Article

What is cybersecurity?

Security
Time to read: 14 minutes

Cybersecurity is a term that covers the many tools, systems, practices, processes, and procedures that are combined to protect digital resources (e.g., hardware, software, networks, data) from external cyber threats and nuisances, malicious insiders, and careless users. Primarily focused on identifying and stopping unauthorized access that leads to attacks, breaches, and damage, cybersecurity encompasses all types of offensive and defensive solutions, which are usually integrated into a rich mesh.

IT programs around cybersecurity consider all forms of vulnerability and threat vectors—from identity theft and data breaches to ransomware and digital weapons.

Cybersecurity strategies need to take a holistic approach to prevent unauthorized access, alteration, erasure, destruction, or extortion of an organization’s or individual user’s digital assets and resources.

Cybersecurity tactics focus on addressing a range of threats, including malicious activity that targets digital resources with the objective of:

  1. Financial gain
  2. General disruption
  3. Supporting political interests
  4. Gathering information for future nefarious activities
  5. Undermining electronic systems to cause panic or fear

How cybersecurity works

Effective cybersecurity strategies and tactics employ an evolving mix of solutions and processes to stay ahead of vulnerabilities and threats. Three areas of focus for cybersecurity work are:

  1. Unauthorized access
  2. Unauthorized deletion
  3. Unauthorized modification

No matter which cybersecurity methodologies are utilized, most have automation at their core. Automation is an integral part of most cybersecurity solutions because it is not possible for humans to process the volume and velocity of data that is generated. Artificial intelligence (AI) plays an increasingly important role in cybersecurity automation, providing support for:

  1. Threat detection—Analyzing data to catch known threats and identify unusual behavior that could be a sign of malicious activity
  2. Threat response—Dynamically creating and deploying cybersecurity measures based on automatically generated triggers based on alerts of suspicious activities
  3. Alert triage—Automatically assessing alerts to identify false positives or low-risk alarms and culling out items that require immediate, human attention
  4. Analysis—Using AI-enabled automation in cybersecurity programs to classify and prioritize attack signals and malware, review traffic for anomalies, and monitor for compliance

When explaining how cybersecurity works, the CIA (i.e., Confidentiality, Integrity, and Availability) was considered the core framework. However, a fourth element, Safety, has become generally accepted as an improved model. Collectively, these four are the cornerstones of cybersecurity--CIAS.

Confidentiality

The objective of confidentiality as part of a cybersecurity strategy is to restrict access to resources only to authorized users to protect the privacy of sensitive information.

Integrity

Protections related to integrity are meant to ensure the fidelity of resources as well as guard against improper modification or destruction. This also includes maintaining non-repudiation and authenticity of all resources.

Availability

An important role of cybersecurity is making sure that users have timely, reliable access to IT resources, such as data, systems, and services.

Safety

In the context of cybersecurity, safety focuses on reducing risks associated with IT resources and providing defenses against attacks. This includes taking steps to ensure that access to systems and data is granted only to authorized users and alerts are triggered when unauthorized access is detected.

Why cybersecurity is important

Cybersecurity is important because of the scale of and reliance on digital data. Nearly everyone and every organization depend on it. This means that the systems that collect, process, manage, and store this data must be protected from a large and persistent ecosystem of threats ranging from disgruntled employees to state-sponsored cyber terrorism.

While all data should be protected, some data requires a higher level of cybersecurity. Data that is considered to be sensitive information (e.g., intellectual property, financial data, personal information, medical records, government data, and military information) is targeted by all manner of bad actors.

Even as it continuously improves, cybersecurity is also continuously challenged to keep up with efforts to stop:

  1. Cyber attackers
  2. Data loss
  3. Shifting risks
  4. Changing security requirements

In addition, the attack surface that cybersecurity solutions must protect continues to expand with massive growth in:

  1. Networks
  2. Data volume
  3. IT infrastructure
  4. Connected devices
  5. Internet of Things (IoT)
  6. Internet of Consumer Things (CIoT)
  7. Industrial Internet of Things (IIoT)
  8. Internet of Medical Things (IoMT)
  9. Internet of Things Smart Cities (IoTSC)

Three of the most commonly cited challenges in cybersecurity are data deluge, continuously evolving threats, and the cybersecurity workforce and skills gap.

  1. Data deluge
    The volume and velocity at which data is produced push the enterprise to the edge of capacity to handle it effectively. Cybersecurity encompasses all aspects of how data is collected, processed, accessed, managed, and protected throughout its lifecycle.

