Cybersecurity refers to the practice of reducing cyber risk through the protection of the entire information technology (IT) infrastructure, including systems, applications, hardware, software, and data. Information security (InfoSec), or data security, is a chief component of cybersecurity and entails ensuring the confidentiality, integrity, and availability of data.
Cybersecurity leverages a growing number of tools, methods and resources that help organizations and individuals alike increase their cyber-resilience, meaning the ability to prevent or withstand damaging security events. These adverse security events could include a cyberattack (via malware, external attacker, or malicious insider), a fault in an IT systems component or application, human error (i.e. a misconfiguration, or scripting/coding error), etc.
Enterprise cybersecurity practices traditionally fall within an overarching IT risk management framework.
There are many different, and constantly evolving, disciplines that make up a complete cyber security approach. Here are some of the most common disciplines:
Protecting and maintaining the integrity of business, customer, and other data.
Strategies and technologies for protecting endpoints—whether PCs, servers, IoT, smartphones, etc.—from malware, hackers, and insider abuse or misuse.
Ensuring that software and other applications cannot be hacked, compromised, accessed without proper authorization, or disabled.
Protecting network infrastructure and software from unauthorized access.
Day-to-day monitoring and security management.
Cyber security methods used across public, private, or hybrid cloud environments.
Authenticating users and authorizing them to access specific applications, data, and other systems.
Controlling and monitoring privileged access for users, accounts, applications, and other system assets.
Proactive identification (such as through scanning) and resolution (such as through patching, systems hardening, implementing new solutions, etc.) of potential threats and vulnerabilities in the IT ecosystem.
This can include mobile device management (MDM) and other processes and technologies for securely enabling a mobile workforce.
Planning for events that cause IT disruption (whether arising from human error, equipment failure, malware or hacking attack, environmental catastrophe, etc.) and restoring IT functionality as soon as possible after such an event. BC / DC overlap with incident response, which is focused on marshaling resources to handle a security incident and also forensically investigate how the incident occurred and plan for implications (such as audit, public breach notification, etc.).
Teaching employees and other users to identify and appropriately deal with common security issues like phishing, malware, or social engineering.
All of these practices are vital to keeping business systems secure and operational, and for avoiding data breaches or hacks that expose business, partner, or customer data.
IT attack vectors are exploited by criminals to gain unauthorized access to the IT environment, potentially damaging a victim (organization or individual) through stolen data, downtime, identity theft, reputational damage, and more. Over the last several years, the traditional IT perimeter has been said to dissolve due to the impact of largescale trends—namely increasingly mobile workforces and cloud technologies. At the same time, threats against software, systems, infrastructure, and data are constantly evolving.
Specific issues that cyber security measures can help protect against include:
Brute force, targeted, and denial of service attacks that take your business offline or provide unauthorized access to your systems and data
Exposure of sensitive business, customer, and supplier data
Compromised customer data that results in the theft of logins, passwords, and other sensitive, personally identifiable data
Cyber security helps your organization stay ahead of cyber threats by providing a toolbox of approaches, tactics, and software to identify and protect against threats.
A comprehensive cyber security strategy, supported by strong policies, processes, practices, and tools can significantly reduce the risk that an organization or individual will be targeted or damaged by cyber-attacks.
Cyber security is an “arms race” between IT security teams and cyber criminals, who want to exploit company systems and steal data. Here are some key areas to bear in mind when evaluating cyber security strategies, policies, and tools:
There are a numerous data breaches, hacks, and new malware every year. Data breach tracking service, Have I Been Pwned? lists almost 300 breaches impacting over 5 billion accounts, as of mid-2018.
External attackers and malicious insiders are often a step ahead. You will need software, tools, and techniques that are continually updated so you can identify and resolve threats in a timely way.
Security tools can be updated quickly to keep up. Good security software can be rapidly updated to find and resolve threats almost as soon as they become known. Additionally, heuristic detection, machine learning, and algorithms can help to identify and resolve even the newest types of attack.
The attack surface is expanding. The growth in cloud services and hosting, DevOps, internet of things (IoT) devices, mobility, and more means that security tools must emerge or evolve to handle new use cases and increasingly complex environments. This means a robust, comprehensive approach that protects company assets and access, wherever they are.
