Cybersecurity has become a big business, precisely because businesses can’t hope to function safely without it.
Gartner estimates that spending on cybersecurity will reach $172 billion in 2022. That’s more than what Americans as a whole spend on cars and appliances, combined, in a year.
Companies make these investments precisely because the costs of incidents is even higher. When cybersecurity incidents occur, it doesn’t just hurt revenues. It also affects company reputations, as well as people’s trust. Between the costs of mitigation and the loss of revenues triggered by negative sentiment after an attack, many small to medium-sized businesses go bankrupt after one major breach.
Beyond internal business concerns, having strong cybersecurity in general is important for all organizations because it protects the systems, data, and infrastructure that people rely on every day to live, work, and play.
What is cybersecurity?
According to IBM: “Cybersecurity is the practice of protecting critical systems and sensitive information from digital attacks.”
It’s important to recognize that “cybersecurity” can refer to a malleable range of ideas, with the central theme of protecting against disruptions. One can describe cybersecurity alternately as a discipline, a set of best practices, a group of technologies, and an active component of organizations’ IT operations.
It might help to think of cybersecurity as one of the two main practices that keeps technology functioning as intended:
- IT services aim to keep software, systems, and connected components operating free from unintentional bugs or issues
- Cybersecurity exists to thwart major disruptions and breaches, including those intentionally done by humans as well as unintentional exposures and disruptions caused by events like fire, severe weather, or critical personnel failures
Intentional cybersecurity breaches are conducted by “threat actors.” That group includes hackers, cyber terrorists, and well-funded organizations. Some threat actors are merely curious; they may want to see if they can rise to the challenge of getting around security measures, or they may be interested to put coding or computing theories to the test. More often, unfortunately, threat actors have criminal goals. Increasingly, cyber threats come from state-sponsored organizations as well as sophisticated criminal networks.
Unintentional service disruptions and data exposures can also be triggered by employee actions, as well as the actions of vendors and service providers. Critical mistakes or failures to follow proper procedure can mean service outages as well as exposure of sensitive data. Individuals may make typing mistakes or violate data policy by accidentally intermingling different types of data, harming the data’s privacy and integrity.
Why do companies invest so much in cybersecurity?
Cybersecurity exists to work against the above-listed major threats, and it’s become a primary IT investment area for many companies.
Research from Deloitte shows that financial services enterprises spend an average of 10% of their total IT budget on cybersecurity, equalling 0.55% of their revenue or around $2,150 per employee. The U.S. federal government alone proposes a $10.9 billion budget for immediate national cybersecurity concerns.
Why spend so much money? It’s because preventing a cybersecurity incident is cheaper than dealing with the aftermath. IBM estimates that a single data breach can cost an average of $8.64 million for US companies. Businesses must also consider nigh-incalculable costs, like how the hacking of the Colonial pipeline disrupted commerce and travel for the entire east coast in 2021.
Whether triggered by a nefarious hacker or a careless employee, cybersecurity risks threaten to destabilize everyday commerce and disrupt services people rely upon.
Why do malicious cybersecurity threats exist?
Understanding the goals of cyber attackers can enable cybersecurity professionals to predict and prevent incidents before they occur — or, in cases where attacks cannot be prevented, mitigate damage to the extent possible.
A majority of modern threat actors seek ill-gotten financial gains by holding systems and data for ransom as one common motive. 53% of cyber attacks in the past few years involved criminals holding vital systems for a ransom worth $500,000 or more, according to Cisco.
Other common motives/goals include:
- Stealing valuable information, such as trade secrets, card information, and social security numbers
- Disrupting business and government activities
- Causing chaos
- Seizing control of certain devices, infrastructure components, systems, or software to perform actions on their behalf
- Spying and intercepting information, for potential use later
- Proliferating malware, viruses, or other forms of software-based threats
- Creating a backdoor into systems for later use or exploitation
- Some combination of the above
What types of attacks does cybersecurity protect against?
To fulfill their goals, threat actors will use a variety of techniques.
