Skip to content

Security
Products
Solutions
Services
Learn
Explore More

What is cybersecurity?
Cybersecurity technology and best practices protect critical systems and sensitive
information from an ever-growing volume of continually evolving threats

● What is cybersecurity?
● Cybersecurity domains
● Dangerous cybersecurity myths
● Common cyber threats
● Key cybersecurity technologies and best practices
● Zero trust security strategy
● Cybersecurity and IBM
● Solutions
● Resources
What is cybersecurity?
Cybersecurity is the practice of protecting critical systems and sensitive information
from digital attacks. Also known as information technology (IT) security, cybersecurity
measures are designed to combat threats against networked systems and applications,
whether those threats originate from inside or outside of an organization.

In 2020, the average cost of a data breach was USD 3.86 million globally, and USD
8.64 million in the United States. These costs include the expenses of discovering and
responding to the breach, the cost of downtime and lost revenue, and the long-term
reputational damage to a business and its brand. Cybercriminals target customers’
personally identifiable information (PII) — names, addresses, national identification
numbers (e.g., Social Security number in the US, fiscal codes in Italy), and credit card
information — and then sell these records in underground digital marketplaces.
Compromised PII often leads to a loss of customer trust, the imposition of regulatory
fines, and even legal action.

Security system complexity, created by disparate technologies and a lack of in-house

expertise, can amplify these costs. But organizations with a comprehensive
cybersecurity strategy, governed by best practices and automated using advanced
analytics, artificial intelligence (AI) and machine learning, can fight cyberthreats more
effectively and reduce the lifecycle and impact of breaches when they occur.

Cybersecurity domains
A strong cybersecurity strategy has layers of protection to defend against cyber crime,
including cyber attacks that attempt to access, change, or destroy data; extort money
from users or the organization; or aim to disrupt normal business operations.
Countermeasures should address:

● Critical infrastructure security - Practices for protecting the computer systems,

networks, and other assets that society relies upon for national security,
economic health, and/or public safety. The National Institute of Standards and
Technology (NIST) has created a cybersecurity framework to help organizations
in this area, while the U.S. Department of Homeland Security (DHS) provides
additional guidance.

● Network security - Security measures for protecting a computer network from

intruders, including both wired and wireless (Wi-Fi) connections.

● Application security - Processes that help protect applications operating

on-premises and in the cloud. Security should be built into applications at the
design stage, with considerations for how data is handled, user authentication,
etc.

● Cloud security - Specifically, true confidential computing that encrypts cloud data
at rest (in storage), in motion (as it travels to, from and within the cloud) and in
use (during processing) to support customer privacy, business requirements and
regulatory compliance standards.
 ● Information security - Data protection measures, such as the General Data
Protection Regulation or GDPR, that secure your most sensitive data from
unauthorized access, exposure, or theft.

● End-user education - Building security awareness across the organization to

strengthen endpoint security. For example, users can be trained to delete
suspicious email attachments, avoid using unknown USB devices, etc.

● Disaster recovery/business continuity planning - Tools and procedures for

responding to unplanned events, such as natural disasters, power outages, or
cybersecurity incidents, with minimal disruption to key operations.

● Storage security - IBM FlashSystem® delivers rock solid data resilience with
numerous safeguards. This includes encryption and immutable and isolated data
copies. These remain in the same pool so they can quickly be restored to support
recovery, minimizing the impact of a cyber attack.

● Mobile security - IBM Security® MaaS360 with Watson enables you to manage
and secure your mobile workforce with app security, container app security and
secure mobile mail.

Dangerous cybersecurity myths

The volume of cybersecurity incidents is on the rise across the globe, but
misconceptions continue to persist, including the notion that:

● Cybercriminals are outsiders. In reality, cybersecurity breaches are often the

result of malicious insiders, working for themselves or in concert with outside
hackers. These insiders can be a part of well-organized groups, backed by
nation-states.
● Risks are well-known. In fact, the risk surface is still expanding, with thousands of
new vulnerabilities being reported in old and new applications and devices. And
opportunities for human error - specifically by negligent employees or contractors
who unintentionally cause a data breach - keep increasing.
● Attack vectors are contained. Cybercriminals are finding new attack vectors all
the time - including Linux systems, operational technology (OT), Internet of
Things (IoT) devices, and cloud environments.
● My industry is safe. Every industry has its share of cybersecurity risks, with cyber
adversaries exploiting the necessities of communication networks within almost
every government and private-sector organization. For example, ransomware
 attacks (see below) are targeting more sectors than ever, including local
governments and non-profits, and threats on supply chains, ".gov" websites, and
critical infrastructure have also increased.

