cyber security
Tech Life

What is cyber security? Easy-to-understand explanations of basic knowledge, examples, and countermeasures

1. What is cyber security?

Cybersecurity means protecting digital data and systems in your possession from cyberattacks such as theft and destruction, as well as other threats.

What is cyber security?
Examples of protected objects
  • Digitized data
  • Program (software) or system
  • Infrastructures such as servers and networks
  • Devices such as PCs
Examples of attacks/threats
  • External attacks such as cyber attacks
  • Data took out or altered by someone with malicious intent within the company

Cyber ​​security protects the digital environment, including digitized information, from malicious attacks. Specific examples include the introduction of security software and access control of server installation locations.

According to a survey by the Small and Medium Enterprise Agency, the cost of security measures was less than 500,000 yen for SMEs and 1.5 million to 2 million yen for large companies.

Here, we will explain the reasons why cybersecurity is necessary and the types of cybersecurity, which are the basis for understanding cybersecurity.

1-1. Reasons why cyber security is necessary

Cyber ​​security specialized in the digital environment is required because it is susceptible to attacks and the damage tends to be large.

Cyberattacks can target anyone with an internet connection. Since there is a risk of being attacked due to trivial actions in the course of work, such as browsing sites and downloading data, it will be difficult to prevent without taking appropriate measures.

Digital data that can be easily taken out without taking up space has a low hurdle for insiders to illegally take it out, which is another reason why cyber security is necessary.

Furthermore, if such attacks are received,

  • Loss of credibility and economic loss due to data leakage
  • Lost business opportunities due to system outages
  • Business continuity becomes difficult

It is troublesome because it causes great damage in many ways. Economic losses include investigation costs related to the scope and cause of data leakage, loss of sales due to business interruption, and compensation for damages. According to the report of the Ministry of Internal Affairs and Communications, the total amount per company is calculated to be about 200 million yen.


It is difficult to prevent attacks unless appropriate measures are taken, and once attacked, the damage is huge, so cyber security is necessary.

1-2. How to improve cyber security

cyber security

There are several ways to increase cyber security, including networks, software, systems, and information management.

How to increase cybersecurity
  • Ensuring the safety of communication through network lines
software system
  • Prevent hijacking that targets software vulnerabilities
information management
  • Protecting information assets in our possession from leaks and falsification

Even if you ensure safety in only one place, if security is inadequate in other parts, you will not be able to prevent damage such as cyber-attacks, so you need to be careful.

Try to combine several cybersecurity measures according to your internal environment.

2. The difference between cyber security and information security

Cyber ​​security and information security differ in the points that are emphasized in security measures.

Cybersecurity is taking measures to protect the digital environment from attacks and other threats, while information security is thinking about management methods that can ensure the confidentiality, integrity, and availability of information.

The difference between cyber security and information security
cyber security Address threats to digitized information and infrastructure
Information security Ensure the confidentiality, integrity, and availability of all information, whether digital or analog

Cyber ​​security can only deal with digitized information, and information security can deal with both digital and analog. Focusing on the aspect of information, cyber security is included in information security.

However, the purpose of cyber security is to prevent threats to the entire digital environment, including information.

Even companies that have been working on information security so far should reconfirm whether there are any deficiencies from the perspective of cyber security.

3. What cyber-attacks should be prevented by cyber security?

There are various types of cyberattacks that require cybersecurity countermeasures, such as unauthorized access, DDoS attacks, and attacks that target vulnerabilities. Let’s take a look at typical examples of cyberattacks and recent trends.

3-1. Representative examples of cyber attacks

Typical cyberattacks include unauthorized access, DDoS attacks, attacks targeting vulnerabilities, targeted attacks, and distributed attacks.

Representative examples of cyber attacks
Unauthorized access


  • An unauthorized person accesses a system or information without permission by illegally obtaining an ID or password.


  • A brute force attack that attempts to determine a password by making many login attempts with different combinations of passwords
  • A password list attack exploits the fact that many users reuse passwords and uses IDs and passwords identified on one site to gain unauthorized access to other sites.
DDoS attack


  • Attacks that illegally place a heavy load on networks and servers to bring down systems


  • There are various techniques such as sending a large amount of traffic and occupying TCP sessions.
Attacks targeting vulnerabilities


  • Targeting bugs (vulnerabilities) in the OS, application sites, etc. to cause malfunctions or leak data


  • Buffer overflow attacks that input invalid data and cause system malfunction
  • An SQL injection attack that steals or modifies information by giving illegal instructions in a database query language called SQL.
targeted attack


  • Attacks targeting specific companies, etc., to steal account numbers and personal and confidential information held by companies.


