Cybersecurity is the protection of internet-connected systems, including hardware, software and data, from cyberattacks. In a computing context, security comprises cybersecurity and physical security -- both are used by enterprises to protect against unauthorized access to data centers and other computerized systems. The goal of cybersecurity is to limit risk and protect IT assets from attackers with malicious intent. Information security, which is designed to maintain the confidentiality, integrity and availability of data, is a subset of cybersecurity.
Cybersecurity best practices can, and should, be implemented by large and small organizations, employees and individuals. One of the most problematic elements of cybersecurity is the continually evolving nature of security risks and advanced persistent threats (APTs).
The traditional approach has been to focus resources on crucial system components and protect against the biggest known threats, which meant leaving components undefended and not protecting systems against less dangerous risks. To deal with the current environment, advisory organizations are promoting a more proactive and adaptive approach.
The National Institute of Standards and Technology (NIST), for example, recently issued updated guidelines in its risk assessment framework that recommend a shift toward continuous monitoring and real-time assessments. Version 1.1 of the Framework for Improving Critical Infrastructure was released in April 2018. The voluntary Cybersecurity Framework (CSF), developed for use in the banking, communications, defense and energy industries, can be adopted by all sectors, including federal and state governments. President Donald Trump issued an executive order mandating that federal agencies adopt the NIST CSF in May 2017.
Cybersecurity is a defensive solution to protect any internet-connected system from cyberthreats and attacks.
Purpose of cybersecurity
Cybersecurity measures should always be implemented to protect the data of small and large organizations and individuals. Even though significant security breaches are the ones that often get publicized, small organizations still have to concern themselves with their security posture, as they may often be the target of viruses and phishing.
Why is cybersecurity important?
Cybersecurity is important because it helps protect an organization's data assets from digital attacks that could damage the organization or individuals if placed in the wrong hands. Medical, government, corporate and financial records all hold personal information. Security incidents can lead to losses in terms of reputation, money, theft of data, deletion of data and fraud.
What cybersecurity can prevent
Cybersecurity helps prevent data breaches, identity theft and ransomware attacks, as well as aiding in risk management. When an organization has a strong sense of network security and an effective incident response plan, it is better able to prevent and mitigate cyberattacks. The process of keeping up with new technologies, security trends and threat intelligence is a challenging task.
Types of cybersecurity threats
Cyberthreats can take many forms, including the following:
- Malware: a form of malicious software in which any file or program can be used to harm a computer user, such as worms, computer viruses, Trojan horses and spyware.
- Ransomware: a type of malware that involves an attacker locking the victim's computer system files -- typically through encryption -- and demanding a payment to decrypt and unlock them.
- Social engineering: an attack that relies on human interaction to trick users into breaking security procedures to gain sensitive information that is typically protected.
- Phishing: a form of fraud in which falsified emails are sent that resemble emails from reputable sources; however, the intention of these emails is to steal sensitive data, such as credit card or login information.
Cybersecurity threat vectors
A threat vector is a path or means by which a hacker can gain access to a computer or network server to deliver a payload or malicious outcome. Attack vectors enable hackers to exploit system vulnerabilities, including human operators. Popular attack vectors include the following:
- USB sticks and other portable storage devices
- unsupported browser extensions
- infected websites
- orphan accounts
- online quizzes and personality tests
Elements of cybersecurity
It can be a challenge in cybersecurity to keep up with the changing security risks. The traditional approach has been to focus resources on crucial system components. Today, ensuring cybersecurity requires the coordination of efforts throughout an information system, which includes the following:
- Application security: Minimize the likelihood that unauthorized code will be able to manipulate applications to access, steal, modify or delete sensitive data.
- Information security (infosec): Protect information assets, regardless of how the information is formatted or whether it is in transit, is being processed or is at rest in storage.
- Network security: Detect, prevent and respond to threats through the use of security policies, software tools and IT services.
- Business continuity planning (BCP)/disaster recovery planning (DRP): Maintain or quickly resume mission-critical functions following a disaster.
- Operational security (opsec): Classify information assets, and determine the controls required to protect these assets.
- End-user education: Provide directives that describe what actions employees must take -- or avoid -- in order to protect corporate assets.
Benefits of cybersecurity
The benefits of implementing cybersecurity initiatives include the following:
- business protection against malware, ransomware, phishing and social engineering;
- protection for data and networks;
- prevention of unauthorized users accessing digital assets;
- improvement of recovery time after a breach;
- protection of endusers and their personally identifiable information (PII); and
- improvement of confidence in the organization.
