The Ultimate Guide to Defending Against Cyber Attacks
Defending Against Cyber Attacks: Think about how much of the world relies on the internet. The government, military, academia, health care industry, and private industry not only collect, process, and store unprecedented amounts of data in cyberspace — they also rely on critical infrastructure systems in cyberspace to perform operations and deliver services.
An attack on this infrastructure could not only threaten customer data or a business’s bottom line — it could also threaten a nation’s security, economy, and public safety and health.
Considering its importance, we’ve compiled this ultimate guide on cybersecurity. Below, we’ll talk about what cybersecurity is exactly, how to protect your systems and data from attacks, and what resources to follow to stay up-to-date with emerging trends and technology related to cybersecurity.
What is cybersecurity?
Cybersecurity is the practice of securing data, devices, programs, networks, and systems against attacks. These attacks, known as cyber attacks, are designed to exploit vulnerabilities in an individual’s device or enterprise’s system in order to disrupt, disable, destroy, or control their data or infrastructure.
Good cybersecurity involves multiple layers of protection across the data, devices, programs, networks, and systems of an enterprise. A combination of technology and best practices can provide an effective defense against the continually evolving and growing threats of cyberspace.
These threats include phishing, malware, ransomware, code injections, and more. The impact can vary depending on the scope of the attack. A cyber attack might result in the attacker making unauthorized purchases with an individual’s credit card info, or erasing an entire system after injecting malware into an organization’s code base.
While even the best cybersecurity can’t defend against every type or instance of attack, it can help to minimize the risks and impact of such attacks.
Types of Cybersecurity
Cybersecurity is a broad term that can be broken down into more specific subcategories. Below we’ll walk through five major types of cybersecurity.
Application Security
Application security, also known as AppSec, is the practice of developing, adding, and testing security features within web applications in order to protect them against attacks. Vulnerabilities, security misconfigurations, and design flaws can be exploited and result in malicious code injections, sensitive data exposure, system compromise, and other negative impacts.
AppSec is one of the most important types of cybersecurity because the application layer is the most vulnerable. According to Imperva research, nearly half of data breaches over the past several years originated at the web application layer.
Cloud Security
Cloud security is a relatively recent type of cybersecurity. It is the practice of protecting cloud computing environments as well as applications running in and data stored in the cloud.
Since cloud providers host third-party applications, services, and data on their servers, they have security protocols and features in place — but clients are also partially responsible and expected to configure their cloud service properly and use it safely.
Critical Infrastructure Security
Critical infrastructure security is the practice of protecting the critical infrastructure of a region or nation. This infrastructure includes both physical and cyber networks, systems, and assets that provide physical and economic security or public health and safety. Think of a region’s electricity grid, hospitals, traffic lights, and water systems as examples.
Much of this infrastructure is digital or relies on the internet in some way to function. It is therefore susceptible to cyber attacks and must be secured.
Internet of Things (IoT) security
Internet of Things security, or IoT security, is the practice of protecting virtually any device that connects to the internet and can communicate with the network independently of human action. This includes baby monitors, printers, security cameras, motion sensors, and a billion other devices as well as the networks they’re connected to.
Since IoT devices collect and store personal information, like a person’s name, age, location, and health data, they can help malicious actors steal people’s identities and must be secured against unauthorized access and other threats.
Network Security
Network security is the practice of protecting computer networks and data against external and internal threats. Identity and access controls like firewalls, virtual private networks, and two-factor authentication can help.
Network security is typically broken down into three categories: physical, technical, and administrative. Each of these types of network security is about ensuring only the right people have access to network components (like routers), data that is stored in or transferred by the network, and the infrastructure of the network itself.
Cybersecurity Terms to Know
Cybersecurity is a very intimidating topic, not unlike cryptocurrency and artificial intelligence. It can be hard to understand, and, frankly, it sounds kind of ominous and complicated.
But fear not. We’re here to break this topic down into digestible pieces that you can rebuild into your own cybersecurity strategy. Bookmark this post to keep this handy glossary at your fingertips.
Here’s a comprehensive list of general cybersecurity terms you should know.
