A Deeper Understanding of Cybersecurity

Cybersecurity has been one of the most concerning issues for organizations all over the world. As they have integrated technology and digital information into almost all of their activities, the risk that they can be a target for cyber-attacks has increased.

An organization’s systems and information are protected by deploying many processes, policies, and technologies. The protection of the internet-connected systems or this cyberspace against cyber-attacks is known as cybersecurity. 

Throughout the years, people have adapted and digitalized new technologies to improve their work efficiencies, reduce costs, increase productivity, and in general, facilitate their lives. Similarly, so has cybersecurity. New advanced methodologies and technologies are being developed continuously, making the future of cybersecurity very interesting and intriguing.

Evolution of cybersecurity and cyber-attacks

It was in 1970 when the world witnessed the first cyber-attack which was just a starting point for a long pathway of cybercrime. Even though it all started just as a joke, ‘Creeper and Reaper’, was the first computer virus. It was designed in a way that could be transmitted between computers and would show a message “I’m the creeper: catch me if you can”. Then, another virus that eliminated the ‘Creeper’ was introduced. This one was programmed to duplicate itself through computers.

‘Creeper and Reaper’ was just the start. After some years, the world experienced another attack ‘The Morris worm’. It was a denial-of-service attack, which could infect a single computer many times and even crash it. This also marks the creation of Computer Emergency Response Teams (CERTs) whose role was to respond to these kinds of attacks. 

Since then, cyber-attacks have only become more sophisticated and have been used for very malicious purposes. Over the years, cybercriminals have been designing different methodologies and different forms of cyber-attacks, making cybersecurity very challenging. Some of the most popular types of the cyber-attacks are:

1. Malware – This intrusive malicious software is designed to disrupt a computer network, gain unauthorized access, steal data, and damage the network. Some types of malware are viruses, Trojans, worms, and spyware.
2. Phishing – This is a type of social engineering and refers to the practice of tracking people to share personal information by sending fraudulent messages. 
3. Ransomware – This is a type of malware used to encrypt files on devices and systems, and make them unusable. The attacker then threatens the victim to block their access or even publish sensitive information unless a ransom is paid. 

Other common forms of cyber-attack include:

1. Cryptojacking
2. Drive-By attack
3. Man-in-the-Middle attacks
4. Password attacks
5. Rootkits
6. Internet of Things attacks
7. Denial-of-Service attacks

The rapid cyber-attack changes happening call for action. Cybersecurity experts are continuously working to improve their methods of prevention, protection, detection, and reaction, so they could stay one step ahead of cybercriminals. 

Cybersecurity trends

Despite many efforts to protect cyberspace, it seems like they are still not enough to stop the increasingly large number of cyber-attacks. In fact, according to Cybercrime Magazine, they are the fastest growing crime globally and their cost is expected to reach $10.5 trillion by 2025.

Cyber-attacks target organizations of different sizes and sectors. However, some sectors are more vulnerable to cybersecurity incidents than others. For instance, the most targeted sector is financial services, followed by ICT, manufacturing, retail, and professional services. 

It is now clear that cybersecurity is facing many challenges. Among those challenges, remote work is one of the top ones. With all the changes happening, mostly due to COVID-19, the workplace for many has taken place in their personal houses. Securing these remote networks requires advanced technologies, policies, and processes, which have become quite problematic. 

Cybersecurity Mesh Architecture

According to Gartner, Cybersecurity Mesh Architecture (CSMA) was defined as the top strategic trend for 2022. They have predicted that by 2024 if an organization adopts a cybersecurity mesh architecture, the financial impact of security incidents will be reduced by an average of 90%. 

Cybersecurity Mesh Architecture, developed by Gartner, is a strategy that helps organizations use a more scalable, interoperable, and compostable approach toward security.

Future cybersecurity regulations and frameworks

As for now, there are many cybersecurity regulations that establish cybersecurity measures for an organization’s protection of itself, its data, and its customers. 

Until now, most of the existing regulations have been concerned mostly with only a part of cybersecurity which includes private information. 

Consequently, according to Harvard Business Review, governments are working on creating new regulations that are more complete. For instance, they report that the USA, the White House, Congress, and the Securities and Exchange Commission (SEC) are enforcing new rules that would require reporting every cyber incident. Europe is also working on new rules and strategies aiming to strengthen cybersecurity. 

There are many laws and regulations that apply to different countries, organizations, and populations. In the USA, some of the most popular ones are HIPPA, Gramm-Leach-Bliley Act, and the Homeland Security Act. In Europe, the main cybersecurity regulation is EU Cybersecurity Act.

Besides the laws and regulations, organizations’ work can also be affected and guided by frameworks. One of the most popular cybersecurity frameworks is the National Institute of Standards and Technology or NIST framework. The NIST helps organization protect their networks and data by better understanding, managing, and reducing cybersecurity risks. 

Artificial Intelligence

As previously mentioned, cyber-attacks are getting more complex and sophisticated continually. On the other side, cybersecurity experts are working against them. They are using different tools, methods, and technologies, and Artificial Intelligence (AI) is undoubtedly playing a crucial role. 

The integration of AI in Cybersecurity helps organizations in detecting new threats, battle bots, predict risks, protect endpoints, and respond to unprecedented challenges.

AI’s impact is seen in many ways. As assisted intelligence, they help people and organizations improve their processes, augmented intelligence enables them to do things they could not have done without AI, and autonomous intelligence helps them in many forms by being self-acting machines. Some examples of AI are machine learning, expert systems, neural networks, and deep learning. 

Blockchain in cybersecurity

Another technology used to protect and maintain cybersecurity is blockchain. Blockchain is a shared database in which data is stored and structured in small storages known as blocks. 

In cybersecurity, blockchain can be used for decentralization of data, Internet of Things (IoT) security, authentication software, distributed denial of service (DDoS) attacks resistance, and Domain Name Server (DNS) security. 

To understand more about the use of blockchain in cybersecurity, please click here. 

What can we do to help?

Organizations of different sizes and sectors can be helped by cybersecurity professionals who are equipped with the required expertise, competence, and skills. Unfortunately, such experts are very hard to find and the talent shortage is actually one of the challenges of cybersecurity. 

Here is a list of trainings and certifications that will help professionals gain important skills and knowledge related to cybersecurity: 

1. Lead Cybersecurity Manager
2. ISO/IEC 27001 Information Security Training
3. ISO/IEC 27002 Information Security Training
4. ISO/IEC 27701 Information Privacy Training
5. General Data Protection Regulation – Certified Data Protection Officer
6. Cloud Security

About the author

Vlerë Hyseni is the Digital Content Officer at PECB. She is in charge of doing research, creating, and developing digital content for a variety of industries. If you have any questions, please do not hesitate to contact her at: content@pecb.com.