Skip to Main Content
It looks like you're using Internet Explorer 11 or older. This website works best with modern browsers such as the latest versions of Chrome, Firefox, Safari, and Edge. If you continue with this browser, you may see unexpected results.

Cybersecurity/Computer Hacking

Information about cybersecurity and Internet security breaches and hacking practices.

Cyber Security

What is cybersecurity?

Cybersecurity is the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information. It seems that everything relies on computers and the internet now—communication (e.g., email, smartphones, tablets), entertainment (e.g., interactive video games, social media, apps ), transportation (e.g., navigation systems), shopping (e.g., online shopping, credit cards), medicine (e.g., medical equipment, medical records), and the list goes on. How much of your daily life relies on technology? How much of your personal information is stored either on your own computer, smartphone, tablet or on someone else's system?

What are the risks to having poor cybersecurity?

There are many risks, some more serious than others. Among these dangers are malware erasing your entire system, an attacker breaking into your system and altering files, an attacker using your computer to attack others, or an attacker stealing your credit card information and making unauthorized purchases. There is no guarantee that even with the best precautions some of these things won't happen to you, but there are steps you can take to minimize the chances.

What can you do to improve your cybersecurity?

The first step in protecting yourself is to recognize the risks. Familiarize yourself with the following terms to better understand the risks:

  • Hacker, attacker, or intruder – These terms are applied to the people who seek to exploit weaknesses in software and computer systems for their own gain. Although their intentions are sometimes benign and motivated by curiosity, their actions are typically in violation of the intended use of the systems they are exploiting. The results can range from mere mischief (creating a virus with no intentionally negative impact) to malicious activity (stealing or altering information).
  • Malicious code – Malicious code (also called malware) is unwanted files or programs that can cause harm to a computer or compromise data stored on a computer. Various classifications of malicious code include viruses, worms, and Trojan horses. (See Protecting Against Malicious Code for more information.) Malicious code may have the following characteristics:
    • It might require you to actually do something before it infects your computer. This action could be opening an email attachment or going to a particular webpage.
    • Some forms of malware propagate without user intervention and typically start by exploiting a software vulnerability. Once the victim computer has been infected, the malware will attempt to find and infect other computers. This malware can also propagate via email, websites, or network-based software.
    • Some malware claims to be one thing, while in fact doing something different behind the scenes. For example, a program that claims it will speed up your computer may actually be sending confidential information to a remote intruder.
       
  • Vulnerabilities – Vulnerabilities are flaws in software, firmware, or hardware that can be exploited by an attacker to perform unauthorized actions in a system. They can be caused by software programming errors. Attackers take advantage of these errors to infect computers with malware or perform other malicious activity.

To minimize the risks of cyberattacks, follow basic cybersecurity best practices:

  • Keep software up to date. Install software patches so that attackers cannot take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it. (see Understanding Patches and Software Updates for more information.)
  • Run up-to-date antivirus software. A reputable antivirus software application is an important protective measure against known malicious threats. It can automatically detect, quarantine, and remove various types of malware. Be sure to enable automatic virus definition updates to ensure maximum protection against the latest threats. Note: Because detection relies on signatures—known patterns that can identify code as malware—even the best antivirus will not provide adequate protections against new and advanced threats, such as zero-day exploits and polymorphic viruses.
  • Use strong passwords. Select passwords that will be difficult for attackers to guess, and use different passwords for different programs and devices. It is best to use long, strong passphrases or passwords that consist of at least 16 characters. (See Choosing and Protecting Passwords.)
  • Change default usernames and passwords. Default usernames and passwords are readily available to malicious actors. Change default passwords, as soon as possible, to a sufficiently strong and unique password.
  • Implement multi-factor authentication (MFA). Authentication is a process used to validate a user’s identity. Attackers commonly exploit weak authentication processes. MFA uses at least two identity components to authenticate a user’s identity, minimizing the risk of a cyberattacker gaining access to an account if they know the username and password. (See Supplementing Passwords.)
  • Install a firewall. Firewalls may be able to prevent some types of attack vectors by blocking malicious traffic before it can enter a computer system, and by restricting unnecessary outbound communications. Some device operating systems include a firewall. Enable and properly configure the firewall as specified in the device or system owner’s manual. (See Understanding Firewalls for Home and Small Office Use.)
  • Be suspicious of unexpected emails. Phishing emails are currently one of the most prevalent risks to the average user. The goal of a phishing email is to gain information about you, steal money from you, or install malware on your device. Be suspicious of all unexpected emails. (See Avoiding Social Engineering and Phishing Attacks.) CISA

