What is cybersecurity?
Cybersecurity is the practice of protecting networks, devices, applications, systems, and data from cyberthreats. The overall goal is to fend off attacks that attempt to access or destroy data, extort money, or disrupt normal business operations – whether those attacks come from within or outside the organisation.
The importance of cybersecurity
increase in malware attacks in 2020
average cost of a data breach to an enterprise
Cyberattacks are almost always about accessing data for gain. The majority of that data is stored in the cloud, but increasingly it’s also stored on personal devices, Internet of Things (IoT) devices, and private networks and servers. Data growth is accelerating at a massive rate, and it’s predicted that the world will store 200 zettabytes of data by 2025. The importance of cybersecurity cannot be overstated and putting robust systems into place to safeguard data is a top priority for businesses and governments around the world.
Types of cyberattacks
As the world becomes more connected and reliant upon technology, and as we increasingly conduct our business and lives online, we create more opportunities – and an ever-expanding attack surface – for cybercriminals whose methods are becoming more and more sophisticated.
Common types of cybersecurity threats include:
- Social engineering attacks: Social engineering is the practice of manipulating people into revealing sensitive, confidential information for monetary gain or access to data. It includes phishing and spear phishing and can be combined with other threats to entice users to click on links, download malware, or trust a malicious source.
In 2020, almost one-third of the breaches incorporated social engineering techniques, of which 90% were phishing.
- Malware attacks: Malware is malicious software such as viruses, worms, spyware, and adware that can infect computers. Ransomware is well-known malware that accesses and blocks files or systems to extort a ransom payment.
Global ransomware damage costs are predicted to reach US$20 billion by the end of the year, up from $325 million in 2015.
- Internet of Things (IoT) attacks: There are now more IoT devices than people in the world, and they present multiple opportunities for hackers as these devices are vulnerable to man-in-the-middle attacks, denial-of-service attacks (DoS), malware, permanent denial-of-service attacks (PDoS), and zero-day attacks.
The IoT market is due to reach 31 billion connected devices in 2020, and by 2025 there will be about 75 billion IoT devices.
- Advanced persistent threats (APTs): APTs are multi-stage attacks where hackers infiltrate a network undetected and remain inside for a sustained amount of time to access sensitive data or disrupt critical services. APTs are often aimed at industries with high-value information such as national defence, manufacturing, and finance.
- Denial-of-service (DoS) attacks: DoS attacks, or distributed denial-of-service (DDoS) attacks, happen when an attacker inundates a server or network to temporarily or indefinitely render it unavailable, usually by flooding it with traffic so that other users can’t access it. This interference can lead to a complete disruption of connected systems, causing large-scale outages and significant financial consequences due to downtime.
The first half of 2020 saw a 15% increase in DDoS attacks. Nearly 4.83 million attacks were recorded, with a 126% surge in the 15-plus vector attacks.
How does cybersecurity work?
There is no one-size-fits-all enterprise cybersecurity solution. Instead, multiple layers of protection work together to safeguard against processes being disrupted and information being accessed, changed, destroyed, or held for ransom. That protection must continually evolve to proactively counter emerging cyberthreats. Multiple solutions can be integrated to create a unified defence against potential cyberattacks.
Application security focuses on enhancing security when apps are in the development phase and once they’re deployed. Types of application security include antivirus programmes, firewalls, and encryption programmes.
The ongoing migration to private, public, and hybrid clouds means that cloud providers must continue to prioritize implementing robust, up-to-date cloud security to protect systems, data, and availability. Cloud security includes data classification, data loss prevention, encryption, and more.
With the proliferation of the IoT, there is also a proliferation of risk. While IoT security varies depending upon the device and its application, building security into devices, ensuring secure upgrades and secure integration, and protecting against malware are some IoT-security best practices.
Critical infrastructure security
The vital cyber-physical systems that our societies rely on – including electricity grids, water systems, and public health services – are vulnerable to various risks. Critical infrastructure security is deployed to protect these systems from natural disasters, physical attacks, and cyberattacks.