Cybersecurity is continually challenged by hackers, data loss, privacy, risk management and changing cybersecurity strategies. Nothing currently indicates that cyberattacks will decrease. Moreover, with an increased number of entry points for attacks, more strategies for securing digital assets are needed to protect networks and devices.
One of the most problematic elements of cybersecurity is the continually evolving nature of security risks. As new technologies emerge and existing technology is used in new or different ways, new avenues of attack are developed as well. Keeping up with these continual changes and advances in attacks and updating practices to protect against them can be challenging to organizations. This also includes ensuring that all the elements of cybersecurity are continually changed and updated to protect against potential vulnerabilities. This can be especially challenging for smaller organizations.
Additionally, today, there is a lot of potential data an organization can gather on individuals who take part in one of their services. With more data being collected, the likelihood of a cybercriminal who wants to steal PII is another concern. For example, an organization that stores PII in the cloud may be subject to a ransomware attack and should do what it can to prevent a cloud breach.
Cybersecurity should also address end-user education, as employees may accidently bring a virus into a workplace on their work computer, laptop or smartphone.
Another large challenge to cybersecurity is the staffing shortage. As growth in data from businesses becomes more important, the need for more cybersecurity personnel with the right required skills to analyze, manage and respond to incidents increases. It is estimated that there are 2 million unfilled cybersecurity jobs worldwide. Cybersecurity Ventures also estimated that, by 2021, there will be up to 3.5 million unfilled cybersecurity jobs.
New advances in machine learning and artificial intelligence (AI) are being developed that help security professionals organize and manage log data. AI and machine learning can assist in areas with high-volume data streams, such as the following:
- correlating data by organizing it, identifying possible threats and predicting an attacker's next step;
- detecting infections by implementing a security platform that can analyze data and recognize threats;
- generating protections without putting a strain on resources; and
- continually auditing the effectiveness of protections in place to ensure they are working.
As a result of increasing security risks, investments in cybersecurity technologies and services are increasing. Gartner predicted that worldwide spending on information security products and services would reach $114 billion in 2018 and another 8.7% increase to $124 billion in 2019.
Vendors in cybersecurity fields will typically use endpoint, network and advanced threat protection security, as well as data loss prevention (DLP). Three commonly known cybersecurity vendors are Cisco, McAfee and Trend Micro.
Cisco tends to focus on networks and enables its customers to utilize firewalls, virtual private networks (VPNs) and advanced malware protection, along with supporting email and endpoint security. Cisco also supports real-time malware blocking.
McAfee makes cybersecurity products for consumers and enterprise users. McAfee supports mobile, enterprise clouds, network, web and server-based security. Data protection and encryption are also offered.
Careers in cybersecurity
As the cyberthreat landscape continues to grow and new threats emerge -- such as threats on the landscape of IoT -- individuals are needed with skills and awareness in both security hardware and software.
IT professionals and other computer specialists are needed in security jobs, such as the following:
- Chief information security officer (CISO): This individual implements the security program across the organization and oversees the IT security department's operations.
- Security engineer: This individual protects company assets from threats with a focus on quality control within the IT infrastructure.
- Security architect: This individual is responsible for planning, analyzing, designing, testing, maintaining and supporting an enterprise's critical infrastructure.
- Security analyst: This individual has several responsibilities that include planning security measures and controls, protecting digital files, and conducting both internal and external security audits.
Important milestones in cybersecurity history include the following:
- In 1971, the creeper virus was found; it is commonly recognized as the first computer virus.
- In 1983, Massachusetts Institute of Technology (MIT) was granted a patent for a cryptographic communications system and method -- the first cybersecurity patent.
- In the 1990s, the advent of computer viruses led to the infection of millions of personal computers (PCs), causing cybersecurity to become a household concern and facilitating the creation of more antivirus software.
- In 1993, the first Def Con conference was held; its focus was cybersecurity.
- In 2003, Anonymous was formed -- the first well-known hacker group.
- In 2013, the Target breach occurred in which 40 million credit and debit card records were accessed and stolen.
- In 2016, Yahoo reported two cybersecurity breaches in which hackers gained access to data from over 500 million user accounts.
- In 2017, the Equifax security breach occurred, which exposed the personal information of up to 147 million people.
- In 2018, the General Data Protection Regulation (GDPR) was implemented. It focused on the protection of end-user data in the European Union (EU).
- Also in 2018, the California Consumer Privacy Act (CCPA) was implemented. It supports individuals' right to control their own PII.