How do you keep your information safe online?

In a connected world, cybersecurity becomes key to our daily lives. Knowing both the threats to which we are exposed and the protocols, programmes or habits that can protect us from them is essential. To avoid any risk and be forewarned of possible attacks, here are the concepts related to the world of cybersecurity that are being most used by experts in the field. Against threats...

What threats are commonly encountered in cybersecurity?

Vulnerability. All failures or deficiencies that cause an unauthorised user to gain access to a set of data within a system or programme.

Social engineering. Techniques that persuade users by exploiting their goodwill and lack of concern. Social engineering techniques are used to obtain sensitive data such as passwords or codes.

Data leakage. Deliberate or inadvertent loss of confidentiality of information of companies or individuals that should, in theory, be private and that has ended up being visible or accessible to users.

Ransomware. A type of malware that prevents access to system files that have been tied up. The cybercriminal encrypts them, making them inaccessible to the user unless the user has the decryption password.

Phishing. A scam that is carried out by different means and in which the identity of a trusted person or company is impersonated in order to obtain sensitive user data (passwords, credit card numbers, etc.).

Exploit. A program designed to exploit a vulnerability in a system or program. The use of this type of program has three purposes: accessing a system illegitimately; obtaining administrative permissions on an already accessed system; or a denial of service attack on a system.

Zero - day. Vulnerabilities that are known to a small group of people and are not known or notified to manufacturers and users. They are very dangerous as the cyber attacker can exploit them without the user being aware of the vulnerability.

Attack vector. Method or mechanism by which cybercriminals, depending on the vulnerability detected, gain access to the "flawed" system.

Worm. Malware that is characterised by its speed in "contaminating" a system.

Zombie. Name given to computers that are remotely controlled by a cybercriminal.

How How can we defend ourselves against a cyber attack?

Faced with the possible vulnerabilities that our company may present, we follow the recommendations of INCIBE, which proposes that the company should try to work under three principles that protect information: integrity, availability and confidentiality. These three concepts should be proportional to the criticality of the information handled at any given time. Thus, the more important this is, the more important the measures implemented should also be, taking into account the possible threats to which our system is exposed.

1. Encryption. A mathematical operation or function applied to a clear text so that it retains its confidentiality, since, in order to access it, a key must be entered.
2. Security updates. It is very important to keep the programmes and applications we use on a daily basis up to date. Through these, various patches are installed that correct possible vulnerabilities.
3. Audit. Exhaustive analysis of the various systems and applications used by an entity with the aim of locating vulnerabilities, software failures or configuration errors that could be exploited by cybercriminals.
4. Continuity plan. Protocol to be followed in the event of a serious incident with the aim of enabling the company to provide minimum services.
5. Awareness-raising. Inform employees of different protocols to avoid, by mistake, carelessness or ignorance, possible attacks and unauthorised access to the company's own information.
6. Security patch. A set of changes that are applied to a certain software to correct possible security errors that have been detected in programs or operating systems. They are usually developed by the manufacturer when a vulnerability is detected.
7. Firewall. Security system composed of programmes or devices at key points of the network with the aim of allowing and limiting the flow of traffic. Its main function is to ensure that communications between the network and the Internet are carried out in accordance with the company's security policies.
8. Backup. A backup copy of files or applications on a computer in order to be able to recover data in the event of accidental damage or loss of stored data on the information system.
9. IDS. Intrusion Detection System. This application is used to detect unauthorised access to a computer or network.
10. PGP. A program used to protect transmitted information using cryptographic techniques. PGP protects both data in transit over the network and data stored on the hard disk.

The demand for cybersecurity professionals is growing at an unprecedented rate. If you want to know which professions and specialisations in cybersecurity and what each one does, here we tell you about them. If you have it clear and your goal is to become a solid expert in the field, at IMMUNE we give you the tools you need to get to the right place. master's degree in cybersecurity in Madrid and as a online master's degree in cybersecurity.