Authentication
Authentication is the process of verifying who you are. Your passwords authenticate that you really are the person who should have the corresponding username. When you show your ID (e.g., driver’s license, etc), the fact that your picture generally looks like you is a way of authenticating that the name, age, and address on the ID belong to you. Many organizations use two-factor authentication, which we cover later.
Backup
A backup refers to the process of transferring important data to a secure location like a cloud storage system or an external hard drive. Backups let you recover your systems to a healthy state in case of a cyber attack or system crash.
Behavior Monitoring
Behavior monitoring is the process of observing the activities of users and devices in your network to recognize any potential security events before they occur. Activities must not only be observed but also measured against baselines of normal behavior, trends, and organizational policies and rules.
For example, you might monitor and track when users log in and log out, if they request access to sensitive assets, and what websites they visit. Then say a user tries to log in at an unusual time, like the middle of the night. In that case, you could identify that as unusual behavior, investigate it as a potential security event, and ultimately block that log in attempt if you suspect an attack.
Bot
A bot, short for robot, is an application or script designed to perform automated and repetitive tasks. Some bots have legitimate purposes, like chatbots that answer commonly asked questions on a website. Others are used for malicious purposes, like sending spam emails or conducting DDoS attacks. As bots become more sophisticated, it gets harder to tell the difference between good bots and bad bots or even bots from human users. That’s why bots pose an ever-growing threat to many individuals and organizations.
CIA Triad
The CIA triad is a model that can be used to develop or evaluate an organization’s cybersecurity systems and policies.
The CIA triad refers to confidentiality, integrity, and availability. In practice, this model ensures data is disclosed only to authorized users, remains accurate and trustworthy throughout its lifecycle, and can be accessed by authorized users when needed in spite of software failures, human error, and other threats.
Image Source
Data Breach
A data breach refers to the moment a hacker gains unauthorized entry or access to a company’s or an individual’s data.
Digital Certificate
A digital certificate, also known as an identity certificate or public key certificate, is a type of passcode used to securely exchange data over the internet. It’s essentially a digital file embedded in a device or piece of hardware that provides authentication when it sends and receives data to and from another device or server.
Encryption
Encryption is the practice of using codes and ciphers to encrypt data. When data is encrypted, a computer uses a key to turn the data into unintelligible gibberish. Only a recipient with the correct key is able to decrypt the data. If an attacker gets access to strongly encrypted data but doesn’t have the key, they aren’t able to see the unencrypted version.
Image Source
HTTP and HTTPS
Hypertext Transfer Protocol (HTTP) is how web browsers communicate. You’ll probably see an http:// or https:// in front of the websites you visit. HTTP and HTTPS are the same, except HTTPS encrypts all data sent between you and the web server — hence the “S” for security. Today, nearly all websites use HTTPS to improve the privacy of your data.
Image Source
Vulnerability
A vulnerability is a place of weakness that a hacker might exploit when launching a cyber attack. Vulnerabilities might be software bugs that need to be patched, or a password reset process that can be triggered by unauthorized people. Defensive cybersecurity measures (like the ones we talk about later) help ensure data is protected by putting layers of protections between attackers and the things they’re trying to do or access.
Types of Cyber Attacks
- Password Guessing Attack
- Distributed Denial of Service (DDoS) Attack
- Malware Attack
- Phishing Attack
- Man-in-the-Middle (MitM) Attack
- Cross Site Scripting Attack
- SQL Injection Attack
A cyber attack is a deliberate and typically malicious intent to capture, modify, or erase private data. Cyber attacks are committed by external security hackers and, sometimes, unintentionally by compromised users or employees. These cyber attacks are committed for a variety of reasons. Some are looking for ransom, while some are simply launched for fun.
Below we’ll briefly go over the most common cyber threats.
1. Password Guessing (Brute Force) Attack
A password guessing (or “credential stuffing”) attack is when an attacker continually attempts to guess usernames and passwords. This attack will often use known username and password combinations from past data breaches.
An attacker is successful when people use weak passwords or use the password between different systems (e.g., when your Facebook and Twitter password are the same, etc). Your best defense against this kind of attack is using strong passwords and avoiding using the same password in multiple places as well as using two factor authentication, as we talk about later.)
