Understanding Major Cyberattacks of 2021 and Their Impact – IT Exams Training

Cybersecurity threats have become an increasingly critical challenge for organizations worldwide. The year 2021 stood out for a series of alarming cyberattacks that not only targeted prominent corporations but also had wide-reaching effects on infrastructure, food supply chains, and public safety. These incidents exposed vulnerabilities in widely used systems and underscored the importance of proactive security measures. This article explores some of the most significant cyberattacks of 2021, analyzing how they unfolded, the damage they caused, and the lessons they offer for improving defenses.

The Microsoft Exchange Server Breach: A Wake-Up Call

At the beginning of 2021, cybersecurity professionals were jolted by a large-scale attack targeting Microsoft Exchange Server, a critical component of many organizations’ email infrastructure. Hackers exploited multiple previously unknown security flaws, often referred to as zero-day vulnerabilities, in on-premises versions of this software. These flaws allowed attackers to implant web shells—malicious scripts that provide continuous unauthorized access—to exfiltrate sensitive data and perform further intrusions.

What made this breach especially alarming was its scope. Thousands of servers worldwide were potentially affected, exposing countless organizations to data theft and espionage. The attack was attributed to a sophisticated group known as HAFNIUM, believed to operate with ties to a nation-state. Despite Microsoft’s rapid response in releasing security patches, many organizations struggled to remediate the issue promptly, partly due to the complexity and scale of their environments.

This incident highlighted how vulnerabilities in critical infrastructure software can quickly escalate into widespread crises. It also stressed the importance of timely patching and continuous monitoring to detect and mitigate advanced threats.

The Ripple Effect of the Kaseya Ransomware Incident

Midway through 2021, another cyberattack captured headlines due to its devastating cascading impact. Attackers exploited a security gap in a remote monitoring and management tool widely used by managed service providers (MSPs). This vulnerability allowed unauthorized actors to bypass authentication and distribute ransomware to the client networks managed through the platform.

The result was a massive ransomware outbreak affecting over a thousand organizations globally, from small businesses to large enterprises. One particularly dramatic consequence was seen in Sweden, where a supermarket chain had to shut down all 800 stores for nearly a week, leaving many communities without access to essential groceries.

Rather than paying the ransom, the affected organizations opted to rebuild their IT infrastructure from the ground up after patches and fixes were issued. This approach, while costly and time-consuming, was considered a necessary step to ensure a clean recovery and prevent further compromise.

The Kaseya incident underscored how vulnerabilities in tools used to manage IT infrastructure can become prime targets for attackers, amplifying the potential damage beyond a single victim to affect entire supply chains.

The Colonial Pipeline Attack: Infrastructure Under Siege

One of the most widely publicized cyberattacks in 2021 involved a major fuel pipeline operator in the United States. By exploiting a weak virtual private network (VPN) system that lacked multi-factor authentication, attackers gained unauthorized access using stolen credentials.

This breach led to the encryption of critical operational systems, forcing the company to halt pipeline operations temporarily. The shutdown disrupted fuel distribution across the entire East Coast, leading to fuel shortages, panic buying, and widespread concern over energy security.

The attackers demanded a ransom paid in cryptocurrency, which the company ultimately paid, though part of the funds were later recovered by law enforcement. Beyond the financial toll, the incident raised awareness of how vulnerable essential infrastructure remains to cyber threats, particularly when legacy systems are involved.

The Colonial Pipeline attack became a turning point in national conversations about cybersecurity, highlighting the urgent need for stronger security protocols, especially for critical infrastructure providers.

The Attempted Poisoning of Florida’s Water Supply

While many cyberattacks focus on financial or data theft, the attack on a water treatment facility in Florida during early 2021 brought a chilling new dimension to the threat landscape—direct physical harm.

In this incident, hackers remotely accessed the system controlling chemical treatment levels at the plant. They increased the amount of sodium hydroxide—a caustic substance—far beyond safe levels. Fortunately, the change was quickly noticed by an operator who intervened before any harm could be done.

Further investigation revealed that the attackers had gained access weeks earlier through a watering hole attack. This method involved compromising a legitimate website frequently visited by plant employees, allowing malicious code to silently collect information and establish access.

This event was a stark reminder that cyberattacks can threaten public safety and critical infrastructure beyond the digital realm. It stressed the need for comprehensive security strategies that include physical safety considerations and employee awareness.

