Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. These cyberattacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes.
Implementing effective cybersecurity measures is particularly challenging today because there are more devices than people, and attackers are becoming more innovative.
The evolving threat landscape means organisations today must worry about far more than fraud and theft. As attackers become highly organised and also focus their attention on disrupting services, destroying your data, and holding your systems to ransom, the risk challenges grow more complex—with regulatory fines, legal damages, loss of trust, and reputation damage becoming part of the equation.
Amid this landscape, the connection between risk and performance grows stronger, with responsibility for overseeing cyber risk increasingly resting with the board and the C-suite. These top leaders increasingly want to confirm that their businesses remain secure, vigilant, and resilient—but they are sometimes far removed from the day-to-day challenges of monitoring, detecting, and responding to evolving cyber risks.
Ten critical questions can help board members and the C-suite get started by unlocking insights about their cyber maturity. Explore them here—and discover guidance that can help you develop focused answers and build new cyber risk understanding.
How Cybersecurity Works
What is cybersecurity all about?
A successful cybersecurity approach has multiple layers of protection spread across the computers, networks, programs, or data that one intends to keep safe. In an organisation, the people, processes, and technology must all complement one another to create an effective defence from cyber attacks. A unified threat management system can automate integrations across select Cisco Security products and accelerate key security operations functions: detection, investigation, and remediation.
People
Users must understand and comply with basic data security principles like choosing strong passwords, being wary of attachments in email, and backing up data. Learn more about basic cybersecurity principles.
Processes
Organisations must have a framework for how they deal with both attempted and successful cyber attacks. One well-respected framework can guide you. It explains how you can identify attacks, protect systems, detect and respond to threats, and recover from successful attacks. Watch a video explanation of the NIST cybersecurity framework (1:54)
Technology
Technology is essential to giving organisations and individuals the computer security tools needed to protect themselves from cyber attacks. Three main entities must be protected: endpoint devices like computers, smart devices, and routers; networks; and the cloud. Common technology used to protect these entities include next-generation firewalls, DNS filtering, malware protection, antivirus software, and email security solutions.
Why is cybersecurity important?
In today’s connected world, everyone benefits from advanced cyberdefence programs. At an individual level, a cybersecurity attack can result in everything from identity theft, to extortion attempts, to the loss of important data like family photos. Everyone relies on critical infrastructure like power plants, hospitals, and financial service companies. Securing these and other organisations is essential to keeping our society functioning.
Everyone also benefits from the work of cyberthreat researchers, like the team of 250 threat researchers at Talos, who investigate new and emerging threats and cyber attack strategies. They reveal new vulnerabilities, educate the public on the importance of cybersecurity, and strengthen open source tools. Their work makes the Internet safer for everyone.
Types of cybersecurity threats
Phishing
Phishing is the practice of sending fraudulent emails that resemble emails from reputable sources. The aim is to steal sensitive data like credit card numbers and login information. It’s the most common type of cyber attack. You can help protect yourself through education or a technology solution that filters malicious emails.
Email Security Solution | Email Security free trial
Ransomware
Ransomware is a type of malicious software. It is designed to extort money by blocking access to files or the computer system until the ransom is paid. Paying the ransom does not guarantee that the files will be recovered or the system restored.
Stop ransomware in its tracks | Ransomware Defence Solution
Malware
Malware is a type of software designed to gain unauthorised access or to cause damage to a computer.
Learn more about malware protection | AMP for Endpoints | AMP for Endpoints free trial
Social engineering
Social engineering is a tactic that adversaries use to trick you into revealing sensitive information. They can solicit a monetary payment or gain access to your confidential data. Social engineering can be combined with any of the threats listed above to make you more likely to click on links, download malware, or trust a malicious source.