What is Cybersecurity?

February 18, 2021

Defining Cybersecurity Today

Cybersecurity is the act of defending digital assets, including networks, systems, computers and data, from cyberattacks. A modern cybersecurity strategy leverages a combination of advanced technologies and human resources to prevent, detect and remediate a variety of digital threats and adversaries.

While any organization or individual can be the target of a cyberattack, cybersecurity is especially important for organizations that collect and store sensitive data or information such as intellectual property, customer information, payment details or medical records. Many digital adversaries tend to focus on high-value targets, such as financial institutions, government organizations, military branches or large companies. In recent years, cybersecurity has also become a growing concern with respect to public infrastructure, such as transportation systems, utilities and the electricity grid. Attacks of this nature are among the country’s most pressing national security threats.

In order to protect and defend against digital attacks, organizations must develop and deploy a comprehensive security strategy that includes both preventative measures, as well as rapid detection and response capabilities. As digital adversaries become more sophisticated, it is also important to continually assess and upgrade the organization’s cybersecurity tools, technologies and processes. One of the most reliable steps an organization can take to protect its digital assets, customers and reputation is to partner with a leading cybersecurity service provider to assess the organization’s existing capabilities and help develop a comprehensive and flexible strategy based on their unique needs.

The Evolution of Cybersecurity

Traditionally, a cybersecurity strategy consisted of defensive measures deployed to protect a defined perimeter. However, the growing use of cloud technology and a proliferation of smart devices, has made cybersecurity far more complex. These trends have effectively eliminated the perimeter and expanded the attack surface to include any device that is connected to the internet. Organizations must now consider how to protect and defend endpoints regardless of location, while also securing data, IP and other assets stored in the cloud.

Further complicating matters is the increased sophistication of digital adversaries and the global reach of many actors. Despite a general increase in awareness about the risks of cyber attacks, as well as increased spending on security measures, many organizations remain vulnerable to an attack and should take immediate steps to strengthen their cybersecurity defenses.

Learn More

The COVID-19 pandemic, which has led to millions of people around the world shifting to remote work, has prompted a massive increase in malicious activity. A recent CrowdStrike survey revealed that there were more intrusion attempts in the first six months of 2020 than in all of 2019. Our threat hunting team blocked more than 40,000 potential intrusions by June 30, as compared with just 35,000 similar attempts for all of the previous year.Read the 2020 Threat Hunting Report from the CrowdStrike Overwatch Team: Nowhere to Hide.

Types of Cybersecurity

Within cybersecurity, there are many different subcategories specific to the defense of each digital asset. Subsectors of cybersecurity include:

Endpoint Security

Endpoint security, or endpoint protection, is the process of protecting a network’s endpoints – such as desktops, laptops, and mobile devices – from malicious activity. Endpoint security differs from traditional security in that it must happen in real-time across a large number of endpoints, geographic regions, and bandwidths.

Cloud Security

Cloud security is the collective term for the strategy and solutions that protect a cloud infrastructure, and any service or application hosted within its environment, from cyber threats. For organizations that use a cloud-based model or are beginning the shift to the cloud, it is important to develop and deploy a comprehensive security strategy that is specifically designed to protect and defend cloud-based assets.

2021 CrowdStrike Global Threat Report

Download the 2021 Global Threat Report to uncover trends in attackers’ ever-evolving tactics, techniques, and procedures that our teams observed this past year.

Download Now

Application Security

Application security refers to those measures taken to reduce vulnerability at the application level so as to prevent data or code within the app from being stolen, leaked or compromised.

Network Security

Network security is a relatively broad term that refers to the tools, technologies and processes that protect the network, as well as all related assets, data and users from cyberattacks and nefarious activity. It includes a combination of preventative and defensive measures designed to deny unauthorized access of resources and data.

Understanding Cybersecurity Threats

Cybersecurity threats can come in many forms. Some common examples include:

Malware

Malware (malicious software) is a term used to describe any program or code that is created with the intent to do harm to a computer, network or server. Common types of malware include viruses, ransomware, keyloggers, trojans, worms and spyware.

Ransomware

Ransomware is a type of malware that denies access to your system and personal information and demands a payment (ransom) to get your access back.

Denial-of-Service (DoS) attacks

Denial-of-Service (DoS) attack is a malicious, targeted attack that floods a network with false requests in order to disrupt business operations. In a DoS attack, users are unable to perform routine and necessary tasks, such as accessing email, websites, online accounts or other resources that are operated by a compromised computer or network. While most DoS attacks do not result in lost data and are typically resolved without paying a ransom, they cost the organization time, money and other resources in order to restore critical business operations.

Phishing

Phishing is a type of cyber attack that uses email, SMS, phone, or social media to entice a victim to share sensitive information—such as passwords or account numbers—or to download a malicious file that will install viruses on their computer or phone.

