The scope of IT security is broad and often involves a mix of technologies and security solutions that work together to address vulnerabilities in digital devices, computer networks, servers, databases, and software applications. The most commonly cited examples of IT security include digital security disciplines such as endpoint security, cloud security, network security, and application security. But IT security also includes physical security measures—e.g., locks, ID cards, surveillance cameras—required to protect buildings and devices that house data and IT assets.
IT security is often confused with cybersecurity, a narrower discipline that is technically a subset of IT security. Whereas cybersecurity focuses primarily on protecting organizations from digital attacks, like ransomware, malware, and phishing scams, IT security services an organization’s entire technical infrastructure, including hardware systems, software applications, and endpoints, like laptops and mobile devices, as well as the company network and its various components, like physical and cloud-based data centers.
Take control of your organization’s cyber resilience with recommended actions from IBM Security®.
Cyberattacks and security incidents can exact a huge toll measured in lost business, damaged reputations, regulatory fines and, in some cases, extortion and stolen assets.
For example, IBM’s Cost of a Data Breach 2023 report studied over 550 companies who suffered a data breach between March 2022 and March 2022. The average cost of a data breach to those companies was USD 4.45 million—up 2.3 percent from findings of a similar study a year earlier, and up 15.3 percent over a 2020 study. Factors contributing to the cost include everything from notifying customers, executives and regulators to regulatory fines, revenues lost during downtime, and customers lost permanently.
Some security incidents are more costly than others. Ransomware attacks encrypt an organization’s data, rendering systems unusable, and demand an expensive ransom payment for a decryption key to unlock the data; increasingly, they demand a second ransom to prevent sharing sensitive data with the public or other cybercriminals. According to the IBM Security Definitive Guide to Ransomware 2023, ransom demands have risen to 7- and 8-figure amounts, and in extreme cases have been as high as USD 80 million.
Predictably, investments in IT security continue to rise. Industry analyst Gartner predicts that in 2023 organizations will spend USD 188.3 billion on information security and risk management resources and services, with the market continuing to balloon in the coming years, generating nearly USD 262 billion by 2026, following its compound annual growth rate of 11 percent from 2021.1
Cloud security addresses external and internal cyberthreats to an organization’s cloud-based infrastructure, applications and data. Cloud security operates on the shared responsibility model: Generally speaking, the cloud service provider (CSP) is responsible for securing the infrastructure with which it delivers cloud services, and the customer is responsible for securing whatever it runs on that infrastructure. That says, details of that shared responsibility vary depending on the cloud service.
Endpoint security protects end-users and endpoint devices, like desktops, laptops, cellphones, and servers, against cyberattacks. Endpoint security also protects networks against cybercriminals who try to use endpoint devices to launch cyberattacks on their sensitive data and other assets.
Network security has three chief objectives: to prevent unauthorized access to network resources, to detect and stop cyberattacks and security breaches in real-time, and to ensure that authorized users have secure access to network resources they need when needed.
Application security refers to measures developers take when building an app to address potential vulnerabilities, and protect customer data and their own code from being stolen, leaked or compromised.
Internet security protects data and sensitive information transmitted, stored or processed by browsers or apps. Internet security involves a range of security practices and technologies that monitor incoming internet traffic for malware and other malicious content. Technologies in this area include authentication mechanisms, web gateways, encryption protocols and, most notably, firewalls.
Internet of Things (IoT) security focuses on preventing Internet-connected sensors and devices—e.g. doorbell cameras, smart appliances, modern automobiles—from being controlled by hackers or used by hackers to infiltrate an organization’s network. Operational technology (OT) security focuses more specifically on connected devices that monitor or control processes within a company—e.g., sensors on an automated assembly line.
Every organization is susceptible to cyberthreats from inside and outside their organizations. These threats can be intentional, as with cybercriminals, or unintentional, as with employees or contractors who accidentally click malicious links or download malware.
IT security aims to address this wide range of security risks and account for all types of threat actors and their varying motivations, tactics, and skill levels.
Malware is malicious software that can render infected systems inoperable, destroying data, stealing information, and even wiping files critical to the operating system.
Well-known types of malware include:
Ransomware is malware that locks a victim’s data or device and threatens to keep it locked—or worse—unless the victim pays a ransom to the attacker. According to the IBM Security X-Force Threat Intelligence Index 2023, ransomware attacks represented 17 percent of all cyberattacks in 2022.
A Trojan horse is malware that tricks people into downloading it by disguising itself as a useful programs or hiding within legitimate software. A remote access Trojan (RAT) creates a secret backdoor on the victim’s device, while a dropper Trojan installs additional malware once it has a foothold.
Spyware secretly gathers sensitive information, such as usernames, passwords, credit card numbers and other personal data, and transmits it back to the hacker.
A worm is self-replicating malware that can automatically spread between apps and devices.
Frequently referred to as "human hacking," social engineering manipulates victims into taking actions that expose sensitive information, compromise their organization’s security, or threaten their organization's financial well-being.
Phishing is the best-known and most pervasive type of social engineering attack. Phishing attacks use fraudulent emails, text messages, or phone calls to trick people into sharing personal data or access credentials, downloading malware, sending money to cybercriminals, or taking other actions that might expose them to cybercrimes. Special types of phishing include
Spear phishing—highly targeted phishing attacks that manipulate a specific individual, often using details from the victim’s public social media profiles to make the ruse more convincing.
Whale phishing—spear phishing that targets corporate executives or or wealthy individuals.
Business email compromise (BEC)—scams in which cybercriminals pose as executives, vendors, or trusted business associates to trick victims into wiring money or sharing sensitive data.
