Cybersecurity and different types of it.

CLU: 16 May, 2023


The IT Professional course covers Hardware, Software, Troubleshooting, Servers, Security, Open Source Operating Systems, Networking, Virtualization, Servers, Azure (Cloud) and Best Service Practices for IT Managers (ITIL).

picture of cyber security

businessman pressing button on virtual screens

What is Cyber Security?

cybersecurity (cyber security), digital security or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

The field has become of significance due to the expanded reliance on computer systems, the Internet and wireless network standards such as Bluetooth and Wi-Fi, and due to the growth of smart devices, including smartphones, televisions, and the various devices that constitute the Internet of things (IoT). Cybersecurity is one of the most significant challenges of the contemporary world, due to both the complexity of information systems and the societies they support. Security is of especially high importance for systems that govern large-scale systems with far-reaching physical effects, such as power distribution, elections, and finance

The Different Types of Cybersecurity

Cyber security is a wide field covering several disciplines. It can be divided into seven main pillars:

1. Network Security

Most attacks occur over the network, and network security solutions are designed to identify and block these attacks. These solutions include data and access controls such as Data Loss Prevention (DLP), IAM (Identity Access Management), NAC (Network Access Control), and NGFW (Next-Generation Firewall) application controls to enforce safe web use policies.

Advanced and multi-layered network threat prevention technologies include IPS (Intrusion Prevention System), NGAV (Next-Gen Antivirus), Sandboxing, and CDR (Content Disarm and Reconstruction). Also important are network analytics, threat hunting, and automated SOAR (Security Orchestration and Response) technologies.

2. Cloud Security

As organizations increasingly adopt cloud computing, securing the cloud becomes a major priority. A cloud security strategy includes cyber security solutions, controls, policies, and services that help to protect an organization’s entire cloud deployment (applications, data, infrastructure, etc.) against attack.

While many cloud providers offer security solutions, these are often inadequate to the task of achieving enterprise-grade security in the cloud. Supplementary third-party solutions are necessary to protect against data breaches and targeted attacks in cloud environments.

3. Endpoint Security

The zero-trust security model prescribes creating micro-segments around data wherever it may be. One way to do that with a mobile workforce is using endpoint security. With endpoint security, companies can secure end-user devices such as desktops and laptops with data and network security controls, advanced threat prevention such as anti-phishing and anti-ransomware, and technologies that provide forensics such as endpoint detection and response (EDR) solutions.

4. Mobile Security

Often overlooked, mobile devices such as tablets and smartphones have access to corporate data, exposing businesses to threats from malicious apps, zero-day, phishing, and IM (Instant Messaging) attacks. Mobile security prevents these attacks and secures the operating systems and devices from rooting and jailbreaking. When included with an MDM (Mobile Device Management) solution, this enables enterprises to ensure only compliant mobile devices have access to corporate assets.

5. IoT Security

While using Internet of Things (IoT) devices certainly delivers productivity benefits, it also exposes organizations to new cyber threats. Threat actors seek out vulnerable devices inadvertently connected to the Internet for nefarious uses such as a pathway into a corporate network or for another bot in a global bot network.

IoT security protects these devices with discovery and classification of the connected devices, auto-segmentation to control network activities, and using IPS as a virtual patch to prevent exploits against vulnerable IoT devices. In some cases, the firmware of the device can also be augmented with small agents to prevent exploits and runtime attacks.

6. Application Security

Web applications, like anything else directly connected to the Internet, are targets for threat actors. Since 2007, OWASP has tracked the top 10 threats to critical web application security flaws such as injection, broken authentication, misconfiguration, and cross-site scripting to name a few.

With application security, the OWASP Top 10 attacks can be stopped. Application security also prevents bot attacks and stops any malicious interaction with applications and APIs. With continuous learning, apps will remain protected even as DevOps releases new content.

7. Zero Trust

The traditional security model is perimeter-focused, building walls around an organization’s valuable assets like a castle. However, this approach has several issues, such as the potential for insider threats and the rapid dissolution of the network perimeter.

As corporate assets move off-premises as part of cloud adoption and remote work, a new approach to security is needed. Zero trust takes a more granular approach to security, protecting individual resources through a combination of micro-segmentation, monitoring, and enforcement of role-based access controls.


The Evolution of the Cyber Security Threat Landscape

The cyber threats of today are not the same as even a few years ago. As the cyber threat landscape changes, organizations need protection against cybercriminals’ current and future tools and techniques.

Gen V Attacks

The cyber security threat landscape is continually evolving, and, occasionally, these advancements represent a new generation of cyber threats. To date, we have experienced five generations of cyber threats and solutions designed to mitigate them, including:

  • Gen I (Virus): In the late 1980s, virus attacks against standalone computers inspired the creation of the first antivirus solutions.
  • Gen II (Network): As cyberattacks began to come over the Internet, the firewall was developed to identify and block them.
  • Gen III (Applications): Exploitation of vulnerabilities within applications caused the mass adoption of intrusion prevention systems (IPS)
  • Gen IV (Payload): As malware became more targeted and able to evade signature-based defenses, anti-bot and sandboxing solutions were necessary to detect novel threats.
  • Gen V (Mega): The latest generation of cyber threats uses large-scale, multi-vectors attacks, making advanced threat prevention solutions a priority.


Cybersecurity and different types of it.