Published: 27 October 2023
Cybersecurity refers to any technology, measure or practice for preventing cyberattacks or mitigating their impact.
Cybersecurity aims to protect individuals’ and organizations’ systems, applications, computing devices, sensitive data and financial assets against computer viruses, sophisticated and costly ransomware attacks, and more.
Cyberattacks have the power to disrupt, damage or destroy businesses, and the cost to victims keeps rising. For example, according to IBM's Cost of a Data Breach 2023 report,
- The average cost of a data breach in 2023 was USD 4.45 million, up 15% over the last three years;
- The average cost of a ransomware-related data breach in 2023 was even higher, at USD 5.13 million. This number does not include the cost of the ransom payment, which averaged an extra USD 1,542,333, up 89% from the previous year.
By one estimate, cybercrime might cost the world economy USD 10.5 trillion per year by 2025 (link resides outside ibm.com).1
The expanding information technology (IT) trends of the past few years include:
- a rise in cloud computing adoption,
- network complexity,
- remote work and work from home,
- bring your own device (BYOD) programs,
- and connected devices and sensors in everything from doorbells to cars to assembly lines.
All these trends create tremendous business advantages and human progress, but also provide exponentially more opportunities for cybercriminals to attack.
Not surprisingly, a recent study found that the global cybersecurity worker gap—the gap between existing cybersecurity workers and cybersecurity jobs that need to be filled—was 3.4 million workers worldwide.2 Resource-strained security teams are focusing on developing comprehensive cybersecurity strategies that use advanced analytics, artificial intelligence and automation to fight cyberthreats more effectively and minimize the impact of cyberattacks.
Gain insights to prepare and respond to cyberattacks with greater speed and effectiveness with the IBM Security X-Force Threat Intelligence Index.
Register for the Cost of a Data Breach report
A strong cybersecurity strategy protects all relevant IT infrastructure layers or domains against cyberthreats and cybercrime.
Critical infrastructure security protects the computer systems, applications, networks, data and digital assets that a society depends on for national security, economic health and public safety. In the United States, the National Institute of Standards and Technology (NIST) developed a cybersecurity framework to help IT providers in this area. The US Department of Homeland Security’ Cybersecurity and Infrastructure Security Agency (CISA) provides extra guidance.
Network security prevents unauthorized access to network resources, and detects and stops cyberattacks and network security breaches in progress. At the same time, network security helps ensure that authorized users have secure and timely access to the network resources they need.
Endpoints—servers, desktops, laptops, mobile devices—remain the primary entry point for cyberattacks. Endpoint security protects these devices and their users against attacks, and also protects the network against adversaries who use endpoints to launch attacks.
Application security protects applications running on-premises and in the cloud, preventing unauthorized access to and use of applications and related data. It also prevents flaws or vulnerabilities in application design that hackers can use to infiltrate the network. Modern application development methods—such as DevOps and DevSecOps—build security and security testing into the development process.
Cloud security secures an organization’s cloud-based services and assets—applications, data, storage, development tools, virtual servers and cloud infrastructure. Generally speaking, cloud security operates on the shared responsibility model where the cloud provider is responsible for securing the services that they deliver and the infrastructure that is used to deliver them. The customer is responsible for protecting their data, code and other assets they store or run in the cloud. The details vary depending on the cloud services used.
Information security (InfoSec) pertains to protection of all an organization's important information—digital files and data, paper documents, physical media, even human speech—against unauthorized access, disclosure, use or alteration. Data security, the protection of digital information, is a subset of information security and the focus of most cybersecurity-related InfoSec measures.
Mobile security encompasses various disciplines and technologies specific to smartphones and mobile devices, including mobile application management (MAM) and enterprise mobility management (EMM). More recently, mobile security is available as part of unified endpoint management (UEM) solutions that enable configuration and security management for multiple endpoints—mobile devices, desktops, laptops, and more—from a single console.
Malware—short for "malicious software"—is any software code or computer program that is written intentionally to harm a computer system or its users. Almost every modern cyberattack involves some type of malware.
