Cybersecurity refers to any technology, measure or practice for preventing cyberattacks or mitigating their impact. Cybersecurity aims to protect individuals’ and organizations’ systems, applications, computing devices, sensitive data and financial assets against simple and annoying computer viruses, sophisticated and costly ransomware attacks, and everything in between.
Cyberattacks have the power to disrupt, damage or destroy businesses—and the cost to victims keeps rising. For example, according to IBM's Cost of a Data Breach 2023 report,
- The average cost of a data breach in 2023 was USD 4.45 million, up 15 percent over the last there years;
- The average cost of a ransomware-related data breach in 2023 was even higher, at USD 5.13 million. This does not the cost of the ransom payment, which averaged an additional USD 1,542,333, up 89 percent from the previous year.
By one estimate, cybercrime will cost the world economy USD 10.5 trillion per year by 2025 (link resides outside ibm.com).1
The information technology (IT) trends of the past few years—the rise in cloud computing adoption, network complexity, remote work and work from home, bring your own device (BYOD) programs, and connected devices and sensors in everything from doorbells to cars to assembly lines—have resulted in tremendous business advantages and human progress, but have also created exponentially more ways for cybercriminals to attack.
Perhaps not surprisingly, a recent study found that the global cybersecurity worker gap—the gap between existing cybersecurity workers and cybersecurity jobs that need to be filled—was 3.4 million workers worldwide.2 Resource-strained security teams are focusing on developing comprehensive cybersecurity strategies that leverage advanced analytics, artificial intelligence and automation to fight cyberthreats more effectively and minimize the impact of cyberattacks when they occur.
Read the latest cyberthreat detection and response trends compiled from 1,000 security operations center (SOC) team members around the world.
Subscribe to the IBM Newsletter
A strong cybersecurity strategy protects all relevant IT infrastructure layers or domains against cyberthreats and cybercrime.
Critical infrastructure security protects the computer systems, applications, networks, data and digital assets that a society depends on for national security, economic health and public safety. In the United States the National Institute of Standards and Technology (NIST) has developed a cybersecurity framework to help IT providers in this area, and the U.S. Department of Homeland Security’ Cybersecurity and Infrastructure Security Agency (CISA) provides additional guidance.
Network security prevents unauthorized access to network resources, and detects and stops cyberattacks and network security breaches in progress—while at the same time ensuring that authorized users have secure access to the network resources they need, when they need them.
Endpoints—servers, desktops, laptops, mobile devices—remain the primary entry point for cyberattacks. Endpoint security protects these devices and their users against attacks, and also protects the network against adversaries who leverage endpoints to launch attacks.
Application security protects applications running on-premises and in the cloud, preventing unauthorized access to and use of applications and related data, and preventing flaws or vulnerabilities in application design that hackers can use to infiltrate the network. Modern application development methods—i.e. DevOps and DevSecOps—build security and security testing into the development process.
Cloud security secures an organization’s cloud-based services and assets—applications, data, storage, development tools, virtual servers and cloud infrastructure. Generally speaking, cloud security operates on the shared responsibility model: the cloud provider is responsible for securing the services they deliver and the infrastructure used to deliver them, while the customer is responsible for protecting their data, code and other assets they store or run in the cloud. The details vary depending on the cloud services used.
Information security (InfoSec) pertains to protection of all an organization's important information—digital files and data, paper documents, physical media, even human speech—against unauthorized access, disclosure, use or alteration. Data security, the protection of digital information, is a subset of information security and the focus of most cybersecurity-related InfoSec measures.
Mobile security encompasses a number of disciplines and technolgies specific to smartphones and mobile devices, including mobile application management (MAM) and enterprise mobility management (EMM). More recently, mobile security is available as part of unified endpoint management (UEM) solutions that enable configuration and security management for all endpoints—not just mobile devices but desktop, laptops, and more) from a single console.
Malware—short for "malicious software"—is any software code or computer program written intentionally to harm a computer system or its users. Almost every modern cyberattack involves some type of malware.
Hackers and cybercriminals create and use malware to gain unauthorized access to computer systems and sensitive data, hijack computer systems and operate them remotely, disrupt or damage computer systems, or hold data or systems hostage for large sums of money (see Ransomware, below).
Ransomware is a type of malware that encrypts a victim’s data or device and threatens to keep it encrypted—or worse—unless the victim pays a ransom to the attacker. According to the IBM Security X-Force Threat Intelligence Index 2023, ransomware attacks represented 17 percent of all cyberattacks in 2022.
“Or worse” is what distinguishes today's ransomware from its predecessors. While the earliest ransomware attacks demanded a single ransom in exchange for the encryption key, today most ransomware attacks are double extortion attacks, demanding a second ransom to prevent sharing or publication of the victims data; some are triple extortion attacks that threaten to launch a distributed denial of service attack (see below) ransoms aren’t paid.
Phishing attacks are email, text or voice messages that trick users into downloading malware, sharing sensitive information or sending funds to the wrong people. Most users are familiar with bulk phishing scams—mass-mailed fraudulent messages that appear to be from a large and trusted brand, asking recipients to reset their passwords or re-enter credit card information. But more sophisticated phishing scams, such as spear phishing and business email compromise (BEC), target specific individuals or groups to steal especially valuable data or large sums of money.
Phishing is just one type of social engineering—a class of ‘human hacking’ tactics and attacks that use psychological manipulation to tempt or pressure people into taking unwise actions.