  • There are many cases of attacks by embedding malware in email attachments or linked URLs.
Scatter attack


  • An attack was carried out on an unspecified number of people using fake e-mails and fake websites to defraud accounts and credit card numbers.


  • Phishing scams using emails and websites

Let’s get an image of what a cyber attack is and use it as a reference when considering what to do with cyber security measures.

3-2. Trends in recent cyberattack cases

cyber security

In recent years, cyber-attacks have been on the rise, and in particular, the number of cases of ransomware damage has increased significantly. According to the “Cyber ​​Security 2022” survey by the Cabinet Cyber ​​Security Center, damage from ransomware, which has been increasing rapidly since 2021, quadrupled year on year between July and December.

[Reference: What is ransomware?]

  • A cyberattack encrypts files stored on an intruded computer and renders them unusable, then demands payment of a ransom to restore them.

In addition, the malware “Emotet” has been increasing rapidly since February 2022. Emotet, which mainly spreads via email, hijacks infected devices to send infected emails to other addresses and steal information.

The scary thing about Emotet is that once infected, it can be targeted or used as a base for various cyberattacks.

[Reference: What is Malware?]

  • A general term for unauthorized software, which includes various types such as viruses and spyware.

4. Cybersecurity is technical, human, and physical

To make cyber security measures effective, it is necessary to work from the following three perspectives.

Three Perspectives of Cyber ​​Security
1. Technical measures Enhancing security with digital technology such as IT tools
2. Human measures Raise security awareness among employees and ensure thorough implementation of countermeasures
3. Physical measures Thoroughly manage the infrastructure of servers and systems that store information, etc., and manage entry and exit to the installation location

We will explain what to do about each.

4-1. Technical measures

Technological measures for cyber security are measures to enhance security by utilizing digital technology such as IT tools. Specifically, there are the following countermeasures.

Practical examples of technical measures
  • Introduction of two-factor authentication and access control system
  • Manage access logs
  • Encryption of data at rest
  • Regular backup
  • Installation of tools to prevent virus intrusion such as firewalls
  • Addressing vulnerabilities through the regular OS and software updates

By implementing technical measures, it is possible to promptly respond to cybersecurity risks such as cyberattacks and prevent damage.

4-2. Human measures

Human measures for cyber security are intended to raise the security awareness of employees and ensure thorough implementation of measures. Let’s check a concrete example.

A practical example of human measures
  • Conduct training on the necessity and mechanism of cyber security and cyber attacks
  • Make a checklist of things to be careful about in business, such as “Do not open suspicious emails” “Do not download data from unknown sources”, etc.
  • Prohibit unwanted personal devices from being brought into the office or connected to company systems

By implementing human measures, it is possible to increase the effectiveness of technical measures. No matter how much antivirus software and two-factor authentication are installed, if an employee opens a suspicious email and brings a virus into the company, it will not be possible to prevent attacks.

4-3. Physical measures

Physical measures refer to installing servers and system infrastructure that store information in highly secure locations and thoroughly managing them.

Practical examples of physical measures
  • Install servers and systems in places with excellent earthquake resistance and fireproof performance.
  • The location of servers and systems is managed by entering and exiting rooms using IC cards, etc.
  • Deployment of security guards and surveillance cameras
  • Thorough lock management

It is important to prevent not only intruders from the outside, but also malicious people inside the company from easily accessing servers, etc., and to prevent the system from being affected even in the event of a disaster.

5. Key points for ensuring cyber security

Here are three things you can do to effectively increase your cybersecurity effectiveness:

Three points of cyber security

1. Thoroughly implement the three basic measures

2. Raise security awareness

3. Incorporate third-party perspectives

I will explain how to effectively improve cyber security.

5-1. Thoroughly implement the three basic measures

In cybersecurity, there are many measures to be taken. Here are three basic steps you should take first: At first, it would be more effective to steadily implement these three measures than to take multiple measures half-heartedly.

