top of page

The Current and Future State of Cybersecurity

Updated: 4 hours ago

A digital padlock on a purple circuit-like background, symbolizing cybersecurity. The scene is futuristic, with glowing blue and purple dots.

Authors: Sean Akkulugari, Janhavi Jere, Vaidehi Jere, Anna Lowry, and Angelina Lu


Mentor: Isaac J. Parker. Isaac is currently a doctoral candidate in the Department of Engineering at the University of Cambridge with research specialization in machine learning and computational chemistry.


Abstract

Cybersecurity is the practice of protecting digital and information systems from attack. In an increasingly digitalized world there are more threats than ever before. Cyberattacks can cost millions and disrupt critical infrastructure such as banking and healthcare. It is critical to understand current threats, how to oppose them, and how both attack and defense might evolve in the future. In this paper, we conduct a review of the current state of the field, explaining common threats and defenses. Common cyberattacks and counter measures are outlined. We find that human behavior is generally the weakest point which cyberattacks aim to exploit. This can be combatted through proper training, education and trust policies. Emerging technologies like AI and quantum computing are breaking the existing cyber security paradigm, and in future will be used as both attack vectors and security shields. We also highlight the role of hacktivists. The rapid progress and evolution of technology makes the development of new cybersecurity methods and an understanding of the ever-growing attack surface more crucial than ever.


  1. Introduction

Cybersecurity refers to a “set of circumstances or events related to improving the integrity of a given information management system or infrastructure and addressing present and emerging challenges associated with the exercise” (Schiliro 2023). A cyberattack is a deliberate attempt to gain unauthorized access to these digital systems by a malicious actor. This could be to steal data, seize assets, or to cause disruption. In the digital age, our reliance on technology makes us more vulnerable than ever. This has been driven by Moore’s Law, which describes the astronomical increase in computing power over the last several decades (Lundstrom and Alam 2022).


Cyberattacks can lead to severe economic consequences, targeting everyday devices and personal data stored by third party vendors. (Fotis 2024; Wheatley, Maillart, and Sornette 2016). IBM report that in 2025 the average cost of a data breach was 4.4 million USD (IBM Security 2025). Attacks can also target critical national infrastructure. In 2015, cyber intrusions in Ukraine caused blackouts which left over 225,000 customers without power for 16 hours (Tatipatri and Arun 2024). The 2017 Wannacry attack infected over 200,000 victims in at 150 countries, encrypting their data to prevent access. This cost millions and severely impacted the British National Healthcare Service. A 2017 Denial of Service attack on Lloyds Banking Group left it’s 20 million customers with limited to no access to online banking services, leaving them unable to pay bills or make transfers over a period of 2 days (Bada and Nurse 2020). Prevention of future attacks requires a clear understanding of cyberattacks and the development of sophisticated cybersecurity systems to counter them.


Many frameworks exist to better understand cyberattacks, for example the Cyber Kill Chain. This consists of 7 stages: Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command and Control, and Actions on Objectives (Martin 2025). The later stages can alternatively be described as an action phase: Develop, Test, Deliver, Install, Modify, and Execution of the cyberattack. One case study is the Havex virus, used for data mining and espionage. This was a propagation of spam emails containing malware. The user would open the infected email, and the system would be taken hostage by Havex. This virus failed to have a lasting impact, but provides an accurate demonstration of the preparation and action phases of the Cyber Kill Chain (Assante and Lee 2015).

 

Cybersecurity developers have their own system of combating against cyber criminals: This can be broken down into three phases: ’Prevention, Detection, and Response’ to cyberattacks. During the Prevention stage, security policies, controls and processes are designed and implemented. This can include upgrades to machines (e.g., new hardware, firewalls, cryptographic algorithms, etc.), authentication, authorization and user awareness training. In the Detection phase, an alarm is raised when any layer of the defense set up in prevention is breached, often through some sort of automated intrusion detection system. Finally, the Response phase aims de-escalate attacks by employing emergency defense protocols, additional back-up, and shutting the system down if necessary. After the attack, system clean-up and recovery take place. A post-incident analysis also occurs to assess upon the failures of current system and make improvements, feeding back into the prevention stage (LaPiedra 2002). Cyber kill chains and active security systems are in a constant battle to stay ahead of the other. This is especially precarious from the perspective of cybersecurity experts, where being caught out just once will have severe consequences.


With arising concerns for the future of cybersecurity, malicious actors, and new kill codes, it is important to address the litany of effects that technology can encounter and what cybersecurity can do to resolve them. The effects of cybersecurity breaches or not being taken seriously can be seen in many detrimental instances of hacking throughout the years. including the 2017 Equifax Breach, which caused the data of 150 million Americans to be stolen overnight (Wall Street Journal 2020). Due to these impacts, it is essential to study how cybersecurity is implemented in the modern day and how it can be improved upon in the future. One therefore requires a substantial overview of the current and future landscape of cybersecurity, which is the purpose of this paper.


This review will explain and demonstrate the importance of cybersecurity in the modern-day. We start by discussing common cybersecurity measures and cyber threats, such as different types of malware and attacks, and defenses employed against them. Next, specialized tools such as cryptography and Artificial Intelligence (AI) will be introduced and demonstrated as a threat and defense for cybersecurity, with a focus on their future impact. We end by discussing more social aspects of cyber security, such as the role of human behavior in preventing cyberattacks, and hacktivism. The review aims to circumscribe the current limits of the state-of-the-art in cybersecurity and provide insights into future research areas.


