Blog/Expert Analysis/

What is cybersecurity?

John Sears

John Sears


Sep 15, 2022


7 min read

Jump to section

Cyber security refers to the protection of computer networks, servers, devices, and data from unauthorized access. It covers how individuals and businesses can protect against cyberattacks, which take many forms such as malware, ransomware, phishing, and adware.

In this article, we’ll have a look at what cyber security is, the ways it is misunderstood, and how it has evolved and see what areas it covers today.

A brief history of cybersecurity

The term cybersecurity was coined in 1989, but the concept actually came into existence in the early 70s with the creation of the first computer virus, Creeper, and the first tool to catch it, Reaper. Creeper was not a malicious program and caused no damage — all it did was leave the message “I’m the Creeper, catch me if you can!” on your computer.

In 1986, the Russians became the first to use cyberattacks as a weapon. They employed a hacker to steal US military secrets. He hacked 400 computers but was caught before handing secret information to the soviets.

With the rise of the internet, criminals discovered new opportunities to get rich through stealing data. By the mid ’90s, cyberattacks were so common that firewalls and antivirus software — dedicated cybersecurity tools — were developed in response. The first ever firewall was created by NASA researchers following a virus attack on their California branch.

Cyber security has grown to be increasingly sophisticated as the years have gone by — but so has viruses. This forced governments to tighten the laws and penalties for cybercrimes.

What is cyber security and what does it cover?

Network security

Every company keeps plenty of vulnerable information: consumer data, financial reports, employment records, and legal documents. If leaked, this information could destroy the company's reputation and even lead to bankruptcy.

To prevent cyber incidents, networks must be monitored, secured with a firewall, and protected with anti-malware software at all times. It’s also important to use a VPN to encrypt your connection to the company’s network when working from home.

Cloud security

Cloud security is the protection of the data, applications, and infrastructure of cloud computing. It’s a dynamic environment where everything is highly connected — the data has to be secured both at rest and in transit. The ability to log in to your cloud storage from anywhere in the world brings additional risks.

Responsibility for the security of the cloud is shared between the storage provider and the user: Cloud service providers must secure the storage itself, while users have to manage who gets to access it, control the data, and use secure login methods.

Application security

Google Play and Apple’s App Store host over 4 million mobile apps with most requiring access to the user’s location, camera, contact, and gallery. Once these apps are granted that access, monitoring what they use it for is nearly impossible.

Moreover, thousands of apps on Google Play and Apple’s App Store have been found to be malicious. For example, an app may pose as a photo editor but be designed to identify personal

IoT security

The internet of things (IoT) connects devices and machines to the internet, including ATMs, vehicles, smart meters, traffic lights, retail systems, and CCTV cameras. Most of the information gathered by IoT devices and sent to the cloud is sensitive because it tracks our behavior.

Let’s say you have a system that records your movement in the house and lowers the temperature when you’re not around to reduce heating bills. This information would be valuable to burglars looking for a chance to break in.

Since the IoT market is steadily growing, it’s no wonder that cyberattacks on IoT devices are also increasing. In the first half of 2021, researchers have recorded over 1.5 billion cyberattacks against IoT devices, more than in the entire 2020.

Human error in cyber security

US university studies show 95% of all cyber incidents are actually down to human error, proving us to be the weakest link in the chain. Unfortunately, no type of technology can prevent users from clicking a malicious link, opening an attachment containing a virus, or sharing secret information with the people they’re not supposed to. Cybersecurity measures can help mitigate dangers, but it’s up to users to take the definitive action.

Human error means actions that were unintended or accidental. Even a simple mistake, such as sending information to the wrong person at work, counts as a major security violation. So you can see just how easy it is to fall victim to human error in cyber security.

Three cybersecurity attacks that thrive on human error

  • Phishing

  • A phishing attack falls under the social engineering umbrella and is an elegant weapon in a hacker's arsenal. Usually, you get an email that includes malicious links or attachments designed to lure you into clicking on them. If you do, that click releases a swarm of malware onto your device, enabling hackers to access all your sensitive data.

