Article

Types of cybersecurity

SecurityZero Trust
Time to read: 12 minutes

What is cybersecurity?

Cybersecurity is the practice of using technology, controls, and processes to protect digital networks, devices, and data from unauthorised access by malicious attackers or unintentional activity. It includes ensuring the confidentiality, integrity, and availability of information using many types of cybersecurity.

Ten types of cybersecurity

Many types of cybersecurity are employed to protect digital systems from malicious and accidental threats. It is helpful to understand the ten most commonly referenced types of cybersecurity.

1. Application security
Application security prevents unauthorised access and use of applications and connected data. Because most vulnerabilities are introduced during the development and publishing stages, application security includes many types of cybersecurity solutions to help identify flaws during the design and development phases that could be exploited and alert teams so they can be fixed.

Despite best efforts, flaws do slip through the cracks. Application security also helps protect against these vulnerabilities.

A subset of application security is web application security. It focuses on protecting web applications, which are frequently targeted by cyber attacks.

2. Cloud security
Cloud security focuses on protecting cloud-based assets and services, including applications, data, and infrastructure. Most cloud security is managed as a shared responsibility between organisations and cloud service providers.

In this shared responsibility model, cloud service providers handle security for the cloud environment, and organisations secure what is in the cloud. Generally, the responsibilities are divided as shown below.

3. Critical infrastructure security
Special security processes and types of cybersecurity solutions are used to protect the networks, applications, systems, and digital assets depended on by critical infrastructure organisations (e.g., communications, dams, energy, public sector, and transportation). Critical infrastructure has been more vulnerable to cyber attacks that target legacy systems, such as SCADA (supervisory control and data acquisition) systems. While critical infrastructure organisations use many of the same types of cybersecurity as other subcategories, it is often deployed in different ways.

4. Data security
A subset of information security, data security combines many types of cybersecurity solutions to protect the confidentiality, integrity, and availability of digital assets at rest (i.e., while being stored) and in motion (i.e., while being transmitted).

5. Endpoint security
Desktops, laptops, mobile devices, servers, and other endpoints are the most common entry point for cyber attacks. Endpoint security protects these devices and the data they house. It also encompasses other types of cybersecurity that are used to protect networks from cyberattacks that use endpoints as the point of entry.

6. IoT (Internet of Things) security
IoT security seeks to minimise the vulnerabilities that these proliferating devices bring to organisations. It uses different types of cybersecurity to detect and classify them, segment them to limit network exposure, and seek to mitigate threats related to unpatched firmware and other related flaws.

7. Mobile security
Mobile security encompasses types of cybersecurity used to protect mobile devices (e.g., phones, tablets, and laptops) from unauthorised access and becoming an attack vector used to get into and move networks.

8. Network security
Network security includes software and hardware solutions that protect against incidents that result in unauthorised access or service disruption. This includes monitoring and responding to risks that impact network software (e.g., operating systems and protocols) and hardware (e.g., servers, clients, hubs, switches, bridges, peers, and connecting devices).

The majority of cyber attacks start over a network. Network cybersecurity is designed to monitor, detect, and respond to network-focused threats.

9. Operational security
Operational security covers many types of cybersecurity processes and technology used to protect sensitive systems and data by establishing protocols for access and monitoring to detect unusual behaviour that could be a sign of malicious activity.

10. Zero trust
The zero trust security model replaces the traditional perimeter-focused approach of building walls around an organisation’s critical assets and systems. There are several defining characteristics of the zero trust approach, which leverages many types of cybersecurity.