  1. Literature Review

2.1 Common/Current Cyber Attacks

To provide structure to this section of the review, common and high-impact cyberattacks are organized into three thematic categories. The first, human-centric attacks, highlights methods that primarily manipulate users, such as phishing and credential exploitation. These attacks have been found to comprise 60% of breaches in 2025 (Verizon Business 2024). The second, malware and disruption-based attacks, encompasses threats that directly compromise or disable systems, including malware, ransomware, and distributed denial-of-service (DDoS) attacks (Jonker, Kosinski, and Lindemulder 2024. The third, advanced and strategic attacks, reflect the growing prevalence of highly targeted and sophisticated operations, such as supply chain compromises, zero-day exploits, and advanced persistent threats (APTs) (Ribeiro 2024).


2.1.1 Human-Centric Attacks

Phishing: Phishing is one of the most widespread cyberattacks today, because it targets human behavior rather than technical flaws. In a typical phishing attempt, attackers send deceptive messages—often emails, but also text messages (smishing) or phone calls (vishing)—that appear to come from legitimate sources. These messages most commonly aim to trick individuals into clicking malicious links, downloading harmful files, or providing sensitive information such as passwords or financial details. More targeted forms of phishing have become increasingly common. Spear phishing refers to personalized attacks directed at specific individuals or organizations, often after background research on the target (Paloaltonetworks n.d.-a). Whaling is a variation that focuses on high-level executives or decision-makers—“the big fish”—who typically have access to valuable systems and data (CISA n.d.-a). These examples illustrate how phishing adapts to different contexts and remains effective even as defenses improve.


Credential-Based Attacks: Credential-based attacks exploit weak, stolen, or reused authentication information to gain unauthorized access to accounts and systems (Paloaltonetworks n.d.-b). Standard techniques include brute force attacks, credential stuffing using leaked username/password pairs, and password spraying, which tests common passwords across multiple accounts to avoid lockouts (ProofPoint 2025; Amod 2025; White n.d.). These attacks are highly effective because human behavior often undermines password security, such as reusing passwords, choosing weak passwords, or not enabling multi-factor authentication (CISA n.d.-b). Even strong security systems can be bypassed if valid credentials are compromised, making credential attacks a frequent initial vector in larger breaches (Verizon Business 2024). Mitigation strategies include enforcing strong password policies, deploying MFA, monitoring for suspicious login patterns, and educating users on safe password practices (Verizon Business 2024).


2.1.2 Malware & Disruption-Based Attacks Malware: Malware is software designed to infiltrate, damage, or gain unauthorized access to computer systems, including viruses, worms, Trojans, ransomware, spyware, and adware, each with distinct propagation methods and impacts (Kaspersky n.d.). It can spread via email attachments, malicious downloads, infected websites, or removable media. Notable examples include the ILOVEYOU worm (2000), which caused billions in damages through email, and Stuxnet (2010), which manipulated industrial control systems, illustrating malware’s digital and physical consequences (MalwareBytes n.d.). Malware remains a central threat because it can steal data, disrupt operations, or create backdoors for further attacks, forming the foundation for many modern cyber threats, including ransomware and DDoS facilitation (Agiang 2025). Defending against malware requires a combination of anti-malware software, regular system patching, network monitoring, secure email gateways, and user training to prevent accidental execution of malicious files (CISA n.d.-c).


Ransomware: Ransomware is a type of malware that encrypts a victim’s data and demands payment, usually in cryptocurrency, for the decryption key (CISA 2024). Attacks have evolved from indiscriminate campaigns to highly targeted operations against high-value organizations, often using double extortion to threaten the public release of stolen data (Europol 2025). A notable example is WannaCry (2017), which spread rapidly via the EternalBlue exploit and affected hospitals, businesses, and government organizations worldwide (BBC 2017a). Ransomware often exploits unpatched vulnerabilities, weak credentials, or phishing attacks to gain initial access, resulting in operational disruption, financial loss, reputational damage, and regulatory penalties (Verizon Business 2024). Effective mitigation requires multiple layers of defense, including regular, tested backups, network segmentation to prevent lateral movement, prompt patching of software vulnerabilities, endpoint detection and response systems, and user awareness training to avoid common infection vectors (CISA 2024).


Distributed Denial of Service (DDoS): DDoS attacks aim to overwhelm a target system or network with excessive traffic, making services unavailable to legitimate users (CloudFlare n.d.-a). Attackers often use botnets—networks of compromised devices—to generate massive amounts of traffic, as demonstrated by the Mirai botnet (2016), which exploited insecure IoT devices to carry out some of the largest DDoS attacks in history, causing widespread internet outages (Krebs 2016; Zetter 2016). While primarily disruptive rather than focused on stealing data, DDoS attacks can serve as a smokescreen for other intrusions or inflict significant financial and reputational harm (Cloudflare, n.d.-a). Mitigation strategies include traffic filtering, rate limiting, intrusion prevention systems, content delivery networks (CDNs), dedicated DDoS protection services, and proactive network monitoring to detect unusual traffic spikes and respond before services are severely affected (CISA 2024).


2.1.3 Advanced and Strategic Attacks

Supply Chain Attacks: Supply chain attacks target software vendors, service providers, or third-party contractors to compromise their clients indirectly, often by inserting malicious code into legitimate software updates or products, which bypasses traditional defenses that trust the vendor (ENISA Cybersecurity 2021). A notable example is the SolarWinds Orion attack (2020), where malicious updates distributed to thousands of organizations, including US government agencies, enabled prolonged and undetected access (United States Government Accountability Office 2022). These attacks are especially dangerous because they exploit trust relationships within the digital ecosystem, meaning even organizations with strong internal security can be compromised if a vendor is breached. Mitigation strategies include thorough vendor risk assessments, verifying the integrity of software updates, monitoring for unusual network activity, and segmenting networks to limit lateral movement in the event of a compromise (ENISA Cybersecurity 2021).


