What is Cybersecurity? Defined, Explained, and Trends
Director of Vation Intelligence
October 19, 2021
What is Cybersecurity?
Cybersecurity is a discipline that reduces the risk of a cyber attack against IT systems, devices, and networks. Cybersecurity covers a broad remit of principles, measures, and processes that help protect devices, services, and IT systems during both online and offline use.
Using effective cybersecurity, the vast amounts of data used across these devices, services, and IT systems can be protected against theft, accidental exposure, and corruption. Using cybersecurity measures, IT systems and services can also be protected against willful damage. We've teamed up with Arrow to help you better understand the landscape and leverage the cybersecurity opportunities in front of you.
Why Is Cybersecurity Important?
Technology and data are fundamental parts of our daily digital lives. We use data, for example, to prove who we are, perform online and offline transactions, pay for goods and services, and accomplish work tasks. In 2020, 37 billion data records were exposed. Data is a valuable commodity to cybercriminals as it drives the modern digital world; because of this, cybercriminals target systems that hold or share data. By implementing a secure cybersecurity posture, an organization can reduce the risk of cybercriminals successfully compromising devices and systems that access data.
What Are the Technologies Supporting Cybersecurity?
A wide array of technology is used to protect devices, systems, and services that make up the digital ecosystem. These technologies are typically synergistic, creating a layered model approach to security that covers a wide of security needs across cloud apps, IoT devices, mobile devices, network components, etc. The following are standard areas of focus in cybersecurity:
According to security test firm, Veracode 76% of apps have at least one security flaw. Application security technologies are used to secure apps, preventing flaws from entering production-ready code. The use of application security is holistic and process-based. Security begins during app development and continues through app deployment; the process uses specific technologies, including security testing measures, to ensure the app is hardened against app-level cyber attacks.
Cloud security covers the technologies and associated policies and controls used to protect data, services, and infrastructure based in public, private and hybrid cloud environments. These environments include Software-as-a-Service (SaaS), Platform-as-a-Service(Paas), and Infrastructure-as-a-Services (IaaS) technologies.
Data security must maintain a tripartite of confidentiality, integrity, and availability. Technologies that protect data must be applied during the entire lifecycle of these data. This includes when the data is stored (at rest) and when it is being shared (during transit). Some technologies expand to protecting data in use. Encryption and access control are typical data security technologies.
Email security uses technologies (including encryption and Data Leak Prevention (DLP)) that protect email accounts from unauthorized access or compromise and protect against accidental leakage of email content. Some email security products protect against spam or phishing emails entering a user's inbox or prevent a user from clicking a malicious link.
Endpoints include any device, such as a laptop, desktop, mobile, or IoT device, connected to a corporate network. Because an endpoint is a potential way into that corporate network, technologies are applied to prevent access via an endpoint. Typical endpoint technologies include application control, Endpoint Protection Platforms (EPP), Endpoint Detection & Response (EDR), and exploit protection.
Identity management is part of a broader access control system, sometimes referred to as Identity and Access Management (IAM). Identity management has a wide scope and covers employees, non-employees, things (e.g., IoT devices), citizens, and consumers. It is typically based on proving you have rights to access a resource during a transaction, such as logging in to a corporate cloud app. Identity Management is usually associated with verified claims about an individual or thing, for example, "proof you work in HR," linked to an authentication measure, such as a hardware token, that is then used to authenticate a login to an app.
Many companies' network and IT infrastructures are their backbones, and the security of these environments is usually their first line of defense against cyber-attacks. It is critical to maintain network safety to guarantee their confidentiality, integrity, and availability to avoid downtime or disruptions. These disruptions can result in needless IT expenses, lost income, and lowered customer satisfaction, leading to lower profits. Unauthorized access to network resources may result in the loss of consumer data and vital company information, in addition to causing business interruption. As networks expand and get more sophisticated, the number of vulnerabilities increases as well. Security solutions for networks and infrastructure are an important part of cybersecurity.
