This report covers a basic introduction to cybersecurity, key frameworks and how to develop a conceptual overview of the industry. We’ll cover each of the following categories in more depth over upcoming sessions. This is an extension of my cybersecurity deep-dive and cybersecurity landscape.
Cybersecurity is unlike any other technology vertical. Its a space defined by its ability to respond to two constantly evolving forces: the creativity of technologists and hackers. At the core, cybersecurity is all about protecting a company’s most valuable asset: data. The objective is to protect this asset against malicious actors (internal or external to the organization) and ensure business continuity.
Cybersecurity continues to grow because the cost of performing an attack against an adversary has been significantly lowered with technology. For example, today, some of the largest and most common cyber attacks are ransomware attacks. Ransomware attacks have increased over the last decade, largely thanks to the development of Ransomware-as-a-Service (RaaS), a model that uses affiliates to deploy already-developed ransomware software. According to Sophos’ Ransomware report, the average ransom paid by mid-sized organizations for their stolen data was $170K. Added to this, the average cost for recovering from a ransomware attack — including downtime, lost people time, device cost, network cost, lost opportunity, and the ransom itself — was $1.85 million.
Cybersecurity frameworks have been developed by major cybersecurity bodies to help industry practitioners build and develop standards and guidelines for how to secure organizations. There are many frameworks used to beef up cybersecurity at large or small enterprises, but the two most common are:
The CIA Triad is one of the gold standard for developing robust cybersecurity for companies. It is utilized by cybersecurity executives when implementing strategies to secure their attack surface.
Source: NIST CIA Triad