Understanding cybersecurity: a beginner’s guide

How high on your to-do list is cybersecurity? If it’s not near the top, you may want to rethink.

The rise in cybercrime, which is projected to cost the world $10.5 trillion (£8.4 trillion GBP) annually by 2025, reflects not just the growing sophistication of attackers but increasing opportunities for criminals operating online. There are now more devices than people in this increasingly digital world, and we have a lot of juicy information hackers are desperate to steal.  

In this article, we’re going to take a deep dive into the world of cybersecurity, equipping you with all the tips, terminology, and tactics you need to stay safe. 

What is cybersecurity?

Hackers, phishers, scammers, cybercriminals — they go by various names and take different routes, but they all have one thing in common: digital attacks. These attacks are usually aimed at accessing and/or destroying sensitive information, extorting money, or interfering with political machinations. Cybersecurity is the practice of protecting systems and programs from their advances. 

Protecting digital assets from cybercriminals is a tough job, and it’s getting tougher. There are more devices than people, and attackers are increasingly sophisticated. These are highly intelligent minds with malicious agendas, and they’re harder to spot than your average ‘Nigerian Prince’.

Why is cybersecurity important?

From reputational damage to political chaos, cyberattacks pose a threat of global importance. A good cybersecurity strategy offers the following protection: 

Protecting personal information

• Identity theft: Good cybersecurity protects your personal info from being stolen.

• Privacy: It ensures your private life and personal data stay just that — personal.

Safeguarding business assets

• Intellectual property: Businesses need cybersecurity to protect their intellectual property from hackers.

• Financial health: A breach can have dire financial consequences, from immediate theft to long-term reputational damage.

National security concerns

• Infrastructure protection: Cybersecurity plays a key role in protecting a country’s infrastructure, like power grids and water systems.

• National secrets: It helps to keep a nation’s secrets safe from foreign adversaries.

Evolving threats

• Keeping up with attackers: Cybercriminals are smart, innovative, and determined. Cybersecurity needs to evolve at the same pace to counter new threats.

• Adapting to new technologies: With new tech comes new vulnerabilities. Cybersecurity helps professionals understand and mitigate these risks.

A potted history of cyberattacks 

From the conceptual theories of the mid-20th century to the high-profile attacks of the 21st century, cybercrime has a colorful and storied history. Learning about it will help you understand where we are now and what we’re up against.

Early theoretical concepts

• John von Neumann’s work: In the 1940s and 1950s, mathematician John von Neumann, widely recognized as one of the fathers of computing, discussed the theory of self-replicating programs. This laid the groundwork for understanding how computer viruses spread. His work was purely theoretical at the time, but it ushered in the development of malicious software, aka ‘malware’ (which we’ll talk about in more detail later on).

The advent of phone phreaking

• Exploring the telephone system: In the 1960s and 1970s, before PCs took off, the first real hackers were ‘phone phreaks’. They explored the telephone system to understand how it worked. Once they did that, they manipulated it for free long-distance calls.

• Blue boxes and famous phreakers:  In 1971, the practice of phreaking became widely known after Esquire magazine released an article titled Secrets of the Little Blue Box written by Ron Rosenbaum. The article caught the attention of future phone phreakers and Apple founders Steve Wozniak and Steve Jobs. This era was characterized by curiosity-driven exploration and laid the groundwork for hacking culture. Inspiring? Yes. Worrying? Also yes. 

The rise of computer hacking 

• Transition to digital: As homes gained PCs throughout the 1980s, the focus shifted to computer networks. Hackers began exploring these new digital frontiers, leading to the first batch of notable cyberattacks. 

• Kevin Mitnick’s exploits: Perhaps the most famous hacker of this era was Kevin Mitnick. His hacking in the 1980s and 1990s made him the first hacker to make the FBI’s Most Wanted list. Mitnick’s activities included penetrating some of the most secure networks, including those of major corporations and even the U.S. government. His capture in 1995 brought the issue of cybersecurity to the forefront of public consciousness. Currently, he serves as the CEO and founder of Mitnick Security Consulting.

