What is Cyber Security?

Now that computers are one of the most important tools in our workplaces, cyber security professionals play a critical role in protecting important information and maintaining productivity. But what is cyber security?

Cyber security is the defense of computers, data, networks, systems and information from attackers. The field of cyber security has several specializations, each focusing on a distinct area of digital defense, such as network security, information security and disaster recovery. All of these areas serve an essential function in the modern workplace.

So what qualifies as a cyber-attack and what does it take to work in this field? In this article, we’ll answer these questions and others like: 

• What Do Cyber Security Professionals Do?
• What Types of Cyber Threats are There?
• Why is Cyber Security Important?
• How is Cyber Security Managed?
• How Can I Protect Myself?
• How to Prevent Hacking
• What Jobs are There in Cyber Security?

DeVry University’s Cyber Security curriculum is acknowledged and verified as an approved provider by NICCS.

Cyber security professionals are integral to an organization’s safety. They take preventative measures to protect confidential information and prevent costly data breaches. This responsibility means they have a more varied and expansive role than many people may realize. Their work falls largely into two categories: prevention and security, and disaster recovery and continuity planning.

A top priority for cyber security experts is prevention. They focus on finding vulnerabilities before attackers do and shoring up security. In order to succeed, they must be up to date on potential threats—like known hackers and malware—that can infiltrate systems.

They also:

• Prioritize security by looking for potential weaknesses and addressing them quickly
• Analyze systems and processes to identify key assets and potential threats
• Test for vulnerabilities and implement the best methods of protection
• Put plans in place to ensure organizations adhere to safety protocols and best practices

Experts help organizations create plans for continuing business if a breach or other adverse event does occur. A large part of the job is ensuring business carries on safely with as little disturbance as possible.

In the event of a cyber-attack or other disruption, professionals are tasked with carrying out these plans to respond to the immediate threat and improving security going forward. Following a data breach, malware attack or even a natural disaster like a fire, flood or earthquake, experts implement measures to minimize damage and keep mission-critical functions working. They then identify the problems and work quickly to find solutions so normal operations can resume as soon as possible.

Across all their work, cyber security professionals handle a range of tasks, which may include:

• Protecting assets and identifying potential security threats
• Monitoring networks and systems to identify and fix any weaknesses or breaches
• Implementing security measures like firewalls and data encryption programs to protect data
• Performing routine tests and inspection of hardware, software and networks to eliminate weaknesses before they are exploited
• Investigating any violations and handling the cleanup

There are several different types of cyber threats for information security experts to watch out for. Three well-known threats are cybercrime, cyberattacks and cyberterrorism.

One useful way to tell the difference between a cybercrime and cyberterrorism is the motive. Cyberterrorism tends to be carried out by organized groups who claim responsibility for the attack and explain their motive for a specific target. Cybercrime tends to more anonymous and is often done with the aim of making money, not to make any sort of public statement.

Here are a few methods used by criminals carrying out a cyber threat:  

An abbreviation for "malicious software," malware includes several types of software like adware, botnets, spyware, viruses and ransomware. Malware relies on getting someone to install software, or forcefully installing software, onto their device.

This is a type of cybercrime that targets people typically through email. Phishing emails tend to pose as a legitimate entity, like a bank or the IRS, in order to get users to hand over sensitive data. Similar scams are often carried out through the mail or through phone calls and text messages. 

A denial of service attack (DoS attack) aims to prevent computer systems, such as a website, from performing basic functions and requests by overwhelming the server with illegitimate traffic. Many notable denial of service attacks have occurred in the form of a distributed denial of service attack (DDoS), which relies on several computers rather than a single device.

Man-in-the-middle attacks rely on unsecure networks to intercept sensitive data being transferred between two parties. An example of this attack would be someone breaking into a public Wi-Fi network and intercepting the bank password of someone accessing their checking account.

SQL (Structured Query Language) injections take control of a network by inserting a line of malicious code into a data-driven application. They are often used to break into secure databases and servers in an attempt to retrieve sensitive information.

A cybercriminal may use any of these methods to commit a cyberattack, cybercrime or cyberterrorism. The main elements that determine which category a threat fits into are the scale of the attack and the goal. For instance, cyberterrorism may be committed against a government or major company, while a cybercrime can be committed against an individual.

Cyberattacks like the ones described above form a matrix of threats to our personal and financial data. They remind us how so many aspects of our lives are networked. When those networks have vulnerabilities, cybercriminals will find ways to exploit them for financial gain.

On a personal level, cyber security means keeping our personal information safe from identity thieves and scammers. On a large scale, cyber security means protecting the retail, banking and healthcare data systems we’ve come to rely on to shop, invest, travel, maintain our health, pay our bills and do myriad other things with convenience and efficiency. At this level, a single data breach could jeopardize the personal and financial information of millions of individuals or be the precursor to a ransomware attack that could paralyze an entire organization.

