Skip to main content

Learn the Basics of Cybersecurity

Learning Objectives

After completing this unit, you’ll be able to:

  • Define cybersecurity and explain why it’s important.
  • Explain a cybersecurity professional’s role.
  • Describe who and what is at risk of a data breach.
  • Define encryption, hacking, and assets.

Cybersecurity 101

Computers touch nearly all aspects of our lives. We use technology powered by artificial intelligence (AI) in our homes to monitor room temperature, play music, and turn on lights. Mobile devices like cell phones and tablets allow us to video chat with friends, consume media and news, send emails, and interact on social platforms.

We engage with computers when shopping, visiting doctor’s offices, managing money, and even using kitchen appliances! Can you think of all the ways that digitization influences your day-to-day living?

So much of our daily world is digitized at every level, but that doesn’t mean that computerized systems are safe from exploitation. In fact, this can make us more vulnerable to attack, which is why cybersecurity has quickly become one of the most urgent needs in our digital age.

What Is Cybersecurity?

Cybersecurity is the practice of keeping systems, networks, and programs safe from digital attacks. We take a deeper dive into different kinds of digital attacks later on in this module. In general, though, cyberattacks aim to steal information contained within systems through any means possible, including damage, manipulation, and disruption of networks and hardware.

As much as it is a practice, cybersecurity is also a mindset. Practicing cybersecurity means using technology with the awareness that it has inherent cyber risk. Different technologies have different levels of risk. For example, a database containing patient medical files has much higher risk than that of a student’s flash drive. However, even something with a low amount of risk can (and should) be protected by cybersecurity measures.

An important term to know in the context of cybersecurity is data: information, often valuable, that is stored within a system. A data breach refers to an incident where attackers steal this information without authorization. In many cases, data breaches can have profound impact, and not just from a dollars perspective. We talk more about the impact of cyberattacks in the next unit.

Why Is Cybersecurity Important?

Now that we know what cybersecurity means, let’s dig into its importance and relevance. Today, many organizations and nations must practice cybersecurity by necessity, especially those guarding valuable assets, including data, at risk of theft.

Data breaches can occur at any time within any organization without warning. And research and current events suggest that the severity of data breaches is increasing. The rise of cyber warfare, the attacking of national information systems, has made cybersecurity particularly critical.

Attackers do not only target organizations. Communities and individuals are just as vulnerable to cyberattack as a cell phone company, medical clinic, or hotel chain. You might think that you don’t have anything of value for hackers to seize, and that there's no reason they'd go after you. On the contrary—hackers love to target the unsuspecting!

In today’s world of data privacy and digital living, cybersecurity threats are considered one of the biggest existential threats of our time. So we need to be thinking about it at all levels—individual, organizational, national, and global. It’s never too soon to start practicing cybersecurity!

For individuals, this includes developing an awareness of the world of hacking, risks of personal data breaches, and cyber hygiene—best practices for keeping your data and the information of others safe. Let’s meet Qiara to learn more about the power of cybersecurity and ways you can stay safe on a daily basis.

College student Qiara at a desk with laptop, backpack, and coffee cup

Qiara is a student in her freshman year of college. She’s heard about cybersecurity in casual conversations and news headlines, but she’s not entirely sure what it means or how it might impact her individually. Qiara decides to enroll in her university’s cyber safety freshman seminar to learn more.

In the first class, she and her peers discuss the biggest data breaches in recent history, including those that impacted social media organizations, hotel chains, and online retail companies. They also read Verizon's 2022 Data Breach Investigations Report (sign-up required), which found that 85% of data breaches involve humans in some way, including simple human errors and social engineering. Qiara is amazed by this statistic and resolves to deepen her awareness of the world of hacking and steps she can take to guard against it.

The World of Hacking

Hacking involves acquiring unauthorized access to data within a system. It may surprise you to know that while we often associate hacking with malicious intent, there is such a thing as hacking for good! Let’s dive into the different types of hackers out there.