Zero-Day Exploits: Zero-day exploits take advantage of previously unknown software vulnerabilities before developers release patches, allowing attackers to bypass traditional security measures (CISA 2024; Symantec, 2019). A notable example is the EternalBlue exploit (2017), later used in WannaCry and NotPetya, which enabled rapid, large-scale attacks with global impact (BBC 2017b). These exploits are highly valuable and often targeted by both criminal organizations and nation-state actors (ENISA Cybersecurity 2020). Preventing them requires rapid patch deployment once vulnerabilities are disclosed, intrusion detection and prevention systems that identify abnormal behavior, network segmentation, and continuous monitoring for unusual system activity (CISA 2024). Their unpredictability makes zero-day exploits among the most challenging cybersecurity threats to defend against.


Advanced Persistent Threats (APTs): APTs are prolonged, targeted cyber campaigns often carried out by nation-states or well-resourced groups, aiming to infiltrate systems quietly and maintain long-term access for espionage, intellectual property theft, or disruption of critical infrastructure (ENISA Cybersecurity 2020). Groups like APT28 (Fancy Bear) illustrate their sophistication, combining tactics such as phishing, credential theft, zero-day exploits, and malware deployment (Glyer et al. 2020). APTs prioritize stealth and persistence over immediate disruption or profit, making them difficult to detect and mitigate. Effective defense requires advanced monitoring and detection, threat intelligence sharing, segmentation of critical systems, rapid incident response, and continuous security auditing to identify unusual or unauthorized activity (ENISA Cybersecurity 2020).


2.2 Cryptography

Cryptography is defined as the sector of mathematics that relates to hiding or protecting data through encryption and decryption methods. Early forms of cryptography include classical ciphers such as the Caesar-Cipher (Rizvi and Wadhwa 2010). Here every letter is shifted to the one 3 positions later in the alphabet, forming encrypted text known as “ciphertext”. The Caesar cipher is easy to understand, but unusable in the modern day due to being easily breakable through a brute force attack. This is where adversaries systematically trial and error solutions until the algorithm is broke. In modern-day cybersecurity, professionals use computerized algorithms comprised of different facets of complex mathematical concepts, such as linear algebra, or elliptical curve geometry. Innovation in modern algorithms and applications have helped thousands of users avoid data mining and identity theft.

 

Cryptographic algorithms can generally be segregated into two main categories: symmetric and asymmetric. Symmetric algorithms use the same key for encryption and decryption. Examples include Advanced Encryption Standard (AES) and Data Encryption Standard (DES) algorithms. Keys act as an identifier for how to encrypt and decrypt data. DES for example uses a 64-bit encryption passkey to encrypt text of the same length (Rizvi and Wadhwa 2010). The main flaw drawback of symmetric methods is that anyone who knows the public can decrypt any message. Asymmetric algorithms improve upon this by using two keys: a public encryption key and a private decryption key (Rizvi and Wadhwa 2010). As one key is kept private to the user, this makes it harder to decrypt data unless the key is leaked. The most used algorithm is Rivest–Shamir–Adleman (RSA). This utilizes number theory for its encryption and decryption methods, thus making it harder for other people to bypass the cipher. This medium of safeguarding data has sparked newer ideas or ameliorations of older security systems, such as digital signatures or hybrid network security systems.

 

Currently, cryptography’s primary use is to protect data, however ransomware exploits it for nefarious purposes, such as the aforementioned WannaCry attack (Alenezi et al. 2020). Wannacry and similar viruses and malware have driven the development and adoption of cryptographic techniques for critical national infrastructure. For instance, instead of basic encryption methods, online health archives use methods as advanced as quantum cryptography, such as pixel shuffling, scrambling, and blowfish, shown in Figure 1 (Thabit 2019). Internet users use some form of cryptography to browse and roam freely through network security. Newer network security systems have been proposed over time, such as hybrids of the SHA1 and RSA algorithms. When implemented, this system was shown to be more efficient in memory consumption and time (Kapoor and Yadav 2016). In short, modern cryptography has evolved due to the increasing demand for enhanced security and the rapid advancement of technology.


Figure 1: Method of encryption for eHealth systems. Adapted from Thabit (2019).