Modern developments

• Growing sophistication: As technology advanced, so did hacker techniques. The late 20th and early 21st centuries saw the emergence of sophisticated malware, ransomware, and large-scale cyberespionage and cyberwarfare operations.

• Notable incidents: High-profile incidents like the Stuxnet virus attack on Iranian nuclear facilities and widespread ransomware attacks have shown the potential for cyber threats to cause real-world harm.

• Now and beyond: Cybersecurity is a continuous cat-and-mouse game between security professionals and attackers, with each side adapting and evolving in response to the other. As we look to the future, the lessons from the past will shape the ongoing fight.

What is CIA?

The CIA triad stands for Confidentiality, Integrity, and Availability, and it forms the cornerstone of information security. 

• Confidentiality ensures sensitive information is accessed only by authorized individuals.
• Integrity maintains the accuracy and reliability of data, protecting it from unauthorized changes. 
• Availability ensures information and resources are accessible to authorized users when needed. 

Image source: itgovernance.co.uk

Together, these three principles provide a framework for organizations to protect their data from various threats. A good cybersecurity strategy includes a mixture of approaches that minimize threats to all three components. 

Cybersecurity in action

Cybersecurity isn’t a single action or tool. It’s a collection of tools and strategies all working together. Below is a list of the most widely used security measures.

Risk management

• Identification: Step one? Assess the risks. This involves knowing the value of different data and assets and the potential impact of a breach. Top tip: keep the worst-case scenario close. It could and does happen. 
• Mitigation strategies: Prevention is better than a cure! Once you’ve identified risks, you need to implement mitigation strategies. This might include a combination of technical policies and procedures.

Layered defense

• Multiple barriers: Rather than relying on a single line of defense, cybersecurity relies on multiple layers of security. If one layer is breached, others are in place to protect the system.
• Diverse tactics: These layers include physical security, network security, application security, and user education, among others.

Device protection 

• Virus blockers: This is your first line of defense when it comes to digital security. It involves installing and regularly updating antivirus and anti-malware software to protect devices from malicious programs. 
• Firewalls: This acts as a barrier between your device and external networks, filtering out unauthorized or potentially harmful traffic. 

Principle of least privilege

• Access control: Individuals or systems should have enough access to perform their tasks and no more. This minimizes the damage from a breach or misuse.
• Regular reviews: Access rights should be regularly reviewed and updated to ensure they’re still appropriate.

Secure online activity

• Protect data-in-transit: Data is at its most vulnerable when it’s moving from one place to another. Using Virtual Private Networks (VPNs) and making sure websites have SSL certificates (https://) helps to ensure secure connections. 
• Use strong passwords: Unique passwords and multi-factor authentication add an extra layer of security, helping safeguard online accounts.

Secure email

• Set up spam filters: Email is one of the most common attack vectors. Setting up effective filters helps to stop phishing emails and other malicious messages from reaching end users.
• Encrypt data: For sensitive information, encrypting emails ensures that only the intended recipient can read the content, thereby protecting the data from potential interceptors.

Centralized security

• Unifying defense systems: Centralized security means managing all cybersecurity measures from one hub. This makes it easier to keep an eye on everything and respond to threats quickly.
• Consistency and control: With this approach, the same security rules apply across the whole organization, and across every platform, reducing the chances of weak spots in the defense. It also makes it simpler to control and update security measures as needed.

Regular updates and patching

• Staying current: Cyber threats continually evolve, so staying up-to-date with the latest security patches and software updates is a must.
• Vulnerability management: Regularly scanning for and addressing vulnerabilities helps keep systems secure.

Incident response planning:

• Preparation: Having a plan in place before an incident occurs ensures a faster and more effective response.
• Components: A good plan includes identifying key personnel, establishing communication protocols, and having tools and processes ready for investigation and recovery.

User education and awareness

• Human factor: To err is human. People are often the weakest link in security. Educating users about safe practices, potential threats, and how to respond to suspicious activity is a must.
• Continuous training: Cybersecurity training should be ongoing to keep pace with new threats and changing technologies.

Regular audits and monitoring

• Oversight: Regular security audits help ensure policies are being followed and that no new vulnerabilities arise.
• Monitoring: Continuous monitoring of networks and systems can detect and alert about suspicious activities, allowing for rapid response.