    In some cases, data governance and data management are included under the cybersecurity umbrella. As the amount of data grows, so does the attack surface and the ecosystem of cyber attackers.
  2. Evolving threats
    The continuous evolution of threats and cyber attackers is one of the most vexing challenges with cybersecurity. Technology innovation brings many benefits, but opens new attack vectors that take advantage of novel systems and their vulnerabilities.

    Cybersecurity systems and strategies must constantly adjust to keep up with the changes and advancements in attack angles. When even the largest organizations struggle to keep cybersecurity up to date, the smaller ones face increasing risks.
  3. The cybersecurity workforce shortage and skills gap
    A shortage of qualified cybersecurity personnel makes it very difficult for IT teams. The data deluge and evolving threats drive the demand for and deficit of cybersecurity staff.

Types of cybersecurity threats

Types of cyber threats continuously increase and evolve. Following are several of the more prevalent cyber threats that cybersecurity solutions address.

Advanced persistent threats (APTs)

Prolonged targeted attacks where an attacker gains access to a network, then lies in wait, undetected, before making a move are categorized as advanced persistent threats.

Cyberterrorism

A cyber attack that is politically or ideologically motivated is considered cyberterrorism. These attacks target digital assets with the intent of causing harm and widespread disruption. These attacks are often state-sponsored and highly sophisticated, making it difficult for cybersecurity defenses to protect the targets.

Distributed denial-of-service (DDoS)

With a distributed denial-of-service (DDoS) attack, cybercriminals use multiple systems to overwhelm networks and servers with traffic to prevent legitimate requests for service from being processed. This renders systems unusable and prevents the targeted organization from carrying out its operations.

Malware

Malicious software, referred to as malware, is designed and developed to cause damage and disruption—from stealing data to holding it ransom. Cybersecurity software solutions work to catch malware before it can be activated.

However, since malware is commonly triggered by users opening malicious attachments, education and training are important aspects of any organization’s cybersecurity program. Common types of malware that may be thwarted with effective cybersecurity include:

  1. Adware—referred to as a potentially unwanted program (PUP) installed without users’ permission, adware presents users with unwanted online ads
  2. Botnets—a network of malware-infected computers that are remotely controlled and used to perform tasks online without users’ permission, such as sharing sensitive data or access to other systems
  3. Ransomware—locks down files and data, usually through encryption, then demands payment to unlock the files
  4. Spyware—secretly records users’ actions (e.g., watching keystrokes to steal credit card information)
  5. Trojans—disguises itself as legitimate software to trick users into uploading malware on their systems where it causes damage or harvests data
  6. Virus—self-replicating software that attaches itself to legitimate files and spreads throughout systems, infecting files with malicious code
  7. Worms—self-replicate and spread through networks infecting other systems

Man-in-the-middle attack

A man-in-the-middle attack occurs when cybercriminals intercept communications between two individuals to steal data. Difficult to address with cybersecurity software, man-in-the-middle attacks can be mitigated with user education about the dangers of using unsecured public Wi-Fi networks.

Phishing

Cybercriminals target victims with emails from legitimate-looking sources (e.g., banks, stores, friends) that include malicious links that automatically start downloading malware or lure the user to a site that tricks them into providing credit card or other sensitive information. Called phishing attacks, reducing this type of malware is enabled with cybersecurity software as well as user education and training. Spear phishing takes the same approach but targets specific users or organizations.

Physical security attacks

Threats related to unauthorized access to physical spaces with the goal of gaining access to networks and systems can also be addressed with appropriate cybersecurity measured. Protection systems include digital cybersecurity barriers that prevent attackers from gaining access to systems and networks even if they have breached physical perimeters.

SQL injection

A cybersecurity violation that targets databases is a SQL (structured language query) injection. SQL injection attacks find application vulnerabilities and then use those access points to insert malicious code into an SQL database. Using a malicious SQL statement, cybercriminals can take control of the database and exfiltrate data.

Cybersecurity strategies

Three core elements of a successful cybersecurity strategy are:

  1. Governance
    Documentation and processes for how an organization directs and controls cybersecurity
  2. Technology
    Hardware and software that are combined to defend against cybersecurity threats
  3. Operations
    Execution of cybersecurity strategies using governance and technical elements

Examples of cybersecurity strategies include:

  1. Creating a cybersecurity assurance framework
  2. Establishing and maintaining a complete cybersecurity ecosystem
  3. Strengthening organizational governance frameworks
  4. Taking advantage of open standards

Cybersecurity technologies

Application security

Application security includes the design, development, testing, deployment, and maintenance of cybersecurity features in software. The objective of application security is to find and fix vulnerabilities in code that can be exploited for unauthorized access and modification.

