What Is Cybersecurity?
Cybersecurity is the practice of protecting networks, devices, applications, systems, and data from cyberthreats. The overall goal is to fend off attacks that attempt to access or destroy data, extort money, or disrupt normal business operations – whether those attacks come from within or outside the organization.
The importance of cybersecurity
This past year, enterprise cyberattacks skyrocketed in both volume and complexity. Cybercriminals are always poised to take advantage of new opportunities. According to the FBI, instances of cybercrime jumped by as much as 300% early in the pandemic in 2020. In part, this increase was due to hackers targeting companies shifting to remote workforces and home offices without a strong cybersecurity infrastructure in place. It was also due to opportunities to exploit the pandemic itself, including fake offers for vaccines and COVID-19-related phishing campaigns.
increase in malware attacks in 2020, Deep Instinct
of SMBs have had a least one cyber incident in the last two years, Mastercard
average cost of a data breach to an enterprise, CSO Online
Cyberattacks are almost always about accessing data for gain. The majority of that data is stored in the cloud, but increasingly it’s also stored on personal devices, Internet of Things (IoT) devices, and private networks and servers. Data growth is accelerating at a massive rate, and it’s predicted that the world will store 200 zettabytes of data by 2025. The importance of cybersecurity cannot be overstated and putting robust systems into place to safeguard data is a top priority for businesses and governments around the world.
Types of cyberattacks
As the world becomes more connected and reliant upon technology, and as we increasingly conduct our business and lives online, we create more opportunities – and an ever-expanding attack surface – for cybercriminals whose methods are becoming more and more sophisticated.
Common types of cybersecurity threats include:
- Social engineering attacks: Social engineering is the practice of manipulating people into revealing sensitive, confidential information for monetary gain or access to data. It includes phishing and spear phishing and can be combined with other threats to entice users to click on links, download malware, or trust a malicious source.
In 2020, almost one-third of the breaches incorporated social engineering techniques, of which 90% were phishing.
- Malware attacks: Malware is malicious software such as viruses, worms, spyware, and adware that can infect computers. Ransomware is well-known malware that accesses and blocks files or systems to extort a ransom payment.
Global ransomware damage costs are predicted to reach US$20 billion by the end of the year, up from $325 million in 2015.
- Internet of Things (IoT) attacks: There are now more IoT devices than people in the world, and they present multiple opportunities for hackers as these devices are vulnerable to man-in-the-middle attacks, denial-of-service attacks (DoS), malware, permanent denial-of-service attacks (PDoS), and zero-day attacks.
The IoT market is due to reach 31 billion connected devices in 2020, and by 2025 there will be about 75 billion IoT devices.
- Advanced Persistent Threats (APTs): APTs are multi-stage attacks where hackers infiltrate a network undetected and remain inside for a sustained amount of time to access sensitive data or disrupt critical services. APTs are often aimed at industries with high-value information such as national defense, manufacturing, and finance.
- Denial-of-Service (DoS) attacks: DoS attacks, or distributed denial-of-service (DDoS) attacks, happen when an attacker inundates a server or network to temporarily or indefinitely render it unavailable, usually by flooding it with traffic so that other users can’t access it. This interference can lead to a complete disruption of connected systems, causing large-scale outages and significant financial consequences due to downtime.
The first half of 2020 saw a 15% increase in DDoS attacks. Nearly 4.83 million attacks were recorded, with a 126% surge in the 15-plus vector attacks.
How does cybersecurity work?
There is no one-size-fits-all enterprise cybersecurity solution. Instead, multiple layers of protection work together to safeguard against processes being disrupted and information being accessed, changed, destroyed, or held for ransom. That protection must continually evolve to proactively counter emerging cyberthreats. Multiple solutions can be integrated to create a unified defense against potential cyberattacks.
Application security focuses on enhancing security when apps are in the development phase and once they’re deployed. Types of application security include antivirus programs, firewalls, and encryption programs.
The ongoing migration to private, public, and hybrid clouds means that cloud providers must continue to prioritize implementing robust, up-to-date cloud security to protect systems, data, and availability. Cloud security includes data classification, data loss prevention, encryption, and more.
With the proliferation of the IoT, there is also a proliferation of risk. While IoT security varies depending upon the device and its application, building security into devices, ensuring secure upgrades and secure integration, and protecting against malware are some IoT-security best practices.
Critical infrastructure security
The vital cyber-physical systems that our societies rely on – including electricity grids, water systems, and public health services – are vulnerable to various risks. Critical infrastructure security is deployed to protect these systems from natural disasters, physical attacks, and cyberattacks.
Network security is a combination of hardware and software solutions that protect against unauthorized network access, which can result in information being intercepted, changed, or stolen. Types of network security include logins, passwords, and application security.
Endpoints or end-user devices – including desktops, laptops, wireless systems, and mobile devices – are all entry points for threats. Endpoint security includes antivirus and anti-malware protection, IoT security, and cloud security.
Information security, or InfoSec, focuses on maintaining the confidentiality, integrity, and availability of all of an organization’s digital and analog data. There are many types of information security, including application security, encryption, and disaster recovery. Cybersecurity can be seen as a subset of information security; both focus on the security of data, but InfoSec has a broader scope.
Data loss prevention
Data loss prevention, or DLP, is focused on stopping sensitive data from leaving an organization – whether it is leaked intentionally or shared inadvertently. DLP technologies that track, identify, and prevent unauthorized information flow include classification, encryption, monitoring, and policy enforcement.
