Cybersecurity 101

Introduction to Cybersecurity

Our reliance on the internet, corporate networks, and digital devices has developed well beyond what we could have imagined only a few decades ago. For every aspect of their trade, finance, and connectivity, governments, large and small businesses, and individuals around the world depend on interconnected digital systems and technology.

As our use of and reliance on technology has grown, so has the challenge of protecting personal information, intellectual property, and critical data. Threat actors reach out to every corner of the globe, motivated by ideology, social justice, or greed, to intercept, exfiltrate, or interrupt the ever-increasing flow of data. Today, even wars are waged in cyberspace.

Cybersecurity has become an all-encompassing requirement. A shortage of people trained to design and implement adequate security measures has resulted from a rapid rise in attacks against data systems and breaches of sensitive information. Today’s workforce recognises the need for technically skilled individuals to enter the ranks of cybersecurity professionals.

This guide is designed to give you an overview of the field of cybersecurity. The following will give those considering a career in this field a bird’s-eye sketch of what to expect, beginning with a few of the industry’s relevant terms and phrases, some critical security concepts, and a brief historical summary.

Cybersecurity Terms, Principles, and History

Basic Terminology

To comprehend the vast world of cybersecurity, or any technological area for that matter, the learner must master the terminology specific to that field. In non-technical use, these words and phrases will often have a similar but not completely correct interpretation. Learning about this discipline can be very frustrating if you don’t have a good understanding of how security professionals use those terms and phrases.

Many terms used in protection have such enigmatic origins that it’s difficult to use them correctly without knowing their past. Hackers, for example, often use the words pwn, or pwned. To understand how threat actors use the term pwn, it’s helpful to know that it’s likely derived from a common mistyping of “own” due to the similarity of the letters P and O on a keyboard. If a hacker appears to have pwned an individual or organisation, they are claiming ownership or conquest of that person or organisation.

The words, abbreviations, and acronyms used in the security field are described in the following sections.

The attack surface of a software-based system is the amount of all the different places (logical and physical) where a threat actor might try to access or extract data. A primary protection measure is to keep the threat surface as minimal as possible.

AV: Antivirus (AV) software is a form of security software that searches for, detects, blocks, and removes malware. In the context, antivirus software will search for recognised malware signatures and activity trends that could imply the existence of malware.

Brute-force attack: A brute-force attack is a trial-and-error method of deciphering a username-password combination. It’s done with software that tries a huge number of different username-password combinations. Although this is an old attack technique, hackers still find it useful and popular.

Cryptoworm: Malware that spreads like a worm and encrypts the data of its victims.

Data Breach: A data breach is a security incident that occurs when unauthorized users steal confidential information from an organization’s IT systems. On the dark web, stolen data is often personal identifiable information (PII) or financial information, all of which are important.

EDR: Endpoint detection and response (EDR) is a security tool that detects and mitigates malicious behavior on devices and hosts. EDR’s benefit comes from its ability to identify advanced threats without a known behavioral pattern or malware signature.

Firewall: A firewall is a network security mechanism that monitors and regulates network traffic according to set security rules. A firewall is a device that creates a buffer between a trusted internal network and an untrustworthy external network like the Internet.

Honeypot: A honeypot is a piece of software code that detects, deflects, and counteracts attempts to access information systems without authorization. A honeypot is a collection of data that appears to be part of the web but is isolated and tracked. To attackers, the data appears to contain information or a valuable resource, which is then blocked.

Intrusion prevention system (IPS): An intrusion prevention system (IPS) is a type of network protection that works to identify and prevent attacks. Intrusion detection systems actively track a network, watching for potential malicious events and recording and reporting on them.

Malware: Malware is malicious software that spreads via email attachments or by clicking on a connection to a malicious website. When a user opens the attachment or clicks on the connection, it infects the endpoints.