2. Distributed Denial of Service (DDoS) Attack
A distributed denial of service (DDoS) attack is when a hacker floods a network or system with a ton of activity (such as messages, requests, or web traffic) in order to paralyze it.
This is typically done using botnets, which are groups of internet-connected devices (e.g., laptops, light bulbs, game consoles, servers, etc) infected by viruses that allow a hacker to harness them into performing many kinds of attacks.
Image Source
3. Malware Attack
Malware refers to all types of malicious software used by hackers to infiltrate computers and networks and collect susceptible private data. Types of malware include:
- Keyloggers, which track everything a person types on their keyboard. Keyloggers are usually used to capture passwords and other private information, such as social security numbers.
- Ransomware, which encrypts data and holds it hostage, forcing users to pay a ransom in order to unlock and regain access to their data.
- Spyware, which monitors and “spies” on user activity on behalf of a hacker.
Furthermore, malware can be delivered via:
- Trojan horses, which infect computers through a seemingly benign entry point, often disguised as a legitimate application or other piece of software.
- Viruses, which corrupt, erase, modify, or capture data and, at times, physically damage computers. Viruses can spread from computer to computer, including when they are unintentionally installed by compromised users.
- Worms, which are designed to self-replicate and autonomously spread through all connected computers that are susceptible to the same vulnerabilities. .
4. Phishing Attack
A phishing attack is when hackers try to trick people into doing something. Phishing scams can be delivered through a seemingly legitimate download, link, or message.
It’s a very common type of cyber attack — 57% of respondents in a third-party survey said their organization experienced a successful phishing attack in 2020, up from 55% in 2019. And the impact of successful phishing attacks range from loss of data to financial loss.
Image Source
Phishing is typically done over email or through a fake website; it’s also known as spoofing. Additionally, spear phishing refers to when a hacker focuses on attacking a particular person or company, instead of creating more general-purpose spams.
5. Man-in-the-Middle (MitM) Attack
A Man-in-the-Middle (MitM) attack is when an attacker intercepts communications or transactions between two parties and inserts themselves in the middle. The attacker can then intercept, manipulate, and steal data before it reaches its legitimate destination. For example, say a visitor is using a device on public WiFi that hasn’t been secured properly, or at all. An attacker could exploit this vulnerability and insert themselves between the visitor’s device and the network to intercept login credentials, payment card information, and more.
This type of cyber attack is so successful because the victim has no idea that there is a “man in the middle.” It just seems like they’re browsing the web, logging into their bank app, and so on.
Image Source
6. Cross Site Scripting Attack
A cross site scripting attack, or XSS attack, is when an attacker injects malicious code into an otherwise legitimate website or application in order to execute that malicious code in another user’s web browser.
Because that browser thinks the code is coming from a trusted source, it will execute the code and forward information to the attacker. This information might be a session token or cookie, login credentials, or other personal data.
Here’s an illustrated example of an XSS attack:
Image Source
7. SQL Injection Attack
An SQL injection attack is when an attacker submits malicious code through an unprotected form or search box in order to gain the ability to view and modify the website’s database. The attacker might use SQL, short for Structured Query Language, to make new accounts on your site, add unauthorized links and content, and edit or delete data.
This is a common WordPress security issue since SQL is the preferred language on WordPress for database management.
Cybersecurity Best Practices: How to Secure Your Data
Cybersecurity can’t be boiled down into a 1-2-3-step process. Securing your data involves a mix of best practices and defensive cybersecurity techniques. Dedicating time and resources to both is the best way to secure your — and your customers’ — data.
Defensive Cybersecurity Solutions
All businesses should invest in preventative cybersecurity solutions. Implementing these systems and adopting good cybersecurity habits (which we discuss next) will protect your network and computers from outside threats.
Here’s a list of five defensive cybersecurity systems and software options that can prevent cyber attacks — and the inevitable headache that follows. Consider combining these solutions to cover all your digital bases.