Timely backups

• Keep copies: Regularly backing up data means that you’ll have a recent copy to restore from in case of ransomware attacks, hardware failures, or other disasters. These backups should be stored in a secure, offsite location to protect them from being compromised along with the primary data. 
• Test the process: Regularly testing backup restores is crucial to ensure that the data can be effectively recovered when needed.

Essential cybersecurity terminology 

From firewalls to phishing — here are some of the key terms and phrases you need to know. 

Encryption

Encryption is the process of encoding information so that only an authorized recipient can decode and consume it. It’s one of the best ways to share data security, especially across networks. 

Encryption key

An encryption key is a string of bits used to scramble and unscramble data, essentially turning readable data (plaintext) into a coded form (ciphertext) and back again. The strength of the encryption relies heavily on the randomness and length of the key. In public key encryption systems, keys come in pairs consisting of a public key and a private key. The public key can be shared with anyone, while the private key is kept secret to ensure only the intended recipient can decrypt the message.

Firewall

A firewall is a network security device that monitors incoming and outgoing network traffic and permits or blocks data packets based on a set of security rules. It establishes a barrier between your internal network and incoming traffic from external sources (such as the internet) to block malicious traffic like viruses and hackers. 

Intrusion Detection System (IDS)

An Intrusion Detection System (IDS) is a security tool that keeps an eye on computers and networks to find any dangerous or rule-breaking activities. It tells someone in charge, or a main system, about any strange behavior it notices. This main system, called a Security Information and Event Management (SIEM) system, sorts through all the alerts to figure out which ones are real threats and which are not. IDS can look after anything from one computer to big networks and mainly comes in two kinds: one that watches over networks (NIDS) and another that watches individual computers (HIDS).

Virtual Private Network (VPN)

A Virtual Private Network (VPN) lets you securely access a private network over the internet. It makes your device act as if it’s directly connected to the private network, allowing you to safely send and receive data. This is like creating a secure tunnel over the internet to access resources from anywhere. 

Two-factor Authentication (2FA)

This is one most of us use in our personal lives. Two-factor authentication (2FA) requires two different types of proof before you can access something, like an email account. It’s used to add extra protection by combining something you know (like a password) with something you have (like a code from your phone) or something you are (like your fingerprint).

IP address

An Internet Protocol (IP) address is a unique set of numbers that acts like a digital address for your computer on a network. It helps send and receive data correctly. There are two kinds of IP addresses: IPv4, with 4 billion unique addresses, and the newer IPv6, which has a much larger number of addresses.

DNS

The Domain Name System (DNS) is like the internet’s phonebook. It translates human-readable domain names (like www.nulab.com) into machine-readable IP addresses (like 192.0.2.1). When you type a web address into your browser, the DNS servers take that domain name and translate it into the IP address of the website’s server. While domain names are easy for people to remember, computers or machines access websites based on IP addresses.

Essential cybersecurity terminology: cyberattacks 

Now you know the basics, let’s visit the dark side. 

Malware

Malware, short for malicious software, refers to any program or file designed to harm or exploit any programmable device, service, or network. Here are some of the most common.

• Viruses: These are malicious programs that attach themselves to clean files and spread throughout a computer system, infecting files with malicious code.

• Worms: These are self-replicating programs that spread within networks without human intervention after being executed.

• Trojan horses: These are malicious programs that disguise themselves as legitimate software. Unlike viruses, they don’t reproduce, but open a passageway (technically called a ‘backdoor’) for nefarious activities. The name is a reference to the legendary Greek soldiers who infiltrated Troy by concealing themselves inside a horse supposedly left as a gift for Goddess Athena. 

• Ransomware: A type of malicious software that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. 

• Spyware, which secretly records information about the user, is later used by hackers — usually to extort money. 

• Adware: Often in the form of pop-up ads, adware can redirect a user’s browser searches to look-alike web pages that contain other malware.

• Botnets: Networks of infected computers that are made to work together under the control of an attacker.