NIST: The National Institute of Standards and Technology (NIST) is a non-regulatory organization under the Department of Commerce of the United States of America. Based on extensive analysis, NIST Publication Series 800 offers a detailed list of information security measures and controls.

Phishing/Spearphishing: A fraudulent email that convinces users to give up their login credentials. The email might appear to be from a bank and request that the user reset their password. Phishing attacks use mass email systems to carry out their attacks. An individually designed email is used in a spearphishing attack to target a particular key executive or decision-maker.

Ransomware: Ransomware is a form of malicious software that prevents a user from accessing a device or data by encrypting it. Crypto-ransomware is the most common kind. This form of ransomware encrypts data or files, making them unreadable and requiring a decryption key to regain access. Locker ransomware, on the other hand, locks access rather than encrypting data. To decrypt files or restore access, attackers usually demand payment, which is often in the form of bitcoins.

Ransomware Attack: Hackers also use phishing and social engineering to get a computer user to click on an attachment or a connection to a malicious website during a ransomware campaign. Some ransomware attacks, on the other hand, do not involve user interaction because they deliver the payload by exploiting web or device vulnerabilities. Once a device has been compromised, the attack will display a ransom demand on the computer.

Risk management framework: A risk management framework is a disciplined and organized mechanism for integrating information security and risk management activities into the system creation life cycle. Identification, evaluation, and assessment, prevention, reporting and monitoring, and governance are all important components of an RMF.

Security misconfigurations: Security misconfigurations are caused by the incorrect implementation of security controls on computers, networks, cloud apps, firewalls, and other systems. Data breaches, unauthorized access, and other security incidents are all possible outcomes. Default admin credentials, open ports, and unpatched applications, as well as unused web pages and vulnerable files, are all examples of misconfigurations.

Security operations center (SOC): A security operations center (SOC) is a central location where cybersecurity staff conduct threat detection and incident response processes. They use security tools to support a company’s security operations.

SQL injection: SQL injection is a technique for inserting structured query language (SQL) code into a database of a web application. SQL is the language that web applications use to interact with their databases. SQL injections can be used to conduct tasks including retrieving or manipulating database data, spoofing user identities, and executing remote commands.

Tor: Tor is a free and open-source program that allows for anonymous communication. Its name is derived from an acronym for the original software project name “The Onion Router,” and it is also known as that. Tor is an open, global overlay network with over 7,000 relays that routes Internet traffic. Anyone doing network monitoring or traffic analysis can’t see where a user is or what they’re doing.

VA: The process of defining, classifying, and prioritizing vulnerabilities in digital business systems is known as vulnerability assessment. Internal, external, or host-based vulnerabilities can all be assessed.

VM: Vulnerability management software identifies, tracks, and prioritizes internal and external security flaws. Patching, updates, and configuration improvements are among the cyberattack mitigation practices they optimize.

Principles of cybersecurity

A successful cybersecurity program must follow a set of security guidelines. The specifics of how these values are applied within each organization will differ, but the fundamental principles will remain the same. Although each principle may be expressed differently for each organization, governing cybersecurity policies should include a close variant of the four principles listed below.

Identifying and managing security risks

A chief information security officer is in charge of identifying and managing organizational security threats. The importance of the organization’s processes, software, and knowledge are identified and recorded by this chief. According to the CISO’s instructions:

• • The appropriate method, application, and information confidentiality, honesty, and availability are defined and recorded.
  • Risk management systems specific to the company and its mission include security risk management processes.
  • Until systems and applications are approved for use, security threats must be detected, registered, handled, and acknowledged, as well as continuously during their operational life.