The JBS Ransomware Attack and Global Food Supply Risks

Another incident with potentially far-reaching consequences involved JBS, the world’s largest meat processing company. Over several months, hackers conducted reconnaissance and multiple data breaches before finally deploying ransomware to lock down JBS’s systems.

The company operates across multiple countries, making the attack a significant threat to global food supply chains. The hackers demanded millions in cryptocurrency, which was paid to regain control of the systems.

What made this attack particularly concerning was the method of initial access—likely through leaked credentials. It remains unclear how these credentials were compromised, pointing to challenges in securing identity and access management.

The JBS attack exposed vulnerabilities in the global supply chain and underscored the importance of securing third-party vendors and partners to prevent cascading effects.

A Record-Breaking DDoS Attack That Was Stopped in Its Tracks

In contrast to the successful attacks, one of the largest distributed denial of service (DDoS) attacks recorded in history was launched against a major cloud service provider in August 2021. This attack involved a massive botnet composed of tens of thousands of infected devices distributed across multiple countries.

The attackers unleashed enormous volumes of traffic over short bursts, peaking at terabit levels, in an attempt to overwhelm the cloud provider’s defenses. However, the company’s advanced mitigation tools successfully absorbed and deflected the assault, preventing downtime or service disruption.

This incident demonstrated the growing scale and sophistication of DDoS attacks and the importance of robust, scalable defenses in the cloud environment.

Key Lessons from the Cybersecurity Incidents of 2021

Taken together, these events paint a vivid picture of the evolving cyber threat landscape. Several important lessons emerge:

Timely patching is critical. Many successful breaches stemmed from unpatched vulnerabilities, emphasizing the need for rapid updates and vulnerability management.
Identity and access management must be strengthened. Compromised credentials were a common factor, highlighting the importance of strong authentication practices, including multi-factor authentication.
Security must encompass the entire supply chain. Attacks often spread through trusted partners and third-party software, requiring a broader security view.
Critical infrastructure requires specialized protections. Public safety and essential services need cybersecurity measures tailored to their unique risks and potential consequences.
Employee awareness and monitoring are vital. Social engineering and watering hole attacks leveraged human behavior, making training and vigilance crucial.
Resilience planning is necessary. Organizations must prepare for incidents by having effective response and recovery strategies in place.

Preparing for the Future: Building Stronger Cyber Defenses

Organizations today face a relentless barrage of cyber threats that are increasingly sophisticated and impactful. To protect themselves and their clients, businesses should adopt a layered security approach that includes:

Comprehensive vulnerability management and timely patching schedules
Implementation of strong identity and access controls
Regular employee training on cybersecurity best practices
Continuous monitoring and threat detection systems
Incident response plans tested through simulations
Collaboration with trusted security vendors and partners

By learning from the incidents of 2021, organizations can better understand the risks and fortify their defenses. Staying informed, vigilant, and proactive is the best way to avoid becoming the next victim of a digital nightmare.

Strengthening Cybersecurity: Strategies to Defend Against Modern Threats

The alarming cyberattacks that unfolded in 2021 served as stark reminders of how vulnerable many organizations remain in the face of evolving threats. While understanding these breaches is crucial, the next step is knowing how to build resilient defenses that can protect sensitive data, infrastructure, and operations. This article explores effective strategies, technologies, and best practices organizations can adopt to reduce risks and enhance their cybersecurity posture.

Building a Proactive Security Culture

At the heart of any successful cybersecurity program lies a culture that values security awareness and proactive behavior. Threats are not solely technical problems but often exploit human error or lack of preparedness. Establishing a security-first mindset across all levels of an organization is essential.

Leadership must prioritize cybersecurity as a business imperative, providing resources and support for security initiatives. Regular training sessions, phishing simulations, and clear communication help employees recognize threats and understand their role in preventing attacks.

Cultivating a culture where reporting suspicious activity is encouraged and rewarded can lead to earlier detection and mitigation of potential incidents.

Implementing Robust Identity and Access Management

Many cyberattacks begin with compromised user credentials. To counter this, organizations must strengthen identity and access controls. Key measures include:

Enforcing multi-factor authentication (MFA) to add an extra layer beyond passwords.
Applying the principle of least privilege, ensuring users only have access necessary for their roles.
Regularly reviewing and updating access rights to remove unnecessary permissions.
Monitoring account activity for unusual behavior indicative of compromise.

