Cybersecurity means protecting computer and network systems against intrusion, theft or damage, and is the main line of defense against a vast number of digital adversaries.
Most organizations rely on different cybersecurity frameworks to defend themselves from attacks. These frameworks define best practices — including security auditing, security policy development, key cybersecurity tools and methods for monitoring security conditions over time.
In this article, we’ll discuss the evolution of cybersecurity, the most common risks and threats that face the enterprise, and best practices for improving your cybersecurity posture.
What Is Cybersecurity: Contents
Cybersecurity is a constantly shifting discipline — and these shifts inform a dizzying array of definitions, tactics and techniques. AI-based tools are used so manual processes can be automated, and so security teams can keep up with the ever-expanding attack surface. These tools help reduce the number of repetitive or irrelevant security alerts so more serious issues can be dealt with by the security operations team. Zero trust security and advanced multi-factor authentication tactics are also taking cybersecurity in a new conceptual and technological direction.
Cybersecurity emerged and gained momentum in the 1970s. The original principles were built around discovering specific attacks — including viruses, worms or other primitive types of malware — and developing tools to stop them. By the 1980s and 1990s, these types of attacks had become extremely commonplace, to the point where desktop security software (such as Norton AntiVirus and McAfee VirusScan) became essential to stave off attacks arriving via removable floppy disks and, later, through electronic messages and web browsing. By 2000, there were more than 50,000 computer viruses in the wild. And by 2008, those numbers had skyrocketed, with Symantec reporting that that number had topped 1 million.
Over time, attackers became more sophisticated, and their malware evolved from tools that had once been designed to be little more than a nuisance, to code snippets that could cause real damage by deleting files or corrupting software. These attacks have evolved in recent years to become much more nefarious, turning PCs into “zombie” members of a distributed-denial-of-service (DDoS) botnet, encrypting files to demand a cash ransom from the victim in exchange for the keys to decrypt them, and installing surreptitious software on victims’ machines. Malware that runs cryptocurrency mining software while the victim is unaware is one of the most common types of exploits in use today.
In addition to PCs, attackers target file servers, cloud services, and non-traditional computing devices such as security cameras and video doorbells, thermostats and even light bulbs. In one proof-of-concept hack, attackers hacked a refrigerator to reveal a user’s Gmail login credentials.
To mitigate these threats, computer security has evolved in a myriad of ways. Rather than monitoring data traffic for specific snippets of known bad code (known as “signatures”), security tools use a range of detection techniques, proactively watching for suspicious behaviors, and using technologies such as artificial intelligence (AI) and machine learning to predict whether a certain activity is likely to be malicious. Tools that scan the network and identify problems before an attack occurs are also commonplace in the enterprise. Tactics such as zero trust security take the firewall concept even further, presuming that all traffic, whether it originates outside or inside the network perimeter, is inherently dangerous and must be verified before it is allowed.
Today, some of the biggest assaults range from extremely sophisticated and targeted to relatively blunt attacks that take a shotgun-like en masse approach in the hopes of reaching a victim. The modern cybersecurity threat landscape includes dozens of common threats. These are a few of the most common ones:
Understanding your cybersecurity environment and related cyber threats involves following a few key steps:
1. Developing a map of your enterprise assets, including an understanding of all computing systems and all of the enterprise’s data.
2. Ranking these systems and data stores based on their level of sensitivity and how critical they are to business operations.
3. Building a plan and developing technology tools to protect and monitor these systems, and prioritizing security strategies based on the level of risk to each asset.
4. Creating a culture of awareness around cybersecurity that focuses on education, training, and contingency planning for all employees in the enterprise.
Risks and threats are often confused because they are closely related to one another. A security threat is something that can cause damage to a digital asset. Malware, a malicious hacker, or a misconfigured cloud server are all examples of security threats. A security risk opens a potential for damage that can result due to a threat. The avenue by which a threat becomes a risk is known as a security vulnerability, a point of weak security in a computer system.
The discipline of information security is designed to prevent the danger of threats and decrease their severity to minimize the risk of loss to the enterprise.
