Académique Documents
Professionnel Documents
Culture Documents
Cyber security consists of technologies, processes and controls designed to protect systems, networks
and data from cyber attacks. Effective cyber security reduces the risk of cyber attacks and protects
against the unauthorized exploitation of systems, networks and technologies.
In a computing context, security comprises cyber security and physical security -- both are used by
enterprises to protect against unauthorized access to data centers and other computerized systems.
Information security, which is designed to maintain the confidentiality, integrity and availability of data,
is a subset of cyber security.
Robust cyber security involves implementing controls based on three pillars: people, processes and
technology. This three-pronged approach helps organizations defend themselves from both organized
attacks and common internal threats, such as accidental breaches and human error.
A successful cyber security approach has multiple layers of protection spread across the computers,
networks, programs, or data that one intends to keep safe. In an organization, the people, processes,
and technology must all complement one another to create an effective defense from cyber attacks.
People
Every employee needs to be aware of their role in preventing and reducing cyber threats, and
specialized technical cyber security staff needs to stay fully up to date with the latest skills and
qualifications to mitigate and respond to cyber attacks.
Processes
Processes are crucial in defining how the organization’s activities, roles and documentation are used to
mitigate the risks to the organization’s information. Cyber threats change quickly, so processes need to
be continually reviewed to be able to adapt alongside them.
Technology
By identifying the cyber risks that your organization faces you can then start to look at what controls to
put in place, and what technologies you’ll need to do this. Technology can be deployed to prevent or
reduce the impact of cyber risks, depending on your risk assessment and what you deem an acceptable
level of risk.
TYPES OF CYBER SECURITY THREATS
Ransomware
Ransomware is a type of malicious software. It is designed to extort money by blocking access to files or
the computer system until the ransom is paid. Paying the ransom does not guarantee that the files will
be recovered or the system restored.
Malware
Malware is a type of software designed to gain unauthorized access or to cause damage to a computer.
Social engineering
Social engineering is a tactic that adversaries use to trick you into revealing sensitive information. They
can solicit a monetary payment or gain access to your confidential data. Social engineering can be
combined with any of the threats listed above to make you more likely to click on links, download
malware, or trust a malicious source.
Phishing
Phishing is the practice of sending fraudulent emails that resemble emails from reputable sources. The
aim is to steal sensitive data like credit card numbers and login information. It’s the most common type
of cyber attack. You can help protect yourself through education or a technology solution that filters
malicious emails.
Outdated software
The use of outdated (unpatched) software (e.g. Microsoft XP) opens up opportunities for criminal
hackers to take advantage of known vulnerabilities that can bring entire systems down.
Vulnerabilities in web applications and networks
Cyber criminals are constantly identifying new vulnerabilities in systems, networks or applications to
exploit. These activities are conducted via automated attacks and can affect anyone, anywhere