The Internet of Things (IoT) is increasingly used in many devices, from cars to fridges. IoT acts as a hyperconnected system that is at risk from the exploitation of vulnerabilities by cybercriminals. IT security uses security measures such as in-transit encryption of data, vulnerability patching, and strong access control measures to secure IoT data flows.
Risk & Compliance
Cybersecurity often falls under the remit of regulations and standards. Each jurisdiction and industry sector has its own set of regulations that it must comply with. For example, in the EU, the General Data Protection Regulation (GDPR) sets out stringent principles for data privacy that include data security. The U.S. healthcare system uses the Health Insurance Portability and Accountability Act (HIPPA) to enforce the security and privacy of health data. Compliance risk is associated with an organization meeting the appropriate regulations, laws, and standards dictated by its geography and industry.
Security Operations, or SecOps, is a discipline that forms a collaboration between the teams in IT security and operations in an organization. The result is improved data security using joint capabilities. SecOps teams typically use security technologies known as Security Orchestration Automation and Response (SOAR) to help them detect, analyze, and automate repetitive security tasks.
Many organizations fully or partially outsource their security needs to a Managed Security Service Partner (MSSP). This partner will supply cloud-based security services, including cloud security, anti-phishing, email security, and many other security technologies, delivered "as-a-Service."
What Are Current Cybersecurity Technology Trends and Disruptions?
Cybersecurity is an ever-evolving landscape. Cybercriminals are always trying to keep one step ahead of security technology to ensure that cyber attacks are successful. This has led to a changing marketplace of cyber technologies. Some of the recent trends in the cybersecurity landscape are in the areas of:
Cloud Security Stack
The cloud security stack layers depend on the cloud model used, i.e., Software-as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS). The cloud infrastructure is made up of several layers, and each layer must apply relevant security technologies.
Remote working has increased threats against SaaS models. The use of personal devices to access cloud apps during the Covid-19 pandemic has heightened concerns over cloud security. A survey by Cybersecurity Insiders of 400,000 CIOs found that malware infections and data loss were the top SaaS concerns. Two companies are delivering disruptive technologies in this space by providing the technology to protect critical SaaS apps. One of these, AppOmni, provides continuous monitoring and assessment of SaaS apps, delivering actionable data insights to ensure that SaaS vulnerabilities are secured quickly. Another disrupter in the space is Obsidian Security. Obsidian provides data-driven insights, monitoring, and remediation of business-critical SaaS apps.
Cloud environments are complex and dynamic. Cloud Infrastructure Entitlement Management (CIEM) solutions enforce permissions and access management across this complicated cloud infrastructure. One of the concerns in cloud computing is the lack of visibility of cloud resources and services. Without knowing what you have, it is difficult to enforce the principle of least privilege, used to manage access on a need-to-know basis. Disrupters in this space include CloudKnox, which offers a platform that works across a multi-cloud, hybrid cloud infrastructure to enforce least privilege permissions. This platform also provides granular visibility, automated remediation, and continuous monitoring. Ermetic is another disruptive force in the CIEM space. Ermetic delivers the tools to secure a multi-cloud environment by offering a full-stack IAM solution that remediates and prioritizes privileged access to resources.
Cloud Security Posture Management (CSPM)
Cloud Security Posture Management (CSPM) is a set of tools and processes that allow an organization to identify cloud-based security risks and remediate those risks proactively. Misconfiguration and other human-based errors are behind many of the world's largest data breaches. This is driving the development of innovative tools in the CSPM space. Innovators in the space include Wiz, an out-of-the-box platform that scans an entire cloud environment looking for vulnerabilities, configuration issues, network, and identity problems without agents or sidecars. Orca is an agentless system that is context-aware and provides built-in compliance.