Implementing security controls to reduce security risks

To protect the organization’s systems, software, and documents, security controls must be created, acquired, and implemented. Methods for monitoring and reporting regulation and compliance must be formulated. The following are some of the security measures, or procedures, that are used to minimize risk:

• • The importance of systems and applications should be considered when designing, deploying, and maintaining them. The system’s confidentiality, fairness, and availability criteria should all be factored into this value calculation.
  • Trusted suppliers must deliver and maintain systems and applications, and they must be optimized to reduce their attack surface.
  • System and application administration must be stable, accountable, and auditable.
    Security flaws in systems and applications are quickly detected and addressed.
  • On systems, only trusted and existing operating systems, programs, and computer code can run.
  • At rest and in transit between systems, information is encrypted.
  • Regulated, inspectable, and auditable information is exchanged between systems.
  • Information, software, and configuration settings are all backed up on a regular basis in a safe and reliable manner.
  • Access to systems, software, and data repositories is restricted to trusted and recently vetted staff.
  • Personnel is only given access to the systems, software, and data repositories they need to perform their jobs.
  • Personnel is identified and authenticated to networks, applications, and data repositories using a variety of methods.
  • Cybersecurity awareness training is provided to employees on a regular basis.
  • Only approved staff will have physical access to structures, supporting infrastructure, and services.

Detecting and understanding cybersecurity events

Anomaly behaviors and security incidents must be identified and analyzed as soon as possible. The following are some of the tools and software used to implement these policies:

• • Firewalls
  • Intrusion Prevention System (IPS)
  • Endpoint Detection and Response Systems (EDR)

Responding to cyber-attacks and recovering from them

The risk of a cyberattack is relatively high in today’s business world. It’s critical to be ready to react and recover. The following policies should be in place to support this capability:

• • Cybersecurity incidents must be detected and communicated to appropriate bodies both internally and externally as soon as possible.
  • Cybersecurity incidents must be contained, eliminated, and retrieved as quickly as possible.
  • Where necessary, business continuity and disaster recovery plans must be implemented.

A brief history of cybersecurity

The 1970s

Cyber attacks can be traced all the way back to the 1970s. The message “I’m the creeper, catch me if you can!” began to appear on DEC PDP-10 mainframe computers running the TENEX operating system in 1971. The ARPANET, a forerunner to the Internet, was used to spread the Creeper worm. It was developed by Bob Thomas solely to test the feasibility of the model. Creeper laid the foundation for future viruses.

Ray Tomlinson developed Reaper in response to the Creeper virus. The first antivirus program, Reaper, was created to travel through the ARPANET and eliminate the self-replicating Creeper worm.

The 1980s

The first cybersecurity patent was issued in September of 1983. This patent was given to the Massachusetts Institute of Technology (MIT) for a “cryptographic communications system and method.” It was the first time the Rivest-Shamir-Adleman (RSA) algorithm was used. RSA is a well-known public-key cryptosystem that is commonly used for secure data transmission.

The Computer Fraud and Abuse Act (CFAA) was passed in 1986 to combat hacking. It’s been updated many times over the years to cover a wider spectrum of actions. The CFAA makes it illegal to deliberately access a device without permission, but it doesn’t specify what that means.

In 1986, Clifford Stoll, the systems manager at Lawrence Berkeley National Laboratory, discovered that the lab’s computer system had been hacked. Stoll made this observation when attempting to correct a 75-cent accounting mistake. Stoll used a honeypot to figure out who the main hacker is: Markus Hess, who was selling information stolen from compromised computers to the KGB. German authorities apprehended Hess and his associates and found them guilty of supplying stolen data to the Soviet Union. They were only given suspended prison terms.

In 1988, a Cornell University graduate student named Robert Morris published a few dozen lines of code that quickly spread across the world, affecting thousands of computers. Around 10% of the 60,000 computers connected to the Internet at the time were affected by the Morris Worm. Morris was the first person convicted under the CFAA by a jury.

The 1990s

Cybersecurity solutions as we know them today first gained popularity in the early 1990s. On the cyber landscape, antivirus (AV) software was the first mass-produced cybersecurity program. They first appeared in the late 1980s, but it took many years for the general public to accept that they were required.