Protected Information

Cryptography Technique

Data Hiding Technique

Color medical image

Pixel-shuffling

x

Color medical image

Scrambling and confusion

x

DICOM image

Homomorphic encryption

x

Medical image

Quantum cryptography

x

Medical image

Chaotic-based encryption

x

Medical image

Sub-keys and pixel shuffling

x

Medical image

Chaotic-based and block of pixels shuffling

x

Medical image

Blowfish and signcryption

x

DICOM image

Modified AES

x

Medical image

Blowfish

x

Color medical image

Pixel-shuffling

Watermarking in spatial domain

DICOM image

AES-GCM

LSB embedding

DICOM image

Feature-based encryption

x

Patient's information

RSA

Visible watermarking, LSB, and DCT

Medical image & Secret Data

CRT

Image partitioning and invisible watermarking

Medical image

Blowfish

LSB embedding

Medical image

RSA and AES

LWT and SVD


2.2.1 Future of Cryptography

Post-modern cryptography will mostly be integrated into newer computing systems known as quantum computers. Commonly used classical computers use bits to perform computations, which are either a 0 or 1 (binary). Quantum computers use qubits, which can be a combination of 0s and 1s (and states in-between) upon which one can perform quantum operations, such as entanglement and interference (Senewirathna 2022). This enables quantum computers to solve complex equations faster than regular classical computers. Current quantum computers are limited by issues such as high noise in computations, which needs to be corrected for (Memon, Al Ahmad, and Pecht 2024). If technical issues are solved, the potential impact of quantum computers cannot be understated. Quantum era cybersecurity, with the rise of several new algorithms, could prove to be helpful as a defense or a threat. For instance, symmetric and asymmetric encryption methods would not work against Shor’s Algorithm–a quantum computing algorithm that can calculate large numbers and complex logarithms (Senewirathna 2022). The mantra of ”Harvest Now, Decrypt Later” is especially relevant in a post quantum world (Olutimehin et al. 2025). Any data currently encrypted with pre-quantum algorithm’s may easily be decoded in the future if collected in time. Quantum safe algorithms should therefore be adopted as a matter of urgency.

 

Simultaneously, Quantum cryptography is underway for future defense–aside from quantum-key distribution (QKD), and other minor tactics, quantum computing can be reformatted into a system deflecting attacks via blockchain, which is usually used to protect, monetary and transactional data. (Senewirathna 2022). The use of digital signatures, QKD lattices, and multivariable calculus can upgrade the current defenses (Syed 2023). The National Institute of Standards and Technology (NIST) has published a list of four quantum safe algorithms as a standard to resist attack quantum attacks (NIST 2024). Alongside, it is possible AI or LLMs also become self-sufficient enough to break through classic firewalls (Senewirathna 2022). The potential that a ’quantum AI’ arises, being far more powerful than that of Shor’s Algorithm, could have dramatic and unpredictable consequences.


2.3 AI

Artificial Intelligence (AI) can be most simply described as ”human intelligence exhibited by machines” (Bini 2018). One of the earliest examples of AI is seen through the Turing machine. Developed by Alan Turing, this machine was capable of brute force breaking the Enigma code used by the German army during World War II through computational algorithms (Shanker 1995). This idea of a machine being able to learn and solve complex problems lays the groundwork for the modern abilities of AI. Although this machine isn’t directly tied to the idea of AI is cybersecurity, it is the beginning of a computer being able to perform tasks that previously weren’t thought to be able to be performed even by the human mind. It can gather large amounts of data, find patterns, and make predictions based on them. AI is affecting the field of cybersecurity in both helpful and harmful ways (Gao et al. 2024). It can predict and prevent cyberattacks. However, it can also be manipulated to orchestrate a cyberattack. Due to AI’s increasing importance and permeance in many sectors, including cybersecurity, it is essential to study its future uses and developments.


2.3.1 AI Threats

The development of AI introduces new categories of threats in cybersecurity. Attackers are now exploiting the advances of AI to automate attacks, create adaptive malware, and generate phishing content. Generative AI (GenAI) – where a model creates new content that resembles the original data – is able to generate convincing personalized text for phishing emails, as well as fake news and deepfakes (Yigit et al. 2024). Deepfakes refer to the ability of GenAI models to produce artificial images, video, or audio with realistic appearances (Durall et al. 2020). This content is being used to impersonate important people, such as those in the government, to spread misinformation and other harmful content. The realism of these deepfakes makes it difficult for both humans and detection systems to distinguish between factual and fabricated media. Deepfakes end up increasing distrust, as all posts and media are seen with suspicion. AI models themselves can also become targets for cyberattacks; attackers can manipulate AI algorithms through data poisoning, turning the positives of AI into a vulnerability (Shahana et al. 2024). These threats display the dual nature of AI: one to help and one to harm.


Capture the flag (CTF) is a task where participants find text strings, called “flags”, which are secretly hidden in purposefully vulnerable programs or websites (Yang et al. 2023). CTF scenarios model real-world cyberattacks, allowing controlled testing of vulnerabilities and defenses. This allows for better preparation and understanding of cyberattacks. Research on Large Language Models (LLMs), generative AI trained to produce text, in CTF tasks has revealed that models can be jailbroken. (Tann et al. 2023). Jailbreaking is a form of hacking designed to break the ethical safeguards of LLMs to give answers they usually shouldn’t (Wei, Haghtalab, and Steinhardt 2023). For example, it may be possible to use expert biological knowledge in LLMs to construct bioweapons (Mouton, Lucas, and Guest 2024). This indicates that attackers could exploit the same vulnerabilities to misuse AI systems in real-world scenarios. It highlights both AI’s defensive potential and its emerging threat when misused.


2.3.2 AI for Defense

Although AI poses a substantial cybersecurity threat, its abilities can also be used in favor of cyber safety. IBM estimate that AI could reduce the cost of a cyber breach by 1.9 million USD (IBM Security 2025). One such abilitiy is being able to search through large amounts of data in a short amount of time, such as for anomalies in system logs, or on social media (Gao et al. 2024). In one experiment, scientists gathered recent tweets and piled them into a data set. Scientists built a model that was able to scour this data and search for possible threatening tweets by detecting specific tags or words that would indicate a threatening tweet. The model was able to find these tweets, making it more efficient for scientists to scour through the data. Although this model was unable see all harmful tweets, it is a step toward utilizing AI for cybersecurity (Le et al. 2019).


