Crucial to the protection of information and systems in the digital world is a holistic approach to cyber defence; a holistic, reliable security strategy that can cope with the increasing complexity of today's world and withstand the rapidly growing technological capabilities of cyber attackers.
Since the dawn of human society, diplomats and military commanders have recognised the need to protect the authenticity and confidentiality of their communications. They used some advanced forms of cyphers and seals at the time to protect their messages from the enemy’s prying eyes. While this was clearly an early form of information security, the word cybersecurity includes the prefix ‘cyber’ to denote the networked digital world in which we live. Since the 1970s, when computers first started to be interconnected, smart people have tried to manipulate them and explore their possibilities. The Cap’n Crunch whistle is a famous example of one of the first computer hacks. The whistle was a toy inside a breakfast cereal box that happened to have the exact tone frequency needed to evade telephony charges.
Along with physical security, cybersecurity forms part of the IT security landscape. It combines technologies for defending connected systems, responding to threats and prioritising security activities in this area. The key to developing an integrated cybersecurity strategy is to recognise which risks and threats are relevant to the systems to be defended. This is generally achieved through the use of threat modelling and (cyber) risk analysis. A thorough risk analysis reveals the most efficient security measures to mitigate cyberrisks in a cost-effective way. Within a constantly evolving threat landscape, cybersecurity strategies and security measures must be adapted regularly based on an updated threat model and risk analysis.
Cybersecurity is multidisciplinary in that it requires a range of security measures in different areas, such as security management and organisation, secure (business) processes, disaster recovery and business continuity planning, operational security/security monitoring and response, network security, application security, and awareness raising/education of end users. In addition, it’s important to implement a coordinated set of security measures that reinforce each other to ensure that no vulnerabilities remain open to exploitation. Implementing cybersecurity measures therefore requires close collaboration between experts in all areas and is highly multidisciplinary in nature.
Cybersecurity must be integrated into every IT system as a matter of principle. However, systems connected to the internet must be given special consideration. Unfortunately, this applies to an ever increasing number of systems – even light bulbs, fridges and cars can be online nowadays. Protecting the security of these (sometimes critical) systems is therefore more important than ever, as their misuse can have disastrous consequences.
A security breach is defined as an incident that results in unauthorised access to data, applications, networks, or devices. Technically, a distinction is drawn between security breaches and data breaches. A security breach is an intrusion, whereas a data breach is when a cybercriminal steals information. This information can be sold online or used by cybercriminals to obtain additional financial information, such as bank account or passport details, that can be used for identity theft or fraud. Cyberattacks cause major reputational harm to companies and also lead to financial losses and reduced customer confidence.
A cybersecurity framework is extremely useful for all types of organisations and represents the foundation on which a company can build a strong security status. It includes guidelines, standards, and best practices for managing the risks that arise in the digital world. For example, the National Institute of Standards and Technology (NIST) focuses on risk identification, protection, detection, response, and recovery. These categories cover all aspects of cybersecurity and are a popular risk-based approach. In addition, ISO27K standards compliance require that companies manage their security risks, including threats and vulnerabilities, in a systematic way. Frameworks not only help companies to achieve a strong security status, but also send an important message to customers and business partners that the company’s assets are being managed securely, thus increasing the level of trust.
Cybersecurity and data protection are sometimes regarded as separate areas because they pursue different goals. While data protection aims to protect individuals against the misuse of their personal data, the scope of cybersecurity is much broader and also covers non-personal data. However, the fact is that the two fields are strongly interdependent – data breaches pose a very high risk to users’ private data and are therefore also associated with regulatory risks for companies that store data.
Cloud computing offers increased flexibility and development speed, and shifts the responsibilities to the cloud provider. However, the line between the provider’s and the customer’s responsibilities can sometimes become blurred, making these responsibilities difficult to manage. In the past, companies focused on providing services on their own network and securing the entire scope of that network. In a public cloud environment, it becomes more difficult to stick to this approach. Public cloud services must be integrated into a well-managed cloud cybersecurity strategy to maintain strong defences and prevent cyberattacks.
