Evaluate Your Current Security Posture
Use this checklist to measure your security controls across your infrastructure, step-by-step.
Cybersecurity is the practice of reducing cyber risk through the protection of the entire information technology (IT) infrastructure, including systems, applications, hardware, software, and data. Information security (InfoSec), or data security, is a chief component of cybersecurity and entails ensuring the confidentiality, integrity, and availability of data.
Cybersecurity leverages a growing number of tools, methods and resources that help organizations and individuals alike increase their cyber-resilience, meaning the ability to prevent or withstand damaging security events. These adverse security events could include a cyberattack (via malware, external attacker, or malicious insider), a fault in an IT systems component or application, human error (i.e. a misconfiguration, or scripting/coding error), etc.
Enterprise cybersecurity practices traditionally fall within an overarching IT risk management framework.
There are many different, and constantly evolving, disciplines that make up a complete cyber security approach. Here are some of the most common disciplines:
Strategies and technologies focused on protecting digital identities, including credentials and access.
Protecting and maintaining the integrity of business, customer, and other data.
Strategies and technologies for protecting endpoints—whether PCs, servers, IoT, smartphones, etc.—from malware, hackers, and insider abuse or misuse.
Ensuring that software and other applications cannot be hacked, compromised, accessed without proper authorization, or disabled.
Protecting network infrastructure and software from unauthorized access.
Day-to-day monitoring and security management.
Cyber security methods used across public, private, or hybrid cloud environments.
Authenticating users and authorizing them to access specific applications, data, and other systems.
Controlling and monitoring privileged access for users, accounts, applications, and other system assets.
Proactive identification (such as through scanning) and resolution (such as through patching, systems hardening, implementing new solutions, etc.) of potential threats and vulnerabilities in the IT ecosystem.
This can include mobile device management (MDM) and other processes and technologies for securely enabling a mobile workforce.
Planning for events that cause IT disruption (whether arising from human error, equipment failure, malware or hacking attack, environmental catastrophe, etc.) and restoring IT functionality as soon as possible after such an event. BC / DC overlap with incident response, which is focused on marshaling resources to handle a security incident and also forensically investigate how the incident occurred and plan for implications (such as audit, public breach notification, etc.).
Teaching employees and other users to identify and appropriately deal with common security issues like phishing, malware, or social engineering.
These practices are vital to keeping business systems secure and operational, and for avoiding data breaches or hacks that expose business, partner, or customer data.
IT attack vectors are exploited by criminals to gain unauthorized access to the IT environment, potentially damaging a victim (organization or individual) through stolen data, downtime, identity theft, reputational damage, and more. In recent years, trends such as cloud migrations, widescale remote working, and digital transformation initiatives have vastly increased the attack surface for most organizations. At the same time, threats against software, systems, infrastructure, and data are constantly evolving. Threat actors are also increasingly incorporating machine learning (ML) and artificial intelligence (AI) capabilities .
Specific issues that cybersecurity controls can help protect against include:
Identity-based threats, https://www.beyondtrust.com/bl..., targeted attacks, and denial of service attacks that take your business offline or provide unauthorized access to your systems and data
Exposure of sensitive business, customer, and supplier data
Compromised customer data that results in the theft of logins, passwords, and other sensitive, personally identifiable data
Cyber security helps your organization stay ahead of cyber threats by providing a toolbox of approaches, tactics, and software to identify and protect against threats.
A comprehensive cyber security strategy, supported by strong policies, processes, practices, and tools can significantly reduce the risk that an organization or individual will be targeted or damaged by cyberattacks.
Cybersecurity is an “arms race” between IT security teams and cyber criminals, who want to exploit company systems and steal data. Here are some key areas to bear in mind when evaluating cyber security strategies, policies, and tools:
There are a numerous data breaches, hacks, and new malware every year. At the heart of most attacks today are identities and their privileges.
External attackers and malicious insiders are often a step ahead. You will need software, tools, and techniques that are continually updated so you can identify and resolve threats in a timely way.
Security tools can be updated quickly to keep up. Good security software can be rapidly updated to find and resolve threats almost as soon as they become known. Additionally, heuristic detection, machine learning, and algorithms can help to identify and resolve even the newest types of attack.
The attack surface is expanding. The growth in cloud services and hosting, DevOps, internet of things (IoT) devices, mobility, and more means that security tools must emerge or evolve to handle new use cases and increasingly complex environments. This means a robust, comprehensive approach that protects company assets and access, wherever they are.
