What is Cybersecurity?

Cybersecurity refers to the processes and technology used to protect information technology networks, data, people, servers, endpoint devices and other IT-related systems from cyberattacks. The need for this protection has never been greater. All organizations (in both private and public sectors) now exist in a threat landscape that allows attacks against their IT infrastructure. Irrespective of where you deploy applications and IT services (on-premises, cloud or a hybrid mixture), the threats are real and immediate.

The most destructive threats in 2025 (and for the foreseeable future) are ransomware, phishing and supply chain attacks. All of these can, and do, cause significant operational damage to organizations that fall victim to them. In the worst cases, the damage can destroy a business. A recent example of this is the demise of KNP Logistics in the UK, which had been trading for 158 years. All due to a ransomware attack after cyberattackers guessed a user’s password. The company lacked sufficient password management and layered security controls, which contributed to the severity of the breach.

In this two-part series, we’ll cover common points about cybersecurity and provide a brief history of the topic. Before diving in, here are three questions we often see asked.

What is cybersecurity? It’s the discipline of defending IT infrastructure, applications and data from malicious actions.

Why is it important? Cyberattacks can disrupt operations, damage reputations and result in financial losses that no insurance policy can fully compensate for.

What are the basics? Cybersecurity combines technology, processes and people to prevent, detect and respond to cyberthreats.

A Brief History of Cybersecurity

The history of cybersecurity as a discipline stretches back decades. Most people accept that the dawn of the cybersecurity age happened in 1988 with the release of the Morris Worm. This was the first major Internet-related cybersecurity incident that broke through into general news coverage, and it resulted in the first conviction in the USA under the 1986 Computer Fraud and Abuse Act.

The following decade saw the rise of viruses targeting the increasingly popular PCs that were becoming common for business and home use. The advent of anti-virus software is synonymous with the 1990s. By the early 2000s, attacks had evolved to include a wide range of types and had become increasingly coordinated, carried out by state-backed groups and large criminal organizations. Since 2010, we’ve seen a growth in the number and sophistication of attacks. Some notable examples are:

• WannaCry (2017) - A ransomware attack directed at Ukraine spread and impacted numerous global systems.
• Colonial Pipeline (2021) - A ransomware attack caused fuel shortages across the US East Coast.
• KNP Logistics (2023) - A ransomware attack forced the closure of a 158-year-old business.

Types of Cybersecurity

Over the years, cybersecurity has split into multiple categories. None of those that follow can deliver robust cybersecurity defense on its own. A modern cybersecurity strategy usually involves numerous layers working together to strengthen protection.

Network Security - Protects the network infrastructure and data in transit over the network from unauthorized access, misuse and attacks. It forms the backbone of defense through solutions that monitor traffic flows and identify suspicious activity, allowing defenders to contain and then eradicate attackers and their malicious software. Servers in on-premises data centers and cloud platforms typically get included in network security. Although some discussions separate servers into their own category.

Endpoint Security - Delivers security for devices such as laptops, smartphones, tablets and increasingly IoT sensors connected to the network. Each endpoint represents a potential entry point for attackers and endpoint protection is essential.

Application Security – Provides security for applications to protect them from attacks across their deployment infrastructure and throughout their lifecycle. It includes using secure coding practices, regular security testing and runtime detection for exploitation attempts.

Cloud Security – Helps safeguard data and workloads in cloud environments through encryption, identity management and monitoring. Includes attention to non-technical aspects of cloud computing like shared responsibility models, complex configuration management and multi-tenant security concerns.

Identity and Access Management (IAM) - Controls who can access what resources, so only authorized users have access to systems and data. IAM uses principles like least privilege and zero trust to minimize unauthorized access risks.

Operational Security - Covers all the processes, procedures and cultural practices for handling and protecting data, including incident response, training, planning and more.

IoT Security - Manages the expanding ecosystem of connected devices, from smart building systems to industrial sensors, each of which is potentially vulnerable to compromise. This is an increasingly important category of cybersecurity.

Common Cyberthreats

The threats currently faced are numerous and varied. Organizations need to build a multifaceted defensive strategy to guard against these and other attack methods.

Ransomware - The biggest threat facing organizations, ransomware deploys software that encrypts business-critical data and systems, rendering them unusable. Attackers seek a ransom payment to supply a code or a software tool to decrypt the impacted systems. It is worth noting that multiple surveys and analyses of ransomware indicate that approximately 40% of those who pay a ransom never receive a method to decrypt their files. A Network Detection and Response (NDR) solution that monitors the network for anomalous activity plays a crucial role in detecting and mitigating ransomware attacks.

Malware - Malicious software designed to damage, disrupt or gain unauthorized access to systems (ransomware is technically a form of malware, but it’s so prevalent it’s discussed independently). Modern malware frequently remains dormant for months before activating and stealing data or facilitating other attacks. NDR solutions are designed to identify malware communications and unusual traffic patterns that indicate malware activity.

Social Engineering - An attack type that manipulates human behavior to try to bypass technical security controls via human mistakes. Attackers often research their targets extensively through online profiles before crafting convincing scenarios that encourage victims to provide access or information voluntarily.

Phishing - A social engineering attack type that tricks employees into revealing credentials or installing malware through deceptive emails, texts or websites. The 2020 SolarWinds breach began with a phishing email that eventually compromised 18,000 organizations worldwide, including government agencies and Fortune 500 companies.

