Cybersecurity

What Is Cybersecurity?

Cybersecurity refers to measures taken to protect internet-connected devices, networks, and data from unauthorized access and criminal use. Additionally, cybersecurity ensures the confidentiality, integrity, and availability of data over its entire life cycle.

Cybersecurity applies to both software and hardware, as well as information on the internet. It can be used to protect everything from personal information to complex government systems.

Key Takeaways

  • Cybersecurity refers to the measures taken to protect devices, networks, and data from unauthorized access and criminal use.
  • Cybersecurity can span various protection measures, such as preventing cybercriminals from hacking into computers and other connected devices and stealing sensitive information.
  • Password protection and encryption are types of cybersecurity measures.
  • Common types of cyberattacks include phishing, malware, eavesdropping attacks, and denial-of-service (DoS) attacks.

Understanding Cybersecurity

Cybersecurity measures include preventing, detecting, and responding to cyberattacks. Any information stored on an internet-connected device, computer system, or network can be hacked. With the proper measures in place, this can be prevented. Given that the world is more reliant on computers than ever before, cybersecurity has become essential.

Cybersecurity ranges from simple to complex. As a basic preventative measure, most devices come equipped with password protection to prevent hacking. Updating software is another straightforward way to prevent cyberattacks.

If a system is attacked or at risk of an attack, specific measures might be taken depending on the type of attack. Encryption, for example, is one way to prevent attacks, and certain antivirus software can detect suspicious activity online and block most software attacks.

In order to ensure that a system is secure, it's essential to understand the risks and vulnerabilities inherent to that specific device or network and whether or not hackers can exploit those vulnerabilities.

Cybersecurity measures must constantly adjust to new technologies and developments to stay one step ahead, as hackers adapt their methods to new forms of cybersecurity and render it ineffective.

Types of Cyberattacks

Cyberattacks can have wide-ranging effects on individuals, businesses, and government organizations, including monetary loss, identity theft, and reputational damage. They are classified by the method used to attack. While there are many types of cyberattacks, some of the most common include:

Phishing

Phishing occurs when an email or text appears to be sent from a reputable source. The goal of phishing is to trick the recipient into sharing sensitive information like credit card details and login credentials or to install malware on the victim's machine. Phishing is one of the most common attacks on consumers.

Malware

Malware is malicious software intended to cause damage to a computer or network. Types of malware include viruses, worms, spyware, and ransomware. Malware can find its way onto computers when a user clicks a link or email attachment that installs malicious software.

Once inside the system, malware can block access to key components of the network (ransomware), covertly obtain information by transmitting data from the hard drive (spyware), disrupt components, and render the system inoperable.

Eavesdropping Attacks

An eavesdropping attack (aka man-in-the-middle attack) is when a hacker intercepts, deletes, or modifies data as it is transmitted over a network by a computer, smartphone, or another connected device. Cybercriminals take advantage of unsecured network communications to access data as it is being sent or received by its user.

Often, eavesdropping occurs when a user connects to a network that is not secured or encrypted and sends sensitive business data to a colleague. Eavesdropping attacks can be hard to spot because, unlike some other cyberattacks, the presence of a listening device may not affect the device or network performance.

Denial-of-service attacks

Denial-of-service (DoS) attacks target devices, information systems, and other network resources to prevent legitimate users from accessing services and resources. This is typically accomplished by flooding the server and host with traffic to the point that it becomes inoperable or crashes. DoS attacks are system-on-system attacks, meaning they originate from a single location and target a single system.

Distributed Denial-of-Service Attacks

Distributed denial-of-service (DDoS) attacks are similar, but the attack comes from multiple remote machines (zombies or bots). These attacks can be deployed much faster—and with more traffic—than DoS attacks, so they are typically harder to detect than DoS attacks.

241,342

The number of people who fell victim to phishing scams in 2020, according to the FBI. This is up from 114,700 in 2019, a 110% increase year-over-year. The Internet Crime Complaint Center, or IC3, receives an average of 440,000 complaints each year, representing losses of $4.2 billion in 2020 alone.

Common Targets of Cyberattacks

While any individual system is at some level of cyberattack risk, larger entities such as businesses and government systems are often the targets of these attacks since they store a lot of valuable information.

The Department of Homeland Security, for example, uses high-tech cybersecurity measures to protect sensitive government information from other countries, nation-states, and individual hackers.

Cybercrime is on the rise as criminals try to benefit from vulnerable business systems. Many attackers are looking for ransom. The average ransomware payment climbed to a record $570,000 in the first half of 2021, according to a report from cybersecurity firm Palo Alto Networks.

Any financial system that stores credit card information from its users is at a high risk since hackers can directly steal money from people by accessing these accounts. Large businesses are often attacked because they store personal information about their extensive network of employees.

The industries with the most cyberattacks over the past five years are healthcare, manufacturing, financial services, government, and transportation. Retail, legal, education, media and entertainment, oil and gas, and energy and utilities are expected to be among the top-10 cyber-attacked industries by 2022.

What Is the Difference Between Dos and DDos?

Both types of attacks overload a server or web application to interrupt services for legitimate users. A DoS (denial-of-service) attack comes from a single location, so it's easier to detect its origin and sever the connection. DDoS (distributed denial-of-service) attacks originate from multiple locations. They are faster to deploy and can send much larger amounts of traffic simultaneously, so they are harder to detect and shut down.

What Is Cybersecurity?

Cybersecurity is the practice of protecting internet-connected systems, devices, networks, and data from unauthorized access and criminal use. 

Is Cybersecurity a Good Career?

Due to ongoing and increasing cybersecurity threats, the industry has a very promising career outlook. There are not enough skilled people to fill cybersecurity jobs, so professionals are likely to find jobs easily. On Oct. 28, 2021, Microsoft announced plans to cut the cybersecurity workforce shortage in half by 2025 by partnering with community colleges across the U.S. and providing free resources to help end the shortage.

Article Sources

Investopedia requires writers to use primary sources to support their work. These include white papers, government data, original reporting, and interviews with industry experts. We also reference original research from other reputable publishers where appropriate. You can learn more about the standards we follow in producing accurate, unbiased content in our editorial policy.
  1. Department of Homeland Security. “Cybersecurity.” Accessed Jan, 26, 2022.

  2. Cisco. "What Is a Cyberattack?" Accessed Jan, 26, 2022.

  3. Fortinet. "Eavesdropping." Accessed Jan, 26, 2022.

  4. FBI Internet Crime Complaint Center. "Internet Crime Report 2020." Accessed Jan, 26, 2022.

  5. U.S. Department of Homeland Security. "Cybersecurity." Accessed Jan, 26, 2022.

  6. Palo Alto Networks. "Extortion Payments Hit New Records as Ransomware Crisis Intensifies." Accessed Jan, 26, 2022.

  7. Cybercrime Magazine. “2019/2020 Cybersecurity Almanac: 100 Facts, Figures, Predictions and Statistics.” Accessed Jan, 26, 2022.

  8. Microsoft. "American faces a cybersecurity skills crisis: Microsoft launches national campaign to help community colleges expand the cybersecurity workforce." Accessed Jan, 26, 2022.