The State of Security
Download our latest State of Security survey report.
Cybersecurity means protecting computer and network systems against intrusion, theft or damage, and is the main line of defense against a vast number of digital adversaries.
Most organizations rely on different cybersecurity frameworks to defend themselves from attacks. These frameworks define best practices — including security auditing, security policy development, key cybersecurity tools and methods for monitoring security conditions over time.
In this article, we’ll discuss the evolution of cybersecurity, the most common risks and threats that face the enterprise, and best practices for improving your cybersecurity posture.
Cybersecurity is a constantly shifting discipline — and these shifts inform a dizzying array of definitions, tactics and techniques. AI-based tools are used so manual processes can be automated, and so security teams can keep up with the ever-expanding attack surface. These tools help reduce the number of repetitive or irrelevant security alerts so more serious issues can be dealt with by the security operations team. Zero trust security and advanced multi-factor authentication tactics are also taking cybersecurity in a new conceptual and technological direction.
Cybersecurity emerged and gained momentum in the 1970s. The original principles were built around discovering specific attacks — including viruses, worms or other primitive types of malware — and developing tools to stop them. By the 1980s and 1990s, these types of attacks had become extremely commonplace, to the point where desktop security software (such as Norton AntiVirus and McAfee VirusScan) became essential to stave off attacks arriving via removable floppy disks and, later, through electronic messages and web browsing. By 2000, there were more than 50,000 computer viruses in the wild. And by 2008, those numbers had skyrocketed, with Symantec reporting that that number had topped 1 million.
Over time, attackers became more sophisticated, and their malware evolved from tools that had once been designed to be little more than a nuisance, to code snippets that could cause real damage by deleting files or corrupting software. These attacks have evolved in recent years to become much more nefarious, turning PCs into “zombie” members of a distributed-denial-of-service (DDoS) botnet, encrypting files to demand a cash ransom from the victim in exchange for the keys to decrypt them, and installing surreptitious software on victims’ machines. Malware that runs cryptocurrency mining software while the victim is unaware is one of the most common types of exploits in use today.
In addition to PCs, attackers target file servers, cloud services, and non-traditional computing devices such as security cameras and video doorbells, thermostats and even light bulbs. In one proof-of-concept hack, attackers hacked a refrigerator to reveal a user’s Gmail login credentials.
To mitigate these threats, computer security has evolved in a myriad of ways. Rather than monitoring data traffic for specific snippets of known bad code (known as “signatures”), security tools use a range of detection techniques, proactively watching for suspicious behaviors, and using technologies such as artificial intelligence (AI) and machine learning to predict whether a certain activity is likely to be malicious. Tools that scan the network and identify problems before an attack occurs are also commonplace in the enterprise. Tactics such as zero trust security take the firewall concept even further, presuming that all traffic, whether it originates outside or inside the network perimeter, is inherently dangerous and must be verified before it is allowed.
Today, some of the biggest assaults range from extremely sophisticated and targeted to relatively blunt attacks that take a shotgun-like en masse approach in the hopes of reaching a victim. The modern cybersecurity threat landscape includes dozens of common threats. These are a few of the most common ones:
Risks, threats, and vulnerabilities are often confused because they are closely related to one another. A vulnerability exposes your organization to threats. A security threat is something that can cause damage to a digital asset. Malware, a malicious hacker, or a misconfigured cloud server are all examples of security threats. A security risk opens a potential for damage that can result due to a threat. The avenue by which a threat becomes a risk is known as a security vulnerability, a point of weak security in a computer system.
The discipline of information security is designed to reduce the chance of vulnerabilities, prevent the danger of threats and decrease their severity to minimize the risk of loss to the enterprise.
The most common and costly security risks include the following:
An organization’s security posture is defined by its overall readiness and preparation level to guard against a cyber attack. There are several cybersecurity measures organizations can take to improve their security posture
There are dozens of security frameworks designed to help organizations develop a strong cybersecurity posture. Some of the most notable and widely adopted include:
Cybersecurity frameworks like those outlined above specify specific approaches and practices each organization should undertake in order to improve security. This process begins by developing an understanding of the organization’s tolerance for risk. At a large bank, this risk tolerance is likely to be zero, while the cybersecurity risk tolerance of a middle school PTA may be considerably higher. With this tolerance in mind, the organization can then begin to prioritize its specific cybersecurity investments. Whether that involves attempting to decrease risk, eliminating risk entirely, transferring risk to someone else, or simply accepting the risk becomes a strategic question that can be applied on a case-by-case basis.
Software development occupies a particular (and unique) place in the broader cybersecurity landscape. Not only is secure software able to protect the organization’s infrastructure, it is also able to protect any customers who may use externally-facing software tools.
Secure development today is commonly defined by the Security Development Lifecycle, an approach originally pioneered by Microsoft in 2002 and defined by 12 practices. These include:
Some of the most powerful cybersecurity tools — all of which are considered essential parts of any cybersecurity infrastructure — include the following:
Organizations can start building cybersecurity defenses by following the advice for improving your security posture and reducing the number of security incidents. Audit your existing hardware, software, and services ecosystem to get a solid understanding of where you stand. Create policies built to protect the systems that are most at risk of attack (including third-party services, such as cloud providers), then acquire the appropriate tools needed to protect those systems. After implementation, develop metrics to track performance and ensure staff are appropriately trained on your policy expectations and the aforementioned cybersecurity tools.
Cybersecurity continues to grow in importance and size as an industry, both in the United States and around the world. Allied Market Research projects the total value of this industry to hit more than $300 billion by 2027, as organizations continue to fight against increasingly sophisticated and pervasive attacks. Looking ahead, some of the most noteworthy trends include the growth of cloud-based security services in lieu of traditional hardware, increased incidences of insider-based attacks, and updated approaches to security frameworks. The expansion of privacy legislation will further enhance the need for companies to take cybersecurity more seriously — or risk facing costly fines and legal liability when their perimeters are breached.
The headlines detailing massive damage, data breaches, and financial losses due to cyber attacks tell the story best: The cybersecurity landscape continues to evolve, often in unpredictable and frightening ways. Now more than ever it is critical to understand your security posture and the risks faced by your organization and to learn how to adapt quickly to this ever-changing environment. Building a strong cybersecurity defense requires expertise and attention to shifting conditions and emerging threats, with detailed, real-time security monitoring one of the most essential tactics for keeping your network safe.
This posting does not necessarily represent Splunk's position, strategies or opinion.
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.