What is Cybersecurity?
Cybersecurity is the practice of protecting critical systems and sensitive information from digital attacks. Also known as information technology (IT) security, cybersecurity measures are designed to combat threats against networked systems and applications, whether those threats originate from inside or outside of an organization.
“Security is like oxygen. When you have it, you don't notice it. But when it’s gone, you don’t survive long.”
- Fortune 500 CEO
Key Terms
Incident: we may only know that "something" potentially malicious has occurred.
Compromise: something bad has happened to the confidentiality, integrity, or availability of information resources and/or assets in the organization.
Breach: confirmation that vital information has left the organization.
Why we don’t use the word “breach:” legalities in many countries require, by law, a company to make a public disclosure of the event.
Whether a compromise is a breach is up to the customer's legal team to determine. If we use the word breach, they are required by law to report to authorities within 24 hours.
You will never hear DART use breach.
Breach: confirmation that vital information has left the organization.
Compromise: something bad has happened to the confidentiality, integrity, or availability of information resources and/or assets in the organization.
Incident: we may only know that "something" potentially malicious has occurred.
Ransomware: Malicious software designed to block access to a computer system until a sum of money is paid. Ransomware is a type of malware that prevents you from accessing your computer files, systems, or networks and demands you pay a ransom for their return. Ransomware attacks can cause costly disruptions to operations and the loss of critical information and data.
Example: Spam email with attachment or form asking for passwords
Malware: Software intentionally designed to cause damage to a computer. Malware is a term used to describe any software that is designed to cause harm to a computer system or network. Malware can take many forms, including viruses, worms, trojan horses, spyware, adware, and ransomware. These malicious programs can steal, encrypt or delete sensitive data, alter or hijack key computing functions and monitor the victim’s computer activity.
Example: Virus, spyware, memory injection, credential stealing
Hack: Gaining unauthorized access to a computer system. A hack is an unauthorized attempt to gain access to a computer system or network. Hacks can be carried out by individuals or groups with malicious intent, and can result in the theft of sensitive data, the disruption of critical systems, and other harmful outcomes.
Example: Target Hack, Denial of Service, Converting Documents to Anywhere Access
Hacking Example
How could this have been avoided?
Multi-Factor Authentication
“99.9% of credential theft could be eliminated
with MFA.”
with MFA.”
- VP of CSG Ann Johnson
Security remains a moving target
Cyberattacks and threats continue to evolve