Network security is a combination of hardware and software solutions that protect against unauthorised network access, which can result in information being intercepted, changed, or stolen. Types of network security include logins, passwords, and application security.
Endpoints or end-user devices – including desktops, laptops, wireless systems, and mobile devices – are all entry points for threats. Endpoint security includes antivirus and anti-malware protection, IoT security, and cloud security.
Information security, or InfoSec, focuses on maintaining the confidentiality, integrity, and availability of all of an organisation’s digital and analog data. There are many types of information security, including application security, encryption, and disaster recovery. Cybersecurity can be seen as a subset of information security; both focus on the security of data, but InfoSec has a broader scope.
Data loss prevention
Data loss prevention, or DLP, is focused on stopping sensitive data from leaving an organisation – whether it is leaked intentionally or shared inadvertently. DLP technologies that track, identify, and prevent unauthorised information flow include classification, encryption, monitoring, and policy enforcement.
Identity and access management (IAM)
Identity and access management systems – including two-factor authentication, multi-factor authentication, privileged access management, and biometrics – help organisations control user access to critical information and systems on premise and in the cloud.
Security information and event management (SIEM)
Modern SIEM solutions monitor and analyse security data and events in real time, helping organisations detect and respond to cyberthreats before they have a chance to disrupt business operations. Using artificial intelligence (AI) and machine learning, SIEM offers advanced user and entity behaviour analytics (UEBA) to stay on top of ever-evolving threats.
Cybersecurity awareness training
End-users are both the first line of defence against cyberattacks and the weakest link in the cybersecurity chain, which is why phishing remains such a prevalent cyberthreat. It’s estimated that human behaviour causes as many as 90% of cyberattacks, so continually educating your end-users on cybersecurity initiatives to support them in making intelligent cyber-defence choices is crucial. As long as people fall for phishing scams, use weak passwords, and work on unsecured networks, they are open to exploitation. As remote working continues during the pandemic and hybrid workforces look to be the norm in the future, remote workers will continue to be targeted by bad actors.
Enterprise cybersecurity framework
The National Institute of Standards and Technology (NIST) Cybersecurity Framework includes five pillars that offer private sector organisations guidance on the best practices for managing cyber risk and building a robust cybersecurity framework. Organisations can develop a proactive cybersecurity approach by putting these pillars into play continuously and concurrently. The pillars are:
- Identify: This foundational pillar is about developing a complete understanding of your assets and the risks to them so that you can put policies and procedures in place to manage those risks.
- Protect: This second pillar focuses on establishing the appropriate safeguards to protect your organisation against a cybersecurity event.
- Detect: Implementing measures to identify cybersecurity events, including continuous monitoring, is at the heart of the detect pillar.
- Respond: Once an event is detected, having a plan to respond quickly and appropriately and contain the impact is an essential pillar of the NIST framework.
- Recover: Being able to restore capabilities and services after a cybersecurity attack is part of what makes a business resilient and is as critical as responding quickly to attacks.
The future of cybersecurity
Every element of cybersecurity is evolving. New targets are emerging alongside new technologies. Cybercriminals are constantly innovating the type and severity of their attacks – and the impact of these attacks is escalating. The tools that can help improve cybersecurity – such as AI and 5G networks – are a boon to cybersecurity experts and cybercriminals alike. While the nature of future threats is hard to pin down, it’s clear that the future of cybersecurity needs to be proactive so it can adapt and adjust to evolving and emerging threats.
AI and cybersecurity
Artificial intelligence (AI) is integral to the future of cybersecurity both as a weapon for hackers and as a tool for experts to address vulnerabilities, detect issues, and repel attacks. AI’s ability to review Big Data quickly and use machine learning to analyse, update, and learn user patterns makes it an excellent tool for predicting new attacks and detecting potentially malicious behaviour in real time. While traditional cybersecurity methods focus on protecting external defences to repel an attack, embedded AI cybersecurity programmes can strengthen internal defences.
