Cyber Security

What is cyber security?

Cybersecurity is the protection of internet-connected systems, including hardware,
software and data, from cyberattacks. In a computing context, security comprises
cybersecurity and physical security -- both are used by enterprises to protect against
unauthorized access to data centers and other computerized systems. The goal of
cybersecurity is to limit risk and protect IT assets from attackers with malicious intent.
Information security, which is designed to maintain the confidentiality, integrity and
availability of data, is a subset of cybersecurity.

Cybersecurity best practices can, and should, be implemented by large and small
organizations, employees and individuals. One of the most problematic elements of
cybersecurity is the continually evolving nature of security risks and advanced
persistent threats (APTs).

The traditional approach has been to focus resources on crucial system components
and protect against the biggest known threats, which meant leaving components
undefended and not protecting systems against less dangerous risks. To deal with the
current environment, advisory organizations are promoting a more proactive and
adaptive approach.

The National Institute of Standards and Technology (NIST), for example, recently
issued updated guidelines in its risk assessment framework that recommend a shift
toward continuous monitoring and real-time assessments. Version 1.1 of the
Framework for Improving Critical Infrastructure was released in April 2018. The
voluntary Cybersecurity Framework (CSF), developed for use in the banking,
communications, defense and energy industries, can be adopted by all sectors,
including federal and state governments. President Donald Trump issued an executive
order mandating that federal agencies adopt the NIST CSF in May 2017.
Purpose of cybersecurity

Cybersecurity measures should always be implemented to protect the data of small and large
organizations and individuals. Even though significant security breaches are the ones that often
get publicized, small organizations still have to concern themselves with their security posture,
as they may often be the target of viruses and phishing.

Why is cybersecurity important?

Cybersecurity is important because it helps protect an organization's data assets from digital
attacks that could damage the organization or individuals if placed in the wrong hands. Medical,
government, corporate and financial records all hold personal information. Security incidents
can lead to losses in terms of reputation, money, theft of data, deletion of data and fraud.

What cybersecurity can prevent

Cybersecurity helps prevent data breaches, identity theft and ransomware attacks, as well as
aiding in risk management. When an organization has a strong sense of network security and an
effective incident response plan, it is better able to prevent and mitigate cyberattacks. The
process of keeping up with new technologies, security trends and threat intelligence is a
challenging task.

Types of cybersecurity threats

Cyberthreats can take many forms, including the following:

 Malware: a form of malicious software in which any file or program can be used to harm a
computer user, such as worms, computer viruses, Trojan horses and spyware.
 Ransomware: a type of malware that involves an attacker locking the victim's computer
system files -- typically through encryption -- and demanding a payment to decrypt and
unlock them.
 Social engineering: an attack that relies on human interaction to trick users into breaking
security procedures to gain sensitive information that is typically protected.
 Phishing: a form of fraud in which falsified emails are sent that resemble emails from
reputable sources; however, the intention of these emails is to steal sensitive data, such as
credit card or login information.
Cybersecurity threat vectors
A threat vector is a path or means by which a hacker can gain access to a computer or network
server to deliver a payload or malicious outcome. Attack vectors enable hackers to exploit
system vulnerabilities, including human operators. Popular attack vectors include the following:

 USB sticks and other portable storage devices

 unsupported browser extensions

 infected websites

 orphan accounts

 malvertisements
 online quizzes and personality tests

Elements of cybersecurity

It can be a challenge in cybersecurity to keep up with the changing security risks. The
traditional approach has been to focus resources on crucial system components. Today, ensuring
cybersecurity requires the coordination of efforts throughout an information system, which
includes the following:

 Application security: Minimize the likelihood that unauthorized code will be able to
manipulate applications to access, steal, modify or delete sensitive data.
 Information security (infosec): Protect information assets, regardless of how the
information is formatted or whether it is in transit, is being processed or is at rest in storage.
 Network security: Detect, prevent and respond to threats through the use of security
policies, software tools and IT services.
 Business continuity planning (BCP)/disaster recovery planning (DRP): Maintain or
quickly resume mission-critical functions following a disaster.
 Operational security (opsec): Classify information assets, and determine the controls
required to protect these assets.
 End-user education: Provide directives that describe what actions employees must take --
or avoid -- in order to protect corporate assets.
Benefits of cybersecurity

The benefits of implementing cybersecurity initiatives include the following:

 business protection against malware, ransomware, phishing and social engineering;

 protection for data and networks;

 prevention of unauthorized users accessing digital assets;

 improvement of recovery time after a breach;

 protection of endusers and their personally identifiable information (PII); and

 improvement of confidence in the organization.