Learn More

While Amazon Web Services (AWS) and Google Cloud Platform (GCP) offer logging and visibility options, there are some blind spots. Learn what they are and how to eliminate them.Read

Cybersecurity Challenges

Organizations face many challenges when it comes to crafting an effective, comprehensive cybersecurity strategy. Common issues may include:

Shift to the cloud: In a cloud-based business model, users can access services, applications and data from anywhere with an internet connection—but so can cyber criminals and digital adversaries. Organizations must design and implement a comprehensive security solution to protect from an expanding array of threats and increasingly sophisticated attacks within the cloud environment. Traditional security strategies, intended to protect on-premise hosted networks and associated assets, must be updated to address the threats related to the cloud environment.

 

An increase in remote work and proliferation of connected devices: As discussed above, the COVID-19 pandemic has led to a massive uptick in remote work capabilities. This has made protecting company assets and data more complicated as people work on unsecured or vulnerable home networks and leverage personal devices. A modern cybersecurity strategy must consider this growing and lasting shift to remote work, as well as a huge influx in connected devices enabled by the Internet of Things.

Insufficient risk awareness: Many organizations mistakenly believe that they are not a desirable target for cyber adversaries. In reality, these actors are conducting massive campaigns in every sector of the economy to penetrate networks and exfiltrate information and assets. Every organization needs to recognize that fact and work to detect and prevent the potentially devastating damage cyber attacks can cause.

A siloed approach to cybersecurity: Cybersecurity is not “an IT problem.” Nor is it an issue that will be solved by technology alone. In order to craft a comprehensive and effective cybersecurity strategy, the organization must consider its policies, processes and technologies across every business function. Further, all network users must be adequately trained to practice responsible online behavior, as well as how to spot the signs of common network attacks.

Insufficient funding: Because some organizations do not fully grasp the risk of cyber attacks, many may also fail to properly fund their cybersecurity efforts. While every organization’s priorities will differ, a robust cybersecurity solution is a requirement in the modern business landscape. That said, many organizations can work with a cybersecurity partner to determine how to best use available budget. For example, many companies are often able to prioritize the protection of their so-called “crown jewels”—those digital assets deemed most critical to the business. Further, many cybersecurity partners take a scalable approach to security, often developing and deploying a flexible security architecture that can be upgraded and expanded when budget allows.

A talent shortage: The cybersecurity talent gap is not a new phenomenon. In fact, a recent study found that 40 percent of organizations say that their security teams are understaffed, and only 34 percent have a high degree of confidence in their team’s abilities to detect and respond to cyber threats. People remain a critical part of the cybersecurity strategy, which means that organizations must take steps to attract and retain cybersecurity personnel, as well as upskill or reskill members of the workforce to meet this growing need.

Benefits of Improving Cybersecurity

A comprehensive cybersecurity strategy is absolutely essential in today’s connected world. Recent research indicates that one out of every two companies will experience a data breach annually. Further, the average cost of a data breach has now reached $3.86M.

From a business perspective, securing the organization’s digital assets has the obvious benefit of a reduced risk of loss, theft or destruction, as well as the potential need to pay a ransom to regain control of company data or systems. In preventing or quickly remediating cyber attacks, the organization also minimizes the impact of such events on business operations. Finally, when an organization takes steps to deter adversaries, they are essentially protecting the brand from the reputational harm that is often associated with cyber events—especially those that involve the loss of customer data.

CrowdStrike believes strongly in its breach protection capabilities. We offer Falcon Complete™ customers a warranty up to $1 million in breach response expenses if there is a security incident within the protected environment. The warranty protects against unauthorized access by a third party to the operating system of an endpoint protected by Falcon Complete and covers certain breach response fees and expenses incurred by the customer, including legal consultation, forensic services, notification expenses, identity theft and credit monitoring, public relations and cyber extortion payments.

The Future of Cybersecurity

As digital adversaries continue to exploit the recent shift to remote work and proliferation of connected devices, organizations must take steps to protect themselves from this potent threat.

The most effective cybersecurity strategies blend human resources with advanced technological solutions, such as AI, ML and other forms of intelligent automation to better detect anomalous activity and increase response and remediation time.

At CrowdStrike, we recommend that organizations routinely assess and test their security defenses through a variety of advanced techniques that leverage both digital technologies and human support. These may include:

  • Tabletop exercise: A discussion-based security tactic that simulates a targeted attack in a time-compressed fashion, but without the risk and time required for a full adversary emulation.
  • Adversary emulation: A simulated attack that follows a common attack kill chain, mimicking tactics, techniques and procedures (TTPs) used by real-world adversaries as they try to gain access to a network.
  • Red team/Blue team exercise: A cybersecurity assessment technique that uses simulated attacks to gauge the strength of the organization’s existing security capabilities and identify areas of improvement in a low-risk environment.
  • Live fire exercise: A fully immersive attack experience that gauges the organization’s response to a security attack.
  • Penetration testing or pen testing: A simulation of real-world attacks in order to test your organization’s detection and response capabilities. The purpose of pen testing is not just to identify your environment’s vulnerabilities, but also to test your people and processes against likely threats to your organization.

Learn how CrowdStrike Falcon can help maintain your cybersecurity health and stability:

Try Falcon Now