Hacker Types

A criminal hacker, also called a threat actor or malicious hacker, is someone who hacks for harm. They have malicious intent and use various means to gain unauthorized access to data within a system for nefarious purposes. Some common types of criminal hackers include hacktivists, cyberterrorists, and cyberwarriors. You can learn more about these types of criminal hackers and others in the Cybersecurity Threats and Threat Actors module.

An ethical or defensive hacker, however, hacks for good. These hackers exploit networks or systems to find security flaws and make recommendations for fixing these vulnerabilities. In essence their aim is to break things with the end goal of shoring up defenses and fixing vulnerabilities. Their responsibilities also include understanding traceroutes, figuring out who started digital attacks, mitigating and preventing attacks, and much more. (We'll learn more about cybersecurity as a career path later on.)

We’ve talked about the malicious and ethical hacker. But, there is a third category that lies in the middle known as grey hat hackers. These hackers look for system vulnerabilities just like ethical hackers, but they have their own agendas. Many locate vulnerabilities only to notify the company at risk and request a fee to resolve the issues. 

Some might even hold information about security risks at ransom or act in opposition to criminal hackers. Grey hat hackers don’t usually have official permission from an organization or government entity to hunt for these gaps in security. This means that their efforts, even if done with good intention, aren’t legal.

What Hackers Are After

Malicious hackers are usually looking for assets: data, information, devices, or any other aspect of a system that has value and can contribute to the hacker’s financial gain in some way. In most cases, assets include sensitive data or information only authorized individuals should access. In the realm of data, hackers are generally after three types of information: personal payment information (PPI), personally identifiable information (PII), and personal health information (PHI).

Personal payment information includes personal financial data, including credit and debit card numbers, checking account information, PINs, and online banking credentials. PII includes any information a hacker could use to identify or locate you, such as your legal name, address, date of birth, phone number, government-issued personal ID number, or IP address.

Attackers who steal personally identifiable information can conduct identity theft or use social engineering to access even more sensitive information, often for financial gain. Social engineering involves using deceptive measures to manipulate an individual into disclosing personal information.

PHI is one of the most valuable types of information hackers can seize because it often includes a mix of personally identifiable information and health data. PHI can include anything from your date of birth and primary care doctor to medical test results and hospital admission dates.

Assets that belong to an organization might be different from those that belong to an individual. At the end of the day, however, it doesn’t matter who is the owner of the asset: If it’s an asset, it’s in need of protection.

Encryption 101

How do computers and devices hide these types of information? There are many ways to protect systems against digital attacks, but a common form of “hiding” data is encryption. Encryption scrambles up existing data so that only authorized people can understand it.

A man holds a magnifying glass up to a painting, revealing secret code.

Encryption is actually a form of steganography, a fancy word for hiding secret data in plain sight. Think about using invisible ink to write a secret message to a spy, for example, or using a code to translate a message only specific parties can understand. Encryption is a valuable tool of cybersecurity; in fact, there’s an entire profession devoted to it! Cryptographers are cybersecurity professionals who create the algorithms and ciphers needed to encrypt data.

Knowledge Check

We covered a lot of important cybersecurity buzzwords in this module! Did you catch them all? Test your knowledge retention with these flashcards. Read the question or term on each card, then click the card to reveal the correct answer. Click the right-facing arrow to move to the next card, and the left facing arrow to return to the previous card.

Sum It Up

Great work! In this unit, we’ve discussed cybersecurity and reviewed its importance to everyone, especially individuals. We also talked about common types of hackers and their intentions for launching cyberattacks. In the next unit, we discuss the ways hackers go about finding and stealing information that protective measures like encryption try to hide.

Resources

在 Salesforce 帮助中分享 Trailhead 反馈

我们很想听听您使用 Trailhead 的经验——您现在可以随时从 Salesforce 帮助网站访问新的反馈表单。

了解更多 继续分享反馈