Over time, most things seem to get better, don’t they? People become more experienced, technology becomes more advanced, and we grow as a society. Cybersecurity is not that different. As attackers have become increasingly talented, cybersecurity measures have been forced to become better as well. Companies such as Equifax are proof of the result of poor cybersecurity measures — loss in customer trust, damage control costs of upwards of $1.4 billion, and months of investigation with legal fees and repercussions.
The traditional approach to cybersecurity consists mainly of focusing on the crucial aspects of the system and protect against the biggest known threats which resulted in many undefended system components as this method fails to be proactive and leaves risks viewed as less dangerous unprotected meaning attackers can find their way into systems via a small web portal left undefended. This approach quickly proved detrimental to companies because nothing was done until after an attack occurred and crucial information was placed in the hands of those with malicious intent. Thus began the need for a new approach.
Today, companies and individuals alike have become more proactive and adaptive in their practices while relying less on techniques that are set in stone and focusing on just a few known problems. Rather, companies are incorporating multiple layers of protection spread across computers, networks, and programs and focusing on employee education as this is often where they become most susceptible to attacks as seen in the case of Japan when the personal information of citizens was left exposed as the result of a pension officer opening a malicious email attachment. On an individual level, education against phishing attacks, the potential placement of malicious software, and scams is increasing greatly along with downloading protective software from trusted companies.
Cybersecurity has taken many forms with critical infrastructure, network, application, information, and cloud security as well as data loss prevention and end-user education. As the threat of these attacks continues to grow, companies and government entities are expanding their cybersecurity talent and incorporating new practices such as stronger firewalls, two-factor authentication, fingerprint recognition, and other vital steps to protect themselves as seen in the recent update of the National Institute of Standards and Technology’s risk assessment framework developed for use in banking, communications, and other industries, making it a standard for all sectors.