The most common types of cybersecurity threats include:
-
- Phishing — Tricking end users into giving login information, opening a file, or executing a command that gives an infiltrator access to a protected system or information
- Viruses/Malware — Computer programs that disrupt normal functioning, preventing technology from doing something or forcing it to do something it wouldn’t normally allow
- Ransomware — Locking systems and information down and threatening to delete them entirely unless a ransom is paid
- Dedicated denial of service (DDoS) attacks — A technique that overwhelms internet-connected systems with typical requests they would normally be able to accommodate if not for the massive volume, forcing them to shut down or causing other forms of disruption
- Data breaches — Exposing sensitive information
- Information or request interception (Man in the middle/ MITM) — Intercepting information transfers or other system activities as they transmit across networks, often without the sender or recipient knowing
- Vulnerability exploits — Using known issues, bugs, or lapses in protections to perform illegitimate activities, such as by tricking a banking application to reveal account information
- Infrastructure hacking — Infiltrating computerized components of the electrical grid, gas pipelines, or vital communications networks to steal information, seize control, install ransomware, etc.
- Insider threats — Sometimes threat actors will overcome physical access barriers by sneaking into a facility or enlisting the help of someone inside the company to manually infiltrate systems or hardware (think: the classic Mission Impossible scene)
Other, non-criminal threats exist that pose concern for cybersecurity professionals. These include:
- Process/protocol breaches — Failure to abide by policies and processes set by the organization can lead to non-compliance with state and federal regulations as well as unintentional disruption of services or exposure of sensitive data
- Mistakes, mistyping, and errant clicks — Fundamentals of cybersecurity can be thwarted by a single employee mistake, especially when it is committed by a high-ranking company official or someone with access to sensitive systems and data
- Environmental-related service disruptions — Fires, floods, earthquakes, hurricanes, blackouts, and threats caused by civil disruptions or foreign invasions (it could happen!) must all be assessed for their capability to irreparably damage assets and data hosted on-site or to disrupt services. Backup plans must then be created to restore service and data, as well as plans to prevent the exposure of sensitive data.
The lists above are by no means all-inclusive. Nevertheless, they reveal the most common causes for concern that cybersecurity professionals must consider as they attempt to defend valued physical and digital assets from threat actors.
What Are the Main Types of cybersecurity Used to Protect Valuable Assets and Data?
Cybersecurity can be thought of as a five-part framework encompassing the primary actions taken in order to protect sensitive data and valuable assets
Identify → Protect → Detect → Respond → Recover
There are also four primary areas of concern when it comes to protection:
Confidentiality → Integrity → Availability → Compliance
Combining these elements provides a generalized matrix detailing some of the most important technology, processes, and human-driven activities needed in order to achieve cybersecurity’s goals
Identify | Protect | Detect | Respond | Recover | |
Confidentiality | Insert strategy | Insert strategy | Insert strategy | Insert strategy | Insert strategy |
Integrity | Insert strategy | Insert strategy | Insert strategy | Insert strategy | Insert strategy |
Availability | Insert strategy | Insert strategy | Insert strategy | Insert strategy | Insert strategy |
Compliance | Insert strategy | Insert strategy | Insert strategy | Insert strategy | Insert strategy |
Each blank in the above matrix indicates a demand for a particular solution fulfilled by people, process, technology, or a combination thereof.
As an example, preserving confidentiality would involve discovering and classifying all sensitive data assets at the identify phase. Encryption can help to protect this data from being deciphered even if it is somehow intercepted or exposed.
Preserving integrity at the recovery phase would involve having backups and the ability to roll back data and systems to an earlier version that isn’t compromised. The response can involve determining how integrity was compromised and introducing new computer-driven controls as well as new training to prevent further integrity compromises.
To detect issues related to compliance, the organization must perform regular audits, and it can also introduce automated gating controls to ensure that compliance needs are met at each step of the process.
In this way, the organization can have measures in place to address each phase of cybersecurity to the primary areas of concern.
What are the basics of cybersecurity and how it works?
Essentially, each cybersecurity counter measure must take into account how and why a threat actor might seek to infiltrate a system or why an asset or bank of data might otherwise be compromised. Security professionals must then protect against these specific threats.
