Cybersecurity is the practice of protecting computer systems, networks, and data from unauthorized access or criminal use. It’s important because it helps protect the devices and services we use, and the personal information we store on them.

Cybersecurity is important for a number of reasons, including: 

  • Protecting data: Cybersecurity protects sensitive data from unauthorized access.
  • Preventing disruptions: Cybersecurity helps prevent disruptions to business operations caused by unwanted network activity.
  • Regulatory compliance: Cybersecurity helps organizations meet regulatory compliance.
  • Improving recovery time: Cybersecurity can help improve recovery time after a breach.

Cybersecurity is a growing field with many types of roles available.

What is cybersecurity?

Cybersecurity is the practice of using technology, controls, and processes to protect digital networks, devices, and data from unauthorized access by malicious attackers or unintentional activity. It includes ensuring the confidentiality, integrity, and availability of information using many types of cybersecurity.

Ten types of cybersecurity

Many types of cybersecurity are employed to protect digital systems from malicious and accidental threats. It is helpful to understand the ten most commonly referenced types of cybersecurity.

  1. Application security
    Application security prevents unauthorized access and use of applications and connected data. Because most vulnerabilities are introduced during the development and publishing stages, application security includes many types of cybersecurity solutions to help identify flaws during the design and development phases that could be exploited and alert teams so they can be fixed.

Despite best efforts, flaws do slip through the cracks. Application security also helps protect against these vulnerabilities.

A subset of application security is web application security. It focuses on protecting web applications, which are frequently targeted by cyber attacks.

  1. Cloud security
    Cloud security focuses on protecting cloud-based assets and services, including applications, data, and infrastructure. Most cloud security is managed as a shared responsibility between organizations and cloud service providers.

In this shared responsibility model, cloud service providers handle security for the cloud environment, and organizations secure what is in the cloud. Generally, the responsibilities are divided as shown below.

  1. Critical infrastructure security
    Special security processes and types of cybersecurity solutions are used to protect the networks, applications, systems, and digital assets depended on by critical infrastructure organizations (e.g., communications, dams, energy, public sector, and transportation). Critical infrastructure has been more vulnerable to cyber attacks that target legacy systems, such as SCADA (supervisory control and data acquisition) systems. While critical infrastructure organizations use many of the same types of cybersecurity as other subcategories, it is often deployed in different ways.
  2. Data security
    A subset of information security, data security combines many types of cybersecurity solutions to protect the confidentiality, integrity, and availability of digital assets at rest (i.e., while being stored) and in motion (i.e., while being transmitted).
  3. Endpoint security
    Desktops, laptops, mobile devices, servers, and other endpoints are the most common entry point for cyber attacks. Endpoint security protects these devices and the data they house. It also encompasses other types of cybersecurity that are used to protect networks from cyberattacks that use endpoints as the point of entry.
  4. IoT (Internet of Things) security
    IoT security seeks to minimize the vulnerabilities that these proliferating devices bring to organizations. It uses different types of cybersecurity to detect and classify them, segment them to limit network exposure, and seek to mitigate threats related to unpatched firmware and other related flaws.
  5. Mobile security
    Mobile security encompasses types of cybersecurity used to protect mobile devices (e.g., phones, tablets, and laptops) from unauthorized access and becoming an attack vectorused to get into and move networks.
  6. Network security
    Network security includes software and hardware solutions that protect against incidents that result in unauthorized access or service disruption. This includes monitoring and responding to risks that impact network software (e.g., operating systems and protocols) and hardware (e.g., servers, clients, hubs, switches, bridges, peers, and connecting devices).

The majority of cyber attacks start over a network. Network cybersecurity is designed to monitor, detect, and respond to network-focused threats.

  1. Operational security
    Operational security covers many types of cybersecurity processes and technology used to protect sensitive systems and data by establishing protocols for access and monitoring to detect unusual behavior that could be a sign of malicious activity.
  2. Zero trust
    The zero trust security modelreplaces the traditional perimeter-focused approach of building walls around an organization’s critical assets and systems. There are several defining characteristics of the zero trust approach, which leverages many types of cybersecurity.

At its core, zero trust is based on several practices, including:

  1. Continuously verifying users’ identity
  2. Establishing and enforcing the principle of least privilege for access, granting only the access that is explicitly required for a user to perform a job and only for as long as that access is required
  3. Microsegmenting networks
  4. Trusting no users (i.e., internal or external)

Many of the solutions within each of these types of cybersecurity are used across subcategories, such as:

  1. Anti-malware software
  2. Antivirus systems
  3. Backup
  4. Data loss prevention (DLP)
  5. Enterprise mobility management
  6. Encryption
  7. Endpoint detection and response (EDR)
  8. Enterprise mobility management (EMM)
  9. Firewalls
  10. Identity and access management (IAM)
  11. Intrusion detection and prevention system (IDPS)
  12. Mobile application management (MAM)
  13. Multi-factor authentication
  14. Network access control (NAC)
  15. Next-generation firewall (NGFW)
  16. Secure access service edge (SASE)
  17. Secure email gateways (SEG)
  18. Security information and event management (SIEM)
  19. Security orchestration, automation, and response (SOAR)
  20. User and entity behavior analytics (UEBA)
  21. Virtual private networks (VPNs)
  22. Web application firewalls (WAFs)