Insider Threats - Not all threats originate from criminals on the internet. Many involve authorized users, such as employees, contractors or partners, who have legitimate access and then misuse it intentionally or accidentally. These threats are particularly insidious because insiders have legitimate access and reasons to access many systems. Monitoring access to systems not typically used by insiders is a key part of identifying potential threats.

Distributed Denial of Service (DDoS) - These attacks overwhelm computer systems by flooding websites or web applications with excessive traffic. This results in service outages and business disruptions. While not directly destructive, attackers often use these attacks to conceal their other malicious activities or sometimes attempt to extort businesses reliant on online operations by demanding a ransom payment to stop the attack traffic.

Zero-Day Exploits - Many vulnerabilities are known and can be mitigated with known defenses and a diligent system patching regime. However, new exploits emerge all the time, and many of these target previously unknown software vulnerabilities, giving organizations little time to patch their systems before attacks begin. These are known as zero-day exploits. NDR solutions offer visibility into unusual network behaviors that may indicate a zero-day attack is in process.

Core Cybersecurity Technologies and Tools

As we’ve demonstrated, a modern cybersecurity strategy requires a multi-layered approach. Within such a strategy, multiple technological solutions and human processes must work together to provide the necessary security. The following examples illustrate various technologies employed in cybersecurity defenses.

Firewalls - Firewalls are network border gatekeepers that control network traffic based on predetermined rules. Modern firewalls incorporate deep packet inspection and application awareness for enhanced protection.

Web Application Firewalls (WAF) - In addition to the application awareness that some border firewalls have, the deployment of dedicated web application firewalls (WAFs) is core to modern cybersecurity. WAFs typically get deployed with load balancers, and many have a WAF built in. Progress LoadMaster load balancers include a WAF. As load balancers direct network requests to the optimal application server, the WAF inspects the network packets for any suspicious data and blocks traffic that it can’t verify as safe.

Authentication solutions - Authentication and authorization need more than a simple account name and password. At the very least, organizations should supplement their security with multi-factor authentication. Additional solutions to consider are passkeys based on digital certificates to replace login names and passwords completely, comprehensive Identity and Access Management (IAM) or Privileged Access Management (PAM) solutions that take IAM to the next level by providing just-in-time access to sensitive systems, and logging of all activities carried out by a logged-in user.

Zero Trust Network Access (ZTNA) - ZTNA applies zero-trust security to all network access and its associated systems. Zero-trust security assumes that all access requests and sessions are hostile, regardless of their origin. A user connecting from a known PC in the corporate HQ gets treated the same as a remote user connecting from an unknown location over a VPN (Virtual Private Network). Applying zero-trust security, typically in conjunction with network micro-segmentation, means that a single successful logon does not grant access to all other systems on the network. Each access must be verified and authenticated individually. This may seem onerous for users, but there are ways to implement it that maintain the principles without burdening staff.

Encryption Technologies - Encryption protects data at rest on servers and devices, as well as during transit across the network. Encryption uses standard cryptographic protocols such as AES-256 for data at rest and TLS 1.3 for data in transit across networks.

Remote Access Solutions - The working landscape has undergone significant changes over the past decade. Many people are now working remotely for part of the time. This means that they need to have access to business systems and applications from their homes, or even from anywhere with an internet connection. This has increased the attack surface available to cybercriminals and increased the pressure on security teams. The traditional approach to providing secure remote access is via a corporate VPN. These are still common, but as the number of people working remotely has increased, VPNs have proven challenging to scale and manage. Other solutions, such as Secure Access Service Edge (SASE) and Software Defined Wide Area Network (SD-WAN), have gained popularity. Regardless of how remote access is delivered, once user sessions are active on the corporate network, it’s critical to monitor for suspicious activity that may indicate a potential security breach. Progress Flowmon ADS delivers this monitoring.

Security Information and Event Management (SIEM) - SIEM systems collect and analyze security logs from multiple security tools across the network. The SIEM combines and analyzes all this data to provide a centralized, comprehensive view of the current security posture.

Network Detection and Response (NDR) - NDR analyzes network traffic patterns to identify threats that bypass perimeter defenses. Solutions like Flowmon ADS provide real-time network visibility and automated threat detection, crucial for identifying lateral movement and command-and-control communications used by attackers or any malware they have deployed.

Extended Detection and Response (XDR) - XDR integrates multiple security tools and data sources into unified platforms. Unlike legacy approaches where security teams manage separate solutions, XDR correlates telemetry from endpoints, networks, cloud environments, email systems and identity platforms to provide extensive threat visibility.

Endpoint Detection and Response (EDR) - EDR solutions provide monitoring and protection for endpoints, including servers, desktops, laptops and mobile devices. EDR solutions typically collect and analyze behavioral data, file activities, network connections and running processes. Unlike traditional anti-virus software, which relies primarily on signature-based detection (see below), EDR employs advanced analytics, machine learning algorithms and behavioral analysis to identify new and zero-day threats, fileless attacks and sophisticated malware that may evade conventional defenses.

Anti-Virus Software - Anti-virus is a foundational layer of endpoint protection that has evolved significantly from its origins. Traditional anti-virus engines maintain extensive databases of known malware signatures that identify specific threats. Anti-virus solutions scan files, email attachments, downloads and system memory to look for these signatures, then take security actions if any are detected.

As previously mentioned, Flowmon Intelligent Network Monitoring and Analysis and Flowmon Network Detection and Response deliver in-depth network insights that help organizations understand their traffic patterns, identify anomalies and maintain a strong security posture across the complex hybrid network environments that are common in 2025.