Antivirus Software
Antivirus software is the digital equivalent of taking that vitamin C boost during flu season. It’s a preventative measure that monitors for bugs. The job of antivirus software is to detect viruses on your computer and remove them, much like vitamin C does when bad things enter your immune system. (Spoken like a true medical professional …) Antivirus software also alerts you to potentially unsafe web pages and software.
Learn more: McAfee, Norton. or Panda (for free)
Firewall
A firewall is a digital wall that keeps malicious users and software out of your computer. It uses a filter that assesses the safety and legitimacy of everything that wants to enter your computer; it’s like an invisible judge that sits between you and the internet. Firewalls are both software and hardware-based.
Learn more: McAfee LiveSafe or Kaspersky Internet Security
Single Sign-On (SSO)
Single sign-on (SSO) is a centralized authentication service through which one login is used to access an entire platform of accounts and software. If you’ve ever used your Google account to sign up or into an account, you’ve used SSO. Enterprises and corporations use SSO to allow employees access to internal applications that contain proprietary data.
Learn more: Okta or LastPass
Two-Factor Authentication (2FA)
Two-factor authentication (2FA) is a login process that requires a username or pin number and access to an external device or account, such as an email address, phone number, or security software. 2FA requires users to confirm their identity through both and, because of that, is far more secure than single factor authentication.
Learn more: Duo
Virtual Private Network (VPN)
A virtual private network (VPN) creates a “tunnel” through which your data travels when entering and exiting a web server. That tunnel encrypts and protects your data so that it can’t be read (or spied on) by hackers or malicious software. While a VPN protects against spyware, it can’t prevent viruses from entering your computer through seemingly legitimate channels, like phishing or even a fake VPN link. Because of this, VPNs should be combined with other defensive cybersecurity measures in order to protect your data.
Learn more: Cisco’s AnyConnect or Palo Alto Networks’ GlobalProtect
Cybersecurity Tips for Business
Defensive cybersecurity solutions won’t work unless you do. To ensure your business and customer data is protected, adopt these good cybersecurity habits across your organization.
Require strong credentials.
Require both your employees and users (if applicable) to create strong passwords. This can be done by implementing a character minimum as well as requiring a mix of upper and lowercase letters, numbers, and symbols. More complicated passwords are harder to guess by both individuals and bots. Also, require that passwords be changed regularly.
Control and monitor employee activity.
Within your business, only give access to important data to authorized employees who need it for their job. Prohibit data from sharing outside the organization, require permission for external software downloads, and encourage employees to lock their computers and accounts whenever not in use.
Know your network.
With the rise of the Internet of Things, IoT devices are popping up on company networks like crazy. These devices, which are not under company management, can introduce risk as they’re often unsecured and run vulnerable software that can be exploited by hackers and provide a direct pathway into an internal network.
“Make sure you have visibility into all the IoT devices on your network. Everything on your corporate network should be identified, properly categorized, and controlled. By knowing what devices are on your network, controlling how they connect to it, and monitoring them for suspicious activities, you’ll drastically reduce the landscape attackers are playing on.” — Nick Duda, Principal Security Officer at HubSpot
Read about how HubSpot gains device visibility and automates security management in this case study compiled by security software ForeScout.
Download patches and updates regularly.
Software vendors regularly release updates that address and fix vulnerabilities. Keep your software safe by updating it on a consistent basis. Consider configuring your software to update automatically so you never forget.
Make it easy for employees to escalate issues.
If your employee comes across a phishing email or compromised web page, you want to know immediately. Set up a system for receiving these issues from employees by dedicating an inbox to these notifications or creating a form that people can fill out.
Cybersecurity Tips for Individuals
Cyber threats can affect you as an individual consumer and internet user, too. Adopt these good habits to protect your personal data and avoid cyber attacks.
Mix up your passwords.
Using the same password for all your important accounts is the digital equivalent of leaving a spare key under your front doormat. A recent study found that over 80% of data breaches were a result of weak or stolen passwords. Even if a business or software account doesn’t require a strong password, always choose one that has a mix of letters, numbers, and symbols and change it regularly.
Monitor your bank accounts and credit frequently.
Review your statements, credit reports, and other critical data on a regular basis and report any suspicious activity. Additionally, only release your social security number when absolutely necessary.
Be intentional online.
