An overview of Cybersecurity

Cybersecurity relates to any active or passive measure taken to protect systems, networks, programs, or other digital assets from any inside or outside cyber attack or breach. There is no official blueprint when it comes to enterprise information security. Cybersecurity management is comprised of various tools, best practices, services, technologies, and training, all working together and continually evolving to counter today's sophisticated cyber attack methods.

Modern-day society's digital dependence continues to scale at a velocity difficult for even the most agile enterprises to keep pace. Among the challenge of meeting the growing demands of today's well-connected consumers is the need to understand the modern cybersecurity landscape. The complexities of business infrastructures, along with the sophistication of current cyber threats, make for a dangerous combination of risks.

While most enterprises recognize the role cybersecurity plays in their business operations, many require a deeper understanding to put in place effective network security, cloud security, and information security measures to mitigate risk. In fact, studies have shown more than half of organizations are unprepared to manage the complex processes necessary to recover their systems after a malicious attack. 

This reality makes proactive cybersecurity planning a necessity in any enterprise setting. Learn more below about cybersecurity and key terms enterprise businesses should reference when developing a set of best practices.

Importance of cybersecurity

Implementing cybersecurity best practices has become a top priority for enterprise businesses, where data sensitivity is at the highest level. Widely available hacking tools and sophisticated digital extortion tactics put client and business data, and even operations, at risk. Maintaining a proactive cybersecurity approach is essential to mitigating both short- and long-term business continuity risks.

As of 2019, the global average cost of a data breach has grown 12% in the last five years to $3.92 million. These excessive damages are made up of infrastructure repair costs, disaster recovery executions and internal resource expenditures but are primarily associated with long-term damage to client and partner relationships.

Data breaches of any size often lead to a loss of customer trust and can significantly impact business growth. Failure to comply with strict regulatory standards can lead to significant fines or legal action that temporarily, or in some cases, permanently disrupt business operations. For many enterprises, days or even hours of downtime due to large-scale data breaches, destructive ransomware, or denial of service (DoS) can lead to significant losses that can be challenging to recover from.

The current state of the cybersecurity landscapes has left enterprises relying on leadership roles like a Chief Information Security Officer (CISO) or Managed Security Services Providers (MSSP) to implement effective and sustainable cybersecurity strategies. But no matter the level of investment or resources, businesses of all sizes can take steps to secure their data.

Common types of cyber attacks


The term "malware" represents a collection of malicious software variants, including viruses, ransomware, and spyware. These programs can harm business systems and networks in several ways, exploiting organizations by destroying databases and internal resources as well as causing devastating and irreversible damage to business infrastructure.


Botnets are a network of compromised computer systems that can perform any number of automated tasks without the permission or knowledge of device owners. Attackers use the computer resources of these slave systems to execute large-scale attacks and other malicious activity while remaining completely anonymous.

Social engineering

A common form of manipulation, social engineering campaigns are driven with the sole purpose of extracting sensitive business information, such as login credentials, employee records, and banking details. This form of attack is typically distributed through phishing emails and other forms of communication designed to appear harmless, but are actually used to funnel information to malicious sources.

Advanced persistent threat (APT)

Advanced persistent threats (APTs) have become a widely used, highly effective, and financially devastating form of data breach that is difficult to detect and even more so to recover from. Using stealthy and sophisticated tactics, attackers gain unauthorized access to a network or system and can remain undetected for months or years.

SQL injection

A SQL injection is a code injection technique commonly found on malicious websites or unsecured web browsers. The vulnerability allows attackers to manipulate queries that an application makes to the connected database. This allows the attacker to view and edit source code as well as access data stored in the underlying servers.

Denial-of-service attack

A denial-of-service (DoS) attack is where an attacker inundates a server or network with traffic and drains the resources necessary to keep it functional. This often leads to a complete disruption of connected systems, causing large-scale outages and significant financial consequences due to downtime.

Types of cybersecurity

Critical infrastructure security

Critical infrastructure security is deployed by government authorities as part of the preparedness and response to severe incidents that impact regions or nations. This includes the protection and recovery of data assets, systems, facilities, networks, and other elements that society relies on to maintain national security.

