthcare industry lost almost $25 billion to ransomware attacks and the ransomware program WannaCry, has cost the National Health Service over $100 million in damages. Manufacturing companies, professional services and government organizations make up most of these ransomware attacks, but anyone who uses the internet can be targeted by holding files for ransom, such as personal finance files or even family photos. The average cost of a ransomware attack on businesses is $133,000.

Social engineering - relies on human interaction to trick victims into breaking security protocols to gain information.

Phishing - a form of social engineering that uses fake emails or texts that appear legitimate, usually to steal sensitive data like credit card or login information. Every minute $17,700 is lost due to a phishing attack, and in 2019, 88% of organizations worldwide were targeted by spear phishing attempts.

Spear fishing - a type of phishing targeting a specific user, organization, or business.

Insider threats - breaches caused by humans like contractors or employees. Can be caused by negligence or through intentional, malicious actions.

Distributed Denial of Service (DDoS) - a network of systems disrupts a targeted system by flooding it with messages or connection requests to slow or crash the system. By 2023, Cisco reports that the total number of DDoS attacks worldwide will be $15.4 million.

Advanced Persistent Threats (APTs's) - prolonged attacks in which a targeted system is infiltrated and remains undetected for a long period of time.

Man in the Middle attacks (MitM) - attacker retrieves messages between two targeted users.

Malicious Cryptomining - injects javascript into a website to utilize the processing power of a website's visitors devices to mine cryptocurrency like bitcoin or dogecoin.

While the amount of cyber attacks and damages incurred by them may seem daunting, a strong multi-layered approach to cybersecurity can be implemented to help protect your assets from many of these infiltrations. On the user level, a few tips to protect oneself are to limit the personal information that you share or post online, do not share your locations, keep apps and systems up to date, use strong passwords and two factor verification when applicable, use encrypted internet communications, use secure internet connections and wifi networks, only share information on secure encrypted sites, use antivirus solutions and firewalls, regularly back up files to secure and encrypted file storage devices, change admin and wifi passwords often, and download carefully from trusted sources. On a business level, those in charge of cybersecurity will work to prevent or mitigate damages caused by cyberthreats or cyberattacks with identity and access management, firewalls, endpoint protection, anti-malware, intrusion prevention/detection systems, data loss prevention, endpoint detection and response, security information and event management, encryption tools, vulnerability scanners, virtual private networks, cloud workload protection platform, as well many other measures that are ever-changing to keep up with the advancements in cybercrimes. A cybersecurity team may also implement a Red Team vs. Blue Team testing method, where two teams of cybersecurity professionals are tasked with both simulating attacks on a website and defending against the attacks, to result in a stronger defense against cyberthreats.

In a time where there are more internet connected devices than there are people, cybercrime will never go away, but we can work to protect ourselves and our assets with proper cybersecurity knowledge and protocols. It has been found that 95% of cybersecurity breaches are caused by human error, and the fact that the average time to identify a security breach is 207 days, it becomes apparent that making oneself aware of the potential threats, how to identify them, and how to handle an attack if one arises can have a profound effect on your safety online. The global cybersecurity market is expected to reach $170.4 billion by next year, and this means that technologies and cybersecurity defenses are going to be constantly changing to defend against the always-evolving threats from cybercrime, so staying up to date on the latest in cybersecurity is the strongest defense one can have against cyberthreats.

If you need a website designed with top notch, up to date cybersecurity practices that will keep you and your data safe, contact us! We're located in the New Albany, Indiana, Southern Indiana, and Louisville, KY area, but we are happy and able to help anyone, anywhere!

Tags
cybersecurity
malware
security
protection
cybersecurity awareness