Common cyber threats

Although cybersecurity professionals work hard to close security gaps, attackers are
always looking for new ways to escape IT notice, evade defense measures, and exploit
emerging weaknesses. The latest cybersecurity threats are putting a new spin on
“known” threats, taking advantage of work-from-home environments, remote access
tools, and new cloud services. These evolving threats include:
Malware
The term “malware” refers to malicious software variants—such as worms, viruses,
Trojans, and spyware—that provide unauthorized access or cause damage to a
computer. Malware attacks are increasingly “fileless” and designed to get around
familiar detection methods, such as antivirus tools, that scan for malicious file
attachments.

Read the 2022 Threat Intelligence Index on Malware

Ransomware
Ransomware is a type of malware that locks down files, data or systems, and threatens
to erase or destroy the data - or make private or sensitive data to the public - unless a
ransom is paid to the cybercriminals who launched the attack. Recent ransomware
attacks have targeted state and local governments, which are easier to breach than
organizations and under pressure to pay ransoms in order to restore applications and
web sites on which citizens rely.
Phishing / social engineering
Phishing is a form of social engineering that tricks users into providing their own PII or
sensitive information. In phishing scams, emails or text messages appear to be from a
legitimate company asking for sensitive information, such as credit card data or login
information. The FBI has noted about a surge in pandemic-related phishing, tied to the
growth of remote work.
Insider threats
Current or former employees, business partners, contractors, or anyone who has had
access to systems or networks in the past can be considered an insider threat if they
abuse their access permissions. Insider threats can be invisible to traditional security
solutions like firewalls and intrusion detection systems, which focus on external threats.
Distributed denial-of-service (DDoS) attacks
A DDoS attack attempts to crash a server, website or network by overloading it with
traffic, usually from multiple coordinated systems. DDoS attacks overwhelm enterprise
networks via the simple network management protocol (SNMP), used for modems,
printers, switches, routers, and servers.
Advanced persistent threats (APTs)
In an APT, an intruder or group of intruders infiltrate a system and remain undetected for
an extended period. The intruder leaves networks and systems intact so that the
intruder can spy on business activity and steal sensitive data while avoiding the
activation of defensive countermeasures. The recent Solar Winds breach of United
States government systems is an example of an APT.
Man-in-the-middle attacks
Man-in-the-middle is an eavesdropping attack, where a cybercriminal intercepts and
relays messages between two parties in order to steal data. For example, on an
unsecure Wi-Fi network, an attacker can intercept data being passed between guest’s
device and the network.

Key cybersecurity technologies and best practices

The following best practices and technologies can help your organization implement
strong cybersecurity that reduces your vulnerability to cyber attacks and protects your
critical information systems, without intruding on the user or customer experience:

● Identity and access management (IAM) defines the roles and access privileges
for each user, as well as the conditions under which they are granted or denied
their privileges. IAM methodologies include single sign-on, which enables a user
to log in to a network once without re-entering credentials during the same
session; multifactor authentication, requiring two or more access credentials;
privileged user accounts, which grant administrative privileges to certain users
only; and user lifecycle management, which manages each user's identity and
access privileges from initial registration through retirement. IAM tools can also
give your cybersecurity professionals deeper visibility into suspicious activity on
end-user devices, including endpoints they can’t physically access. This helps
speed investigation and response times to isolate and contain the damage of a
breach.

● A comprehensive data security platform protects sensitive information across

multiple environments, including hybrid multicloud environments. The best data
security platforms provide automated, real-time visibility into data vulnerabilities,
as well as ongoing monitoring that alerts them to data vulnerabilities and risks
before they become data breaches; they should also simplify compliance with
government and industry data privacy regulations. Backups and encryption are
also vital for keeping data safe.
 ● Security information and event management (SIEM) aggregates and analyzes
data from security events to automatically detect suspicious user activities and
trigger a preventative or remedial response. Today SIEM solutions include
advanced detection methods such as user behavior analytics and artificial
intelligence (AI). SIEM can automatically prioritize cyber threat response in line
with your organization's risk management objectives. And many organizations
are integrating their SIEM tools with security orchestration, automation and
response (SOAR) platforms that further automate and accelerate an
organizations response to cybersecurity incidents, and resolve many incidents
without human intervention.