The first antivirus systems, dubbed AV scanners at the time, had a basic function. They effectively scanned all of a system’s compiled code. They put them through a series of tests against a database of known malicious signatures. The idea was that when new viruses were found, the databases would be modified to keep track of them.

However, researchers quickly discovered that keeping one step ahead of the bad guys was no simple job. The number of malware samples to search against has grown from tens of thousands in the early 1990s to millions of new samples per year two decades later. By 2014, it was reported that 500,000 new malware samples were being created every day.

These early software programs used a lot of resources and slowed down the host system. They often irritated users by producing an excessive number of false-positive outcomes.

The Stable Sockets Layer (SSL) internet protocol is a security protocol that enables people to do simple things like making online purchases in a secure manner. SSL 1.0 was launched by Netscape in 1994. SSL became the foundation of the Hypertext Transfer Protocol (HTTP) language for securely using the network after changes (HTTP).

Kevin Mitnick was charged with four counts of wire fraud, two counts of computer fraud, and one count of unlawfully intercepting a wire contact in 1999. He was sentenced to 46 months in prison plus 22 months for breaching the terms of his supervised release sentence for computer fraud as the self-proclaimed world’s most famous hacker.

Mitnick claims in his 2002 book The Art of Deception that he only hacked computers by using user names and passwords obtained through social engineering. He claims he did not break passwords or otherwise bypass device or phone protection using software programs or hacking methods.

Microsoft Windows 98 was launched in 1998, and it introduced a new level of usability for inexperienced computer users. Because of the rise in computer use, software protection systems have become more popular. Following that came a slew of new releases, upgrades, and patches. The huge market for security products aimed at home users was discovered by security vendors.

The 2000s

Anonymous, the first widely recognized hacker community, appeared on the scene in 2003. A decentralized online community acting anonymously in a semi-coordinated manner, typically against loosely self-agreed objectives, can be described as this group. Hundreds of people have been prosecuted for their roles in Anonymous cyberattacks around the world over the years. The level of support for the group’s activities and efficacy varies greatly. Advocates have dubbed the party “digital Robin Hoods” and “freedom fighters.” Critics, on the other hand, have referred to them as a cyber lynch-mob or cyber terrorists. Anonymous was named one of the 100 most influential people in the world by Time Magazine in 2012. However, Anonymous’ media attention has dwindled in recent years, and they have largely disappeared from popular culture’s lexicon.

Cyber-attacks reached a new stage in the late 2000s. Bad people had developed a taste for credit cards that had been stolen. The years 2005 to 2007 were marked by a growing number of data breaches.

Governments all over the world have begun to introduce regulatory solutions to stop the flow of stolen data. When a violation was found in the United States, the law demanded that officials be informed and that funds be set aside to compensate victims.

The 2010s

In the 2000s, increased enforcement proved to be too little, too late. As the profits appeared endless, hackers’ complexity increased. And state-sanctioned bad actors with access to vast sums of money have been seen fighting over cyber-space and squabbling over rewards like online betting or gaming sites.

Endpoint Protection and Response systems appeared and grew in popularity during this decade (EPR). The systems, which have the same basic features as legacy AV systems but are vastly improved and upgraded, replaced the legacy AV systems.

EPR scans for malware families rather than relying on a static signature to detect viruses. Malware samples adopt a pattern of progression or mutation, allowing them to be identified as belonging to specific families even though no established malware signatures are found.

Notable cybersecurity attacks

Every year, a new wave of cyberattacks emerges. Some were identified by victims in accordance with ever-tougher government laws, while others were discovered by security analysts. The scale of confirmed high-profile attacks is certainly trending upward, owing to their news value.

Since the victim’s name is well-known, some attacks attract media attention. Others, on the other hand, defraud significant segments of the general public. The following are some of the most well-known cyberattacks in the last decade or so.

