What is cybersecurity?

Last modified on September 5th, 2022

Nowadays, there are an increasing number of connected devices, both for business and personal use, which leads to more attack vectors that we need to be protected from and that need to be monitored through cybersecurity. All users are exposed to daily attacks and these are becoming ever more frequent.

So then we come to the question: what is cybersecurity?

Cybersecurity is the practice of protecting devices, networks, systems and data from IT attacks. To put it another way, it’s about managing IT security or information technology security.

What threats or attacks are businesses exposed to?

Today, companies are immersed in a technological environment that is constantly changing and where technological information systems are present in some form or other in the majority of processes.

What’s more, it is becoming increasingly common to use mobile devices and cloud services to carry out activities, which offers us new opportunities but which is not without risk. It is for this reason that cybersecurity in organisations is becoming increasingly important and all the necessary measures should be applied to protect against the various malicious attacks that are out there.

Malicious attacks have various targets relating to confidential information: accessing the information, modifying it, destroying the information or extorting users; and other targets such as disrupting business activity.

These attackers take advantage of software vulnerabilities which are known to them or which they manage to detect, in order to exploit them and carry out some sort of undesirable action for the legitimate user and, consequently, the organisation. They also take advantage of erroneous configurations or the user’s lack of awareness, which provide a first point of access to the information systems.

Most common cybersecurity attack methods

Phishing -> Also known as identity theft, are attacks carried out using fraudulent emails masquerading as emails from reputable sources. Their aim is to steal sensitive data such as credit card numbers, and login credentials.
Malware -> This is a type of software designed to obtain unauthorised access or to cause damage to IT equipment. There are many types of malware and each one seeks to achieve its aims in a different way, including the following: virus, Trojans, spyware, ransomware, adware, botnets, etc.
- Ransomware -> In recent times this has become the most widely known type of malware due to the impact of its attacks and their frequency. Its aim is to intimidate users into paying a fine by blocking the IT system or access to files until the payment is made. This payment doesn’t guarantee that the files can be recovered or that the system is restored.
Social engineering -> This is a tactic used by the attackers to trick legitimate users into revealing their confidential information with the aim of getting money from them or obtaining valuable data to carry out a subsequent attack. This tactic may be combined with any of the previous threats.
Service denial -> An attack that consists of preventing an IT system from carrying out legitimate requests by overloading networks and servers with unwanted traffic. This leads to the system becoming unusable and prevents the organisation from carrying out vital functions.
“Man-in-the-middle” type attack -> This is an attack whereby the cyber criminal intercepts the communication between two individuals to steal data. For example, an attacker might intercept messages sent via an insecure Wi-Fi network.

How can we prevent these threats and attacks from happening?

Organisations need to have a cybersecurity strategy to identify the risks to which they are exposed, locate the weak points and put in place processes and tools to detect and mitigate any possible attacks or threats.

First of all, they need to have an up-to-date inventory of assets and software in order to know the potential risks to they are exposed to. Then it is recommended that they carry out an audit to get to know about the state of their cybersecurity and to define the subsequent steps.

Regardless of the result of the audit, at least the following controls should be established:

Security policies and standards .
A logical access control system.
A backup system.
Anti-malware software on the equipment.
A policy for software updates.
Tools to apply security on the internal and external networks.
Monitoring information supports during their useful life.
An activity log for monitoring all actions.
A business continuity plan.
A cybersecurity awareness-raising plan for all employees.

On the other hand, the application of security standards like ISO 27001 and setting up an Information Security Management System (ISMS) based on that standard, will enable appropriate measures to be managed and carried out to protect the information and, therefore, limit the number of threats arising from malicious attacks.

Cybersecurity Solutions

Likewise, technology is essential to offer organisations the cybersecurity solutions needed to protect them from cyberattacks and to be able to apply the controls needed to protect their assets.

Both the end devices and the networks that enable their connectivity and the cloud or servers for storing information need to be protected. To this end, there are various cybersecurity systems available such as:

Firewalls.
Intrusion Prevention and Detection Systems IDS/IPS.
Anti-malware protection.
Communication encoding systems.
DNS Filtering.
Antivirus software.
Email security solutions.
Web security solutions or SIEM monitoring solutions.
Etc.

Awareness-raising

We need to bear in mind that end users are the first line of defence against cybercrime and therefore it is vital that they are equipped with all the knowledge and skills needed to protect the company and be alert to any possible attack that might occur. For this reason, developing a cybersecurity awareness programme is the best way to educate staff and create a culture of security.

At GlobalSuite Solutions we have GlobalSuite® software which facilitates automation and management of the ISO 27001 standard to optimise an Information Security Management System (ISMS). The versatility of the software means that it meets the most complex requirements in an affordable and intuitive way, helping organisations to obtain ISO 27001 standard certification and consequently improving the organisation’s cybersecurity. Our teams of specialist consultants offer advice and the support needed to help organisations achieve the ISO 27001 standard

Cybersecurity, Security

Cookie	Duration	Description
_GRECAPTCHA	5 months 27 days	This cookie is set by Google. In addition to certain standard Google cookies, reCAPTCHA sets a necessary cookie (_GRECAPTCHA) when executed for the purpose of providing its risk analysis.
viewed_cookie_policy	1 year	The cookie is set by the GDPR Cookie Consent plugin to store whether or not the user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_dc_gtm_UA-965325-8	1 minute	No description
afl_wc_utm_cookie_expiry	3 months	No description available.
afl_wc_utm_sess_landing	3 months	No description available.
afl_wc_utm_sess_visit	3 months	No description available.
AnalyticsSyncHistory	1 month	No description
bridge_sid_Xy0yMDM3OTQ4Nzkz	2 hours	No description
bridge_uid_Xy0yMDM3OTQ4Nzkz	1 year	No description
li_gc	2 years	No description
oribi_cookie_test	session	No description
oribi_session	2 hours	No description available.
oribi_user_guid	1 year	No description available.
prism_224354013	1 month	No description
TS01ad8345	session	No description
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	These cookies are set via embedded youtube-videos.
yt.innertube::requests	never	These cookies are set via embedded youtube-videos.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_XWPV7VHQKR	2 years	This cookie is installed by Google Analytics.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_hjAbsoluteSessionInProgress	30 minutes	No description available.
_hjFirstSeen	30 minutes	This is set by Hotjar to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.
_hjid	1 year	This is a Hotjar cookie that is set when the customer first lands on a page using the Hotjar script.
_hjIncludedInPageviewSample	2 minutes	No description available.
_hjTLDTest	session	No description available.
CONSENT	16 years 3 months 17 days 8 hours 11 minutes	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.

Cookie	Duration	Description
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.

What is cybersecurity?

What threats or attacks are businesses exposed to?

Most common cybersecurity attack methods

How can we prevent these threats and attacks from happening?

Cybersecurity Solutions

Awareness-raising

Security

Risks management

Business continuity

Compliance management

Privacy Data Protection

Audit management software

More Articles

5 Key steps for implementation of your ISMS

What is the ISO 27001 standard and what is its purpose?

New ISO / IEC 27701: 2019