Cloud Risk and Governance
The ubiquitous application of cloud computing along with increasingly stringent regulations has led to increased cybersecurity and privacy risks. Being able to meet these regulations is complicated by a lack of visibility across cloud infrastructures. Disruptive organizations meeting this challenge through technology include Concourse Labs and Uptycs. Both organizations offer tools to improve visibility across cloud environments. Concourse Labs locates the cause of risk and specifies code and configurations to close the gap and ensure the system is compliant. Uptycs uses security telemetry (automated measurements) to ensure compliance across endpoints, cloud, and cloud workloads.
Applications must cover a myriad of use cases and channels due to cloud computing, IoT devices, and, more recently, increased incidence of remote working. The net result is that the environment that apps run in is more complex, and the attack surface is more dispersed. Application security trends and disruptions include:
Software Composition Analysis (SCA)
Application developers often utilize open-source technologies to add functionality and capability to an app. To ensure that the app doesn't inherit security vulnerabilities via open-source code, tools called Software Composition Analysis (SCA) have entered the space. SCA tools manage license compliance for open-source components and test and evaluate the security and code quality of the application. Two disrupters in this space are Snyk and DeepSource. Synk provides a tool to automate the analysis of open-source code to locate vulnerabilities. DeepSource automates code security reviews and cleans up code at each pull request during development. Both solutions integrate closely with the Software Development Lifecycle (SDLC).
Application Security Testing (AST)
Several tools exist that test application code for vulnerabilities and weaknesses. These tools include SAST (Static), DAST (Dynamic), MAST (Mobile), and IAST (Interactive). By understanding where vulnerabilities lie, code can be improved and security flaws fixed before the app goes into production. Disrupters, Contrast Security and Shiftleft are automating the process of AST to make application code testing seamless and effective. Contrast Security is deeply integrated into the SDLC to provide continuous security monitoring of code from development to production. Shiftleft offers an integrated platform that provides SAST and SCA and embeds security training to help developers learn how to create secure code.
Throughout the software development lifecycle, container security refers to the protection of containerized applications and infrastructure. Securing images, containers, hosts, runtime registries, and orchestrators are all part of this. Application hardening, system hardening, vulnerability scanning, configuration management, micro-segmentation, anomaly detection, and response are common ways to do this. Innovators helping with this are Aqua Security and Sysdig. Aqua Security providea comprehensive container security platform that protects the entire application with comprehensive prevention, detection, and response capabilities. Sysdig is helping secure DevOps by addressing the challenges of securing containers, Kubernetes, and public cloud infrastructure.
The API economy has driven the uptake of cloud services. APIs or Application Programming Interfaces connect applications, services, microservices, and IoT devices to share data, deliver functionality and handle transactions. Unsecure APIs can be a way for data to be exposed or leaked. Salt Security and NoName Security are making headway in the API security space. Salt Security provides a platform to discover APIs and stop API attacks. NoName Security analyzes the API surface to help detect and prevent a wide range of API-based cyberattacks.
What are CXO Priorities on Cybersecurity?
Cybersecurity attacks are no longer a might happen, but a will happen. According to the FBI's Internet Crime Complaint Center, in 2020, there was a successful cyber attack every 1.12 seconds. Cyber threats are sophisticated and driven by "as-a-Service" models that facilitate cyber attacks. The cyber attack surface remains complicated, making prioritizing budgets and finding the right focus areas difficult. However, some spotlights are shown below as key to include in C-Level security discussions:
Analyst firm Gartner, Inc. said that 95% of cloud security issues would result from misconfiguration or mistakes. This is borne out by some of the world's most significant data breaches being traced back to misconfiguration issues. A prime example is the Capital One breach that affected 106 million customers; the breach occurred due to a misconfigured firewall. Cloud security solutions should be evaluated for relevance to your specific cloud environment, including endpoint security.
