The first self-propagating computer worm was created in 1989, computer viruses appeared in the 1990s, and by the late 2000s, cybercriminals were targeting credit cards. For decades, security teams have been battling to keep computer networks and end-users safe from cyber threats, but for many, the term IT security can still be a little confusing.
IT security defined
In our hyper-connected, online world, the phrase IT security is often used interchangeably with cybersecurity and information security (infosec).
While there are similarities and occasions where one term can be used in place of the other, there are also marked differences between them. The first step to understanding what IT security is and why it’s important is to recognize these differences.
Cybersecurity measures protect digital data from third-party attacks by cybercriminals via the internet.
Infosec, at a base level, is the protection of both physical and electronic data, but the term is often expanded to cover other security concerns too. For example, infosec can also be used to describe the measures a company might take to protect its legal and financial interests by ensuring compliance with data protection laws, such as the EU’s General Data Protection Regulation (GDPR).
IT security incorporates both cybersecurity and infosec but refers specifically to the protection of digital data and the security maintenance of the computer systems and networks that store it.
The term IT security covers internal and external threats and is commonly used to describe the strategies deployed to safeguard digital data from attack at every point of an organization’s IT infrastructure, from company databases to end-user email accounts.
Why is IT security important?
Since the advent of the internet, malicious hackers have worked tirelessly to develop ever more ingenious ways to access sensitive and confidential information for monetary gain.
Cybercriminals exploit vulnerable IT networks in many ways, and the techniques they use are becoming ever more difficult to counter. Today, an IT security team must mitigate multiple cyber threats including malware, phishing, man-in-the-middle attacks, denial-of-service attacks, SQL injection, zero-day exploits, and DNS tunneling.
Internal and external threats
Every IT security strategy must consider internal threats too. This could mean protecting databases from intentional sabotage or restricting potential thieves from accessing confidential account details, but it covers unintentional security flaws too.
For example, if a company employee were to re-use credentials for a company email account that had already been involved in a data breach, this could give hackers a way into that company's network.
With such a rapidly evolving threat landscape, no single IT security measure can alleviate every threat to a network. As a result, IT security can now be categorized into a range of different types that work together to protect an organization's data from attack, regardless of how or where the attack takes place and who carries it out.
Types of IT security
There’s no such thing as a universal IT security strategy. Every organization must quantify the specific risks to its IT networks and work out where to concentrate its efforts and resources. That process involves evaluating the following security threats individually.
Network security is required to protect your hardware and software networks from unauthorized access. In many ways, it's the most significant strand of IT security to consider as it's these networks that contain the data any IT security strategy is designed to protect.
This type of IT security safeguards against cybercriminals who could steal data from your servers and databases, or prevent you and your team from gaining access to them.
Good network security should ensure that your network remains safe and reliable to operate within and is secured against attacks.
Cybersecurity, also often referred to as internet security, concerns the protection of data that is sent or received over the internet. It's a catch-all term for any protection in an IT security strategy that mitigates online threats.
Cybersecurity software, like antivirus and firewalls, monitors internet traffic for suspicious activity, blocking anything deemed malicious or alerting security teams to its presence.
Although sometimes classed as a separate branch of IT security, cloud security also fits neatly under the cybersecurity umbrella.
With so many services now migrating to public i.e. software-as-a-service (SaaS), private, or hybrid cloud computing platforms, these virtual gateways are becoming ever-popular entry points for internet crooks.
Specific security protocols exist to protect cloud services including cloud data encryption, cloud access security brokers (CASB), cloud-based unified threat management (UTM), and more.
Application security, at a development level, refers to the measures taken to ensure apps have adequate security protocols coded into them and don’t contain any vulnerabilities that could later be exploited.
A zero-day vulnerability is a security flaw present in a software program or operating system that doesn’t have a working fix and which is usually unknown to developers.
Hackers are constantly on the hunt for such vulnerabilities to exploit. If they succeed in taking advantage of a security loophole before a patch is released, the resulting hack is known as a zero-day attack. In 2010, attackers famously used the Stuxnet computer worm to exploit zero-day vulnerabilities in Windows.
Thankfully, IT security experts have a number of tools in their arsenal to test an application’s security. These include manual penetration tests to actively find vulnerabilities, black box analysis to hunt for issues in a live application using the same techniques as hackers, and white box analysis scanning an application for flaws with full access to its codebase.
In many ways, end users are the most difficult security threats to mitigate. Every individual user is capable of jeopardizing the security of a network, whether that’s through allowing malicious viruses in or letting sensitive information out.
Endpoint security measures cover every vulnerable point an end-user may come into contact with, including computers, mobiles, other IoT devices, email clients, or any user-dependent network gateway.
First and foremost, endpoint security concerns the process of securing individual devices and user-controlled entry or exit points.
There are several ways to prevent end-users from allowing malicious content to enter a network, including the use of a virtual private network (VPN), sophisticated anti-malware, training so users are aware of cyber threats like phishing, and the application of software to prevent the usage of breached credentials.
As technology evolves and criminals discover ever more ingenious ways to exploit vulnerabilities, the techniques IT security experts use to protect users will need to adapt to these changes. Ten years from now, the average IT security strategy is likely to look very different from what we see today.