Cybersecurity challenges

Cybersecurity is continually challenged by hackers, data loss, privacy, risk management and
changing cybersecurity strategies. Nothing currently indicates that cyberattacks will decrease.
Moreover, with an increased number of entry points for attacks, more strategies for securing
digital assets are needed to protect networks and devices.

One of the most problematic elements of cybersecurity is the continually evolving nature of
security risks. As new technologies emerge and existing technology is used in new or different
ways, new avenues of attack are developed as well. Keeping up with these continual changes
and advances in attacks and updating practices to protect against them can be challenging to
organizations. This also includes ensuring that all the elements of cybersecurity are continually
changed and updated to protect against potential vulnerabilities. This can be especially
challenging for smaller organizations.
Additionally, today, there is a lot of potential data an organization can gather on individuals
who take part in one of their services. With more data being collected, the likelihood of a
cybercriminal who wants to steal PII is another concern. For example, an organization that
stores PII in the cloud may be subject to a ransomware attack and should do what it can to
prevent a cloud breach.

Cybersecurity should also address end-user education, as employees may accidently bring a
virus into a workplace on their work computer, laptop or smartphone.

Another large challenge to cybersecurity is the staffing shortage. As growth in data from
businesses becomes more important, the need for more cybersecurity personnel with the right
required skills to analyze, manage and respond to incidents increases. It is estimated that there
are 2 million unfilled cybersecurity jobs worldwide. Cybersecurity Ventures also estimated that,
by 2021, there will be up to 3.5 million unfilled cybersecurity jobs.

Automation

New advances in machine learning and artificial intelligence (AI) are being developed that help
security professionals organize and manage log data. AI and machine learning can assist in
areas with high-volume data streams, such as the following:

 correlating data by organizing it, identifying possible threats and predicting an attacker's next
step;

 detecting infections by implementing a security platform that can analyze data and recognize
threats;

 generating protections without putting a strain on resources; and

 continually auditing the effectiveness of protections in place to ensure they are working.
Cybersecurity vendors

As a result of increasing security risks, investments in cybersecurity technologies and services

are increasing. Gartner predicted that worldwide spending on information security products and
services would reach $114 billion in 2018 and another 8.7% increase to $124 billion in 2019.

Vendors in cybersecurity fields will typically use endpoint, network and advanced threat
protection security, as well as data loss prevention (DLP). Three commonly known
cybersecurity vendors are Cisco, McAfee and Trend Micro.

Cisco tends to focus on networks and enables its customers to utilize firewalls, virtual private
networks (VPNs) and advanced malware protection, along with supporting email and endpoint
security. Cisco also supports real-time malware blocking.

McAfee makes cybersecurity products for consumers and enterprise users. McAfee supports
mobile, enterprise clouds, network, web and server-based security. Data protection and
encryption are also offered.

Trend Micro is an antimalware vendor that offers threat protection for mobile, hybrid
clouds, SaaS and the internet of things (IoT). Trend Micro provides users with endpoint, email
and web security.

Careers in cybersecurity

As the cyberthreat landscape continues to grow and new threats emerge -- such as threats on the
landscape of IoT -- individuals are needed with skills and awareness in both security hardware
and software.

IT professionals and other computer specialists are needed in security jobs, such as the
following:

 Chief information security officer (CISO): This individual implements the security program
across the organization and oversees the IT security department's operations.
  Security engineer: This individual protects company assets from threats with a focus on
quality control within the IT infrastructure.

 Security architect: This individual is responsible for planning, analyzing, designing, testing,
maintaining and supporting an enterprise's critical infrastructure.

 Security analyst: This individual has several responsibilities that include planning security
measures and controls, protecting digital files, and conducting both internal and external
security audits.
History

Important milestones in cybersecurity history include the following:

 In 1971, the creeper virus was found; it is commonly recognized as the first computer virus.

 In 1983, Massachusetts Institute of Technology (MIT) was granted a patent for a cryptographic
communications system and method -- the first cybersecurity patent.

 In the 1990s, the advent of computer viruses led to the infection of millions of personal
computers (PCs), causing cybersecurity to become a household concern and facilitating the
creation of more antivirus software.

 In 1993, the first Def Con conference was held; its focus was cybersecurity.

 In 2003, Anonymous was formed -- the first well-known hacker group.

 In 2013, the Target breach occurred in which 40 million credit and debit card records were
accessed and stolen.

 In 2016, Yahoo reported two cybersecurity breaches in which hackers gained access to data
from over 500 million user accounts.

 In 2017, the Equifax security breach occurred, which exposed the personal information of up to
147 million people.

 In 2018, the General Data Protection Regulation (GDPR) was implemented. It focused on the
protection of end-user data in the European Union (EU).
 Also in 2018, the California Consumer Privacy Act (CCPA) was implemented. It supports
individuals' right to control their own PII.