What Is Cybersecurity?

Cybersecurity threats are continually evolving as malicious actors develop new tactics, techniques, and procedures (TTPs). However, many risks have evolved from the following established forms of cyber threats, or are hybrid (or blended) attacks that combine TTPs for greater malicious impact. 

Malware is malicious software, often delivered via email or clickable links in messages and is designed to infect systems and compromise their security. Common types of malware include viruses, worms, Trojans, spyware, and increasingly, ransomware. 

Ransomware is a type of malware that encrypts a system’s data, effectively holding an organization’s data hostage, with the attacker demanding payment (ransom) to unlock the data or provide the decryption key. 

Phishing are attacks that involve deceptive email or messages that trick individuals into revealing sensitive information, such as passwords, credit card numbers, or personal data.

Social engineering attacks involve manipulating behavioral or psychological traits to deceive victims into divulging confidential information, or to take actions or make decisions that compromise security. Phishing and social engineering are often used in combination to manipulate victims and can be quite targeted, such as a phishing email followed by a phone call from someone impersonating a trusted individual (i.e., from a bank or the IT department).  

Distributed denial of service (DDoS) attacks degrade infrastructure by flooding the target resource with traffic, overloading it to the point of inoperability. A denial-of-service (DoS) attack can also be initiated through a specifically crafted message that impairs application performance; for example, a web request that generates a complex SQL query resulting in high CPU usage and degraded system performance. DDoS attacks involve multiple sources or a botnet, which is a network of compromised computers or devices under the control of an attacker who coordinates these multiple sources and launches the attack against the target.

Man-in-the-Middle (MitM) attacks occur when an attacker intercepts communications between two parties without their knowledge or consent, allowing the attacker to eavesdrop on the conversation, steal information, or even manipulate the data being transmitted. MitM attacks can happen in a number of ways: An attacker may intercept wireless communications within a public Wi-Fi network, or may engage in session hijacking, when attackers steal session cookies or tokens to impersonate users and gain unauthorized access to web applications.

Insider threats are security risks posed by individuals within an organization who have access to the organization's systems, data, or networks. These individuals may be current or former employees, contractors, partners, or anyone with legitimate access privileges. Insider threats can be intentional or unintentional and can result in various types of cybersecurity incidents including sabotage, data theft, mishandling of data, and falling for phishing or social engineering attacks. 

Web application attacks are malicious activities directed at web applications, websites, and web services, with the aim of exploiting vulnerabilities and compromising their security. App modernization efforts and the resulting evolution of many traditional web apps to API-based systems across hybrid and multi-cloud environments has dramatically increased the threat surface. 

There are many risks security teams must consider for web apps and APIs, including:

• Vulnerability exploits, which are weaknesses or defects in software that criminals can target to compromise security, including execution of malicious code. These are often caused by unsupported or unpatched software, software bugs, or misconfigurations. 
• Business logic abuse, which arise when attackers manipulate the expected behavior of a web application to achieve malicious objectives. This may entail manipulating an application’s workflows to gain access to restricted areas or to perform unauthorized transactions or access sensitive data. Bots and malicious automation now impact every aspect of modern life—preventing the purchase of concert tickets, stealing loyalty points, or committing fraud by taking over customer accounts. 
• Bypass of authentication and authorization controls, which can occur when insufficient enforcement of access controls and authorization allow attackers to gain access to unauthorized functionality or data.
• Client-side attacks, which are threats that target software or components in the user’s devices, such as a web browser or installed applications. A common form of client-side attack is Cross-Site Scripting (XSS), in which attackers inject malicious client-side scripts, such as JavaScript, into web pages viewed by other users. This can result in the theft of sensitive information, such as login credentials, personal data, or session cookies. Modern apps typically have many interdependencies, such as third-party integrations, libraries, and frameworks. Security teams may not have visibility into all these components that execute on the client side—opening a threat vector for attackers to execute malicious scripts and exfiltrate data directly from a web browser. 
• Security misconfiguration, when attackers attempt to find unpatched flaws, common endpoints, services running with insecure default configurations, or unprotected files and directories to gain unauthorized access to a system. Security misconfiguration is an increasing risk as architecture continues to decentralize and becomes distributed across multi-cloud environments.
• Cryptographic failures, which can result when data is inadequately protected during transit and at rest. 
• For more information on web application attacks, see the glossary entry on the OWASP Foundation or the OSWASP Top 10 Application Security Risks homepage. 