At its core, zero trust is based on several practices, including:

  1. Continuously verifying users’ identity
  2. Establishing and enforcing the principle of least privilege for access, granting only the access that is explicitly required for a user to perform a job and only for as long as that access is required
  3. Microsegmenting networks
  4. Trusting no users (i.e., internal or external)

Many of the solutions within each of these types of cybersecurity are used across subcategories, such as:

  1. Anti-malware software
  2. Antivirus systems
  3. Backup
  4. Data loss prevention (DLP)
  5. Enterprise mobility management
  6. Encryption
  7. Endpoint detection and response (EDR)
  8. Enterprise mobility management (EMM)
  9. Firewalls
  10. Identity and access management (IAM)
  11. Intrusion detection and prevention system (IDPS)
  12. Mobile application management (MAM)
  13. Multi-factor authentication
  14. Network access control (NAC)
  15. Next-generation firewall (NGFW)
  16. Secure access service edge (SASE)
  17. Secure email gateways (SEG)
  18. Security information and event management (SIEM)
  19. Security orchestration, automation, and response (SOAR)
  20. User and entity behaviour analytics (UEBA)
  21. Virtual private networks (VPNs)
  22. Web application firewalls (WAFs)

How cybersecurity threats have evolved

Types of cybersecurity threats have changed significantly since 1965, when the first computer vulnerability exploit occurred. The following is a brief timeline of notable incidents.

1965: Software vulnerability
William D. Mathews from the Massachusetts Institute of Technology (MIT) found a flaw in a Multics Compatible Time-Sharing System (CTSS), the first general-purpose time-sharing operating system. The vulnerability could be used to disclose the contents of the password file. This is widely held to be the first reported vulnerability in a computer system.

1970: Virus
Bob Thomas created the first virus and unleashed the first cyber attack. Meant as a joke, the program moved between computers and displayed the message, “I’m the creeper, catch me if you can.”

In response, his friend, Ray Tomlinson, wrote a program that moved from computer to computer and duplicated itself as it went. The message was changed to “I’m the reaper, catch me if you can.”

While these were intended to be practical jokes, they started what would evolve into the advent of malicious cyberattacks.

1989: Worm
The Morris Worm, created by Robert Morris to determine the size of the internet, ended up being responsible for the first-ever denial-of-service (DoS) attack. With an initial infection, the worm slowed computers, but by infecting the same system multiple times, the worm was able to cause systems to crash.

1989: Trojan
The first ransomware attack was perpetrated at the 1989 World Health Organisation’s AIDS conference when Joseph Popp distrusted 20,000 inflected floppy discs. Once booted, the discs encrypted users’ files and demanded payment to unencrypt them.

1990s: Fast-spreading, malicious viruses
Particularly virulent viruses began to emerge in the 1990s, with the I LOVE YOU and Melissa viruses spreading around the world, infecting tens of millions of systems and causing them to crash. These viruses were distributed via email.

Early 2000s: Advanced persistent threats (APTs)
The early 2000s saw the rise of advanced persistent threats (APTs), with the Titan Rain campaign aimed at computer systems in the US and believed to have been initiated by China. Perhaps the most famous ATP is the Stuxnet worm that was used to attack Iran’s SCADA (supervisory control and data acquisition) systems in 2010, which were integral to their nuclear program.

Early 2000s: Ransomware-as-a-service
The first ransomware-as-a-service, Reveton, was made available on the dark web in 2012. This allowed those without specialised technical abilities to rent a ransomware system, including collecting payments.

The 2013 emergency of the CryptoLocker ransomware marked a turning point for this malware. CryptoLocker not only used encryption to lock files, but was distributed using botnets.

2016: Botnets used to attack IoT devices
As the Internet of Things (IoT) exploded, this became a new attack vector. In 2016, the Mirai botnet was used to attack and infect more than 600,000 IoT devices worldwide.

2020: Supply chain attack
In 2020, a vulnerability in one enterprise organisation’s network management system software was exploited by a group believed to be working with Russia. More than 18,000 customers were impacted when they deployed a malicious update that came from the compromised organisation.

Present
Traditional cyber attack methods continue to be widely used because they remain effective. These are being joined by evolving versions that take advantage of machine learning (ML) and artificial intelligence (AI) to increase their reach and efficacy. Ironically, many of these attack methods take advantage of the technology that cybersecurity solutions use to thwart them.

Gen V attacks

Categorised as Mega attacks, Gen V is the latest generation of cyber threats. Gen V cyberattacks, which emerged in 2017, use large-scale, multi-vector approaches to target IT infrastructure with advanced attack technologies.