The most common and costly security risks include the following:
An organization’s security posture is defined by its overall readiness and preparation level to guard against a cyber attack. There are several cybersecurity measures organizations can take to improve their security posture.
1. Begin with a security audit – Assessing risk lets you identify all of your technology assets and assigns a vulnerability level to each of them based on their underlying technology and importance to the business, allowing you to prioritize the systems most in need of protection.
2. Create a strong security policy – To maximize security and safety, organizations need rules governing how their technology systems are allowed to be accessed by end users. These policies should include rules around password length and reuse; the use of unauthorized equipment, software, and services; protocols for incident response; and points of contact for the cybersecurity operations team.
3. Expand cybersecurity tools – Security posture can be dramatically improved by implementing solutions that can automate large portions of your security defenses, including firewall devices, antimalware, authentication and access management, encryption software, penetration testing and vulnerability scanning tools, intrusion detection software, and network monitoring tools.
4. Monitor service providers – Today’s typical network involves myriad third parties, largely in the form of cloud services. Each of these represents a potential cybersecurity risk requiring the same careful monitoring as if it was part of your own internal network.
5. Track metrics over time – After determining what the key metrics are — total number of discovered vulnerabilities per day, mean time to correct a vulnerability, etc. — the organization can track them over time to determine whether overall security posture is improving or degrading.
6. Implement employee training – The above tactics are useless without dedication to ongoing employee training that ensures workers are aware of and are following the security policies you’ve carefully designed.
There are dozens of security frameworks designed to help organizations develop a strong cybersecurity posture. Some of the most notable and widely adopted include:
Cybersecurity frameworks like those outlined above specify specific approaches and practices each organization should undertake in order to improve security. This process begins by developing an understanding of the organization’s tolerance for risk. At a large bank, this risk tolerance is likely to be zero, while the cybersecurity risk tolerance of a middle school PTA may be considerably higher. With this tolerance in mind, the organization can then begin to prioritize its specific cybersecurity investments. Whether that involves attempting to decrease risk, eliminating risk entirely, transferring risk to someone else, or simply accepting the risk becomes a strategic question that can be applied on a case-by-case basis.
Software development occupies a particular (and unique) place in the broader cybersecurity landscape. Not only is secure software able to protect the organization’s infrastructure, it is also able to protect any customers who may use externally-facing software tools.
Secure development today is commonly defined by the Security Development Lifecycle, an approach originally pioneered by Microsoft in 2002 and defined by 12 practices. These include:
Some of the most powerful cybersecurity tools — all of which are considered essential parts of any cybersecurity infrastructure — include the following:
Organizations can start building cybersecurity defenses by following the advice for improving your security posture and reducing the number of security incidents. Audit your existing hardware, software, and services ecosystem to get a solid understanding of where you stand. Create policies built to protect the systems that are most at risk of attack (including third-party services, such as cloud providers), then acquire the appropriate tools needed to protect those systems. After implementation, develop metrics to track performance and ensure staff are appropriately trained on your policy expectations and the aforementioned cybersecurity tools.
Cybersecurity continues to grow in importance and size as an industry, both in the United States and around the world. Allied Market Research projects the total value of this industry to hit more than $300 billion by 2027, as organizations continue to fight against increasingly sophisticated and pervasive attacks. Looking ahead, some of the most noteworthy trends include the growth of cloud-based security services in lieu of traditional hardware, increased incidences of insider-based attacks, and updated approaches to security frameworks. The expansion of privacy legislation will further enhance the need for companies to take cybersecurity more seriously — or risk facing costly fines and legal liability when their perimeters are breached.
The headlines detailing massive damage, data breaches, and financial losses due to cyber attacks tell the story best: The cybersecurity landscape continues to evolve, often in unpredictable and frightening ways. Now more than ever it is critical to understand your security posture and the risks faced by your organization and to learn how to adapt quickly to this ever-changing environment. Building a strong cybersecurity defense requires expertise and attention to shifting conditions and emerging threats, with detailed, real-time security monitoring one of the most essential tactics for keeping your network safe.