Strong identity management reduces the risk that attackers can exploit stolen or weak credentials to infiltrate systems.

Prioritizing Patch Management and Vulnerability Remediation

As seen in major incidents like the Microsoft Exchange breach, unpatched software vulnerabilities are prime targets. Organizations should establish rigorous patch management processes that include:

Continuously monitoring for new vulnerabilities and vendor patches.
Prioritizing critical and high-risk patches for immediate deployment.
Testing patches to ensure compatibility before widespread implementation.
Automating patch deployment where possible to accelerate remediation.

Neglecting patches leaves the door open to exploits that attackers can use to gain unauthorized access.

Securing Remote Access and Network Perimeters

The shift to remote work and increased cloud adoption have expanded attack surfaces. Securing remote access points is critical:

Use virtual private networks (VPNs) with strong encryption and multi-factor authentication.
Employ zero trust network principles that assume no user or device is inherently trustworthy.
Segment networks to isolate sensitive systems and reduce lateral movement.
Deploy firewalls, intrusion detection systems, and continuous network monitoring.

These measures help defend against unauthorized access attempts and contain potential breaches.

Leveraging Advanced Threat Detection and Response

Traditional security tools alone are often insufficient against sophisticated attacks. Investing in advanced threat detection solutions enhances visibility and response capabilities:

Endpoint detection and response (EDR) tools monitor device activity for suspicious behavior.
Security information and event management (SIEM) platforms aggregate logs and generate alerts.
Behavioral analytics detect anomalies that may signal attacks.
Automated response playbooks can contain threats quickly to minimize damage.

Continuous monitoring paired with rapid incident response improves resilience and reduces downtime.

Strengthening Supply Chain and Third-Party Security

Many breaches exploit vulnerabilities in software vendors or partners. Organizations must expand their security scope to include supply chains:

Conduct thorough risk assessments of vendors and service providers.
Require security standards and audits as part of contracts.
Monitor third-party access to systems and data.
Have contingency plans if a supplier experiences a breach.

Reducing risks from external relationships helps prevent cascading attacks like the one involving Kaseya’s platform.

Protecting Critical Infrastructure and Public Services

Given the potential for cyberattacks to impact public safety, specialized security measures are necessary for critical infrastructure:

Conduct comprehensive risk analyses focusing on physical and digital threats.
Isolate operational technology (OT) systems from IT networks when possible.
Employ redundant safety controls and fail-safes to prevent catastrophic outcomes.
Collaborate with government agencies and industry groups for threat intelligence sharing.

Investing in robust protections for essential services like energy, water, and food supply chains helps safeguard society’s foundations.

Developing and Testing Incident Response Plans

Despite best efforts, no defense is foolproof. Organizations must prepare to respond swiftly and effectively to incidents:

Create detailed incident response plans outlining roles, communication channels, and procedures.
Conduct regular drills and tabletop exercises to test readiness.
Establish relationships with law enforcement and cybersecurity experts.
Include post-incident reviews to identify gaps and improve processes.

Well-rehearsed response capabilities can limit damage and accelerate recovery from cyberattacks.

Embracing Cybersecurity Frameworks and Standards

Adopting established cybersecurity frameworks can guide comprehensive security strategies:

Frameworks such as NIST Cybersecurity Framework or ISO/IEC 27001 provide structured approaches to risk management.
They promote consistent policies, controls, and continuous improvement.
Using these frameworks can also support regulatory compliance and demonstrate security maturity to stakeholders.

Implementing best-practice frameworks aligns security efforts with recognized benchmarks.

Investing in Employee Education and Awareness

Since many attacks exploit human weaknesses, ongoing training remains a cornerstone of cybersecurity:

Teach employees how to recognize phishing and social engineering attempts.
Reinforce safe practices for password management and device usage.
Provide updates on emerging threats and security policies.
Encourage a culture of vigilance and accountability.

Educated users become active participants in the defense against cyber threats.

Staying Ahead in a Changing Threat Landscape

The cyberattacks of 2021 exposed vulnerabilities across industries and underscored the need for comprehensive, proactive security approaches. Organizations must adopt a multi-layered defense strategy combining technology, processes, and people-focused initiatives.