The need for a proactive approach. Modern security teams and software are actively managing security risks. This involves using vulnerability assessments, penetration tests, and more to find and fix gaps in the environment.
Cyber security teams need to deal with a wide range of risks and threats. Here are some of the most common cyber threat vectors.
These attacks involve either the guessing or stealing of credentials (passwords, tokens, SSH keys, DevOps secrets) to gain illicit access to accounts, assets, or data
Viruses, worms, and trojans that find their way into IT systems and replicate across the networks. These may often be combined with keyloggers, or other malicious software to steal access details and other data.
A special type of encrypted attack malware that locks up and encrypts files, demanding a ransom (often in Bitcoin) in exchange for removing the encryption and restoring access for the system owner.
Criminals use confidence tricks and other techniques to get employees to let their guard down and share sensitive information, such as logins and passwords.
Use of fraudulent emails and other messages to convince people to install malware or otherwise reveal sensitive information about business systems.
Unpatched software and systems create vulnerabilities that criminals exploit through targeted attacks.
Unauthorized use or abuse of system, machine, or user privileges, including privilege escalation
Denial of service (DoS) and other attacks designed to take down business assets like websites or publicly available applications and services.
Your cyber security approach will vary depending on the type of environment you operate within. For example, if you use a Managed Services Provider (MSP) to host your data and systems, you will need to align your cyber security strategy, policies, and processes with the MSP.
If you’re moving to a cloud-based infrastructure, you will need to adapt your approach accordingly. Essentially, you must make every attempt to protect business IT assets wherever they are located, and at all times. Ensure that the software you use has the capability to operate across multiple environments and use cases.
Cyber security involves the application of a number of tools, approaches, and best practices that can significantly reduce cyber risk.
Audit every element of your networks, servers, infrastructure, operating systems, applications, and data. It is only through having a complete map of your IT systems that you can identify attack vectors and threats.
Once you understand the potential threats to your IT security, understand the existing tools and approaches you have in place to deal with cyber security threats.
Once you have identified potential threats, rate each one based on likelihood and impact. This will help you prioritize which risks to deal with first.
Seek out vendors and software that use modern detection techniques to identify and report on threats. Ideally, this software should be updated on a regular basis to take advantage of new learning and identified issues.
Tools like biometrics, single sign-on, two-factor authentication, and adaptive security controls can help you ensure that you are requesting proper authentication from authorized users.
Use personal password managers stools for employee passwords and privileged password management solutions for any accounts—human, application, or machine—that involve privileged access.
The principle of least privilege will ensure that you only provide the access necessary for individuals to perform their roles. This will keep the most sensitive data off-limits, available only to those who have reason to access it.
Vulnerability scanning and penetration testing will identify potential flaws in your IT security. This will help you create an effective patch schedule to resolve any issues.
Employees are often the weakest link in the cyber security chain. Make sure they are educated about social engineering, phishing, malware, and other scams, and that there is proper reporting and escalation routes if they identify threats.
There are a number of frameworks, best practices, and regulations you can use to guide cyber security. These include PCI DSS, ISO 27001/27002, CIS Critical Security Controls, and the NIST Cybersecurity Framework.
Cyber security has several distinct job roles that are commonly found across well-staffed IT teams. These roles include:
Accountable for all IT security across the entire organization.
Reviews, tests, and implements processes and technology to protect IT and company assets from cyber security threats, especially infrastructure.
Identifies, plans, designs, and implement security tools to maximize security and minimize risk.
Will review assets, reports, outputs, and more to identify potential risks and arrange for resolution.
The following responsibilities may be assigned to specific IT security team members:
Design, manage, and maintain security strategy, policy, protocol, procedure, and process
Plan, design, implement, and upgrade security measures, tools, reports, and resolution
Protect software, systems, and data from unauthorized access or other cyber security issues
Monitor systems and data for unauthorized access or changes
Carry out vulnerability scanning, penetration testing, audits, and other gap analysis
Monitor and manage systems for intrusion attempts
Investigate and remediate the root cause of security breaches
Manage relationships with security vendors