Phishing

Phishing is a type of cyber attack that uses disguised email as a weapon. The goal is to trick the email recipient into believing that the message is something they want or need — for example, a request from their bank or a note from someone in their company — and to click a link or download an attachment. 

An example from phishing.org

What really distinguishes phishing is the form the message takes: the attackers masquerade as a trusted entity of some kind, often a real or plausibly real person or a company the victim might do business with. 

It’s one of the oldest types of cyberattacks, dating back to the 1990s, and it’s still one of the most widespread and pernicious, with phishing messages and techniques becoming increasingly sophisticated, sometimes used in conjunction with spyware — where the attacker monitors your personal emails, then sends an attack tailored just for you. How thoughtful.

Password attack

This refers to any means used to crack a user’s password to gain unauthorized access to a system. 

• Brute force attack: Attempting every possible combination of letters, numbers, and symbols until the correct password is found.
• Dictionary attack: Using a prearranged list of likely passwords, such as words found in a dictionary.
• Keylogging: Using a program to record every keystroke made by a user in hopes of capturing passwords and other sensitive information.

Clickjacking

Clickjacking is a bit like a digital bait-and-switch. Imagine you think you’re clicking on a regular button on a website, e.g to claim a special offer. But in reality, what you’re actually clicking on is something entirely different and potentially harmful. This hidden action might be giving away your personal information or allowing someone unauthorized access to your computer. 

It’s tricky because everything looks normal on the surface, but there’s a hidden layer where the malicious stuff is set up. It’s a clever deception used by hackers to trick you into making a mistake.

Cryptocurrency hijacking

Also known as cryptojacking, this involves hackers using someone else’s computer to mine cryptocurrency. It’s usually done through a malicious link that loads cryptomining code on the computer or through an infected website or a virus.

DDoS attacks (Distributed Denial of Service)

In a DDoS attack, multiple compromised computer systems attack a target, like a server or website, causing a denial of service for users of the targeted resource. The flood of incoming messages, connection requests, or malformed packets forces the target to slow down or crash, denying service to legitimate users.

Source: onelogin.com

Man-in-the-Middle (MitM) attacks

MitM attacks occur when attackers insert themselves into a two-party transaction or communication. Once the attackers interrupt the traffic, they can filter and steal data. Common forms of MitM attacks include eavesdropping on unsecured public Wi-Fi networks and setting up fake Wi-Fi networks that mimic legitimate ones.

SQL injection

This involves the insertion of malicious SQL code into a database-driven website. The attacker can then view, modify, and delete data from the database. Websites that don’t properly validate user input are especially vulnerable. 

How SQL attacks work (source: spanning.com)

Zero-day exploit

A zero-day exploit is a cyber attack that occurs on the same day a weakness is discovered in the software. At that point, it’s exploited before a fix is available from its creator. The exploit can infect your computer with malware without your knowledge, as in the case of some drive-by downloads, or it can expose your personal information. Both are bad news. 

Advanced Persistent Threats (APTs)

APTs are prolonged and targeted cyberattacks in which an intruder gains access to a network and remains undetected for a while. The intention of an APT attack is usually to steal data rather than to directly cause damage to the network or organization.

Insider threats

In the context of cybersecurity, insider attacks typically fall into two main categories:

1. Malicious Insiders: These are individuals within the organization who intentionally seek to harm the company or its data. They might be motivated by financial gain, revenge, or ideological beliefs. These insiders have authorized access and exploit it to steal sensitive information, sabotage systems, or facilitate external breaches. They could be current or former employees, contractors, or business associates.

2. Unintentional Insiders: These insiders don’t have malicious intent but still cause harm through negligence, ignorance, or being manipulated (like in phishing attacks). They might accidentally leak sensitive information, click on bad links, use weak passwords, or lose devices containing critical data. Their actions can inadvertently provide an avenue for external attackers or cause direct damage to the organization’s systems and reputation.

Cyberattacks that changed history 

Every disaster brings a valuable lesson, and the world of cybersecurity is no different. Real-world cyber attacks show us our vulnerabilities, as well as the methods used by cybercriminals and the devastating effects these attacks can have. 