Adobe

Adobe revealed in October 2013 that its IT infrastructure had been massively hacked. 2.9 million accounts’ personal information was compromised. Logins, passwords, addresses, and credit card numbers with expiration dates were among the data stolen. The number of accounts affected by the attack grew to 150 million after another file was found on the Internet. The hackers gained access to this information by exploiting a security flaw involving password security practices.

Adult Friend Finder

For the first time in 2015, this dating site was hacked. Pseudonyms, dates of birth, postal codes, IP addresses, and sexual preferences of 4 million accounts were revealed. This stolen information was made public on a Tor-only website. These files were obtained by malicious actors, but no banking information was stolen. The following year, Adult Friend Finder was targeted again, this time much more viciously than the first. More than 400 million files were revealed this time. While the information was stolen was less important, it still amounted to 20 years of personal information.

Alteryx

This marketing analytics company left an unsecured database online, exposing confidential details for about 123 million households in the United States. For each house, the data included 248 fields ranging from addresses and income to ethnicity and personal interests. Contact information, mortgage ownership, financial histories, and whether a household had a pet enthusiast were among the details. There were no names listed.

Equifax

Equifax, an American credit reporting agency, announced six weeks after the fact that it had been the victim of a cyberattack that lasted several months. Personal information such as names, birthdates, social security numbers, and driver’s license numbers was discovered in July 2017. 200,000 credit card numbers were also exposed. 143 million consumers in the United States, Canada, and the United Kingdom were among the victims.

I LOVEYOU Virus

ILOVEYOU, also known as Love Bug or Love Letter for You, is a computer worm that infected over ten million personal computers between May 2000 and June 2001. It began as an email with the subject line “ILOVEYOU” and the attachment “LOVE-LETTER-FOR-YOU.”

Marriott

Beginning in 2014, the Marriott-owned Starwood hotel company was hacked, exposing personally identifiable details from up to 500 million guests. The rift was discovered for the first time in September of 2018. Payment information, names, mailing addresses, phone numbers, email addresses, passport numbers, and even details about the Starwood Preferred Guest (SPG) account were among the information stolen.

NotPeta Malware

Petya is a ransomware infection that was first discovered in 2016. The malware is designed to infect Microsoft Windows-based computers. It infects the master boot record and runs a payload that encrypts the file system table on a hard drive, preventing Windows from booting. It then requests that the user pay a fee in Bitcoin in order to regain access to the system.

Petya variants were first discovered in March 2016, and spread by infected email attachments. A new version of Petya was used in a global cyberattack targeting Ukraine in June 2017. The latest version uses the EternalBlue hack, which was used by the WannaCry ransomware earlier this year. Because of the variations in service, Kaspersky Lab dubbed this new version NotPetya to differentiate it from the 2016 versions. Despite the fact that it appears to be ransomware, this version has been changed to prevent it from undoing its changes and releasing the hard drive.

Sony

In April 2011, Sony’s PlayStation Network (PSN) was hacked. 77 million users’ personal information was exposed as a result of this assault. Tens of thousands of players’ banking details were exposed. PSN, as well as Sony Online Entertainment and Qriocity, were all shut down for a month after the intrusion was discovered. Unfortunately, malware struck a subsidiary, Sony Pictures Entertainment, in November 2014. The “Guardians of Peace” stole 100 terabytes of data, including a vast amount of sensitive information such as film scripts, revealing addresses, and 47,000 employees’ personal information.

Target

In December 2013, Target, the second-largest discount retailer in the United States, was the target of a major cyberattack. Between November 27 and December 15 of that year, data was stolen. Bank card details for 40 million customers and personal data for another 70 million customers were among the data taken.

TJ Maxx

TJX Companies (parent of TJ Maxx) informed the Securities and Exchange Commission in March 2007 that it had been hacked. A network attack on its networks resulted in the loss of 45.7 million customer records, making it the largest data breach ever recorded at the time.

