Introduction to cybersecurity
Cybersecurity can be categorized into several distinct types:
Critical infrastructure security
Protecting networks, systems, and assets that are critical to the security and operation of an organization or a country.
Protecting networking infrastructure from unauthorized access and misuse — both by outsiders and insiders.
Internet of Things security
Protecting networks and IoT devices connected to them from malware and data breaches.
Protecting cloud infrastructure, applications, and data from various threats and unauthorized access.
Protecting applications from threats by creating, adding, and testing special security features.
The worst cybersecurity incidents of all time
2013 · Database vulnerability
Yahoo database breach
- How many accounts were compromised? 3 billion
- What kind of data was affected? Names, emails, phone numbers, birthdays, hashed passwords, security questions and answers.
- What happened next? Yahoo hid the scope of the breach for 4 years.
2017 · NotPetya cyberattack
- How many accounts were compromised? 50,000
- What kind of data was affected? Data and devices in multiple airports, shipping and oil companies, banks, and government agencies.
- What happened next? The attack caused $10 billion worth of damage and the infrastructure took months to restore.
2019 · Crawler software scraped customer data
- How many accounts were compromised? 1,1 billion
- What kind of data was affected? Names, ID numbers, phone numbers, addresses, criminal records, order history.
- What happened next? Hackers put it for sale for 10 bitcoins. Alibaba stated that they will work with law enforcement to protect its user data.
2021 · Exploit in the site’s API
- How many accounts were compromised? 700 million
- What kind of data was affected? Email addresses, phone numbers, geolocation records, genders.
- What happened next? LinkedIn argued that no sensitive data was exposed. The hacker posted the data on a dark web forum.
2019 · Unrestricted access to two databases
Facebook database attack
- How many accounts were compromised? 533 million
- What kind of data was affected? Phone numbers, account names, and Facebook IDs.
- What happened next? The data was posted online for free. The HIBP website was updated with a phone number lookup.
2017 · The WannaCry ransomware attack
Windows ransomware attack
- How many accounts were compromised? 700 million
- What kind of data was affected? Data and devices in multiple companies and organizations.
- What happened next? The attack caused $4 billion in losses worldwide.
Cybersecurity frameworks and regulations
Overview of common cybersecurity frameworks
NIST Cybersecurity Framework
Developed by the National Institute of Standards and Technology (NIST), it integrates industry standards and best practices to help organizations manage and protect their data and infrastructure.
Developed by the Center for Internet Security, this framework provides organizations with a set of actions that help them improve their cybersecurity structure.
A recognized international standard for creating and improving an organization’s information security management systems. It outlines the best industry practices and requirements for establishing, maintaining, and improving organizational cybersecurity.
SANS Critical Security Controls
Developed by the SANS Institute, this framework consists of a set of 20 security controls that are organized into three categories: basic, foundational, and organizational. The controls are meant to help organizations defend against cyber threats.
FAIR (Factor Analysis of Information Risk
A quantitative information risk management framework that provides a structured approach to evaluating and prioritizing information security risks.
CISA and TAXII
Frameworks designed to improve the sharing of cybersecurity threat intelligence between private organizations and the government.
The Health Insurance Portability and Accountability Act is a US law that ensures the privacy and security of individually identifiable medical data.
The General Data Protection Regulation is a data protection law within the EU and the European Economic Area meant to protect the privacy of EU citizens, give more control to the users, and regulate the collection, use, and storage of personal data.
The Children’s Online Privacy Protection Act is a US federal law that regulates the collection of personal information of children under the age of 13.
The California Consumer Privacy Act is a state law in California that gives consumers the right to know what personal information is being collected about them, request that it be deleted, and to opt-out of the sale of their personal information.
Learn more about all aspects of cybersecurity
Visit the NordVPN blog to find useful how-to’s, in-depth analysis, product updates, cybersecurity tips, and latest news from the tech world. Don’t miss the chance to learn more from the industry’s best!
Jun 26, 2022
7 min read
How the Five Eyes alliance fuels global surveillance
Upcoming cybersecurity events
Want to hear directly from the people behind Nord Security? Let’s meet!
Event name Date Location Pax8 Mission Briefing 1 March 2023 Chicago RSA April 24-27 2023 San Francisco V2 Security May 10-11 2023 Copenhagen Ingram Micro Cloud Summit May 15-17 2023 Las Vegas Channel Sec May 18 2023 London IT Europa Awards May 18 2023 London Pax8 Mission Briefing 2 June 2023 Chicago
Want to learn more about cybersecurity but don’t know where to start? From beginner-friendly tutorials on our YouTube channel to in-depth engineering knowledge on our blog, we’ve got you covered.