Cybercrime definition (crime-research.org)

Cybercrime - Definition, Examples, Cases, Processes (legaldictionary.net)

Additional Information

 

CYBERSECURITY | CISA - CISA leads the Nation’s strategic and unified work to strengthen the security, resilience, and workforce of the cyber ecosystem to protect critical services and American way of life.

NIST CYBERSECURITY & PRIVACY PROGRAM - THE VITALS - NIST develops cybersecurity standards, guidelines, best practices, and other resources to meet the needs of U.S. industry, federal agencies and the broader public. Our activities range from producing specific information that organizations can put into practice immediately to longer-term research that anticipates advances in technologies and future challenges.

An interview is presented with Apratim Purakayastha, Chief Technology Officer, Skillsoft. Topics include cybersecurity skills that businesses are looking for and the skills that a cybersecurity professional must acquire; kind of skill gaps in the cyber security domain; and some of the most sought-after skills in the cybersecurity domain. Practical cybersecurity skills are in high demand but extremely hard to fin...: Discovery Service for Central Community College (ebscohost.com)

The article analyzes the state of cybersecurity in various organizations and businesses as of early 2021 based upon research conducted that attempted to glean whether firms hired information officers, purchased cyber insurance, and the degree of consideration given to cybersecurity during software development, change management, and strategy. The authors also recommend that organizations prioritize cybersecurity by hiring executive-level information officers (CISOs) to better implement security practices. Cybersecurity: Is It Worse than We Think?: Discovery Service for Central Community College (ebscohost.com)

Cyber espionage  is the use of computer networks to gain illicit access to confidential information, typically that held by a government or other organization.

The latest timeline of cyber incidents in 2022. Significant Cyber Incidents | Center for Strategic and International Studies (csis.org)

Global cybercrime predictions for 2022:

  • Fake news 2.0 and the return of misinformation campaigns
  • Cyberattacks targeting supply chains
  • The cyber ‘cold war’ intensifies
  • Data breaches are larger scale and more cost

Technology cybercrime predictions for 2022

  • Mobile malware attacks increase as more people use mobile wallets and payment platforms
  • Cryptocurrency becomes a focal point for cyberattacks globally
  • Attackers leverage vulnerabilities in microservices to launch largescale attacks
  • Deepfake technology weaponized
  • Penetration tools continue to grow

World Economic Forum

 

Hacking is identifying and exploiting weaknesses in computer systems and/or computer networksCybercrime is committing a crime with the aid of computers and information technology infrastructure. Ethical Hacking is about improving the security of computer systems and/or computer networks.

List of most current data breaches : List of data breaches - Wikipedia

With personal data being easily purchased from the dark web. Many criminals are undertaking this data to commit identity theft but BlueVoyant professions can evaluate and explain to courts how personal data is sourced by cybercriminals and used to commit fraud. In this article the author discusses how the impact of stolen data can become a legal issue in terms of class action lawsuits. Expert Witness: Delivering Evidence from the Dark Web when Data Breaches Go...: Discovery Service for Central Community College (ebscohost.com)

Cyberattacks are a major threat to healthcare organizations, with the potential for HIPAA data breaches, the loss of critical patient data, the inability to provide care, and substantial financial losses from ransoms and litigation. The White House is urging hospitals and health systems to take specific steps to improve cybersecurity. New Threats to Cybersecurity Call for Vigilance, Preparation.: Discovery Service for Central Community College (ebscohost.com)

Live Chat