By fostering a security-conscious culture, strengthening identity management, prioritizing patching, securing networks, monitoring for threats, managing third-party risks, and preparing for incident response, businesses can build resilience against current and future cyber threats.

In today’s interconnected digital world, cybersecurity is not just an IT responsibility but a critical business imperative. Staying informed, adaptable, and vigilant remains the best defense against the growing tide of cybercrime.

Emerging Technologies and Future Trends in Cybersecurity

As cyber threats grow in sophistication and scale, the technologies and strategies used to combat them must evolve rapidly. The attacks seen in recent years, including those in 2021, highlight the need for innovation and agility in cybersecurity. This article explores the cutting-edge tools, emerging trends, and future outlook that will shape how organizations protect themselves in an increasingly complex digital environment.

The Rise of Artificial Intelligence and Machine Learning in Security

Artificial intelligence (AI) and machine learning (ML) have become pivotal in modern cybersecurity defense. These technologies enable systems to analyze massive volumes of data, identify patterns, and detect anomalies much faster than human analysts.

AI-powered tools can:

Automatically detect malware and phishing attempts by recognizing behavioral signatures.
Predict potential vulnerabilities based on code analysis.
Continuously adapt to new attack methods through machine learning.

By integrating AI into security operations, organizations can reduce false positives, accelerate threat detection, and respond more effectively to attacks.

Zero Trust Architecture: Trust No One, Verify Everything

Traditional network security models often relied on perimeter defenses and assumed that internal users were trustworthy. However, the rise of cloud computing, remote work, and mobile devices has rendered this approach inadequate.

Zero Trust Architecture (ZTA) operates on the principle that no user or device should be automatically trusted, regardless of location. Key elements of ZTA include:

Strict identity verification for every access request.
Micro-segmentation to limit lateral movement within networks.
Continuous monitoring and validation of user activity.

Implementing Zero Trust reduces the risk of breaches spreading undetected and limits the impact of compromised credentials.

Extended Detection and Response (XDR) Solutions

Building upon traditional endpoint detection and response (EDR), Extended Detection and Response (XDR) integrates multiple security layers such as network, cloud, email, and endpoint data into a unified system.

XDR platforms offer:

Holistic visibility across the entire IT environment.
Correlation of events to identify sophisticated multi-vector attacks.
Automated threat hunting and response workflows.

By breaking down silos between security tools, XDR enhances detection accuracy and speeds up incident response times.

Secure Access Service Edge (SASE): Converging Networking and Security

The increasing adoption of cloud services and mobile workforces has driven the evolution of Secure Access Service Edge (SASE) frameworks. SASE converges wide-area networking (WAN) and network security services into a single cloud-native platform.

Key benefits of SASE include:

Simplified management of remote access and security policies.
Consistent enforcement of security regardless of user location.
Improved scalability and performance for cloud applications.

Organizations embracing SASE can provide secure, seamless access for users while reducing complexity and costs.

The Growing Importance of Cloud Security

With more workloads migrating to public and hybrid cloud environments, securing cloud infrastructure is a top priority. Cloud security strategies involve:

Implementing identity and access management controls specific to cloud services.
Using cloud-native security tools to monitor configurations and compliance.
Encrypting data both at rest and in transit.
Continuously auditing cloud environments to detect misconfigurations or suspicious activities.

Understanding shared responsibility models and ensuring alignment between cloud providers and customers is essential to prevent costly breaches.

Automation and Orchestration in Security Operations

Security operations centers (SOCs) face overwhelming alert volumes, making manual investigation and response unsustainable. Automation and orchestration technologies help by:

Automating repetitive tasks such as log analysis and malware quarantine.
Integrating disparate security tools to streamline workflows.
Enabling rapid, coordinated responses across multiple systems.

This approach increases efficiency, reduces response times, and frees skilled analysts to focus on complex threats.

Privacy-Enhancing Technologies and Data Protection

As data privacy regulations tighten globally, protecting sensitive information is critical. Emerging privacy-enhancing technologies (PETs) offer ways to process and analyze data without exposing personal information. These include:

Homomorphic encryption, allowing computations on encrypted data.
Differential privacy, injecting noise to anonymize datasets.
Secure multi-party computation, enabling joint data analysis without sharing raw data.

Integrating PETs helps organizations comply with regulations while unlocking insights from data securely.