Developing and maintaining incident response and recovery plans are critical components of a cybersecurity strategy that helps organizations prepare for, respond to, and recover from cyberattacks and breaches. This strategy should include the following components:

• Develop an incident response plan. This can play a significant role in mitigating security breaches by providing a structured and proactive approach to identifying and responding to potential cybersecurity incidents. This includes identifying stakeholders and determining roles and responsibilities in a clear chain of command for reporting and escalating incidents. Develop procedures for monitoring networks and systems for suspicious activities and signs of compromise and enact detailed step-by-step measures to contain and mitigate breaches. Regularly test the incident response plan to identify weaknesses and improve responses. 
• Develop business continuity plans and disaster recovery (BCDR) strategies. BCDR plans help ensure the continuation of critical business operations in the face of disruptions, such as security breaches. An essential element of BCDR plans is regular data backups to ensure that data can be restored to a previous, clean state in case of a data breach or data corruption. All BCDR plans must be regularly tested through drills and exercises to confirm their effectiveness, and to allow organizations to identify weaknesses and refine response strategies.
• Deploy a Web Application Firewall, which can serve as a critical stopgap to mitigate vulnerability exploits. 

Cybersecurity continues to evolve and adapt to new threats and to meet new challenges. Emerging trends in cybersecurity reflect not just the changing threat landscape but also major advancements in technology. These trends include: 

• Artificial intelligence and machine learning in cybersecurity. Today’s enterprises face the challenge of securing a rapidly expanding attack surface that spans traditional and modern application architectures and multiple clouds, on-prem data centers, edge sites, and innumerable endpoint devices. Organizations are increasingly turning to AI and ML to scale enterprise cybersecurity across distributed computing environments, allowing for more adaptive and responsive security measures. AI and ML are employed in cybersecurity solutions to enhance threat detection, automate incident response, and analyze vast datasets to identify patterns and anomalies indicative of cyber threats, as well to employ automated mitigations via closed-loop insights and remediation. Additionally, AI and ML are also used by cybercriminals to create more realistic phishing attacks and deepfake content, posing new challenges for cybersecurity defenders.
• Internet of Things (IoT) security. Intelligent networked devices, such as smart thermostats that check tomorrow’s forecast or refrigerators that inventory and order food automatically bring many advantages but also deliver abundant cybersecurity threats. Many IoT devices lack robust security features and may have default usernames and passwords that are seldom changed, making them easy targets for attackers who can take control of the devices for malicious purposes, such as data theft or privacy violations. Compromised IoT devices can also be enlisted into botnets and used to launch Distributed Denial of Service (DDoS) attacks. To mitigate these threats, organizations that employ IoT devices must establish comprehensive IoT security policies and practices to prevent bad actors from taking control of these connected devices.  
• Cloud security. As organizations use more cloud services and providers, they face an expanded risk surface and increasingly sophisticated security threats. A traditional perimeter-based security approach is no longer sufficient to protect a decentralized and distributed architecture. Hybrid cloud security and multi-cloud security are models that provide consistent and comprehensive risk management to protect all apps, APIs, and workloads in an organization’s environment, regardless of where they are hosted. Hybrid and multi-cloud security helps organizations achieve a stronger security posture by deploying consistent security controls and policies across multiple cloud services that integrate with each cloud provider's native toolsets and features. Using multiple layers of security provides a defense-in-depth approach that can improve resilience against outages and disruptions, and also delivers agility as apps and APIs evolve.
• Blockchain technology and cybersecurity. Certain blockchain technologies can be applied to enhance cybersecurity, including decentralized identity management and secure data sharing among authorized parties. In addition, blockchain's immutable ledger can serve as a transparent and tamper-proof audit trail to verify the integrity of logs, transactions, and other critical security records. However, blockchain technologies are not immune to cybercrime. The security of blockchain systems relies on various factors, including the specific blockchain's design, consensus mechanism, and the vigilance of users and developers. Cryptocurrency can be stolen from computers as easily as credit card numbers or credentials, and blockchain-based platforms like NFT marketplaces are frequently breached by bots and automated attacks. In addition, the popularity of cryptocurrency mining has given rise to the cybercrime of cryptojacking, in which attackers target and take over servers to install software designed to perform cryptocurrency mining. Capturing system resources and forcing them to mine for cryptocurrency can be very profitable for criminals, given sufficient compute resources.