2.4 Internet of Things

The Internet of Things (IoT) refers to networks of interconnected devices, from consumer products like smart cameras and thermostats to industrial sensors and critical infrastructure components, which collect, share, and process data to provide efficiency and automation (Simpson 2023). However, widespread adoption has created significant cybersecurity challenges, as many IoT devices have built-in vulnerabilities, including weak or default passwords, unencrypted communications, and delayed firmware updates (Simpson 2023; Henke 2023). These vulnerabilities have led to major incidents, such as the previously mentioned Mirai botnet (2016), which exploited compromised IoT devices to launch one of the largest DDoS attacks in history (CloudFlare n.d.-b; Zetter 2016), and flaws in Dahua CCTV cameras, allowing attackers to control millions of devices (Williams 2025).

 

IoT attacks have risen sharply in recent years, particularly in industrial sectors, where over half of malware incidents targeted manufacturing systems (Fortinet 2025). The increasing number of interconnected devices expands the potential attack surface, meaning a single compromised device can impact an entire network. Mitigation requires a combination of technical and organizational strategies, including regular firmware updates, strong authentication, network segmentation, secure management of end-of-life devices, continuous monitoring, and user awareness training to reduce risks associated with vulnerable IoT devices (Fortinet 2025; Simpson 2023).


2.5 Human Behavior and Cyber Awareness

One of the main risks acknowledged in the field of cybersecurity is the human user of secure platforms and information. Human error is the leading cause of cyberattacks and cybersecurity breaches in the modern era, with over 80% of cyberattacks attributed to this source (Mimecast Human Risk Command Center 2025). In addition to this, 39% of security risks are related to the human factor (Alsharif, Salleh, and Baharun 2021). This leads many scams and security risks exploit human nature to obtain sensitive information. The most commonplace of these exploits (for the average internet user) is phishing. Additionally, opportunity-based breaches of security can be jump-started by common human errors, such as mis-delivery of emails and using weak passwords, which can lead to a multitude of cybersecurity concerns and significantly increase the risk of a person becoming a victim of a cybercrime.

 

Due to this, many employers have implemented zero-trust policies, which assume that no device (even those inside a network) is inherently secure or trustworthy. Zero-trust policies often use continuous verification and strict access controls to prevent human error in secure processes. Another tactic used by companies to prevent or limit the damage of human error is backups. Backups are saves of servers or projects made at various points in the process to ensure that the project is not lost if a breach or error occurs (popular document creation sites such as Microsoft Word engage a version of this by allowing you to restore a previous version history. These practices became especially popular in the early 2000s following the Toy Story 2 Deletion Incident, in which an accidental deletion command erased 90% of the movie’s files while it was being produced. The project was only saved by a backup an employee had taken home to work on while on leave. This further instituted the idea of ‘backups for backups,’ as the failure of Pixar’s regular backup system played a crucial role in this near disaster.

 

Combating the human behavior risk in cybersecurity begins with educational awareness approaches to the issue. Especially in recent years, national campaigns such as the CAC (Cybersecurity Awareness Campaign Program) have had an increased presence in the space. Additionally, new ideas on how to best present cyber awareness information to the are currently emerging. In 2021, Muhammed Khader and his team added to this field of research with their work, Cybersecurity Awareness Framework for Academia (Khader, Karam, and Fares 2021). Within this analysis, the researchers found that CATMs (Cybersecurity Awareness Training Modules) are the best solution to prevent students from becoming victims of preventable cybercrimes. Specifically, researchers gamified the modules, which progressed through three main phases, to allow for rewards and interactive feedback that both made students more likely to complete the module and allowed them to become more aware of their weaknesses online (Khader, Karam, and Fares 2021).

 

For those who are no longer involved with the educational curriculum, social media has been explored as an avenue for learning about cybersecurity. In 2024, Daher Raddad Alqurashi and their team studied social media’s impact on public knowledge of cybersecurity risk in Jordan. Through a survey of 160 Jordanians, the researchers found that social media has a statistically significant positive effect on the cybersecurity awareness of those surveyed (Alqurashi, Alghizzawi, and Al-Hadrami 2024). Additionally, they found that Facebook was the most effective in spreading messages of cybersecurity awareness (with YouTube being the least effective). This impact was mainly present in the prevention of malware and phishing attacks, and this study recommended that social media be used further as a tool to prevent cybersecurity breaches caused by human risk factors. In the future, some researchers have also suggested using a combination of standardized cybersecurity curriculum and institutions such as the CAC (with extended online presences) to tackle cybersecurity awareness on a large scale.


2.6 Hacktivism and Motivations for Hacking

Hacktivism is a subgenre of hacking that conveys hackers’ social, ethical, or political ideals (PaloaltoNetworks n.d.-c). This phenomenon dates back to the very beginning of cyber networks, with one of the most well-known examples of hacktivism, WANK (Worms Against Nuclear Killers), being launched in 1989 in protest of the Galileo Spacecraft (the hack was transmitted to the US Department of Energy and NASA) (Longstaff and Schultz 1993). While many differences exist between these early acts of hacktivism and those of today (for example, the prevalence of hacktivism networks on social media), many of the main avenues used and purposes for the practice remain the same.

 

Hacktivists (and all hackers) have widely varied motivations for hacking; however, SIMCA (the Social Identity Model for Collective Action) identifies four major categories of motivations for hacking: morality, social identity, perceived injustice, and perceived efficacy (Romagna and Leukfeldt 2024). Hacktivism mainly falls within the category of perceived injustice, as seen in the 2010 Operation Payback cyberattack, which used DDoS attacks on credit card companies to address the perceived injustice of the companies no longer processing WikiLeaks donations. Some hacktivists also work on the grounds of morality. This was the main motivation for the 2015 Ashley Madison Hack, in which hackers exposed the personal information of users of the infidelity-based dating site due to the hackers’ perceiving the actions of those on the site as immoral. Both hacks could also be partially based on the idea of perceived efficacy, or the idea that the hacker’s actions could spark a societal change. For example, the Ashley Madison Hackers may have believed that the data leaks could prevent people from using cheating sites or make people look at them in a more negative light. Overall, an essential consideration in discussions of hacktivism is that most hacktivism is based on genuine belief rather than chaos-seeking (Romagna and Leukfeldt 2024). While this belief about those who engage in hacktivism is common, those inside hacktivist communities see themselves as a digital version of marchers or picketers, rather than thrill-seeking cybercriminals.