  • Unlocked devices

  • Other culprits for human error are your devices. You can slip up in countless ways, such as leaving them unlocked in public spaces, choosing weak passwords, or using unsecured Wi-Fi. Smartphones and laptops are also an essential part of most workplaces, making them huge reservoirs of sensitive company information. Knowing this, hackers have devised elaborate ways to access your data with phishing scams and malicious sites.

  • Weak passwords

  • Tens of millions of credentials are stolen every year. Getting hold of usernames and passwords is one of the easiest ways for criminals to drain bank accounts as well as fake someone’s identity. Weak passwords are therefore the surest way to end up in the merciless hands of cybercriminals.

Cybersecurity myths you probably still believe

Cyber security is complex and often misunderstood. This helps cybercriminals launch their attacks – as long as people don’t understand how to protect themselves properly, they are easy targets. Here are some common cybersecurity myths.

Myth #1 All you need is a strong password

Kevin Mitnick, the world’s most famous hacker, once took a 17-character password (qu4dr1l473r4l12*$) and demonstrated how a computer can crack it in under a minute. Does this suggest you shouldn't use strong passwords? Of course not. But the length or special symbols alone don't make a password strong. Despite the first impression that Mitnick's password might give, it is actually weak because its core is derived from the dictionary word “quadrilateral.”

So what is a strong password? In the same video, Mitnick suggests expanding your password to phrases containing 30+ characters, like ”wildunicornsroamthestreetsofnewyork.” You could also use passwords that don't contain dictionary words, which is much easier to do if you use a password manager. And if you want even more security, you can additionally enable two-factor authentication.

Myth #2 New technology improves security

New technology often helps improve cybersecurity. But technology does not exist in a vacuum — it’s created and used by people. If your master password to your password manager is “password,” technology is making your cybersecurity weaker. That’s why all technology should be continuously tested and updated. Otherwise, the result will be the opposite of what is expected from it.

Myth #3 Credit card data is hackers’ only target

Just because your organization doesn’t deal with finances doesn’t mean hackers aren’t interested in your operations. it. Hackers will grab everything they can get their hands on because what they can’t use themselves, they can sell.

The reason is simple. In the digital underground, there’s always someone who wants something. Any data you can steal will likely have an interested buyer, whether it’s account credentials, an access to a tool, or someone's personal files.

Myth #4 You’re safe as long as you’re not in the X or Y industry

Some company owners feel confident about their security but not because they did something about it. The confidence comes from a false belief that they’re too small for hackers or they’re not in a targeted industry. Do criminals have preferred industries? Of course. But companies from every industry, big and small, are at risk.

A case in point is a remote honeypot set up by researchers, which was filled with malware within three days. You’re not invisible online — no one is. Criminals may not target you specifically, but you’re definitely on their radar.

Myth #5 Antivirus provides adequate security

We’re not saying that an antivirus doesn't help keep you secure. It does. But cybercriminals already expect you to have them installed and train their malware to sneak past security programs.

Antivirus software makes penetrating your network harder, and that’s what you want. Think about it as a house alarm. It’s good to have one, but it only works if you lock your doors and close your windows. Make sure your cybersecurity efforts go beyond an antivirus subscription.

Myth #6 Threats come from outside the company

Hacker attacks are just one type of threat — internal cybersecurity measures are just as important. A recent study revealed that “flight-risk” employees (those who plan on leaving) often pose a cybersecurity threat. While suspecting your coworkers is no pleasant business, keep that report in mind and make sure you manage permissions carefully.

Myth #7 When hackers come, you'll know

Hackers can be loud and aggressive occasionally, but they’re just as capable of executing a dangerous attack silently. Some attacks have been discovered only years after their initial launch.

