What is cybersecurity and why is it needed?

Understanding cybersecurity and cyber attacks

What is cybersecurity?

What is cybersecurity?

Cybersecurity is the practice of defending technical assets and data from malicious attack. This includes protecting computers, servers, mobile devices, electronic systems, networks, and corporate data. Cybersecurity encompasses:

  • Network security, securing a computer network from intruders.
  • Application security, keeping software and devices threat-free, important because they can provide access to corporate data.
  • Information security, protecting data in storage and in transit.
  • Operational security, ensuring users have appropriate permissions when accessing a network and that data is stored and shared securely.
  • Disaster recovery and business continuity, planning for adequate response to security incidents, data losses, or outages, as well as recovery in those instances. Business continuity is the plan the organization uses to continue operating when dealing with an incident.

What is a cyber attack?

A cyber attack is an attempt to steal, alter, expose, disable, destroy, or simply gain unauthorized access to a computer system or network. Some common types of attacks include:

Distributed Denial of Service (DDOS) In which attackers overwhelm the targeted resource (such as a website or network) with superfluous requests attempting to overload the servers in order to prevent some or all legitimate requests from being fulfilled. For example, the attacker may use many different IP addresses to send hundreds of thousands of contact us requests to a website, overwhelming the site and causing it to go down.

Phishing In which attackers obtain a set of phone numbers/email addresses and send a compelling message to all of them hoping to get the user to click a link leading to a fake website where the user will enter his or her username and password. The attacker can then use it to log in and capture data, steal money, etc.

How phishing works How phishing works

Spear phishing In which attackers send carefully crafted and very believable messages to smaller groups of individuals. The messages are specifically relevant to this group of people and often include personal information the attackers have obtained (such as a colleague’s name or some event the individuals recently attended). The message than acts like a regular phishing attack.

Keylogger In which attackers manage to install a program on the user’s machine which captures keystrokes including the usernames and passwords for specific sites, apps, etc.

Credential stuffing In which attackers use stolen username/password pairs and try to use them on many different websites or apps, hoping the user has used the same credentials for multiple sites. (This works because users do frequently use the same credentials across websites.)

Credential stuffing Credential stuffing

Brute force and reverse brute force attacks In which attackers generate possible username/password combinations based on typical patterns that people use, and then programmatically try to use them on many websites/apps to try to gain access.

Man-in-the-middle (MITM) attacks In which attackers insert a program between the user and an app or website. For example, the program might look like a public Wi-Fi login. The program then captures the user’s login credentials or hijacks the user’s session so it can take actions hidden from the user.

How the man-in-the-middle attack works How the man-in-the-middle attack works

What is a security incident and a security breach?

A security incident is an event that violates an organization’s security policies or procedures. Verizon’s 2016 Data Breach Investigations Report defines an incident as a “security event that compromises the integrity, confidentiality, or availability of an information asset.”

A security breach is an incident that meets legal definitions at the state or federal level such that it qualifies as a data breach. Many state, federal, and compliance regulations require specific notifications in the event of a data breach, such as letting affected individuals or regulatory organizations know.

How do you implement cybersecurity?

There are no cybersecurity silver bullets, but being proactive and attentive increases the chances of preventing or mitigating a security incident or breach. Protecting your business or organization from cyber attack requires coordinated activity on multiple fronts.

The IT department in an organization generally “owns” cybersecurity, but every employee, vendor, supplier, and person who has access to corporate resources plays a role. Defending the organization requires efforts on at least three fronts:

  • Technology—The right technical security tools are, of course, critical. Technical solutions should be implemented to protect on-prem networks and systems, cloud systems and apps, and all endpoints, i.e. devices, internet of things (IoT), routers, and any other entry points to your networks and systems. A Privileged Access Management system and an Identity and Access Management (IAM) system are critical technologies.

  • Processes—Staying diligent and successfully addressing potential or actual cybersecurity events can only occur if you have taken the time to define and roll out processes that support cybersecurity. These processes must be verified and updated regularly.

  • People—If the people in your business ecosystem don’t implement the required processes and technology, you won’t be successful. Moreover, people are a frequent target of the most common types of cyber attacks. So educating everyone inside and who works with your organization and ensuring they follow best practices, such as around password security, is mandatory to protect your organization.

These cybersecurity tools must be applied to a set of functions, as per the NIST Framework:

  • Identify potential cybersecurity risks and weak points in the organization.
  • Protect from attack using the information determined in the identify phase.
  • Detect any attacks or potential attacks in real-time.
  • Respond to attacks.
  • Recover from the impact of an event.

Related Resources:

Webinar: Cybersecurity in a State of Disinformation

Join us for a provocative discussion with cybersecurity expert Christopher Krebs and our CEO, Brad Brooks, on the rapid evolution of today’s threat landscape.

See More

Bots, Zombies and DDoS Attacks, Oh My!

Find out what a Distributed Denial of Service (DDoS) attack is and the 3 steps you can take to prevent them.

See More

How MFA Helps Prevent Common Cyberattacks

See how Multi-Factor Authentication (MFA) helps to prevent some of the most common and successful types of cyber attacks.


Quiz: Name These 7 Common Cyberattacks

Take the Cyberattack Quiz and learn how informed you are about cybersecurity.

Read More

6 Types of Password Attacks and How to Stop Them

Get a primer on what they are, how they work, and what you can do to protect your data.


Combat Cyberattacks with OneLogin Vigilance AI™

Find out how security leaders are using artificial intelligence and machine learning to fight cyberattacks with context-aware risk analysis.

Learn More