Cybercriminals often target supply chains to allow malware infection to move up or across the chain. Your organization may be hardened against cyber attacks, but a chink in the armor at a supply chain vendor can provide a mechanism to infection. The recent SolarWinds breach is a case in point. Attackers infected the SolarWind Orion software with malicious code, which was then passed as an update to customers, including several U.S. government departments. Identity and access management and other supply chain security considerations such as risk profiling should be prioritized.
DevSecOps is a culture of collaboration between development, security, and operation teams – DevOps PLUS security. DevSecOps builds security-first thinking as a fundamental part of an organization. By applying this level of cultural change to security, the entire development lifecycle is performed with secure practices embedded in the process. C-Level discussions should embrace the thinking behind a DevSecOps model and invest in developing this way of collaborative working.
Zero Trust Architecture (ZTA)
Zero Trust Security, underpinned by the principle of "never trust, always verify," was initially developed by analyst firm Forrester. The principle of Zero Trust is based on the access of data as applied to people, devices, networks, and workloads.
In 2020, NIST further developed the principles of Zero Trust into an architecture under the banner of Zero Trust Architecture in Special Publication 800-207 on Zero Trust Architectures (ZTA). This develops the idea of microperimeters or 'zones' to manage data access at a fine-grained level and under least privilege. A ZTA should be on the list of priorities for any organization wishing to enhance data security.
Securing Remote Workforce
A recent study from Cisco found that since the pandemic, 71% of security professionals have experienced an increase in security threats or attacks. The Covid-19 pandemic has seen unprecedented levels of home and remote working. This has led to complications in securing data and other resource access from unsecured home networks and endpoints. This situation looks set to continue as more companies offer long-term hybrid working. Organizations need to develop security policies that encompass work from home security and enforce the use of security technologies and processes such as Zero Trust, identity management, endpoint security, and email security.
How Does Cybersecurity Impact the Channel?
Cybersecurity is undoubtedly the hottest space from a market perspective, fueled by recent headlines highlighting ransomware attacks and the existential threat from hackers. This environment both presents opportunities and challenges for the channel.
Obviously, the most significant opportunity is the sheer size of the customer demand for security services and technologies to protect an ever-increasing attack surface. On the flip side, the absence of cybersecurity skills in the market presents challenges to channel partners looking for pre-sale technical engineers and security architects. That said, here are a couple of ideas to connect to the opportunity while dealing with a talent shortage.
Assess your security portfolio – As you can imagine, cybersecurity leads the way in new, disruptive technologies to fortify everything from applications to the cloud to data and endpoints. Do you have the right balance of partnerships to complement your current offering and provide your team with cross-selling and upsell opportunities? If you aren't sure, work with your distributor's cybersecurity team to map your existing portfolio, identify gaps, and target technologies that can help your customers and fuel sales.
Build a security practice – Wait a minute – didn't you just say there was a cybersecurity talent shortage? Yes, but that shouldn't deter you from standing up an offering. Companies like Arctic Wolf offer partners a turnkey security operations platform (think SOC-as-a-service) that enables you to take care of customers while generating recurring revenue. Additionally, you could consider reselling Managed Detection and Response (MDR) services from companies like LogicHub. MDR services provide your customers with threat hunting services and response to threats once they are discovered.
Keep grinding to find cybersecurity talent – despite the talent shortage in the market, stay the course – a good cybersecurity professional is worth their weight in gold. Here are some basic things to consider when searching for quality talent:
To attract the right talent in this market, you may need to get creative with your compensation packages. Consider including certification courses, industry networking events, or robust mentoring and training.
More than one-third of security professionals found their current job by networking with industry contacts, making professional networks a vital component of any recruiting strategy.
Make sure your HR and recruiting teams are educated on real-world cybersecurity goals and needs. This will enable them to better target candidates that can quickly add value to your customers.
How Can You Stay On Top Of New Technologies? We Can Help.
You're focused on your business in the same way we're focused on innovation and trends in technology because that is our business. We offset the immense time, research, and costs you spend on identifying technologies to solve your organization's problems. Interested in learning more? Let's work together.