Myth #8 Scams are full of mistakes and easy to recognize

If you had to imagine a scam email, you would probably think along the lines of a “Nigerian Prince” scam with spelling mistakes in every third word. This can give you a false sense of security, making you believe that you’d be able to recognize a scam if you came across one. But not all scams contain mistakes. In fact, today, few of them do.

Email and website scams are often built to emulate a prominent brand or authority figure. Not only do they have perfect spelling, but every other element (logos, layout, etc.) can be identical to the original.

The best cybersecurity tools

Antivirus software

A decade ago, everyone knew that if there’s one thing you need on your computer, it’s an antivirus. While it can’t protect you from every threat, it’s one of those cybersecurity tools that can do a lot with very few resources. These days, the hype has died down, but not because antiviruses are not useful anymore. Microsoft and Apple now have a built-in security package, so you don’t need to download third-party software.

But not everyone trusts OS developers with cybersecurity tools. If you feel the same way, get a third-party antivirus.


Firewalls are also among the most popular cybersecurity tools. They work a bit like an antivirus, and they often come in the same subscription package. The difference between the two is that while an antivirus is mostly concerned with incoming files, a firewall is a network security tool. Plus, it monitors incoming as well as outgoing traffic. In other words, firewalls provide not just malware prevention but privacy as well. For example, you will know when someone is accessing your network as well as when apps send data out.

Just like antiviruses, firewalls are pre-installed on Windows and macOS computers. But make sure to check if one is enabled on yours — even though firewall software comes with the OS, it could be misconfigured or even turned off.

Backup software

Backup software is the seatbelt, the parachute, or the emergency exit in your cybersecurity scheme. You might never need it, but if something does happen, having a safeguard can save you from a whole lot of trouble.

Performing backups yourself can be a cost-effective solution to many cybersecurity problems. But there’s also software that can automate the whole process for you.

File encryption

End-to-end encryption offers the best protection of personal and business data. It’s hard to break and gives you complete access control.

Here’s how NordLocker protects your files:

  • Its encryption can handle almost any file in a blink.
  • NordLocker makes files inaccessible and unrecognizable.
  • It secures data on shared computers. Other users can’t see your encrypted files.
  • NordLocker ensures protection when the device is lost. Hackers can bypass Windows or macOS passwords, but cracking NordLocker’s protection is much harder.
  • Upload and sync your files via a secure cloud. Unlike popular cloud providers, we never leave your files exposed. We don’t even know what you encrypt.

Password managers

It’s fair to say that no one keeps strong passwords in their head. You either reuse the same few passwords (which instantly disqualifies them as strong) or use a password manager. But reusing passwords is such an unnecessary risk when a password manager could do all the heavy lifting for you.

A password manager creates complex passwords, protects them, and helps you log in with ease. You only need to remember one password. Besides, an abundance of password managers are available. From free tools to advanced password managers for families and corporations, there’s something for everyone.

Data breach monitoring

Billions of stolen credentials find their way to underground marketplaces. Some include passwords from breaches that happened years ago, and they still work. The problem is that many account owners don’t know about the breach and haven’t changed their passwords. While the risks can be mitigated if you don't reuse passwords, you need to know if your data has been leaked.

Have I Been Pwned is a service monitoring the internet for leaked passwords and informing their owners if their account has been compromised. You can also set alerts that will notify you about breaches in the future. While we all find most notifications annoying, this one you’ll want to keep on.


A VPN is not intended as a cybersecurity tool. It can’t protect your computer if you click on a malicious link or download a compromised attachment. But VPNs can be beneficial, especially as they become more sophisticated. Besides masking your IP and protecting your privacy, they can prevent attacks when you’re on an insecure network. If you want to know more about what a VPN is, check out this article.

John Sears

John Sears

Verified author

John believes that the best things in life are simple. He uses the same approach when he’s writing about online security. John says that his #1 pet peeve is phishing scams. Ironically, his favorite non-work related activity is fishing.