Application security

Application security comprises all processes taken to improve the security of an application across all on-premise or cloud-based systems. This includes user authentication, data encryption, logging, and application network monitoring and testing.

Cloud security

Cloud security refers to measurements put in place to protect cloud data in motion or at rest in support of customer privacy and regulatory compliance standards. This includes adopting and enforcing a broad set of policies on how cloud-based applications, workloads, technologies, and controls are accessed and used regularly.

Internet of things (IoT) security

IoT security is made up of specific technologies used to safeguard connected devices and networks in the IoT. In enterprise settings, this includes efforts taken to secure computing devices, mechanical and digital machines, mobile devices, smart energy grids, artificial intelligence (AI)-driven building automation tools, and more.

Endpoint security

Endpoint security is an approach used to secure each and every accessible endpoint in a network. This includes laptops, tablets, mobile devices, wireless systems, and any other connection point that can be used inside or outside a secure business network to access data or other digital assets.

Fundamentals of cybersecurity management

The current state of cybersecurity is a global issue that requires an equal amount of due diligence regardless of the industry your organization is part of. To make for a consistent approach when applying best security practices across the enterprise environment, the NIST (National Institute of Standards and Technology), has posted the five pillars for building a robust cybersecurity framework.

Each of these five pillars, or functions, provides the foundation for building a successful and holistic cybersecurity program in your enterprise.


The identify function is used to help organizations develop and understand their cybersecurity risk when evaluation their business systems and networks. This initial step builds a foundation for deploying effective policies on how to protect both physical and digital business assets adequately.


The protect function is the action stage of cybersecurity planning and supports the organization's ability to limit or contain the impact of cybersecurity events. This involves protecting assets through the use of IAM (Identity and Access Management) solutions, database security technologies, staff training, and other safeguards that ensure the delivery of critical infrastructure services.


The detect function ensures the timely discovery of cybersecurity incidents so they can be responded to. This includes recognizing anomalies or events in system and networks as they happen and verifying the effectiveness of protective measures used to respond to these activities.


The response function is a critical pillar and refers to all appropriate activities needed when taking action against detected cybersecurity incidents. This is an essential component when containing potentially devastating attacks as they are discovered. This includes managing communications during and after events with appropriate incident response teams, stakeholders, and law enforcement while driving the analysis, mitigation activities, and technologies necessary to resolve the issues.


The recover function outlines all activities necessary to restore any capabilities or services in the event of a catastrophic event or large-scale business disruption. This includes implementing recovery planning processes, training procedures, and teams that will drive recovery efforts and implement improvements based on lessons learned from new events and recovery initiatives.

IBM and cybersecurity

Investing in the right level of cybersecurity preparedness is key to sustaining business growth now and in the future. But the complexities of the modern-day cybersecurity landscape can make approaching enterprise security challenging and time-consuming. IBM is dedicated to driving cybersecurity into the fabric of your business and has the tools, solutions, and, most important, the experience necessary to build and deploy a security and compliance program that's right for your business.

With tools like IBM X-Force Exchange, a cloud-based threat intelligence platform, as well as managed security services such as firewall management, unified threat monitoring and response, and endpoint security management, IBM is dedicated to providing your organization with the cybersecurity solutions you need to strengthen your business security.

For more information on how IBM can support your cybersecurity initiatives, explore IBM's suite of cybersecurity services.


Cybersecurity Tutorials for Devs

Stay up-to-date on the latest best practices to help protect your network and data.

Security Intelligence podcast

We discuss cyber security industry analysis, tips and success stories with security thought leaders.

Identity Access Management

In these times, it’s critical that we ensure the right people can use the right applications or data when they need to. IAM allows this to happen.


Cloud Pak for Security

Integrate security tools to gain insights into threats across hybrid, multicloud environments

AI and Cybersecurity

AI is changing the game for cybersecurity, analyzing massive quantities of risk data to speed response times and augment under-resourced security operations

IBM Security QRadar

Intelligent security analytics for insight into your most critical threats