What is CyberSecurity

Digitization is a phenomenon that impacts, every day evolving, economic, political and social life. The speed and erratic nature with which information travels the world has changed the meaning of fundamental structural elements, such as national boundaries, prompting many to question the very idea of reality. 

From the man-machine relationship to personal interactions; the ideals that had formed the foundations of our bureaucratic structures are being tested by the rapid evolution of technologies, mass adoption and the change in customs that follows.

In such an environment, it is natural that frictions and disagreements between people, which are hardly a modern phenomenon, emerge in new forms and on new levels. New disagreements, however, are mirrored in old but familiar scenarios in which one side decides to play the role of the aggressor, while another side gets the role of the aggressed. Cybersecurity is concerned with coming alongside the victims in an effort to protect them from the attackers of modern cyber society.

What is cybersecurity

Cybersecurity, or information security, is the set of techniques designed to protect individuals, devices and data from unauthorized access and use. In some quarters it is still defined as the practice of safeguarding confidentiality, integrity and availability; in English we refer to these concepts by the acronym CIA: Confidentiality, Integrity, Availability. Of course, this notion is generic intentionally, as cybersecurity practices are now adopted in all sectors and industries. A video game developer that wants to prevent online players from cheating in competitive settings, an on-demand streaming platform that needs to protect the intellectual property of movies, a smartphone manufacturer that needs to keep the design of the newest models secret, not to mention shopping platforms, hospital and transportation services. The issue of information security is gaining more than functional centrality, in some cases it is even strategic. So if we can say we are all interested in learning about cybersecurity, how do we define those who instead act against security principles to take advantage of them?

Who are the individuals who perpetrate cyber attacks

There are various reasons why an individual decides to act outside the law.  A cyber crime, although more complex and historically less recorded than other crimes, remains a common act perpetrated to gain illicit advantage at the expense of legality and fairness.  We can thus distinguish 4 macro categories, which describe the most studied and well-known groups of hackers (a term you may have heard), based on their purposes:

Nationally backed actors: cyber warfare is a reality, a fact of life.  Nations often sponsor cyber attacks against each other for reasons of modern warfare or simply to get one ahead of the other.

• Unorganized effectors: a person who decides that breaking the rules is a viable option to achieve something that would require more effort to legitimately obtain.  These actors are more problematic to deal with on a large scale.  For example, all the people who try to upload illegitimate content to YouTube may not be a particular threat individually, but they end up costing the tech giant a lot of money due to the fact that they act in the thousands per day (if not per hour).
• Paid hackers: people who decide to use their skills to perform illicit actions for profit.  Usually working alone or organizing in small groups, these actors rely on others’ need for illicit activities and respond to utilitarian logic.
• Hacktivists: people who commit computer crimes for political ideals.  Usually organized in larger groups, they aim to achieve a goal that disregards money but involves, nonetheless, aggressive actions against the Internet population.

The techniques employed by these actors are varied, but it is important to know at least the most common ones.  In 2022, most cyber breaches followed these types of attacks:

• Malware: malicious code or program that generally runs on a victim’s computer
• Ransomware: malware used to extort ransom
• Social engineering attacks: scams and frauds through cyberspace or using modern devices
• Data threats: compromise of the availability, confidentiality or integrity of companies’ data
• Denial of Service: forcing servers to crash under a load of traffic intentionally directed against them
• Disinformation: fake news and information manipulation that generates distrust and/or inaccuracies in systems

These are just a few examples of the actors and threats that cybersecurity aims to address.  In the next sections, I will give you an idea of how cybersecurity experts usually try to change the problems outlined.

What are the activities that a Cyber Security professional performs.

To defend against malicious actors, there are thousands of practices and hundreds of branches of study, each specializing in finding increasingly effective solutions and increasingly impactful deterrents.  However, to give you some context and to inspire you to learn more, I can offer some of the most common tasks that a cybersecurity expert must perform in his or her career:

• Network security: protecting a computer network from intruders, be they targeted attackers or opportunistic malware.
• Application security: protecting software and devices from threats.  A compromised application could provide access to the data for which it was designed. Security success begins in the design phase, well before a program or device is deployed.
• Information security: protects the integrity and confidentiality of data, both in storage and in transit.
• Operational security: includes the processes and decisions for managing and protecting data.  The permissions users have when accessing a network and the procedures that determine how and where data can be stored or shared all fall under this umbrella.
• Disaster recovery and business continuity: define how an organization responds to a cybersecurity incident or any other event that causes the loss of operations or data.  Disaster recovery policies determine how the organization restores operations and information to return to the same operational capability as before the event.  Business continuity is the minimum level to which the organization falls as it tries to operate without certain resources.
• End-user training: addresses the most unpredictable factor in cybersecurity, namely, end users.  Anyone can accidentally introduce a virus into an otherwise secure system by not following good security practices.  Teaching users to delete suspicious e-mail attachments, not to connect unidentified USB drives, and various other important lessons is vital to the security of any organizations

Again, these are just some of the most common activities that a cybersecurity expert should see in his or her career.  But what about individual users?  Do you have to be a cybersecurity expert to be able to protect yourself from the most common attacks?

How to protect yourself from cyber attacks

Everyone has to do their part, and you don’t have to have years of study and work behind you to be able to apply effective security measures to your cyber space.  How can businesses and individuals protect themselves from cyber threats?  Here are our simple but basic tips on the first cybersecurity habits to acquire:  

• Keep your system clean and up-to-date: security solutions such as antivirus, anti ransomware and the like detect and remove threats before they do their deeds. Keeping your system and software up-to-date at all times adds an extra layer of protection.
• Use complex but accessible passwords: make sure your passwords are not only dificult to guess but also easy for you to use. A secure password that you have difficulty using is as much a risk as an insecure password.
• Be skeptical: do not trust the content in e-mails from unknown or unexpected senders; phishng is used to spread malware and carry out very serious scams; do not fall victim to this approach.
• Avoid using unsecured WiFi networks in public places: unsecured networks expose you to man-in-the-middle attacks, i.e., actors who come between you and the network you are connected to by stealing data from you.

Other important tips can be found in the articles on our page.  Keeping up-to-date is a final tip that can improve more than just computer security skills.

Conclusion

The goal of employing these measures is not to protect oneself 100 percent from every possible threat. It is a well-known fact, especially to those who have been dealing with it for years, that achieving total security is impossible, not so much because systems are constantly evolving by changing vulnerabilities and exploited strategies. As stated above, cyber crime is nothing but crime. To eliminate threats would require eradicating the will to break the law, and we are far from achieving that result. This does not mean that we should wait helplessly for that day to come. Applying the measures described in this section helps to get used to good habits of information hygiene. Penicillin was discovered in 1928, but before then so many everyday uses allowed humanity not to disappear because of bacteria. If you approach cyberspace with the same philosophy, you will have a better chance of enjoying a peaceful and sustainable cyber life.