1. WannaCry ransomware attack (2017)

• What happened: In May 2017, the WannaCry ransomware attack spread rapidly across the globe, infecting over 230,000 computers in more than 150 countries within a day. WannaCry exploited a vulnerability in Microsoft Windows OS, initially discovered by the National Security Agency (NSA) and leaked by the hacker group called the Shadow Brokers. It encrypted users’ files and demanded Bitcoin payments in exchange for the decryption key.

• Impact: The attack caused total chaos across various sectors, including healthcare (notably the UK’s National Health Service), finance, and telecommunications. It’s estimated that the total damages from the attack ranged from hundreds of millions to billions of dollars.

• Lessons learned: The importance of regular software updates, the dangers of using unsupported or outdated operating systems, and the need for robust backup and recovery plans. The attack also showed the potential global reach of cyber threats and the importance of international cooperation in cybersecurity. 

2. Sony Pictures hack (2014)

• What happened: In November 2014, Sony Pictures Entertainment was targeted by a hacker group named Guardians of Peace. The attackers breached Sony’s network and stole about 100 terabytes of data, including sensitive emails, employee information, and unreleased films. The hackers then wiped Sony’s computer infrastructure and leaked the stolen data online. The attack was allegedly motivated by the planned release of The Interview, a comedy about a plot to assassinate North Korea’s leader.

• Impact: The hack resulted in massive financial losses, estimated to be around $100 million, and reputational damage for Sony. The leaked data led to lawsuits, high-profile resignations, and strained international relations.

• Lessons learned: The attack underscored the importance of securing sensitive data, monitoring network activity, and having an effective incident response plan. It also highlighted the potential for cyber attacks to be used as a tool for political or ideological purposes.

3. Equifax data breach (2017)

• What happened: In September 2017, Equifax, one of the largest credit reporting agencies in the United States, announced it had suffered a massive data breach. The breach exposed the personal information of approximately 147 million people, including Social Security numbers, birth dates, addresses, and, in some cases, driver’s license numbers. Attackers exploited a vulnerability in a web application framework that Equifax used.

• Impact: The breach had significant financial implications for Equifax, including a settlement of up to $700 million to help compensate those affected. It also eroded consumer trust and highlighted the risks associated with the handling and storage of personal data.

• Lessons learned: The importance of timely patching of known vulnerabilities, regular security audits, and comprehensive cybersecurity frameworks. The breach also emphasized the need for stringent regulatory measures to protect consumer data and the far-reaching consequences of failing to do so.

Cybersecurity job roles

These roles represent just a tiny slice of the opportunities available in cybersecurity. As the sector grows, the demand for skilled professionals is expected to rise. 

Security analyst

• Responsibilities: Security analysts protect company networks and systems. They monitor, analyze, and respond to incidents and threats, ensuring the organization’s digital assets are secure from unauthorized access. 

• Skills required: Knowledge of current cybersecurity trends and hacker tactics, proficiency with firewalls and various forms of endpoint security, and experience with programming languages.

Security engineer

• Responsibilities: Security engineers design and implement network security systems to defend against advanced cyberattacks. They’re also responsible for testing and screening security software and for monitoring networks for breaches.

• Skills required: A strong understanding of network infrastructure and hardware, the ability to implement, administer, and troubleshoot devices, and knowledge of app transport and protocols.

Chief Information Security Officer (CISO)

• Responsibilities: The CISO is a senior-level exec who is responsible for establishing and maintaining the company security vision. They lead IT security policies and work closely with other executives to prioritize security initiatives and spending.

• Skills required: Strong leadership skills, a good knowledge of IT and cybersecurity strategies and technologies, and excellent communication and organizational abilities.

Incident responder

• Responsibilities: Incident responders, also known as intrusion analysts or incident response engineers, are the first to react to a security incident. They’re like a fire alarm, firefighter, crime scene analyst, and safety expert all in one. They deal with the immediate fallout of a breach, run forensic analysis to determine the source of the threat, assess damage, and then plan the recovery steps. Phew. 

• Skills required: Knowledge of various security methodologies and processes and familiarity with forensic and incident management tools and platforms.