Hackers and cybercriminals create and use malware to gain unauthorized access to computer systems and sensitive data, hijack computer systems and operate them remotely, disrupt or damage computer systems, or hold data or systems hostage for large sums of money (see Ransomware).
Ransomware is a type of malware that encrypts a victim’s data or device and threatens to keep it encrypted—or worse—unless the victim pays a ransom to the attacker. According to the IBM Security X-Force Threat Intelligence Index 2023, ransomware attacks represented 17 percent of all cyberattacks in 2022.
“Or worse” is what distinguishes today's ransomware from its predecessors. The earliest ransomware attacks demanded a single ransom in exchange for the encryption key. Today, most ransomware attacks are double extortion attacks, demanding a second ransom to prevent sharing or publication of the victims data. Some are triple extortion attacks that threaten to launch a distributed denial of service attack if ransoms aren’t paid.
Phishing attacks are email, text or voice messages that trick users into downloading malware, sharing sensitive information or sending funds to the wrong people. Most users are familiar with bulk phishing scams—mass-mailed fraudulent messages that appear to be from a large and trusted brand, asking recipients to reset their passwords or reenter credit card information. But more sophisticated phishing scams, such as spear phishing and business email compromise (BEC), target specific individuals or groups to steal especially valuable data or large sums of money.
Phishing is just one type of social engineering—a class of ‘human hacking’ tactics and attacks that use psychological manipulation to tempt or pressure people into taking unwise actions.
Insider threats are threats that originate with authorized users—employees, contractors, business partners—who intentionally or accidentally misuse their legitimate access, or have their accounts hijacked by cybercriminals. Insider threats can be harder to detect than external threats because they have the earmarks of authorized activity, and are invisible to antivirus software, firewalls and other security solutions that block external attacks.
One of the more persistent cybersecurity myths is that all cybercrime comes from external threats. In fact, according to a recent study, 44% of insider threats are caused by malicious actors, and the average cost per incident for malicious insider incidents in 2022 was USD 648,062.3 Another study found that while the average external threat compromises about 200 million records, incidents involving an inside threat actor resulted in exposure of one billion records or more.4
A DDoS attack attempts to crash a server, website or network by overloading it with traffic, usually from a botnet—a network of multiple distributed systems that a cybercriminal hijacks by using malware and remote-controlled operations.
The global volume of DDoS attacks spiked during the COVID-19 pandemic. Increasingly, attackers are combining DDoS attacks with ransomware attacks, or simply threatening to launch DDoS attacks unless the target pays a ransom.
Despite an ever-increasing volume of cybersecurity incidents worldwide and ever-increasing volumes of learnings that are gleaned from them, some dangerous misconceptions persist.
Strong passwords alone are adequate protection. Strong passwords make a difference. For example, a 12-character password takes 62 trillion times longer to crack than a 6-character password. But because cybercriminals can steal passwords (or pay disgruntled employees or other insiders to steal them), they can’t be an organization’s or individual’s only security measure.
The major cybersecurity risks are well known. In fact, the risk surface is constantly expanding. Thousands of new vulnerabilities are reported in old and new applications and devices every year. Opportunities for human error—specifically by negligent employees or contractors who unintentionally cause a data breach—keep increasing.
All cyberattack vectors are contained. Cybercriminals are finding new attack vectors all the time—including Linux systems, operational technology (OT), Internet of Things (IoT) devices and cloud environments.
‘My industry is safe.’ Every industry has its share of cybersecurity risks, with cyber adversaries exploiting the necessities of communication networks within almost every government and private-sector organization. For example, ransomware attacks are targeting more sectors than ever, including local governments, non-profits and healthcare providers. Threats on supply chains, ".gov" websites, and critical infrastructure have also increased.