Identity and access management (IAM)
Identity and access management systems – including two-factor authentication, multi-factor authentication, privileged access management, and biometrics – help organizations control user access to critical information and systems on premise and in the cloud.
Security information and event management (SIEM)
Modern SIEM solutions monitor and analyze security data and events in real time, helping organizations detect and respond to cyberthreats before they have a chance to disrupt business operations. Using artificial intelligence (AI) and machine learning, SIEM offers advanced user and entity behavior analytics (UEBA) to stay on top of ever-evolving threats.
Cybersecurity awareness training
End-users are both the first line of defense against cyberattacks and the weakest link in the cybersecurity chain, which is why phishing remains such a prevalent cyberthreat. It’s estimated that human behavior causes as many as 90% of cyberattacks, so continually educating your end-users on cybersecurity initiatives to support them in making intelligent cyber-defense choices is crucial. As long as people fall for phishing scams, use weak passwords, and work on unsecured networks, they are open to exploitation. As remote working continues during the pandemic and hybrid workforces look to be the norm in the future, remote workers will continue to be targeted by bad actors.
Enterprise cybersecurity framework
The National Institute of Standards and Technology (NIST) Cybersecurity Framework includes five pillars that offer private sector organizations guidance on the best practices for managing cyber risk and building a robust cybersecurity framework. Organizations can develop a proactive cybersecurity approach by putting these pillars into play continuously and concurrently. The pillars are:
- Identify: This foundational pillar is about developing a complete understanding of your assets and the risks to them so that you can put policies and procedures in place to manage those risks.
- Protect: This second pillar focuses on establishing the appropriate safeguards to protect your organization against a cybersecurity event.
- Detect: Implementing measures to identify cybersecurity events, including continuous monitoring, is at the heart of the detect pillar.
- Respond: Once an event is detected, having a plan to respond quickly and appropriately and contain the impact is an essential pillar of the NIST framework.
- Recover: Being able to restore capabilities and services after a cybersecurity attack is part of what makes a business resilient and is as critical as responding quickly to attacks.
The future of cybersecurity
Every element of cybersecurity is evolving. New targets are emerging alongside new technologies. Cybercriminals are constantly innovating the type and severity of their attacks – and the impact of these attacks is escalating. The tools that can help improve cybersecurity – such as AI and 5G networks – are a boon to cybersecurity experts and cybercriminals alike. While the nature of future threats is hard to pin down, it’s clear that the future of cybersecurity needs to be proactive so it can adapt and adjust to evolving and emerging threats.
AI and cybersecurity
Artificial intelligence (AI) is integral to the future of cybersecurity both as a weapon for hackers and as a tool for experts to address vulnerabilities, detect issues, and repel attacks. AI’s ability to review Big Data quickly and use machine learning to analyze, update, and learn user patterns makes it an excellent tool for predicting new attacks and detecting potentially malicious behavior in real time. While traditional cybersecurity methods focus on protecting external defenses to repel an attack, embedded AI cybersecurity programs can strengthen internal defenses.
5G and cybersecurity
5G, the 5th generation of wireless technology, promises more speed, more connectivity, and more reliability, supporting increasingly powerful cybersecurity measures. However, with more bandwidth comes more avenues of attack, including more vulnerable endpoints. To minimize the risks posed by 5G, the cybersecurity community will need to identify weaknesses and vulnerabilities and then put hardware and software countermeasures into place.
Fileless malware attacks are on the rise – and they are one of the biggest digital threats to companies today, in part because they are so hard to detect. Fileless malware uses a company’s own software and tools to execute malicious activities, rather than using its own attack frameworks or installing malware onto hard drives. This “living-off-the-land” (LotL) style of attack doesn’t generate new files, so it evades detection by cybersecurity solutions that scan for malicious file attachments or track the creation of files.
Deepfakes are an emerging, convincing threat that could exponentially fuel fake news and disinformation as well as social engineering attacks. After all, if you see or hear your boss telling you to do something, you’re likely to follow their orders, no matter how unusual they may seem. Ongoing end-user education around trusting sources can help combat deepfakes, and cybersecurity solutions with AI algorithms designed to detect deepfakes will be a crucial defense against them.
With the daily discovery of new malware and viruses and damage related to cybercrime projected to hit $10.5 trillion annually by 2025, cybersecurity defenses will need to evolve alongside or ahead of threats. A zero trust approach – where you assume that you cannot trust any device, user, or service – is a framework that can inform all aspects of an organization’s cybersecurity and help move towards a more secure cyber future.
Information security, or InfoSec, is focused on securing all of an organization’s data, whether it’s digital or analog and wherever it’s stored. In contrast, cybersecurity is about protecting digital data from being compromised or attacked. While there is overlap between the two, they are different, and cybersecurity is often seen as a subset of information security.
The term botnet is an abbreviation of “robotic network” and refers to a collection of computers hijacked by malicious code to carry out scams and cyberattacks. By maliciously leveraging a network of computers, hackers can efficiently carry out more significant attacks. These include DDoS attacks, data theft, malware distribution, and e-mail spam.
Spear phishing is a social engineering attack that targets a specific individual by sending them what appears to be legitimate communication from a known and trusted entity. Targets are usually directed to a false website where hackers attempt to steal their identifying information, extort money, or infect their devices with malware. In contrast, phishing casts a broader, less personal net.
An attack surface is all the different points – known or unknown – that an attacker can use to access a system. Attack surfaces are rapidly expanding and include software, operating systems, IoT and mobile devices, data centers, and even people. Understanding the scope and vulnerabilities of your attack surface is a crucial component of cybersecurity