Final Essay

The tech stack is an interesting topic inside the cybersecurity world. Cyber threats are
becoming the number one commercial risk for organizations of all sizes, from system hacks and
DDoS attacks, to ransomware, the news about cyber-attacks are constant and every day we can
see how companies are being damaged by those attacks. There are many crimes related to cyber-
attacks among them we can see: Interruption of services, Corruption or destruction of data,
Extortion activities in which they request money, access or corporate secrets to the victims,
Damage to the reputation of the company and Privacy risks for customers and employees of the
company. It is for this reason that governments are working on updating the policies and
standards that establish responsibilities for many more organizations.
The part that surprised me the most is related to what has been commented previously.
Many companies suffer from this attack due to the mistakes the commit when developing their
technology stack. As a business owner I can understand how other companies may feel when
they receive attacks and they don’t have a solid strategy to fight back. The first step is building a
cybersecurity strategy, the reason we are doing this is simple: how can you pick the right tools
you need to solve a problem if you do not know the problem you are solving and how do you
plan to solve it? A strategy will guide you to identify and pick the right tools to solve a problem.
The second step is to design a cybersecurity tech stack that reflects your business risk profile. By
doing this you will identify the areas where cyber risks are more likely too occur and also you
can select the right tools for each specified area. The third step will be adopting a multi-layered
approach to your cybersecurity tech stack, creating layers of protection is essential because it
adds layers that a possible attacker will have to overcome one by one to get inside your system.
This will also be the case that hen one of these processes fail another process will be there to
support it. The last step will be accepting that a collaborative approach is needed. There some
cases where a company or an organization is not able to face some attacks, that will require the
direct collaboration with the law forces and the government. Vulnerabilities will always be there,
and you can count on the fact that cybercriminals will exploit them to their benefit.
 .
The part that I find most useful was understanding that one of the main reasons that
cyberattacks occur is the poor and lack of interest when writing a code. In these times we can
see how only the big companies have the most advanced security equipment and systems that
are well defended. Small businesses and companies usually opt for the cheapest security
system due to the low budget they have and sometimes we don’t even see they are protected.
Sometimes their websites are full of code bugs and are using old technology that can be
easily broken by a hacker. For that reason, I think these companies should upgrade the way
their using their software, investing more money on cybersecurity.

One part that left me curious was how Cybersecurity is evolving with the years. In the last 25
years, the cyber threat landscape has changed much faster than anyone could imagine. We have
witnessed the evolution of these dangers and have attended the main cyber-attacks that have
occurred in recent years such as WannaCry, NotPeyta, the data breaches in Equifax and Uber,
cyber-attacks on British Airways, Under Armor and Ticketmaster. But the question is how have
we overcome the challenges planned by each new generation of threats? During the 70’s, the
security in the companies was centered in guaranteeing the good use of the information on the
part of the employees trusting in the common sense to guarantee the security of the organization.
However, due to the inclusion and evolution of technology, new risks appeared that made this
“security” obsolete. The popularization of personal computers in the 80s led to the development
of the first cyber-attack tools and laid the foundations for future threats. Thus, the first generation
of cyber threats appeared on the scene characterized by the ability to replicate malicious
programs. The second generation of attacks emerged in the 1990s, after the adoption of the
Internet by users and companies.
Connectivity brought us all together and hackers specialized in stealing money, they
started using techniques that were the precursors of those used by today's cybercrime. In the
90s, Internet was used without adequate awareness of employees, information was stored on
removable devices with few security measures and physical security in the facilities remained
insufficient. In the 2000s the third generation of threats arrived, cybercriminals exploited
computer vulnerabilities of operating systems, hardware and applications. It was a totally
new field and vulnerabilities appeared everywhere. The mass adoption of email and the
social engineering possibilities it offered also had great relevance. Firewalls and antivirus
were combined to protect cyber-attacks systems, laying the foundation of today's business
security infrastructure. In the 2010s, cyberattacks reached unprecedented levels of
sophistication. Criminals joined professional organizations and began developing zero-day
malware. Cyber attacks became stealthy and difficult to identify, viruses could be hidden in
all sites, from attached documents, false commercial information to image files. All a user
had to do to fall into the trap was to click on the malicious document and his device became
infected. Fourth-generation attacks made detection-based security no longer effective in
protecting companies by not being able to recognize unknown threats. As we can see
cybersecurity is everyday changing what means each day represents a challenge for the
government companies and businesses.