  1. Conclusion

Cybersecurity is becoming more important as the world becomes more reliant on digital technologies. This review has summarized the most common forms of cyberattack nowadays and the defenses applied to them. Complex attacks exploit multiple layers of technology and often combine multiple methods, which makes detection and prevention difficult. Defense requires multi-layered strategies and combining safeguards to reduce risk across all sectors. Human behavior is often the weakest link. Even sophisticated technological defenses can be undermined if attackers manipulate people. This can be combated through cybersecurity education, zero risk/tolerance policies, and the use of backups. Cryptography applies mathematical algorithms to protect sensitive data, with asymmetric algorithms like RSA, and elliptical curve cryptography being modern standards.


Looking towards the future, as technology evolves so will threats, meaning the measures of cybersecurity must update rapidly. The IOT is become more present in everyday life and industrial processes, broadening attack surfaces. This means the compromise of previously low risk isolated devices could cripple large systems. Furthermore, maturation of quantum computing will break many existing state-of-the-art cryptographic algorithms. The adoption of quantum safe algorithms, like those suggested by NIST, must occur as soon as possible to avoid largescale compromise of private data. Like many fields, AI will play a defining role in the future of cybersecurity and is an active area of research. We find AI presents itself as a double-edged sword; generative AI and deepfake technology will lead to more personalized phishing attacks, while jailbreaking of LLMs could lead to leaking of sensitive information or generation of harmful content. However, it will also be able to spot attacks earlier by recognizing patterns in large amounts of data such as social media forums or log files. Finally, the nature those performing cyberattacks is shifting from thrill seekers and petty criminals in the early days to nation states and hacktivists.


As technology evolves, a combination of robust technical safeguards, informed human behavior, and modern algorithms and AI will be essential to defending our digital world. We hope this review acts as a useful introduction to the field and provides suggestions for fruitful avenues for future development of cybersecurity methods.


References

Agiang, V. (2025). Common ransomware attack types: How they work & tips for prevention. https://specopssoft.com/blog/types-of-ransomware-attacks/


Alenezi, M., Alabdulrazzaq, H., Alshaher, A. A., & Alkharang, M. M. (2020). Evolution of malware threats and techniques: A review. International Journal of Communication Networks and Information Security. https://www.researchgate.net/profile/Haneen-Alabdulrazzaq/publication/349324759_Evolution_of_Malware_Threats_and_Techniques_A_Review/links/602ad0e64585158939a93934/Evolution-of-Malware-Threats-and-Techniques-A-Review.pdf


Alqurashi, D. R., Alghizzawi, M., & Al-Hadrami, A. (2024). The role of social media in raising awareness of cybersecurity risks. In Opportunities and Risks in AI for Business Development: Volume 1 (pp. 365–376). Springer. https://link.springer.com/chapter/10.1007/978-3-031-65203-5_33


Alsharif, A. H., Salleh, N. Z. M., & Baharun, R. (2021). To better understand the role of emotional processes in decision-making. International Journal of Academic Research in Economics and Management Sciences, 10(2). https://knowledgewords.com/index.php/ijarems/article/view/1129


Amod, F. (2025). Password spraying in healthcare. https://www.paubox.com/blog/password-spraying-in-healthcare


Assante, M. J., & Lee, R. M. (2015). The industrial control system cyber kill chain. SANS Institute InfoSec Reading Room. https://scadahacker.com/library/Documents/White_Papers/SANS%20-%20ICS%20Cyber%20Kill%20Chain.pdf


Bada, M., & Nurse, J. R. (2020). The social and psychological impact of cyberattacks. In Emerging cyber threats and cognitive vulnerabilities (pp. 73–92). Elsevier. https://www.sciencedirect.com/science/article/pii/B9780128162033000046


BBC. (2017a). Cyber-attack: US and UK blame North Korea for WannaCry. https://www.bbc.co.uk/news/world-us-canada-42407488


BBC. (2017b). If 2017 could be described as “cyber-geddon”, what will 2018 bring? https://www.bbc.co.uk/news/technology-42338716


Bini, S. A. (2018). Artificial intelligence, machine learning, deep learning, and cognitive computing: What do these terms mean and how will they impact health care? The Journal of Arthroplasty, 33(8), 2358–2361. https://www.sciencedirect.com/science/article/pii/S0883540318302158


CloudFlare. (n.d.-a). What is a distributed denial-of-service (DDoS) attack? https://www.cloudflare.com/en-gb/learning/ddos/what-is-a-ddos-attack/


CloudFlare. (n.d.-b). What is the Mirai Botnet? https://www.cloudflare.com/en-gb/learning/ddos/glossary/mirai-botnet/


Craigen, D., Diakun-Thibault, N., & Purse, R. (2014). Defining cybersecurity. Technology Innovation Management Review, 4(10). https://www.timreview.ca/article/835





CISA (2023). Enhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment (Techreport No. AA23-349A).