Cyber security is often managed in a top-down approach. Business leaders lead the charge to convey the importance of protecting company and customer data. With so many digitally literate people using the internet today, it's easy to imagine how any major company might be vulnerable to an attack. Therefore, it's the responsibility of business leaders to prioritize cyber security and work to identify threats to avoid a potential breach.

When protecting data is a concern, there are several steps that information security specialists can follow to facilitate effective responses and security measures. Some of these steps include:

In a world where cyberattacks are inevitable, you need to create a secure location where essential information is stored. This should include data like customer information, employee information and private company data.

Identify the areas where risks are most likely to present themselves. This step often involves using ethical hacking skills to pinpoint areas of weakness in your data management defenses.

Once the areas of high risk have been identified, a risk mitigation plan needs to be developed. This plan should focus on reinforcing areas where defenses are weak.

Still, cyberattacks can occur. To be prepared, you need a plan of action. These plans should focus on removing the harmful elements from your system, alerting affected parties and identifying the attackers.

It’s more important than ever to stay ahead of cyber security threats. According to the antivirus software maker Norton, more than half of all consumers have experienced a cybercrime at some point, with around 1 in 3 falling victim in 2021 alone.

Protection against cybercrime begins with protecting your devices. Keeping your devices up to date by turning on automatic updates is a good way to be sure you have the latest software updates and patches that enhance security and plug vulnerabilities in operating systems. Install virus protection software and never leave a device unattended and unlocked in a public place.

Keep your identity, finances and data safe by following these basic cyber security tips:

It’s a good idea to change your passwords often, randomize them and don’t reuse them. Use trusted password management programs to protect the privacy of your passwords, but avoid using the “save password” feature on your devices without added security measures like fingerprint identification or facial recognition.

Multi-Factor authentication is a security process that requires additional identity verification steps beyond entering your username and password, making it more difficult for hackers to access your devices. Whenever possible, use two-factor authentication (2FA) log-in options on online platforms. 2FA is a type of multi-factor authentication that requires two different identification methods before allowing you to log in. When you’ve added 2FA to your account, a code is sent to your mobile device or email after you’ve entered your user name and password, and the login process can only be completed using that code.

Viruses can slow down your computer, damage or delete files, cause data loss and prevent your computer from performing tasks. Antivirus software detects viruses in computer systems, removes them and helps prevent them from infecting your computer again.

Viruses and malicious software, also known as malware, are often spread through links. Be extra cautious about clicking on links in email messages, even if the message appears to be from someone you know. Cybercriminals are incredibly good at disguising malicious emails to make them look legitimate. Unless you’re absolutely sure the message and the link it contains are both legitimate, don’t click on anything.

If you want to venture further into the world of cyber security, or have thought about cyber security as a career, you can pursue a credential or degree in cyber security. For instance, our Bachelor’s Degree Specialization in Cyber Security can help you develop the skills needed to protect and defend data against cyberattacks. 

There are several exciting jobs in the evolving field of cyber security. Opportunities can include:

Computer systems analysts study existing computer systems and make recommendations for system improvements. Their work may involve researching new technologies to determine if they’ll increase an organization’s effectiveness or efficiency. Working closely with the organization’s leadership team, they consult with managers and prepare cost-benefit analyses to help determine whether system upgrades are financially worthwhile. Their work may also include overseeing installation of new systems and writing instruction manuals.

Often working under the direction of network and computer systems administrators, computer network support specialists analyze and troubleshoot computer network problems. They play an important role in the regular maintenance of their organization’s networks. This may be as a matter of routine or performed as part of the organization’s disaster recovery efforts. These specialists may also assist computer users through phone, email or in-person interactions.

Information security analysts monitor computer networks for security breaches and other cyber security-related issues and develop plans for cyber security best practices. They also research the latest security trends and recommend upgrades and improvements, such as firewalls and data encryption programs, to help protect an organization’s systems and information infrastructure. The information security analyst may also be involved in the installation and testing of these improvements.

Security analysts observe the overall security of a company’s network system and take steps to fix any issues they might find. They also provide recommendations to help improve security systems, find and mitigate potential security breaches and help respond to cyberattacks. Security analysts also compile reports for administrators and managers that assess a company’s current security policies and measures. They strive to create a more secure network and may educate company employees in various security protocols.

Penetration testers, also known as pen testers or ethical hackers, break into computers and devices by mimicking the efforts that a malicious or unethical hacker might use in a cyberattack. Using tenacity and highly advanced computer skills, they do this mainly to uncover and rectify system vulnerabilities before cybercriminals have a chance to do their worst. Once the penetration tester’s attempts to hack into the system are complete, they report their findings and conclusions to management. 

Working as part of an in-house IT department or as consultants, vulnerability assessors, sometime referred to as vulnerability assessment analysts, run tests and scans to pinpoint system vulnerabilities and improve network security. They oversee and run regular security audits, compose and describe vulnerability assessments and recognize any vital defects in systems that could allow access to cybercriminals. They may also be responsible for leading instruction and training for system administrators.