Preparing for Quantum Computing Challenges

Quantum computing promises revolutionary processing power but also threatens to break many current cryptographic systems. Preparing for this future involves:

Researching and adopting post-quantum cryptography algorithms resistant to quantum attacks.
Developing migration plans for critical systems to use quantum-safe encryption.
Staying informed about advances in quantum computing and their security implications.

Though widespread quantum threats remain years away, early preparation is vital to safeguard long-term data security.

Cybersecurity Skills Gap and the Human Element

Despite advances in technology, cybersecurity ultimately depends on skilled professionals. The global shortage of trained cybersecurity experts poses challenges in defending against threats.

Addressing this gap requires:

Investing in workforce development through education, certifications, and apprenticeships.
Enhancing diversity and inclusion to broaden the talent pool.
Leveraging managed security service providers (MSSPs) to augment internal teams.
Emphasizing continuous learning to keep pace with evolving threats and tools.

Human expertise remains a critical pillar in effective cybersecurity.

The Role of Threat Intelligence Sharing

Collaboration and information sharing among organizations, industries, and governments can improve collective defenses. Threat intelligence initiatives provide:

Early warnings about emerging threats and vulnerabilities.
Indicators of compromise to enhance detection.
Best practices and mitigation strategies.

Participation in trusted sharing networks strengthens the overall security ecosystem and helps preempt attacks.

Embracing Innovation to Stay Ahead

The cybersecurity landscape is constantly changing, driven by technological innovation and evolving attacker tactics. Organizations that embrace emerging technologies like AI, Zero Trust, XDR, and SASE, while investing in skilled personnel and collaborative intelligence sharing, will be better equipped to face future challenges.

By staying agile, informed, and proactive, businesses can transform cybersecurity from a reactive necessity into a strategic advantage—protecting assets, customers, and reputation in a digital-first world.

Building a Security-First Business: Practical Cybersecurity Implementation and Risk Management

In today’s digital economy, cybersecurity is no longer just an IT concern—it is a fundamental business imperative. The high-profile cyberattacks of recent years have revealed the devastating financial, operational, and reputational consequences that can arise from insufficient security. Organizations must move beyond reactive measures and embed security into every aspect of their operations to thrive in a landscape rife with evolving threats. This article outlines practical steps to implement cybersecurity effectively and manage risks to build a resilient, security-first business.

Understanding Cybersecurity Risk in Business Context

Cybersecurity risk is the potential for loss or harm related to technical vulnerabilities, human factors, or organizational processes that affect information systems and data. Unlike traditional risks, cyber risks are dynamic, interconnected, and can have cascading effects.

Effective risk management begins with understanding the specific threats faced by an organization, the value of assets at stake, and the potential impact of incidents. This involves:

Identifying critical assets such as customer data, intellectual property, and operational technology.
Mapping potential threat actors, including cybercriminals, insiders, hacktivists, or nation-states.
Assessing vulnerabilities in systems, software, and human behaviors.
Estimating the likelihood and potential consequences of cyber incidents.

This comprehensive risk assessment guides prioritization of security investments and response planning.

Creating a Cybersecurity Governance Framework

Strong governance is essential for aligning cybersecurity with business goals and regulatory requirements. Governance involves establishing policies, roles, and accountability to manage security systematically.

Key components include:

Defining clear leadership roles, such as appointing a Chief Information Security Officer (CISO).
Creating a cybersecurity steering committee that includes stakeholders from IT, legal, finance, and business units.
Developing and enforcing security policies covering access control, data protection, incident response, and third-party risk.
Regularly reviewing governance structures to adapt to changing threats and business needs.

A well-defined framework ensures consistent decision-making and oversight across the organization.

Integrating Cybersecurity into Business Processes

Security cannot be an afterthought or siloed function. It must be integrated into everyday business processes including product development, procurement, and customer engagement.

For example:

Incorporate security requirements into software development lifecycles through secure coding practices and testing.
Evaluate the cybersecurity posture of vendors and suppliers before onboarding.
Embed privacy and security considerations into marketing and customer communications.

This holistic integration reduces risk exposure and builds trust with customers and partners.

Establishing a Risk-Based Security Strategy

Not all risks are equal. A risk-based approach focuses resources on protecting the most critical assets against the most probable and impactful threats.