Speaking more generally, it helps to understand the different disciplines, thought process, and activities that go into protecting valued technology and data. One of the best ways to do that is to leverage the following cybersecurity strategy framework, paraphrased from the Department of Homeland Security (DHS) Cybersecurity Strategy document.
1. Determine all assets that need to be protected
The first step is to determine all assets, systems, and data that must be protected through an inventory.
The FCC-issued data protection guidelines describe how a typical enterprise might protect its data through a rigorous identification and prioritization phase. The process consists of the following:
- Inventory all data
- Identify data that needs to be protected
- Rank that data in terms of importance
- Restrict access and amplify security measures, based on data priority
The exact same process should be performed for not just data but permissions and access to sensitive systems, assets, devices, etc. Unfortunately, uncovering all assets, users, endpoints, and data can be extremely difficult through legacy means. That’s why Lucidum invented a Machine Learning-driven asset discovery method for cybersecurity.
2. Quantify threats
Perform an analysis of threats to sensitive data, assets, and systems using current available cybersecurity threat information as well as your own data as a company. For example, your own data can reveal which systems are most vulnerable or have been the target of recent attacks, attempted or successful.
Identify the most-likely threats, including which threats are able to best-target different tiers of sensitivity. Then, audit your existing ecosystem to look for vulnerabilities, and actively perform routine cybersecurity audits to detect changes to the risk level.
3. Create a protection plan
First, identify the technologies that will be used to protect sensitive data and assets. However, recognize that this is not enough on its own. Vulnerabilities and breaches can also occur as a result of unintentional user behaviors. Therefore, the organization must also identify the employee/user behaviors that could compromise this data or unintentionally aid in threat actor’s infiltration attempts. For example, employees should be trained to look out for suspicious emails and signs that could indicate phishing.
Create a plan to reduce vulnerabilities and the likelihood of a threat actor successfully performing their desired actions, either on their own or through the missteps of your employees.
Gather data on the effectiveness of your protection plan over time. Review this data periodically, and update your response plan several times a year in light of past performance and emerging understanding.
4. Create a response and recovery plan
Cybersecurity measures can be both passive (e.g. a traditional firewall) and active (e.g. zero trust authentication systems), but they can’t act wholly on their own.
Cybersecurity teams need a response plan for when something like a data breach is actively being attempted — or has already succeeded. The plan should encompass multiple scenarios, with contingencies. Teams should also include plans for mitigating negative consequences once a cyber attack has been successful.
5. Proactively monitor, analyze, and optimize
Organizations can’t just put a cybersecurity strategy in place and expect it to work for all time.
Professionals must be actively inventorying their valued assets (including data), researching the latest threats, and looking into new possible solutions. It’s worth noting that “new solutions” can mean both a cybersecurity technology vendor or something as simple as improved employee prevention and response training.
Organizations must constantly look at historical data to analyze performance and identify opportunities to improve. Much like how doctors must enroll in continuing medical education (CME) to be aware of the most-effective methods for preventing and treating ailments, CISOs and other cybersecurity professionals must constantly be made aware of not just new threats but new understanding on how to prevent them.
In this way, organizations will repeat all of the above steps on a continual basis in order to stay informed of cybersecurity threats and how to best prevent, address, or mitigate them.
Get Thorough, and Get Strategic, with 360° Cybersecurity Awareness from Lucidum
Staying informed and on top of cybersecurity threats isn’t easy, and many organizations fail at step one: identifying all relevant assets and data. It’s impossible to protect what you don’t know is there, and it’s also impossible to defend against threats when you aren’t aware of where they’re coming from.
Many modern organizations, from small businesses up to giant enterprises, struggle with asset and data discovery. They then face vulnerabilities because of unexpected back doors or unchecked activity at the dark edges of their tech ecosystem.
Lucidum provides organizations with full situational awareness with the only 100% reliable and low-latency method of asset discovery and risk assessment. It acts as your co-pilot, empowering you to create a plan for continuous threat assessment and risk prioritization. Our platform can also automate actions that feeds insights to the right people, assist with risk mitigation, or provide full risk management right from a single dashboard.
Find more about how Lucidum provides critical visibility that keeps you on top of monitoring and defending your airspace by visiting the Lucidum cybersecurity platform page or by requesting a demo to speak to one of our team members.