WannaCry Ransomware Attack

The WannaCry ransomware attack was a global cyber-event that occurred in May 2017. The WannaCry ransomware cryptoworm was used in this attack, which targeted computers running the Microsoft Windows operating system. It requested ransom payments after encrypting data. It spread through EternalBlue, an exploit for older Windows systems created by the US National Security Agency (NSA). A group called The Shadow Brokers stole and leaked EternalBlue a few months before the attack.

Yahoo

Yahoo revealed in 2014 that it had been the victim of a cyberattack that affected 500 million user accounts, making it the largest hacking of individual data directed against a single organization to that point. The information collected included names, dates of birth, phone numbers, and passwords. This attack could have impacted as many as 3 billion user accounts, according to reports.

Current challenges

Attribution

The security industry has made significant strides in the ability to allocate attribution for cyberattacks, which many security researchers regard as a victory, albeit a minor one. Although attribution is still difficult to accomplish in and of itself, a large amount of information about current attack tactics, how they are used, and who uses them has been gathered. This knowledge enables researchers to make highly accurate educated guesses about an attack’s origins.

The adversaries adjust because they know security professionals are much better at attribution. Nation-state hackers and cybercriminals are increasingly imitating each other in an attempt to thwart attribution efforts. They also learn from one another in order to improve their skills. Their primary goals, however, remain distinct. Cybercriminals are more concerned with making profits, while nation-state hackers are more concerned with stealing intellectual property and creating havoc.

Although activism used to be a big motivator for hackers, it’s becoming much less so now. Activists for political and social causes make extensive use of the Internet and digital networking tools, but they are less often seen disrupting services or stealing data.

Skills gap

We have now arrived at a stage where cybercrime has become so advanced that it is almost impossible to avoid. The way an organization reacts to being breached is scrutinized – it’s basically a “when” rather than “if” model. Business executives compete for the best Chief Information Security Officers. These CISOs are primarily concerned with organizational resiliency in order to effectively handle incidents involving the inescapable data breach. Companies that previously did not think they wanted a CISO are now recruiting recruitment firms to find the best and brightest. While there is a strong demand for them, they frequently need advanced degrees in information security.

In response to their adversaries’ increased capabilities, security professionals are being asked to increase their level of education, learn new skills, and hone their craft across the board. Large and small businesses alike have acknowledged the need to devote substantial resources to cybersecurity. Security teams are getting a bigger cut of the company’s spending. As a result, they will pay more money to recruit people who have the necessary qualifications and certifications.

Some employers were notorious in the past for hiring real-world hackers and converting them from the “evil side” to work for the good guys. College degrees have become nearly mandatory for penetration testers in recent years, and the demand for security professionals with offensive security skills is increasing every year.

Increased defense budgets are largely filling the storied cybersecurity skills void. Although there is an acute shortage of people with the necessary cybersecurity expertise, this problem is being addressed by recruiting young, trained, and experienced IT professionals from other fields.

Active defensive strategies

Cybercriminals, state-sponsored hackers, and hacktivists are now coming up with fresh and inventive ways to steal digital properties. The following are a few of the more common examples:

• • Using malicious code to run on PowerPoint slides
  • Using malicious code to run in Microsoft Word documents
  • Installing trojans that can mine cryptocurrency using computer resources
  • Using spam email to deceive users

Defensive cybersecurity techniques are becoming more common among security organizations. Active defense techniques do not include attacking opponents, contrary to popular belief. Active defense techniques are those that have a constructive component rather than simply waiting to be targeted.

An example of an aggressive defense technique is the use of pen-testers or ethical hackers. These constructive exercises are used to evaluate static defenses and fine-tune them.

Active protection is best demonstrated through deception-based cybersecurity frameworks and processes. The most basic form of deception-based protection is a honeypot. Security experts will use decoy data and what seem to be attack points all over their networks in more complex schemes.