Three Basic Cyber ​​Security Measures
  • Update your OS and software properly and take measures against vulnerabilities
  • Thoroughly manage IDs and passwords and take countermeasures against unauthorized access
  • take antivirus

A vulnerability is a weak point in a program that can easily cause adverse effects when attacked. If a vulnerability is targeted and attacked, the system will immediately stop, malfunction, or leak information. By properly updating your OS and software, you can eliminate this vulnerability quickly, so don’t forget to do so.

Thorough management of IDs and passwords is essential for preventing unauthorized access. This is because no matter how much a system that prevents unauthorized access is introduced, it cannot be prevented if the ID and password are known. Manage IDs and passwords so that they are not leaked, and do not set passwords that are easy to guess.

By installing antivirus software and systems, you can detect and eliminate malicious programs in advance, so we recommend that you always install them.

5-2. Improve security awareness

cyber security

Improving the security awareness of every employee is an important point for the success of security measures.

If you do not raise your security awareness, you may forget the importance of updating your OS or software, or you may inadvertently leak your ID, password, or other important information.

Don’t just hand over cybersecurity manuals, but also devise a way to share information so that the importance of security measures is communicated, such as training.

5-3. Incorporating Third-Party Perspectives

If you are concerned about your company’s security, we recommend using a security check service.

Security check refers to a service that checks for vulnerabilities in systems, servers, networks, etc., and provides necessary countermeasures.

The advantage of having a third party diagnose your security is that you will be able to learn about inadequacies in settings and high-risk areas that you would not have noticed on your own.

NTT East also offers a cloud security check service, so if you are currently using a cloud service, why not try a security check?

6. Building an environment strong in cyber security with NTT East’s cloud

If you want to introduce a cloud that is safe in terms of cyber security, please consider NTT East’s cloud introduction and operation for AWS/Microsoft Azure first. At NTT East, we can introduce security-focused cloud services as a one-stop service, so we can reduce security risks and the burden on the person in charge.

Secure cyber security with NTT East’s cloud

1. Secure not only the cloud but also the safety of the line at the same time

2. Support is available 24 hours a day, 365 days a year even after installation

Here are some reasons why you should be comfortable with security.

6-1. Peace of mind because not only the cloud but also the connection can be secured at the same time

NTT East’s cloud implementation and operation for AWS/Microsoft Azure provides centralized support for all cloud-related matters. You can rest assured that you can consult us not only about the security of the cloud service to be introduced but also about the line connecting to the cloud service.

If you are concerned about the security of your current line, you can combine your line with the cloud and migrate to one with perfect security.

In addition, you can leave the environment settings directly related to security, such as firewall settings, to us, so you can reduce the risk of information leaks due to careless initial setting mistakes.

If you choose a cloud introduction method with an emphasis on cyber security, NTT East’s cloud introduction and operation for AWS/Microsoft Azure is a one-stop support that does not leave out any countermeasures.

6-2. Peace of mind because you can receive support 24 hours a day, 365 days a year even after installation

If you are concerned about security after starting a cloud service operation, we recommend NTT East’s “Cloud Installation and Operation for AWS/Microsoft Azure”. Since you can receive a wide range of operational support, including security, it is characterized by reducing the burden on the person in charge and security risks.

Details of NTT East’s cloud operation support

Status check, resource monitoring, service process monitoring, log monitoring

Communication monitoring/PaaS status monitoring/notification of monitoring system alerts

Troubleshooting/primary response

Receiving failures, isolating failure locations, and primary countermeasures

operation agency

Retirement Support / Virtual Server Type Change

Create image/backup, change the volume size

Server stop, start, reboot, OS security patch application, etc.

Why don’t you take advantage of cloud professional operation support to realize cyber security measures without trouble and peace of mind?

7. Summary

Cybersecurity refers to protecting digital environments such as data, networks, and computers from cyberattacks and other threats. It differs from information security in that it focuses on the protection of digitized information and systems.

Cyber-attacks that should be prevented by cyber security include unauthorized access, DDoS attacks, attacks targeting vulnerabilities, as well as targeted attacks and distributed attacks. It is important to check the latest attack status and take appropriate countermeasures.

Leave a Reply

Your email address will not be published. Required fields are marked *