Cloud security

Cloud security includes the cybersecurity systems and software used when designing, developing, deploying, and maintaining cloud-based applications and architectures.

Data recovery and business continuity planning

A significant part of disaster recovery and business continuity planning is developing plans for how to respond to an attack or any other event that causes interruption of operations or loss of data. Whatever the plans are for recovery, cybersecurity should be embedded at every step to ensure that risks are addressed and that vulnerabilities are not created during the rush to resume operations.

Identity management

Encompassing all aspects of access (e.g., activities, frameworks, processes), identity management is a core component of any cybersecurity program. Identity management helps IT and security teams control and report on access rights for people and systems.

Data security

Protecting the integrity and privacy of data (i.e., in transit and at rest) inside networks, applications, and storage is part of data security.

IoT (Internet of Things) security

Widely regarded as one of the largest attack surfaces, IoT requires unique cybersecurity systems, as traditional cybersecurity cannot adequately address the requirements.

Mobile security

Mobile security covers protection for information stored on any mobile device, including phones, laptops, tablets, and other connected devices. Mobile security solutions are usually custom-built or customized to address cybersecurity challenges, such as unauthorized access, device loss or theft, malware, etc.

Network security

Used to address vulnerabilities in operating systems and network architecture, network security uses hardware and software to prevent unauthorized access, disruptions, and misuse. Network-focused cybersecurity solutions protect servers, hosts, firewalls, wireless access points, and network protocols.

Operational security

Operational security directs decisions on how to handle and protect data assets. This includes establishing procedures for how and where data is stored, as well as rules for usage and sharing.

User education and training

Often overlooked, education and training are widely considered to be important and effective cybersecurity tools. While not a technology outright, user education and training are developed and deployed on digital platforms.

Because people are the most unpredictable use case in cybersecurity, education and training are required to attempt to rein in this risk.

Cybersecurity education and training for end users include everything from general awareness about cyber threats to how to spot a phishing attempt.

Cybersecurity best practices

Following are 20 industry best practices to ensure robust cybersecurity.

  1. Avoid the use of shared accounts (i.e., require users to have their own accounts).
  2. Ban the use of unsecured public Wi-Fi networks.
  3. Control physical access to your computers and network components.
  4. Develop and enforce cybersecurity policies.
  5. Educate and train users to refrain from opening email attachments from unknown senders or click on links in emails from unknown senders or unfamiliar websites.
  6. Encrypt data in transit and at rest.
  7. Evaluate the organization’s physical security.
  8. Follow DevSecOps best practices.
  9. Require that users change passwords regularly.
  10. Implement a robust business continuity and incidence response (BC-IR) plan.
  11. Increase organizational awareness of the importance of cybersecurity.
  12. Keep software and operating systems up to date, making it a priority to install the latest security patches.
  13. Limit access to the minimum required to perform tasks (i.e., follow the principle of least privilege access).
  14. Make backup copies of all critical data.
  15. Perform risk assessments on a regular basis.
  16. Provide firewall security for internet connections.
  17. Require the use of strong passwords.
  18. Scan all systems regularly.
  19. Secure Wi-Fi networks.
  20. Use anti-virus / anti-malware software.

Cybersecurity solutions

Common cybersecurity tools and systems include:

  1. Anti-malware / anti-virus
  2. Cloud access security broker (CASB)
  3. Cloud workload protection platform (CWPP)
  4. Data loss prevention (DLP)
  5. Encryption tools
  6. Endpoint detection and response
  7. Endpoint protection
  8. Firewalls
  9. Identity and access management (IAM)
  10. Intrusion prevention / detection systems (IPS/IDS)
  11. Multi-factor authentication
  12. Security information and event management (SIEM)
  13. Single sign-on
  14. Third-party risk management
  15. Virtual private networks (VPNs)
  16. Vulnerability scanners

Cybersecurity: A challenge with many benefits

Yes, cybersecurity is hard to do well. The threat landscape constantly changes, and the attack surface grows without rest. Improvements achieved with new hardware and software usually bring cybersecurity vulnerabilities.

Despite the difficulties, cybersecurity is a must-have for any organization.

While it presents challenges, cybersecurity also offers many benefits, including:

  1. Business continuity
  2. Defenses against cyberattacks
  3. Expedited recovery in the event of a cybersecurity incident
  4. Prevention of unauthorized user access
  5. Protection for end users and endpoint devices
  6. Regulatory compliance
  7. Stopping or mitigating the impact of a data breach

Investments in cybersecurity are well worth the resources required to start and maintain a robust program.

Take control of your cloud platform.

Learn more about SailPoint Identity Security.