Insider threats are threats that originate with authorized users—employees, contractors, business partners—who intentionally or accidentally misuse their legitimate access, or have their accounts hijacked by cybercriminals. Insider threats can be more difficult to detect than external threats because they have the earmarks of authorized activity, and because they’re invisible to antivirus software, firewalls and other security solutions aimed at blocking external attacks.
One of the more persistent cybersecurity myths is that all cybercrime comes from external threats. In fact, according to a recent study, 44% of insider threats are caused by malicious actors, and the average cost per incident for malicious insider incidents in 2022 was USD 648,062.3 Another study found that while the average external threat compromises about 200 million records, incidents involving an inside threat actor have resulted in exposure of 1 billion records or more.4
A DDoS attack attempts to crash a server, website or network by overloading it with traffic, usually from a botnet—a network of multiple distributed systems that a cybercriminal hijacks using malware and operates via remote control.
The global volume of DDoS attacks has spiked during the COVID-19 pandemic. Increasingly, attackers are combining DDoS attacks with ransomware attacks, or simply threatening to launch DDoS attacks unless the target pays a ransom.
Despite an ever-increasing volume of cybersecurity incidents worldwide, and ever-increasing volumes of learnings gleaned from them, some very dangerous misconceptions persist.
Strong passwords alone are adequate protection. Strong passwords make a difference. For example, all other things being equal, a 12-character password takes 62 trillion times longer to crack than a 6-character password. But because cybercriminals can steal passwords (or pay disgruntled employees or other insiders to steal them), they can’t be an organization’s or individual’s only security measure.
The major cybersecurity risks are well known. In fact, the risk surface is constantly expanding. Thousands of new vulnerabilities are reported in old and new applications and devices every year. And opportunities for human error—specifically by negligent employees or contractors who unintentionally cause a data breach—keep increasing.
All cyberattack vectors are contained. Cybercriminals are finding new attack vectors all the time—including Linux systems, operational technology (OT), Internet of Things (IoT) devices, and cloud environments.
‘My industry is safe.’ Every industry has its share of cybersecurity risks, with cyber adversaries exploiting the necessities of communication networks within almost every government and private-sector organization. For example, ransomware attacks (see below) are targeting more sectors than ever, including local governments, non-profits and healthcare providers; threats on supply chains, ".gov" websites, and critical infrastructure have also increased.
Cybercriminals don’t attack small businesses. Yes, they do. For example, in 2021 82 percent of ransomware attacks targeted companies with fewer than 1,000 employees; 37 percent of companies attacked with ransomware had fewer than 100 employees.5
The following best practices and technologies can help your organization implement strong cybersecurity that reduces your vulnerability to cyber attacks and protects your critical information systems, without intruding on the user or customer experience.
Many users don’t understand how seemingly harmless actions—from using the same simple password for multiple log-ins, to oversharing on social media—increases their own or their organization’s risk of attack. Security awareness training, combined with well thought out data security policies, can help employees protect sensitive personal and organizational data. It can also help them recognize and avoid phishing and malware attacks.
Identity and access management (IAM) defines the roles and access privileges for each user, as well as the conditions under which they are granted or denied their privileges. IAM technologies include multi-factor authentication, which requires at least one credential in addition to a username and password, and adaptive authentication, which requires additional credentials depending on context.
Attack surface management (ASM) is the continuous discovery, analysis, remediation and monitoring of the cybersecurity vulnerabilities and potential attack vectors that make up an organization’s attack surface. Unlike other cyberdefense disciplines, ASM is conducted entirely from a hacker’s perspective, rather than the perspective of the defender. It identifies targets and assesses risks based on the opportunities they present to a malicious attacker.
Because it's impossible to stop all cyberattacks, organizations rely on analytics- and AI-driven technologies to identify and respond to potential or actual attacks in progress. These technologies can include (but are not limited to) security information and event management (SIEM), security orchestration, automation and response (SOAR), and endpoint detection and response (EDR). Typically these technologies are used in conjunction with formal incident response plan.
While not cybersecurity technology per se, disaster recovery capabilities often play a key role in maintaining business continuity in the event of a cyberattack. For example, the ability to fail over to a backup hosted in a remote location can enable a business to resume operations quickly following a ransomare attack (and in some cases without paying a ransom).
Outsmart attacks with a connected, modernized security suite. The QRadar portfolio is embedded with enterprise-grade AI and offers integrated products for endpoint security, log management, SIEM and SOAR—all with a common user interface, shared insights and connected workflows.
Proactive threat hunting, continuous monitoring and a deep investigation of threats are just a few of the priorities facing an already busy IT department. Having a trusted incident response team on standby can reduce your response time, minimize the impact of a cyberattack, and help you recover faster.
AI-driven unified endpoint management (UEM) protects your devices, apps, content and data, so you can rapidly scale your remote workforce and bring-your-own-device (BYOD) initiatives while building a zero trust security strategy.
Implemented on premises or in a hybrid cloud, IBM data security solutions help you gain greater visibility and insights to investigate and remediate cyberthreats, enforce real-time controls and manage regulatory compliance.
Footnotes
1 Cybercrime threatens business growth. Take these steps to mitigate your risk. (link resides outside ibm.com)
2Bridging the 3.4 million workforce gap in cybersecurity (link resides outside ibm.com)
3 2022 Ponemon Cost of Insider Threats Global Report (link resides outside ibm.com)
4 Verizon 2023 Data Breach Investigations Report (link resides outside ibm.com)
5 82% of Ransomware Attacks Target Small Businesses, Report Reveals (link resides outside ibm.com)