Zero trust security strategy

Businesses today are connected like never before. Your systems, users and data all live
and operate in different environments. Perimeter-based security is no longer adequate
but implementing security controls within each environment creates complexity. The
result in both cases is degraded protection for your most important assets. A zero trust
strategy assumes compromise and sets up controls to validate every user, device and
connection into the business for authenticity and purpose. To be successful executing a
zero trust strategy, organizations need a way to combine security information in order to
generate the context (device security, location, etc.) that informs and enforces validation
controls.

Cybersecurity and IBM

IBM Security offers one of the most advanced and integrated portfolios of enterprise
security products and services. The portfolio, supported by world-renowned IBM
X-Force® research, provides security solutions to help organizations drive security into
the fabric of their business so they can thrive in the face of uncertainty.

For help with risk assessment, incident detection, and threat response, be sure to check
out:

● IBM X-Force Exchange (link resides outside of ibm.com) for global threat
intelligence
● IBM Security Services for cybersecurity strategy alignment
● IBM Security Command Center for deep cyber range experience

For the latest cybersecurity strategies, trends and insights from IBM Security experts,
visit the IBM Security Intelligence (link resides outside of ibm.com) site.
Learn more about IBM Security products and services
Solutions
IBM Cloud Pak® for Security
Integrate security tools to gain insights into threats across hybrid, multicloud
environments.
● Learn about IBM Cloud Pak for Security

AI and cybersecurity
AI is changing the game for cybersecurity, analyzing massive quantities of risk data to
speed response times and augment under-resourced security operations.
● AI and Cybersecurity

IBM Security® QRadar®

Learn about intelligent security analytics for insight into your most critical threats.
● IBM Security QRadar

Zero trust security

Organizations are turning to zero trust security solutions to help protect their data and
resources by making them accessible only on a limited basis and under the right
circumstances.
● Explore zero trust security solutions

Cloud security solutions

Integrating cloud into your existing enterprise security program is not just adding a few
more controls or point solutions. It requires an assessment of your resources and
business needs to develop a fresh approach to your culture and cloud security strategy.
● Explore cloud security solutions

Data security solutions

Protect enterprise data across multiple environments, meet privacy regulations and
simplify operational complexity.
● Explore data security solutions

Unified endpoint management (UEM)

Have permanent view and control of essentially all your mobile devices, apps and
content. Run AI-powered security analytics and maintain security across all your
platforms.
● Explore UEM solutions

Resources

Cost of a data breach

The Cost of a Data Breach Report explores financial impacts and security measures
that can help your organization avoid a data breach, or in the event of a breach, mitigate
costs.
Cyber threats report

Read the X-Force Threat Intelligence Index to understand the threat landscape and get
recommendations to help you bolster your security strategy for the future.
Cybersecurity Tutorials for Devs
Stay up-to-date on the latest best practices to help protect your network and data.
Identity Access Management

In these times, it’s critical that we ensure the right people can use the right applications
or data when they need to. IAM allows this to happen.
IBM Office of CIO

Learn why the IBM CIO office turned to IBM Security Verify for next-generation digital
authentication across its workforce and clients.
Commercial International Bank
Read how Commercial International Bank modernized its digital security with IBM
Security solutions and consulting to create a security-rich environment for the
organization.
● Products &
Solutions
● Top products &
platformsIndustriesArtificial
intelligenceBlockchainBusiness
operationsCloud
computingData &
AnalyticsHybrid cloudIT
infrastructureSecuritySupply
chain

Learn about
● What is Hybrid Cloud?What is
Artificial intelligence?What is
Cloud Computing?What is
Kubernetes?What are
Containers?What is
DevOps?What is Machine
Learning?

Popular links
● IBM
ConsultingCommunitiesDevelo
per educationSupport -
Download fixes, updates &
driversIBM ResearchPartner
with us - PartnerWorldTraining
- CoursesUpcoming events &
webinars
 About IBM
● Annual reportCareer
opportunitiesCorporate social
responsibilityDiversity &
inclusionIndustry analyst
reportsInvestor relationsNews
& announcementsThought
leadershipSecurity, privacy &
trustAbout IBM

Follow IBM
LinkedInTwitterInstagramSubscription
Center
Contact IBMPrivacyTerms of
useAccessibilityCookie Preferences
Let’s talk
ID–En

Hello! How can we help you?

I need support
I have a sales question