This technique allows the security team to keep an eye on these decoy points and record an adversary’s actions. After the threat attacker has taken the bait, the security analyst may either shut down the attack or use forensic analysis to continue monitoring the threat actor. Since only the decoy systems and data are at risk, there is a lot that can be learned from the attack and then used to secure the actual data systems.

These deception-based protection systems can also be used to put the company’s playbook to the test for both automated and manual responses. Then they can be modified to make them more reliable.

Future of the cybersecurity industry

DevSecOps

Safety has traditionally been considered as an afterthought or, at best, a diversion. As concerns about cybersecurity have grown, it’s become critical to emphasize that security controls are an important part of continuous delivery. The position of DevSecOps was created to adhere to a philosophy that asserts that protection is the responsibility of the entire development team.

Development, Security, and Operations are referred to as DevSecOps. It’s a concept that combines two previously separate functions into a combined system, similar to DevOps or SecOps. DevSecOps teams are in charge of creating the requirements for stable application creation to continue. DevSecOps emphasizes the importance of IT security processes and security automation in the software development lifecycle and is a newer term than DevOps.

Protection is not part of traditional DevOps processes. Many application development companies that use DevOps can not have a security team because they don’t focus on security. Alternatively, they can only evaluate apps after they have been deployed. This method can trigger substantial developmental delays and is incompatible with agile DevOps practices that include security.

Security experts must be completely integrated into the application development process in the future. DevOps teams must make space for security experts, and security professionals must learn DevOps skills.

Artificial intelligence

Machine learning, and its subordinate technology, artificial intelligence, hold great promise for cybersecurity, despite rapidly becoming an overused and poorly understood buzzword. Our defensive capabilities would be significantly enhanced if we can reliably forecast potential attack activity based on historical data and detect vulnerabilities.

Kayla Matthews, a tech journalist, discusses the potential of machine learning in cybersecurity. She admits that machine learning or artificial intelligence is not a substitute for human intelligence in her post, Using Machine Learning to Evaluate Cybersecurity Risk. “Machine learning analyses current and historical data to find potential weak points in a business’s cybersecurity perimeter,” she continues. It assists information protection in identifying and mitigating points of responsibility by pinpointing these threats. This approach often makes use of historical and current data to identify patterns that can forecast future events. AI finds unusual behaviors in data logs and marks them as potential threats, which cybersecurity experts will quarantine and investigate further.”

It is important for Security Software Developers to keep their skills up to date. When cyber-attacks become more sophisticated, those responsible for safeguarding digital assets must remain one step ahead.

Prognosis

Governments impose strict rules to protect citizens’ privacy, with regulations such as the European Union’s General Data Protection Regulation (GDPR) and California’s recent Consumer Privacy Act increasing the threshold for enforcement. Nation-states and hacktivists have turned cyberspace into a digital battlefield. The cybersecurity industry is still evolving. It analyses network activity and prevents adversaries from prevailing using advanced machine learning (ML) and AI-driven approaches. It’s an exciting time in the industry, and looking back will help us foresee where it’ll go in the future.

The outlook for cybersecurity practitioners is promising – even excellent. This is fantastic. The flip side of the coin, though, is that threats and breaches are expected to rise as well. Although most industry observers believe that we are not yet winning the fight, we are making significant progress toward shutting down all threat actors except those who are financially well-funded and highly trained. Gone are the days when a credible threat was likely to come from a teenaged hacker working out of his parents’ dingy basement.

Conclusion

The good guys will come out on top. It may not seem that way to a CISO protecting his or her networks against an offensive cyberattack or a CEO facing the possibility of announcing a historic data breach, but it is true nonetheless.

In the end, businesses take whatever steps and realign their goals are required to survive, if not succeed. The ability to be on the right side of this battle for cyberspace dominance has drawn some of the brightest minds in government, industry, and academia.

However, just as with physical threats, assaults, and conflicts, there will always be some threat actor plotting to profit from a perceived weakness. Those with a willingness to master the applicable technology and develop the necessary skills will find this situation to be extremely rewarding.