CISA. (2024). 2023 Top Routinely Exploited Vulnerabilities (Techreport No. AA24-317A). Cybersecurity. https://www.cisa.gov/sites/default/files/2024-11/aa24-317a-2023-top-routinely-exploited-vulnerabilities.pdf


Durall, R., Keuper, M., Pfreundt, F.-J., & Keuper, J. (2020). Unmasking DeepFakes with Simple Features. https://arxiv.org/abs/1911.00686


Europol. (2025). European Union Serious and Organised Crime Threat Assessment – The changing DNA of serious and organised crime. Publications Office of the European Union.


ENISA (2020). ETL2020: Main Incidents in the EU and Worldwide [Techreport]. European Union Agency for Cybersecurity. https://www.enisa.europa.eu/sites/default/files/publications/ETL2020%20-%20Incidents%20A4.pdf


ENISA (2021). ENISA threat landscape for supply chain attacks. European Union Agency for Cybersecurity.


Fortinet. (n.d.). Top IoT Device Vulnerabilities: How To Secure IoT Devices | Fortinet. https://www.fortinet.com/uk/resources/cyberglossary/iot-device-vulnerabilities


Fotis, F. (2024). Economic impact of cyber attacks and effective cyber risk management Strategies: A light literature review and case study analysis. Procedia Computer Science, 251, 471–478. https://www.sciencedirect.com/science/article/pii/S1877050924033696


Gao, P., Liu, X., Choi, E., Ma, S., Yang, X., & Song, D. (2024). ThreatKG: An AI-Powered System for Automated Open-Source Cyber Threat Intelligence Gathering and Management. https://arxiv.org/abs/2212.10388


Glyer, C., Perez, D., Jones, S., & Miller, S. (2020). APT41 Initiates Intrusion Campaign Using Multiple Exploits | Google Cloud Blog. https://cloud.google.com/blog/topics/threat-intelligence/apt41-initiates-global-intrusion-campaign-using-multiple-exploits/


Henke, C. (2023). IoT Security: Risks, Examples, and Solutions | emnify Blog. https://www.emnify.com/blog/iot-security


IBM Security. (2025). Cost of a Data Breach Report 2025: The AI Oversight Gap (Techreport 131cf87b20b31c91). IBM. https://www.ibm.com/downloads/documents/us-en/131cf87b20b31c91


Jonker, A., Kosinski, M., & Lindemulder, G. (2024). What Is Cybersecurity? | IBM. https://www.ibm.com/think/topics/cybersecurity



Karagiannis, S., Maragkos-Belmpas, E., & Magkos, E. (2020). An Analysis and Evaluation of Open Source Capture the Flag Platforms as Cybersecurity e-Learning Tools. In L. Drevin, S. Von Solms, & M. Theocharidou (Eds.), Information Security Education. Information Security in Action (pp. 61–77). Springer International Publishing. https://link.springer.com/chapter/10.1007/978-3-030-59291-2_5


Kaspersky. (n.d.). Malware Classifications | Types of Malware Threats. https://www.kaspersky.co.uk/resource-center/threats/malware-classifications


Kemmerer, R. A. (2003). Cybersecurity. 25th International Conference on Software Engineering, 2003. Proceedings., 705–715. https://ieeexplore.ieee.org/abstract/document/1201257


Khader, M., Karam, M., & Fares, H. (2021). Cybersecurity awareness framework for academia. Information, 12(10), 417. https://www.mdpi.com/2078-2489/12/10/417


Krebs, B. (2016). Who Makes the IoT Things Under Attack? https://krebsonsecurity.com/2016/10/who-makes-the-iot-things-under-attack/


LaPiedra, J. (2002). The Information Security Process Prevention, Detection and Response. https://www.giac.org/paper/gsec/501/information-security-process-prevention-detection-response/101197


Le, B. D., Wang, G., Nasim, M., & Babar, A. (2019). Gathering Cyber Threat Intelligence from Twitter Using Novelty Classification. https://arxiv.org/abs/1907.01755


Longstaff, T. A., & Schultz, E. E. (1993). Beyond preliminary analysis of the WANK and OILZ worms: A case study of malicious code. Computers & Security, 12(1), 61–77. https://www.sciencedirect.com/science/article/pii/016740489390013U


Lundstrom, M. S., & Alam, M. A. (2022). Moore’s Law: The journey ahead. Science, 378(6621), 722–723. https://www.science.org/doi/full/10.1126/science.ade2191


MalwareBytes. (n.d.). Stuxnet. https://www.malwarebytes.com/stuxnet


Martin, L. (2025). The Cyber Kill Chain: A Lockheed Martin Overview. https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html


Memon, Q. A., Al Ahmad, M., & Pecht, M. (2024). Quantum computing: Navigating the future of computation, challenges, and technological breakthroughs. Quantum Reports, 6(4), 627–663. https://www.mdpi.com/2624-960X/6/4/39


Metta, S., Chang, I., Parker, J., Roman, M. P., & Ehuan, A. F. (2024). Generative AI in Cybersecurity. https://arxiv.org/abs/2405.01674


Mimecast Human Risk Command Center. (2025). Mimecast. https://www.mimecast.com/products/our-platform/human-risk-command-center/


Mouton, C., Lucas, C., & Guest, E. (2024). The operational risks of AI in large-scale biological attacks [Techreport]. Research Report. Santa-Monica, RAND Corporation. https://www.rand.org/content/dam/rand/pubs/research_reports/RRA2900/RRA2977-2/RAND_RRA2977-2.pdf


NIST (2024). NIST Releases First 3 Finalized Post-Quantum Encryption Standards. https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards


Olutimehin, A. T., Joseph, S., Ajayi, A. J., Metibemu, O. C., Balogun, A. Y., & Olaniyi, O. O. (2025). Future-proofing data: Assessing the feasibility of post-quantum cryptographic algorithms to mitigate ‘harvest now, decrypt later’ attacks. (February 17, 2025). https://papers.ssrn.com/sol3/papers.cfm?abstract_id=5141513


PaloaltoNetworks. (n.d.-a). What Is a Credential-Based Attack? https://www.paloaltonetworks.co.uk/cyberpedia/what-is-a-credential-based-attack


Paloaltonetworks. (n.d.-b). What Is Spear Phishing? https://www.paloaltonetworks.co.uk/cyberpedia/what-is-spear-phishing


PaloaltoNetworks. (n.d.-c). What Is Hacktivism? %5Curl%7Bhttps://www.paloaltonetworks.com/cyberpedia/hacktivism%7D


ProofPoint. (2025). What Is a Brute Force Attack? Definition & Example | Proofpoint UK. https://www.proofpoint.com/uk/threat-reference/brute-force-attack


Ribeiro, A. (2024). Global cybersecurity alert reveals surge in zero-day exploits targeting high-priority networks in 2023 - Industrial Cyber. https://industrialcyber.co/threat-landscape/global-cybersecurity-alert-reveals-surge-in-zero-day-exploits-targeting-high-priority-networks-in-2023/


Rizvi, S. A. M., & Wadhwa, N. (2010). Cryptography and Mathematics. Proceedings of the 4th National Conference; INDIACom-2010 Computing For Nation Development. http://bvicam.in/INDIACom/news/INDIACom%202010%20Proceedings/papers/Group1/309.pdf


Romagna, M., & Leukfeldt, R. E. (2024). Becoming a hacktivist. Examining the motivations and the processes that prompt an individual to engage in hacktivism. Journal of Crime and Justice, 47(4), 511–529. https://www.tandfonline.com/doi/full/10.1080/0735648X.2023.2216189


Schiliro, F. (2023). Towards a contemporary definition of cybersecurity. ArXiv Preprint ArXiv:2302.02274. https://arxiv.org/abs/2302.02274



Shahana, A., Hasan, R., Farabi, S., Akter, J., Mahmud, M., Johora, F., & Suzer, G. (2024). AI-driven Ccbersecurity: Balancing advancements and safeguards. Journal of Computer Science and Technology Studies, 6, 76–85. https://doi.org/10.32996/jcsts.2024.6.2.9


Shanker, S. (1995). Turing and the origins of AI. Philosophia Mathematica, 3(1), 52–85.

Simpson, C. (2023). 2023 Cyber Security Trends and Cyber Asset Visibility Survey: Insights from Armis. https://www.armis.com/blog/2023-cyber-security-trends-and-cyber-asset-visibility-survey-insights-from-armis/



Tann, W., Liu, Y., Sim, J. H., Seah, C. M., & Chang, E.-C. (2023). Using Large Language Models for Cybersecurity Capture-The-Flag Challenges and Certification Questions. https://arxiv.org/abs/2308.10443


Tatipatri, N., & Arun, S. (2024). A comprehensive review on cyber-attacks in power systems: Impact analysis, detection, and cyber security. IEEE Access, 12, 18147–18167. https://ieeexplore.ieee.org/abstract/document/10418207


Thabit, R. (2019). Review of cryptography applications in ehealth security. International Journal of Science and Engineering Investigations. https://www.alrasheedcol.edu.iq/modules/research/res/1505-Rasha-2019-1.pdf


United States Government Accountability Office. (2022). Cybersecurity: Federal Response to SolarWinds and Microsoft Exchange Incidents (Techreport GAO-22-104746). United States Government Accountability Office. https://www.gao.gov/assets/gao-22-104746.pdf


Verizon Business. (2024). Verizon 2024 Data Breach Investigations Report [Techreport]. Verizon. https://www.verizon.com/business/resources/reports/2024-dbir-data-breach-investigations-report.pdf


Wall Street Journal (2020). Four Members of China’s Military Indicted Over Massive Equifax Breach. https://www.wsj.com/articles/four-members-of-china-s-military-indicted-for-massive-equifax-breach-11581346824


Wei, A., Haghtalab, N., & Steinhardt, J. (2023). Jailbroken: How Does LLM Safety Training Fail? https://arxiv.org/abs/2307.02483


Wheatley, S., Maillart, T., & Sornette, D. (2016). The extreme risk of personal data breaches and the erosion of privacy. The European Physical Journal B, 89(1), 7. https://link.springer.com/article/10.1140/epjb/e2015-60754-4


White, M. (n.d.). [New research] Specops report analyzes over 1 billion malware-stolen credentials. https://specopssoft.com/blog/report-one-billion-malware-stolen-credentials/


Williams, W. (2025). Millions of Dahua security cameras at risk from unauthenticated takeover flaws. https://www.techradar.com/pro/security/hackers-could-take-over-millions-of-dahua-cctv-cameras-because-of-two-critical-flaws-heres-how-to-stay-safe


Yang, J., Prabhakar, A., Yao, S., Pei, K., & Narasimhan, K. R. (2023). Language Agents as Hackers: Evaluating Cybersecurity Skills with Capture the Flag. Multi-Agent Security Workshop @ NeurIPS’23. https://openreview.net/forum?id=KOZwk7BFc3


Yigit, Y., Buchanan, W. J., Tehrani, M. G., & Maglaras, L. (2024). Review of Generative AI Methods in Cybersecurity. https://arxiv.org/abs/2403.08701


Zetter, K. (2016). The Biggest Security Threats We’ll Face in 2016. https://www.wired.com/2016/01/the-biggest-security-threats-well-face-in-2016/

bottom of page