Keep an eye out for phishing emails or illegitimate downloads. If a link or website looks fishy (ha — get it?), it probably is. Look for bad spelling and grammar, suspicious URLs, and mismatched email addresses. Lastly, download antivirus and security software to alert you of potential and known malware sources.
Back up your data regularly.
This habit is good for businesses and individuals to master — data can be compromised for both parties. Consider backups on both cloud and physical locations, such as a hard drive or thumb drive.
Why You Should Care About Cybersecurity
According to a report by RiskBased Security, there were 3,932 data breaches reported in 2020, which exposed over 37 billion records. Moreover, a recent study found that the global average cost of a data breach amounted to 3.86 million U.S. dollars in 2020. That means the cost of data breaches amounted to approximately 15.2 billion dollars last year.
Small to medium-sized businesses (SMBs) are especially at risk. You might see corporations like Target and Sears topping the headlines as top data breach victims, but it’s actually SMBs that hackers prefer to target.
Why? They have more — and more valuable — digital assets than your average consumer but less security than a larger enterprise-level company … placing them right in a “hackers’ cybersecurity sweet spot.”
Security breaches are frustrating and frightening for both businesses and consumers. In a survey by Measure Protocol, approximately 86% of respondents said that recent privacy breaches in the news had impacted their willingness to share personal information to some extent.
But cybersecurity is about more than just avoiding a PR nightmare. Investing in cybersecurity builds trust with your customers. It encourages transparency and reduces friction as customers become advocates for your brand.
“Everyone has a role in helping to protect customers’ data. Here at HubSpot, every employee is empowered to solve for customer needs in a safe and secure way. We want to harness everyone’s energy to provide a platform that customers trust to correctly and safely store their data.” — Chris McLellan, HubSpot Chief Security Officer
Keep your business ahead of the tech curve with the tips, systems & recommended resources in our guide to staying current on emerging tech.
Cybersecurity Resources
The resources below will help you learn more about cybersecurity and how to better equip your business and team. We also recommend checking out the most popular cybersecurity podcasts and cybersecurity blogs, too.
National Institute of Standards and Technology (NIST)
NIST is a government agency that promotes excellence in science and industry. It also contains a Cybersecurity department and routinely publishes guides that standards.
Bookmark: The Computer Security Resource Center (CSRC) for security best practices, called NIST Special Publications (SPs).
The Center for Internet Security (CIS)
CIS is a global, non-profit security resource and IT community used and trusted by experts in the field.
Bookmark: The CIS Top 20 Critical Security Controls, which is a prioritized set of best practices created to stop the most pervasive and dangerous threats of today. It was developed by leading security experts from around the world and is refined and validated every year.
Cybrary
Cybrary is an online cybersecurity education resource. It offers mostly free, full-length educational videos, certifications, and more for all kinds of cybersecurity topics and specializations.
Bookmark: The Certified Information Systems Security Professional (CISSP) 2021, which is the most recent course for information security professionals. Earning this “gold standard” of security certifications will set you apart from other information security professionals.
The Cyber Readiness Institute
The Cyber Readiness Institute is an initiative that convenes business leaders from different sectors and regions to share resources and knowledge to ultimately advance the cyber readiness of small and medium-sized businesses.
Bookmark: The Cyber Readiness Program, which is a free, online program designed to help small and medium-sized enterprises secure their data, employees, vendors, and customers against today’s most common cyber vulnerabilities.
Signing Off … Securely
Cyber attacks may be intimidating, but cybersecurity as a topic doesn’t have to be. It’s imperative to be prepared and armed, especially if you’re handling others’ data. Businesses should dedicate time and resources to protecting their computers, servers, networks, and software and should stay up-to-date with emerging tech.
Handling data with care only makes your business more trustworthy and transparent — and your customers more loyal.
Note: Any legal information in this content is not the same as legal advice, where an attorney applies the law to your specific circumstances, so we insist that you consult an attorney if you’d like advice on your interpretation of this information or its accuracy. In a nutshell, you may not rely on this as legal advice or as a recommendation of any particular legal understanding.
Editor’s note: This post was originally published in February 2019 and has been updated for comprehensiveness.