Numerous compliance requirements and regulations establish cybersecurity standards that organizations and government entities must adhere to protect sensitive data and mitigate cyber threats. In addition, the Cybersecurity and Infrastructure Security Agency (CISA), part of the U.S. Department of Homeland Security, serves as a national hub for cybersecurity information, and the agency operates a 24/7 situational awareness, analysis, and incident response center. CISA provides a National Cyber Incident Response Plan that delineates the role that private sector entities, state and local governments, and multiple federal agencies play in responding to cybersecurity incidents. CISA also offers Incident Response Training that promotes basic cybersecurity awareness and advocates best practices to help organizations prepare an effective response if a cyber incident occurs, and strategies to prevent incidents from happening in the first place. Major compliance requirements and regulations include: 

• General Data Protection Regulation (GDPR), which defines privacy protections and obligations for companies that handle personal data originating in the EU. GDPR sets stringent rules for data processing, security, and cross-border data transfers, with significant penalties for non-compliance. Any company that processes personal data originating in the EU or the data of an EU resident—whether the company has operations in the EU or not—is covered by the GDPR.
• California Consumer Privacy Act (CCPA), a governmental framework designed to help safeguard California consumers' sensitive personal information. The CCPA secures data privacy rights for Californians, including the right to know about the personal information a business collects, how it is used and shared, the right to delete personal information collected (with some exceptions), and the right to opt out of the sale or sharing of personal information.
• Payment Card Industry Data Security Standard (PCI DSS), an information security standard designed to increase controls around cardholder data to reduce payment card fraud. PCI DSS delineates the minimum security requirements that merchants must meet when they store, process, and transmit cardholder data. The requirements include enhancements to ensure safe and secure online transactions to protect consumers, businesses, and card issuers during online commercial transactions. 
• Health Insurance Portability and Accountability Act (HIPAA), a federal law that protects the privacy and security of patients' health information in the United States and ensures the portability of health insurance coverage. HIPAA’s Security Rule establishes a national set of security standards for protecting certain health information that is held or transferred in electronic form. It also addresses the technical and non-technical safeguards that organizations must put in place to secure individuals' electronic protected health information.
• The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that promotes the adoption of secure cloud services across the federal government. By providing a standardized approach to security and risk assessment for cloud technologies and federal agencies, FedRAMP enables the federal government to accelerate the adoption of cloud computing by creating transparent standards and processes for security authorizations, allowing agencies to leverage security authorizations on a government-wide scale.

Increasingly sophisticated cyber threats highlight the need for ongoing security training and certification to keep current with the evolving threat landscape and gain necessary specialized skills. In fact, there is a general shortage of IT security professionals and many academic institutions and training programs struggle to keep up with the demand. Cybersecurity is a complex and multidisciplinary field that encompasses various domains and requires a curiosity mindset, and finding professionals with expertise in all these areas can be difficult.

Perhaps the most highly respected cybersecurity certification is the Certified Information Systems Security Professional (CISSP), which is awarded by the International Information System Security Certification Consortium, or (ISC)². The CISSP certification is a globally recognized benchmark for information security professionals, and typically requires at least five years of cumulative work experience and passage of a rigorous exam. 

Another leading cybersecurity training and certification organization is EC-Council, which offers a wide range of courses and trainings for professional security positions, including a certification as a Certified Ethical Hacker. This program specializes in teaching how to test the security of computer systems, networks, and applications using the techniques of malicious hackers. By identifying vulnerabilities before cybercriminals can exploit them, ethical hackers help protect sensitive information and critical infrastructure from cyberattacks. 

The Computing Technology Industry Association (CompTIA) is another leading cybersecurity training and certification organization. CompTIA’s Security+ is a global certification that validates the baseline skills necessary to perform core security functions and enables successful candidates to pursue an IT security career.

Awareness of cybersecurity threats and best practices for mitigating them is crucial for protecting your organization’s sensitive information, critical assets, and infrastructure. This knowledge allows you to take proactive steps to protect against these threats and attack methods and put in place effective risk management and incident response plans that can enable your organization to respond quickly and effectively to unplanned events. This can greatly minimize the impact of a cybersecurity incident and speed up the recovery process.

F5 offers a comprehensive suite of cybersecurity offerings that deliver robust protection for apps, APIs, and the digital services they power. These solutions—including WAFs, API security, bot defense, and DDoS mitigation—protect apps and APIs across architectures, clouds, and ecosystem integrations, reducing risk and operational complexity while accelerating digital transformation and reducing total cost of app security. Our security solutions just work—for legacy and modern apps, in data centers, in the cloud, at the edge, in the architecture you have now, and the ones that will support your organization in the years to come.