Cybercriminals don’t attack small businesses. Yes, they do. For example, in 2021, 82 percent of ransomware attacks targeted companies with fewer than 1,000 employees; 37 percent of companies attacked with ransomware had fewer than 100 employees.5
The following best practices and technologies can help your organization implement strong cybersecurity that reduces your vulnerability to cyberattacks and protects your critical information systems without intruding on the user or customer experience.
Security awareness training helps users understand how seemingly harmless actions—from using the same simple password for multiple log-ins, to oversharing on social media—increases their own or their organization’s risk of attack. Security awareness training combined with thought-out data security policies can help employees protect sensitive personal and organizational data. It can also help them recognize and avoid phishing and malware attacks.
Identity and access management (IAM) defines the roles and access privileges for each user, and the conditions under which they are granted or denied their privileges. IAM technologies include multi-factor authentication, which requires at least one credential in addition to a username and password, and adaptive authentication, which requires more credentials depending on context.
Attack surface management (ASM) is the continuous discovery, analysis, remediation and monitoring of the cybersecurity vulnerabilities and potential attack vectors that make up an organization’s attack surface. Unlike other cyberdefense disciplines, ASM is conducted entirely from a hacker’s perspective, rather than the perspective of the defender. It identifies targets and assesses risks based on the opportunities they present to a malicious attacker.
Organizations rely on analytics- and AI-driven technologies to identify and respond to potential or actual attacks in progress because it's impossible to stop all cyberattacks. These technologies can include (but are not limited to) security information and event management (SIEM), security orchestration, automation and response (SOAR), and endpoint detection and response (EDR). Typically, these technologies are used as part of a formal incident response plan.
Disaster recovery capabilities often play a key role in maintaining business continuity in the event of a cyberattack. For example, the ability to fail over to a backup that is hosted in a remote location can enable a business to resume operations quickly following a ransomware attack (and sometimes without paying a ransom).
Outsmart attacks with a connected, modernized security suite. The QRadar portfolio is embedded with enterprise-grade AI and offers integrated products for endpoint security, log management, SIEM and SOAR—all with a common user interface, shared insights and connected workflows.
Proactive threat hunting, continuous monitoring and a deep investigation of threats are just a few of the priorities facing an already busy IT department. Having a trusted incident response team on standby can reduce your response time, minimize the impact of a cyberattack, and help you recover faster.
AI-driven unified endpoint management (UEM) protects your devices, apps, content and data. This protection means you can rapidly scale your remote workforce and bring-your-own-device (BYOD) initiatives while building a zero trust security strategy.
Implemented on premises or in a hybrid cloud, IBM data security solutions help you investigate and remediate cyberthreats, enforce real-time controls and manage regulatory compliance.
Proactively protect your organization’s primary and secondary storage systems against ransomware, human error, natural disasters, sabotage, hardware failures and other data loss risks.
Be better prepared for breaches by understanding their causes and the factors that increase or reduce costs. Learn from the experiences of more than 550 organizations that were hit by a data breach.
SIEM (security information and event management) is software that helps organizations recognize and address potential security threats and vulnerabilities before they can disrupt business operations.
Know the threat to beat the threat—get actionable insights that help you understand how threat actors are waging attacks, and how to proactively protect your organization.
Understand your cybersecurity landscape and prioritize initiatives together with senior IBM security architects and consultants in a no-cost, virtual or in-person, 3-hour design thinking session.
Threat management is a process used by cybersecurity professionals to prevent cyberattacks, detect cyber threats and respond to security incidents.
Find insights for rethinking your ransomware defenses and building your ability to remediate an evolving ransomware situation more rapidly.
Footnotes
1 Cybercrime threatens business growth. Take these steps to mitigate your risk. (link resides outside ibm.com)
2 Bridging the 3.4 million workforce gap in cybersecurity (link resides outside ibm.com)
3 2022 Ponemon Cost of Insider Threats Global Report (link resides outside ibm.com)
4 Verizon 2023 Data Breach Investigations Report (link resides outside ibm.com)
5 82% of Ransomware Attacks Target Small Businesses, Report Reveals (link resides outside ibm.com)