Another social engineering tactic, tailgaiting, is less technical but no less a threat to IT security: it involves following (or ‘tailing’) an individual with physical access to a data center (say, someone with an ID card) and literally sneaking in behind them before the door closes.
A DoS attack overwhelm web site, application or system with volumes of fraudulent traffic, rendering it too slow to use or altogether unavailable to legitimate users. A distributed denial-of-service (DDoS) attack uses a network of internet-connected, malware-infected devices—called a botnet—to cripple or crash the target application or system.
A zero-day exploit advantage of an unknown or as-yet-unaddressed security flaw in computer software, hardware or firmware. ‘Zero day’ refers to the fact that the software or device vendor has zero days, or no time, to fix the flaw, because malicious actors can already use it to gain access to vulnerable systems.
Insider threats originate from employees, partners and other users with authorized access to the network. Whether unintentional (e.g., an third-party vendor tricked into launching malware) or malicious (e.g., a disgruntled employee bent on revenge), insider threats have teeth. A recent report from Verizon (link resides outside ibm.com) reveals that while the average external threat compromises around 200 million records, threats involving an inside threat actor have exposed as many as 1 billion records.
In an MITM attack, a a cybercriminal eavesdrops on a network connection and intercepts and relays messages between two parties to steal data. Unsecured Wi-Fi networks are happy hunting grounds for hackers launching MITM attacks.
As cybersecurity threats continue to escalate in ferocity and complexity, organizations are deploying IT security strategies that combine a range of security systems, programs, and technologies.
Overseen by experienced security teams, these IT security practices and technologies can help protect an organization’s entire IT infrastructure, and avoid or mitigate the impact of known and unknown cybertreats.
Because many cyberattacks, such as phishing attacks, exploit human vulnerabilities, employee training has become an important line of defense against insider threats.
Security awareness training teaches employees to recognize security threats and use secure workplace habits. Topics covered often include phishing awareness, password security, the importance of running regular software updates, and privacy issues, like how to protect customer data and other sensitive information.
Multi-factor authentication requires one or more credentials in addition to a username and password. Implementing multi-factor authentication can prevent a hacker from gaining access to applications or data on the network, even if the hacker is able to steal or obtain a legitimate user's username and password. Multi-factor authentication is critical for organizations using single sign-on, which enables users to log in to a session once, and access multiple related applications and services during that session without logging in again.
Incident response, sometimes called cybersecurity incident response, refers to an organization’s processes and technologies for detecting and responding to cyber threats, security breaches, and cyberattacks. The goal of incident response is to prevent cyberattacks before they happen, and to minimize the cost and business disruption resulting from any cyberattacks that occur.
Many organizations create a formal incident response plan (IRP) that defines the processes and security software (see below) they use to identify, contain and resolve to different types of cyberattacks. According to the Cost of a Data Breach 2003 report, at organizations that create and regularly test a formal IRP the cost of a data breach was USD 232,008 less than the average (USD 4.45 million).
No single security tool can prevent cyberattacks altogether. Still, several tools can play a role in mitigating cyber risks, preventing cyberattacks, and minimizing damage in the event an attack occurs.
Common security software to help detect and divert cyberattacks include:
Email security tools, including AI-based anti-phishing software, spam filters, and secure email gateways
Antivirus software to neutralize spyware or malware attackers might use to target network security to conduct research, eavesdrop on conversations, or takeover email accounts
System and software patches to close technical vulnerabilities commonly exploited by hackers
Secure web gateways and other web filtering tools to block malicious websites often linked to phishing emails
Threat detection and response solutions use analytics, artificial intelligence (AI) and automation to help security teams detect known threats and suspicious activity, and take action to eliminate the threat or minimize its impact. These technologies include security orchestration, automation and response (SOAR), security incident and event management (SIEM), endpoint detection and response (EDR), network detection and response (NDR), and extended detection and response (XDR).
Offensive security, or “OffSec,” refers to a range of proactive security strategies that use adversarial tactics—the same tactics malicious actors use in real-world attacks—to strengthen network security rather than compromise it.
Offensive security operations are often carried out by ethical hackers, cybersecurity professionals who use their hacking skills to find and fix IT system flaws. Common offensive security methods include:
Vulnerability scanning—using the same tools that cybercriminals use to detect and identify exploitable security flaws and weaknesses in an organization’s IT infrastructure and applications.
Penetration testing—launching a mock cyberattack to uncover vulnerabilities and weakness computer systems, response workflows and users' security awareness. Some data privacy regulations, such as the Payment Card Industry Data Security Standard (PCI-DSS), specity regular penetration texting as requirement for compliance.
Red teaming—authorizing a team of ethical hackers to launch a simulated, goal-oriented cyberattack on the organization.
Offensive security complements security software and other defensive security measures—it discovers unknown cyberattack avenues, or vectors, that other security measures might miss, and it yields information security teams can use to make their defensive security measures stronger.
Given their significant overlap, the terms ‘IT security,’ ‘information security’ and ‘cybersecurity’ are often (and mistakenly) used interchangeably. They differ primarily in scope.
Secure endpoints from cyberattacks, detect anomalous behavior and remediate in near real time with easy-to-use intelligent automation that requires little-to-no human interaction.
Protect your infrastructure and network from sophisticated cybersecurity threats with proven security expertise and modern solutions for intrusion detection and prevention, endpoint security management and more.
Protect your entire network against advanced threats and malware, with next-generation network security solutions that intelligently recognize even unknown threats and adapt to prevent them in real time.
IBM Security QRadar EDR, formerly ReaQta, remediates known and unknown endpoint threats in near real time with easy-to-use intelligent automation that requires little-to-no human interaction. Learn how QRadar EDR helps security teams make quick, informed decisions and focus on threats that matter. Or schedule a live demo to see QRadar EDR in action.