Cybersecurity: An Overview
- Ravi Ramchand
- 5 hours ago
- 3 min read
Technology has become increasingly popular as time progresses, being used in every aspect of life. From school, to work, to free time. Additionally, In the last couple of decades, smartphones have gained widespread popularity. In fact, a study done in 2022 by Pew states that 84% of Canadians own a smartphone. With these vast amounts of technology and its ease of use, attacks are guaranteed to occur.
Cybersecurity encompasses the process of securing programs, systems, and networks from digital attacks known as cyberattacks. Cyberattacks are attacks performed by hackers in an attempt to damage or destroy a computer system or network, mainly done for financial gain. Some examples of cyberattacks are, identity theft, extortion attempts, and the loss of important data.
There are a multitude of cyberattack types for different use cases. Some of the more well known attacks include:
Malware: Software used to gain unauthorized access to a system to cause damage
Some Types:
Viruses - Malicious code that attaches to files or programs
Worms - Self replicating malware that spreads without human action
Spyware - Secretly collecting user data without their knowledge
Ransomware - Block access to files/computer until ransom is paid
Phishing: Type of Social Engineering that sends fraudulent texts, emails, or calls to cause system damage
Some Types:
Spear Phishing - Attacks aimed at specific individuals or organizations
Smishing - Phishing through text (SMS)
Vishing - Phone scams
Whaling - Phishing attacks aimed at high level officials
Social Engineering is the process of exploiting human errors or weaknesses to gain access to sensitive information. This is done through direct interaction with the victims to lure them into compromising situations to give up sensitive data. According to Proofpoint, 98% of cyberattacks use some sort of Social Engineering technique to exploit the weakest area of cybersecurity - humans. Humans are susceptible to errors, manipulation and poor security habits. As such, targeting this area would yield better results for the attacker. It is also worth noting that attackers don’t have to target everyone in the company, but rather one user with just enough privileges to cause significant damage.
Social Engineering can be broken down into four stages. These four stages are designed for attackers to study their victims and perform an attack undetected. These stages include:
Research:
In his first step, attackers gather information about their victims. The
more information obtained, the better as this will help the attackers act more
naturally in the later stages. Attackers will use the information gathered to
determine potential points of entry to the victims system/network to achieve a
goal the attacker has in place.
Engagement:
After obtaining as much information as they can, the attackers apply one of the
social engineering techniques to make contact with the victim and try to gain their
trust.
Exploitation:
In this stage, the victim has come to trust the attacker, and in turn the attacker
has learned about the victim's weakness. The weakness will be exploited to gain
sensitive information and cause damage.
Exit:
If the attack has come to this step, that means the attacker has succeeded in
using the victim to achieve their goal. The attacker will now end communication
with their victim and cover their tracks. It is important for the attacker to end
communication in a very natural way to avoid arousing suspicion.
In this age of technology, it is vital that we take the necessary precautions to protect ourselves from potential threats and attacks. Some of the steps you can take to prevent attacks on your system are:
Implement Two Factor Authentication (2FA) for your logins
Train employees on best security practices
Never click on suspicious links
Ensure you’re using a strong password that you’re not using for other accounts
References:
Chrissy Kidd, and Muhammad Raza. “What Are Social Engineering Attacks? A Detailed Explanation.” Splunk, www.splunk.com/en_us/blog/learn/social-engineering-attacks.html.
“Cyber Security.” IT Governance, www.itgovernance.co.uk/what-is-cybersecurity.
Team, RangeForce. “Tutorial: The Four Phases of Social Engineering.” Rangeforce, RangeForce, 29 Dec. 2023, www.rangeforce.com/blog/four-phases-of-social-engineering
“What Is Cybersecurity?” Cisco, 14 Mar. 2025, www.cisco.com/site/ca/en/learn/topics/security/what-is-cybersecurity.html.
“What Is Social Engineering? - Definition, Types & More: Proofpoint Us.” Proofpoint, 2 Dec. 2024, www.proofpoint.com/us/threat-reference/social-engineering#:~:text=How%20Common%20Is%20Social%20Engineering,target%20in%20social%20engineering%20attacks.