Penetration tester (pen tester/ethical hacker)

• Responsibilities: Penetration testers, aka pen testers or ethical hackers, purposefully exploit security vulnerabilities in networks, apps, and systems. They simulate cyber attacks to identify and address weaknesses before malicious hackers can take advantage.

• Skills required: Deep understanding of networking and network protocols, proficiency with testing tools, and an ethical mindset to responsibly manage discovered vulnerabilities. It’s a role especially suited to divergent thinkers because you’ll need to spot things others have missed. 

Cryptographer

• Responsibilities: Cryptographers develop algorithms, ciphers, and security systems to encrypt sensitive information. They work to secure digital data, create secure communication channels, and safeguard against unauthorized access and alterations.

• Skills required: A strong background in mathematics and computer science, proficiency in programming, and a deep understanding of encryption techniques and security protocols.

Security architect

• Responsibilities: Security architects design, build, and oversee the implementation of network and computer security for an organization. They help create complex security structures and ensure they function properly. They also define, implement, and maintain corporate security policies and procedures.

• Skills required: Comprehensive knowledge of hardware and software systems, experience with cybersecurity technologies, and ability to design and manage security systems.

Cybersecurity certifications

Certifications play a vital role in confirming the skills and knowledge of a professional. Let’s explore some of the most highly sought-after and respected qualifications in the field.

1. Certified Information Systems Security Professional (CISSP)

Offered by (ISC), the CISSP is one of the most sought-after certifications in the cybersecurity industry. It validates an individual’s expertise in designing, implementing, and managing a best-in-class cybersecurity program.

• Who it’s for: It’s aimed at experienced security practitioners, managers, and executives interested in proving their knowledge across a wide array of security practices and principles.

2. Certified Ethical Hacker (CEH)

Provided by EC-Council, the CEH certification teaches professionals to think and act like hackers (in an ethical way), a skill that’s in high demand. It covers the latest commercial-grade hacking tools, techniques, and methodologies used by hackers and information security professionals.

• Who it’s for: It’s best suited for IT professionals involved in network security, incident management, and quality assurance who want to understand hacking techniques to better defend against them.

3. CompTIA Security+

This is a global certification that validates the baseline skills necessary to perform core security functions and pursue an IT security career. It’s vendor-neutral and covers essential principles for network security and risk management.

• Who it’s for: It’s designed for IT professionals who want to gain a foundational understanding of cybersecurity roles to help them plan a career in this field.

4. Certified Information Security Manager (CISM)

Offered by ISACA, CISM is a management-focused certification that promotes international security practices and recognizes the individual who manages, designs, and oversees an enterprise’s information security.

• Who it’s for: It’s intended for management more than the individual security practitioner, focusing on governance, risk management, and compliance.

5. Certified Information Systems Auditor (CISA)

Also offered by ISACA, CISA is a globally recognized certification for IS audit control, assurance, and security professionals. It demonstrates the holder’s ability to assess vulnerabilities, report on compliance, and institute controls within the enterprise.

• Who it’s for: It’s most beneficial for IT auditors, audit managers, consultants, and security professionals.

6. Offensive Security Certified Professional (OSCP)

Provided by Offensive Security, the OSCP certification is hands-on and requires holders to demonstrate their ability to identify vulnerabilities, execute attacks, and penetrate systems. It’s known for its rigorous 24-hour practical exam.

• Who it’s for: It’s designed for information security professionals who want to prove their ability in penetration testing and ethical hacking.

7. Global Information Assurance Certification (GIAC)

GIAC certifications show specialism in areas like network penetration testing, incident response, forensic analysis, and reverse engineering malware among others.

• Who it’s for: It’s suitable for all levels of IT professionals looking to specialize in specific areas of cybersecurity.

How to make your company impenetrable

The safest organizations are those that take a layered approach, putting not just one but every possible measure in place to keep assets and data safe. It’s a lot of work, but not as much as dealing with the fallout of a cyberattack. 

Nulab Pass, our enterprise-grade security system, gives admins comprehensive control and streamlined access. SAML single sign-on, audit logs, and user provisioning enhance security across our entire suite of products. Best of all? It runs in the background, providing seamless security without the fuss. Try it out today!