Cybersecurity might evoke scenes from Mr. Robot—hoodie-clad hackers in large rooms filled with computers. But it’s more of an everyday concern than ever before.
The FBI’s annual 2020 Internet Crime Report had a new record for the total number of cyber crime complaints (791,790), a 69% increase from the previous year. While some of these were for attacks on businesses, individuals are often victims. And attackers no longer need to be computer geniuses—anyone savvy can buy ready-to-deploy malware on the dark web, purchase devices to hack into WiFi networks, or hire a hacker to do the dirty work for them.
It’s impossible to protect yourself from every cyber threat, especially when at any moment a data breach can leak your usernames, passwords, and personal information. But cybersecurity fundamentals can be important for keeping you as safe as possible.
What is cybersecurity?
Cybersecurity is the process of protecting electronic devices, networks, and data from unauthorized or malicious access, use, destruction, and alteration. Governments and companies employ cybersecurity experts to help them manage the ongoing task of fighting off attacks and cybercriminals. Individuals also need to be aware of potential vulnerabilities and best practices.
Considering how much of the world is connected to the internet, it’s no surprise that cybersecurity is a fairly broad term. Often, different categories describe more specific aspects of cybersecurity, such as:
- Application security measures are put in place to keep attackers from stealing or altering data within an app, and from using an app as a stepping stone to access networks.
- Cloud security focuses on protecting information in the cloud while it’s being stored, transferred, and used.
- Critical infrastructure security refers to both physical security and cybersecurity measures that help protect critical infrastructure sectors, such as the energy and public health sectors.
- Information security is a broader term that encompasses protecting electronic and physical data. InfoSec tries to protect the confidentiality, integrity, and availability (CIA) of an organization's data.
- Network security refers to protecting both wireless networks (WiFi) and wired networks—and the data that travels over the networks—from cyberattacks and other threats.
- Operational security involves reviewing an organization’s processes to identify and eliminate potential vulnerabilities.
- Disaster recovery includes plans for responding to and rebuilding after an emergency, such as a cyberattack or natural disaster.
The increasing digitization of information and the popularity of internet of things (IoT) devices are creating new opportunities for cybercriminals—making cybersecurity an increasingly important and difficult task.
Why is cybersecurity important?
At its core, cybersecurity is about protecting organizations and individuals from malicious attacks. There are countless examples of the disastrous results that can stem from a successful cyberattack.
In 2016, hackers were able to turn off a power grid in Ukraine, leaving thousands without power or heat two days before Christmas. There was also the Colonial Pipeline ransomware attack in April 2021. The company shut down the largest fuel pipeline in the U.S. as a result, which led to gasoline shortages on the East Coast.
On a more personal level, a cyberattack can be frustrating, time-consuming, and costly. For example, an attacker might take over or monitor your device and gain access to your private accounts and data. They may then be able to steal and sell your identity, or continue the attack and drain your bank account.
6 common types of cyber threats
Cyber attacks can come in many different forms and involve various amounts of technological sophistication. Some of the most common cyber threats include:
- Phishing. Phishing and its variations—smishing, vishing, spear phishing, etc.—involve creating bait to try and get victims to share their private information. With email phishing, the attacker could send an email with an urgent message telling you to reset your bank account password. However, the included link sends you to a site the attacker created to look like your bank’s site. The 2020 Internet Crime Report shows these types of attacks had the most victims (by more than two-fold) than other types of crimes.
- Malware. Malware is a general term for malicious software, which could include viruses, spyware, and trojans. The threats can vary depending on the type of malware and the attacker’s purpose. For example, an attacker might install a piece of malware that tracks what you type (a keylogger), displays ads (adware), or uses your computer’s resources to mine cryptocurrencies.
- Ransomware. Ransomware is a type of malware that’s become an increasingly common cyber threat. When an attacker installs ransomware on your device, they can lock you out and encrypt your data—demanding you pay a ransom before giving you the decryption key. Even if you have a backup, the attacker may threaten to publicly release sensitive files if you don’t pay.
- Man-in-the-middle (MITM) attack. A MITM attack is when the attacker inserts themselves between two devices (such as your laptop and a web server). They can then monitor and steal data that’s sent over the connection and potentially install malware on your device.
- Distributed denial of service (DDoS) attacks. A DDoS attack overwhelms a website or online service by flooding it with traffic, making the site or service unusable. The attacker’s intent may be to disrupt the target or distract the target while carrying out another type of cyberattack.
- Insider threats. Organizations may need to worry about current and former employees or contractors who have legitimate access to their networks. Individuals also need to be careful of colleagues, roommates, friends, or family who might have access to their devices and accounts. Setting your mobile devices and computers to auto-lock could help keep others out.
While social engineering—psychological manipulation of targets—doesn’t always involve “cyber” components and might not count as a cyber threat, it is often an element of a cyber attack and scam. Beware of emails, texts, calls, and social media messages that create a sense of urgency or fear, as the sender may be trying to get you to act quickly without thinking.
5 cybersecurity best practices
You might not have the resources or knowledge to protect yourself from the types of cyberattacks that governments and large companies face, but you also likely aren’t as enticing of a target. Putting a few protective measures in place and following some simple best practices can go a long way in keeping your devices and information safe.
- Use strong and unique passwords. Strong and unique passwords can be a first good line of defense. A password manager can make creating, storing, and filling in strong passwords much easier. They can also help ensure that you enter the right password for the corresponding site. If you see your password manager entering a different password than you expect—or not having a password where you thought it would—then chances are you aren't on the site you thought you were on. This can be a helpful speed bump to get your attention about a possible phishing attack.
- Avoid using WiFi in public places. Public WiFi networks—including the network at a nearby coffee shop that requires a password—can open your devices up to all sorts of attacks. If you have to use public WiFi, connecting to a virtual private network (VPN) can help secure your connection and protect you from MITM attacks. But even safer options are to either wait until you’re on a secure network to log into private accounts or to use your mobile device’s cellular network rather than public WiFi.
- Update your software. Keeping your devices’ operating systems and apps updated helps ensure that you have the latest security patches. Hackers may still be able to breach systems using zero-day exploits—vulnerabilities that software developers or vendors haven’t identified. But you won’t be as susceptible to older, and perhaps more widely used, types of attacks.
- Enable multifactor authentication. Many accounts now let you turn on, or require, multifactor authentication (MFA). With MFA turned on, you may need to enter a code from a text message or authentication app, plug in a physical device, or scan biometrics (such as your fingerprint). The extra layer of protection means someone can’t log into your account if they only have your username and password.
- Don’t respond to messages with your private information. Be careful about sharing any private information with the sender when you receive an email, call, or text—even if they claim to work for the government or a company you use. It’s always safer to look up the organization’s contact information and initiate the conversation.
Ready to protect your online privacy and keep yourself safe from scammers and advertisers? Try Neeva, the world’s first 100% ad-free, private search engine. We never share or sell your data, and we’re committed to showing you the best results for every search. Sign up at neeva.com/signup.