Steps to implement this strategy include:

Classifying data and systems based on sensitivity and importance.
Prioritizing controls and monitoring based on risk levels.
Continuously reassessing risks as technology and threats evolve.

This targeted approach ensures efficient use of limited resources and maximizes security effectiveness.

Investing in Cybersecurity Technologies and Tools

Technology plays a vital role in automating defenses and improving visibility. Essential tools for a mature security program include:

Firewalls and intrusion prevention systems to guard network perimeters.
Endpoint protection platforms with antivirus, EDR, and behavior analysis.
Encryption solutions for data at rest and in transit.
Identity and access management systems with multi-factor authentication.
Security orchestration and automation platforms to streamline incident handling.

Selecting and deploying the right mix of technologies based on organizational needs is critical for robust protection.

Cultivating a Security-Aware Workforce

Human error remains one of the leading causes of cybersecurity incidents. Organizations must prioritize ongoing education and awareness initiatives to empower employees as the first line of defense.

Effective programs involve:

Tailored training for different roles, covering phishing, password hygiene, and data handling.
Regular simulated attacks to test and reinforce knowledge.
Clear communication channels for reporting suspicious activity.
Recognizing and rewarding security-conscious behaviors.

An informed workforce dramatically reduces the risk of successful social engineering and insider threats.

Developing a Comprehensive Incident Response Capability

Preparedness is key to minimizing damage when breaches occur. A formal incident response (IR) program outlines procedures for detecting, containing, eradicating, and recovering from security events.

Critical elements include:

An incident response team with clearly defined roles.
Detailed playbooks addressing different types of attacks.
Communication plans for internal stakeholders, customers, regulators, and the public.
Post-incident reviews to identify lessons learned and improve defenses.

Regular exercises and updates to the IR plan ensure readiness when time is of the essence.

Managing Third-Party and Supply Chain Risks

As organizations increasingly rely on external partners, managing third-party cybersecurity risks becomes paramount. Vulnerabilities in suppliers can become entry points for attackers.

Best practices include:

Conducting thorough security assessments and audits of vendors.
Contractual requirements for security controls and incident notification.
Limiting third-party access to only necessary systems and data.
Monitoring third-party activity continuously.

A proactive approach reduces the likelihood of supply chain breaches affecting business operations.

Navigating Compliance and Regulatory Requirements

Compliance with cybersecurity regulations is both a legal obligation and an opportunity to enhance security. Laws and standards such as GDPR, HIPAA, PCI DSS, and industry-specific frameworks impose requirements on data protection, breach notification, and security governance.

Organizations should:

Understand applicable regulations based on industry and geography.
Implement controls that meet or exceed these standards.
Maintain documentation and evidence for audits.
Stay informed on evolving regulatory landscapes.

Adhering to compliance helps avoid penalties and builds stakeholder confidence.

Measuring Security Effectiveness and Continuous Improvement

Cybersecurity is not a one-time project but an ongoing process. Organizations must establish metrics and key performance indicators (KPIs) to assess the effectiveness of their security programs.

Common measures include:

Number and severity of detected incidents.
Time to detect and respond to threats.
Patch deployment timelines.
Employee training completion rates.

Regular reviews against these metrics support continuous improvement and demonstrate the value of security investments to leadership.

The Role of Executive Leadership in Cybersecurity Success

Ultimately, the success of cybersecurity initiatives depends on commitment from the top. Executives must champion security, allocate necessary resources, and foster a culture where cybersecurity is embedded in the business strategy.

This involves:

Communicating the importance of cybersecurity company-wide.
Balancing security needs with business objectives.
Supporting cross-department collaboration.
Monitoring risk and security posture regularly.

Leadership engagement ensures cybersecurity remains a priority and receives appropriate attention.

Conclusion:

The evolving cyber threat landscape demands that organizations move beyond reactive, siloed approaches. Building a security-first business requires understanding risks in context, establishing strong governance, integrating security into operations, and fostering a vigilant workforce.

By implementing risk-based strategies, investing in the right technologies, preparing for incidents, managing third-party risks, and maintaining compliance, organizations can strengthen their defenses against both current and emerging threats.

Cybersecurity is not just about protecting technology—it is about safeguarding the very foundation of business trust and continuity. Embracing this mindset is essential for long-term resilience and success in the digital age.