5G and cybersecurity
5G, the 5th generation of wireless technology, promises more speed, more connectivity, and more reliability, supporting increasingly powerful cybersecurity measures. However, with more bandwidth comes more avenues of attack, including more vulnerable endpoints. To minimise the risks posed by 5G, the cybersecurity community will need to identify weaknesses and vulnerabilities and then put hardware and software countermeasures into place.
Fileless malware attacks are on the rise – and they are one of the biggest digital threats to companies today, in part because they are so hard to detect. Fileless malware uses a company’s own software and tools to execute malicious activities, rather than using its own attack frameworks or installing malware onto hard drives. This “living-off-the-land” (LotL) style of attack doesn’t generate new files, so it evades detection by cybersecurity solutions that scan for malicious file attachments or track the creation of files.
Deepfakes are an emerging, convincing threat that could exponentially fuel fake news and disinformation as well as social engineering attacks. After all, if you see or hear your boss telling you to do something, you’re likely to follow their orders, no matter how unusual they may seem. Ongoing end-user education around trusting sources can help combat deepfakes, and cybersecurity solutions with AI algorithms designed to detect deepfakes will be a crucial defence against them.
With the daily discovery of new malware and viruses and damage related to cybercrime projected to hit $10.5 trillion annually by 2025, cybersecurity defences will need to evolve alongside or ahead of threats. A zero trust approach – where you assume that you cannot trust any device, user, or service – is a framework that can inform all aspects of an organisation’s cybersecurity and help move towards a more secure cyber future.
Information security, or InfoSec, is focused on securing all of an organisation’s data, whether it’s digital or analog and wherever it’s stored. In contrast, cybersecurity is about protecting digital data from being compromised or attacked. While there is overlap between the two, they are different, and cybersecurity is often seen as a subset of information security.
The term botnet is an abbreviation of “robotic network” and refers to a collection of computers hijacked by malicious code to carry out scams and cyberattacks. By maliciously leveraging a network of computers, hackers can efficiently carry out more significant attacks. These include DDoS attacks, data theft, malware distribution, and e-mail spam.
An attack surface is all the different points – known or unknown – that an attacker can use to access a system. Attack surfaces are rapidly expanding and include software, operating systems, IoT and mobile devices, data centres, and even people. Understanding the scope and vulnerabilities of your attack surface is a crucial component of cybersecurity
Phishing is a type of cyberattack where a fraudulent email attempts to trick the recipient into revealing sensitive information (such as login credentials) or downloading malware. These emails are usually sent to a large number of people, whereas spear phishing is more targeted to a specific individual. Phishing emails are the most common delivery method for ransomware and a cautionary example of how important the human element can be to cybersecurity.
Spear phishing is a social engineering attack that targets a specific individual by sending them what appears to be legitimate communication from a known and trusted entity. Targets are usually directed to a false website where hackers attempt to steal their identifying information, extort money, or infect their devices with malware. In contrast, phishing casts a broader, less personal net.
Ransomware is a type of malicious software (malware) that uses encryption to deny an organisation access to their own files, databases, and applications. A ransom is then demanded to restore access.
In a denial-of-service attack, the hacker attempts to make a system or resource unavailable by stopping or disrupting the services of the host connected to that network. This can cause serious disruption to business operations and could be a distraction for a more serious type of attack such as a ransomware attack.
Cyberwarfare is big business, and the most pervasive hackers are often essentially mercenaries, hired as part of sophisticated and well-funded criminal organisations or adversarial nation-states Whether these organisations aim to extort money or exert political influence, the end result is that some of society’s most critical data is at stake, and some of our most essential services and businesses are continually put at risk. Furthermore, hacking and phishing are not the only means of committing cyber attacks. Companies also have to be on the alert for unethical employees who may be prepared to compromise or sell corporate data for a price. Cybersecurity is as much about managing people as it is about managing technology.
SAP Insights Newsletter
Gain key insights by subscribing to our newsletter.