Artificial intelligence is an increasingly prevalent technology that impacts many different areas of IT. While AI remains in its infancy, some industries already use it extensively to improve detection and prediction. Both detection and prediction lie at the core of cybersecurity, be it in relation tusion deo malware analysis or network intrtection. It’s not surprising, therefore, that AI plays a supporting role in many cybersecurity products. However, AI has the potential to revolutionise the cybersecurity sector by tackling problems on a much larger scale and interpreting a huge volume of protocol data that’s very difficult for humans to analyse.
As long as we have something to lose, we all need cybersecurity. In the past, cybersecurity was only regarded as necessary for critical infrastructure such as in hospitals, financial institutions, and governments. These days, cybercrime is highly lucrative and many companies are being targeted. But cybersecurity also affects individuals. As we become increasingly reliant on digital services in our daily lives, we share a large amount of information about ourselves and others, often without realising it. Data protection is an uphill battle against technology advances that make it easier to gather and misuse information.
Companies and institutions are increasingly moving large parts of their business online. This makes them more vulnerable to cyberattacks than ever before, while these attacks are becoming more sophisticated at the same time. Barely a day goes by without news that companies have lost data due to a security breach. This means that cybersecurity is now also a key issue for companies and institutions with no prior security experience. Cybersecurity companies are being asked to develop new solutions that can be integrated into existing infrastructure and continuously adapted to new attack scenarios.
Cybersecurity is critical to companies because the repercussions of security attacks can be massive. In today’s digital world, companies must be able to deliver their goods and services more quickly and reliably than in the past. If a cybersecurity breach causes production to be suspended for several days, customers will strongly consider switching to the competition. This means that even an isolated cybersecurity breach can cause companies to collapse under market pressure.
How cybersecurity will evolve depends on the development of cybercriminals. Defence and research adapt to the nature of the new attacks and the aggressiveness, volume, and reach of the attackers. Trends that are sure to emerge include a cyberpandemic after COVID-19, increased use of artificial intelligence, improved data ecosystems as the basis for automation and prevention, better co-ordination between international law enforcement bodies, and increasing cybersecurity awareness in society.
Certain elements of cybersecurity, such as constant monitoring of systems and detection of anomalies in network traffic, are already automated. In other areas, however, automated monitoring and detection are not possible because the vulnerabilities are not yet known. Many incidents are also essentially attributable to human error – and it’s currently not possible to explain to a machine that people are misbehaving. The combination of these two factors means that people will always play a role in both cyberdefence and in the offensive.
Cybersecurity threats should be prioritised according to which organisations or individuals are affected. For end users, the most severe threats are social engineering attacks such as phishing. These attacks take advantage of human fallibility to steal confidential information and gain control. Companies and organisations face a growing threat from data theft and ransomware, wstanthich often lead to subial asset losses, reputational harm, and disruption of business continuity. At the national and societal levels, governments should develop strategies to prevent the misuse of digital data that threatens citizens’ privacy. Threats to critical infrastructure and the spreading of disinformation should also be prioritised.
Crucial to the protection of information and systems in the digital world is a holistic approach to cyber defence; a holistic, reliable security strategy that can cope with the increasing complexity of today's world and withstand the rapidly growing technological capabilities of cyber attackers. But what does a holistic, reliable security strategy look like?
Raphael Reischuk is the author of numerous scientific publications in various areas of IT security and cryptography, many of which have received awards. BILANZ and Handelszeitung listed him among the Top 100 Digital Shapers in Switzerland in 2021.
Reischuk is a member of multiple international programme committees for IT security and Vice-President of the Cybersecurity Committee at digitalswitzerland. He is also the co-founder and a board member of the National Test Institute for Cybersecurity (NTC).
In 2017, he joined Zühlke, where he channels the expertise he has gained in various industries into his role as Head of Cybersecurity. As an experienced IT security expert, he is driven by curiosity, innovation, technology, a sense of commitment and a strong business ethos.