The need for a proactive approach. Modern security teams and software are actively managing security risks. This involves using vulnerability assessments, penetration tests, and more to find and fix gaps in the environment.
Cyber security teams need to deal with a wide range of risks and threats. Here are some of the most common cyber threat vectors.
Password-based attacks involve either the guessing or stealing of credentials (passwords, tokens, SSH keys, DevOps secrets) to gain illicit access to accounts, assets, or data
Viruses, worms, trojans, and other types of malware that find their way into IT systems and replicate across the networks. These may often be combined with keyloggers, or other types of malware to steal access details and other data.
Ransomware threats involve malware that locks up and encrypts files, demanding a ransom (often in Bitcoin) in exchange for removing the encryption and restoring access for the system owner.
Criminals use confidence tricks and other techniques to get employees to let their guard down and share sensitive information, such as logins and passwords.
Use of fraudulent emails and other messages to convince people to install malware or otherwise reveal sensitive information about business systems.
Unpatched software and systems create vulnerabilities that criminals exploit through targeted attacks.
Unauthorized use or abuse of system, machine, or user privileges, including privilege escalation.
Denial of service (DoS) and other attacks designed to take down business assets like websites or publicly available applications and services.
Your cyber security approach will vary depending on the type of environment you operate within. For example, if you use a Managed Services Provider (MSP) to host your data and systems, you will need to align your cyber security strategy, policies, and processes with the MSP.
If you’re moving to a cloud-based infrastructure, you will need to adapt your approach accordingly. Essentially, you must make every attempt to protect business IT assets wherever they are located, and at all times. Ensure that the software you use has the capability to operate across multiple environments and use cases.
Today, zero trust security is one of the leading cybersecurity frameworks. Zero trust entails ensuring access rights continuously evaluated, least privilege is enforced everywhere, and that all access is monitored and reviewed.
Cyber security involves the application of a number of tools, approaches, and best practices that can significantly reduce cyber risk.
Audit every element of your networks, servers, infrastructure, operating systems, applications, and data. It is only through having a complete map of your IT systems that you can identify attack vectors and threats.
Once you understand the potential threats to your IT security, understand the existing tools and approaches you have in place to deal with cyber security threats.
Once you have identified potential threats, rate each one based on likelihood and impact. This will help you prioritize which risks to deal with first.
Seek out vendors and software that use modern detection techniques to identify and report on threats. Ideally, this software should be updated on a regular basis to take advantage of new learning and identified issues.
Tools like biometrics, single sign-on, two-factor authentication, and adaptive security controls can help you ensure that you are requesting proper authentication from authorized users.
Use personal password managers stools for employee passwords and privileged password management solutions for any accounts—human, application, or machine—that involve privileged access.
The principle of least privilege will ensure that you only provide the access necessary for individuals to perform their roles. This will keep the most sensitive data off-limits, available only to those who have reason to access it.
Vulnerability scanning and penetration testing will identify potential flaws in your IT security. This will help you create an effective patch schedule to resolve any issues.
Employees are often the weakest link in the cyber security chain. Make sure they are educated about social engineering, phishing, malware, and other scams, and that there is proper reporting and escalation routes if they identify threats.
There are a number of frameworks, best practices, and regulations you can use to guide cyber security. These include PCI DSS, ISO 27001/27002, CIS Critical Security Controls, and the NIST Cybersecurity Framework.
Cyber security has several distinct job roles that are commonly found across well-staffed IT teams. These roles include:
Accountable for all IT security across the entire organization.
Reviews, tests, and implements processes and technology to protect IT and company assets from cyber security threats, especially infrastructure.
Identifies, plans, designs, and implement security tools to maximize security and minimize risk.
Will review assets, reports, outputs, and more to identify potential risks and arrange for resolution.
The following responsibilities may be assigned to specific IT security team members:
Design, manage, and maintain security strategy, policy, protocol, procedure, and process
Plan, design, implement, and upgrade security measures, tools, reports, and resolution
Protect software, systems, and data from unauthorized access or other cyber security issues
Monitor systems and data for unauthorized access or changes
Carry out vulnerability scanning, penetration testing, audits, and other gap analysis
Monitor and manage systems for intrusion attempts
Investigate and remediate the root cause of security breaches
Manage relationships with security vendors
Use this checklist to measure your security controls across your infrastructure, step-by-step.