These cyber threats are believed to originate with state organisations that leak the technology to public cybercriminals. The hallmark of Gen V cyberattacks is that they attack multiple vectors and are polymorphic, changing as they move around and acting differently on different systems. NotPetya and WannaCry are examples of Gen V cyberattacks.

Supply chain attacks

Supply chain attacks have evolved with other attack vectors, since the same technologies and approaches are usually used. Supply chains have become a target for cybercriminals because these organisations provide an easier point of entry to specific enterprises than attacking those larger companies directly.

Supply chain attack targets can be used to gain access to many organisations connected with the target.

Ransomware

Ransomware has seen a fast and virulent evolution due to its efficacy and profitability. Attacks have escalated in terms of the scope of what is held hostage and the threats.

Ransomware is used for extortion, with threats of disclosing information or destroying vital data if the ransom terms are not met. Ransomware-as-a-service has also made it much more accessible to cybercriminal elements.

Phishing

Phishing attacks persist as a preferred attack vector for cybercriminals, but new approaches are emerging to evade many types of cybersecurity, such as using QR codes to direct users to malware. There is also an increase in multi-stage attacks to bypass multi-factor authentication.

Spear phishing and whale phishing are also on the rise. These approaches target specific individuals with messages developed using in-depth research to increase effectiveness. Phishing attacks are also increasing due to the rise in phishing kits sold on the dark web.

Malware

Malware continues to evolve by augmenting or changing legacy software using the latest technologies. Gen V cyber attacks leverage these newly updated malware packages.

What is a consolidated cybersecurity architecture?

A consolidated security architecture creates a single point of control for managing multiple types of cybersecurity solutions. When there were fairly limited types of cybersecurity products, it was possible to manage point solutions to defend against different threats and use cases. As the number of types of cybersecurity increased, the move to a unified approach was driven by:

  1. A growth of remote workforces that dissolved security perimeters and multiplied threat vectors as users connected from disparate points with varying degrees of protection.
  2. An endpoint explosion that started with desktop and laptop systems and grew to a great sprawl of connected devices, including mobile phones, tablets, and IoT devices.
  3. Increased complexity as new types of cybersecurity solutions were added to the defence mix to address new threats and hybrid environments (i.e., on-premises systems and users along with cloud systems and applications) that were difficult to monitor and manage.
  4. A need for more sophisticated types of cybersecurity to combat more adept cyber attackers with more advanced threats that could not be detected with legacy security tools.

A consolidated cybersecurity architecture was created to solve for these issues by integrating different types of cybersecurity and aggregating them under a centralised, scalable control platform. With this new model, specialised cybersecurity could be leveraged in the fight against threats and risks more cost-effectively and efficiently. A consolidated cybersecurity architecture delivers a number of benefits, including:

  1. Eliminates overlapping functionality that comes with disparate cybersecurity deployments
  2. Expedites the creation of rules and reports
  3. Fills gaps in security coverage due to multiple solutions’ inability to communicate and work together cohesively
  4. Maximises efficacy of machine learning (ML) and artificial intelligence (AI) to improve detection capabilities and accelerate response times
  5. Provides broad visibility across all cybersecurity functions in the organisation
  6. Reduces the expenses associated with purchasing and implementing different types of cybersecurity
  7. Reduces the number of tools and vendors needed to perform different cybersecurity functions
  8. Shifts to an integrated security approach that enhances cybersecurity posture
  9. Simplifies threat monitoring and prevention as well as incident response
  10. Streamlines management and maintenance of the many types of cybersecurity
  11. Unifies cybersecurity solutions to enable protection across all attack surfaces (e.g., networks, devices, and applications)

Many types of cybersecurity are needed to combat cybercrime

Cybercrime, attack surfaces, and attack methods continue to grow and evolve, getting more complex with time. The good news is that there are many types of cybersecurity solutions to combat cybercriminals. Taking time to understand the relevant threats and vulnerabilities helps organisations find the right mix of cybersecurity solutions and the best ways to deploy them.