What is Cybersecurity?
Cybersecurity is the practice of reducing cyber risk through the protection of the entire information technology (IT) infrastructure, including systems, applications, hardware, software, and data. Information security (InfoSec), or data security, is a chief component of cybersecurity and entails ensuring the confidentiality, integrity, and availability of data.
Cybersecurity leverages a growing number of tools, methods and resources that help organizations and individuals alike increase their cyber-resilience, meaning the ability to prevent or withstand damaging security events. These adverse security events could include a cyberattack (via malware, external attacker, or malicious insider), a fault in an IT systems component or application, human error (i.e. a misconfiguration, or scripting/coding error), etc.
Enterprise cybersecurity practices traditionally fall within an overarching IT risk management framework.
Cybersecurity Practice Areas
There are many different, and constantly evolving, disciplines that make up a complete cyber security approach. Here are some of the most common disciplines:
- Data security
Protecting and maintaining the integrity of business, customer, and other data.
- Endpoint Security
Strategies and technologies for protecting endpoints—whether PCs, servers, IoT, smartphones, etc.—from malware, hackers, and insider abuse or misuse.
- Application Security
Ensuring that software and other applications cannot be hacked, compromised, accessed without proper authorization, or disabled.
- Network Security
Protecting network infrastructure and software from unauthorized access.
- Operational Security
Day-to-day monitoring and security management.
- Cloud Security
Cyber security methods used across public, private, or hybrid cloud environments.
- Identity and Access Management (IAM)
Authenticating users and authorizing them to access specific applications, data, and other systems.
- Privileged Access Management (PAM)
Controlling and monitoring privileged access for users, accounts, applications, and other system assets.
- Vulnerability Management (VM)
Proactive identification (such as through scanning) and resolution (such as through patching, systems hardening, implementing new solutions, etc.) of potential threats and vulnerabilities in the IT ecosystem.
- Enterprise Mobility Management (EMM)
This can include mobile device management (MDM) and other processes and technologies for securely enabling a mobile workforce.
- Business Continuity (BC) and Disaster Recovery (DR).
Planning for events that cause IT disruption (whether arising from human error, equipment failure, malware or hacking attack, environmental catastrophe, etc.) and restoring IT functionality as soon as possible after such an event. BC / DC overlap with incident response, which is focused on marshaling resources to handle a security incident and also forensically investigate how the incident occurred and plan for implications (such as audit, public breach notification, etc.).
- Security Training
Teaching employees and other users to identify and appropriately deal with common security issues like phishing, malware, or social engineering.
All of these practices are vital to keeping business systems secure and operational, and for avoiding data breaches or hacks that expose business, partner, or customer data.
Why Cyber Security is Important
IT attack vectors are exploited by criminals to gain unauthorized access to the IT environment, potentially damaging a victim (organization or individual) through stolen data, downtime, identity theft, reputational damage, and more. Over the last several years, the traditional IT perimeter has been said to dissolve due to the impact of largescale trends—namely increasingly mobile workforces and cloud technologies. At the same time, threats against software, systems, infrastructure, and data are constantly evolving.
Specific issues that cyber security measures can help protect against include:
- Cyber-attacks
Brute force, targeted, and denial of service attacks that take your business offline or provide unauthorized access to your systems and data
- Data breaches
Exposure of sensitive business, customer, and supplier data
- Identity theft
Compromised customer data that results in the theft of logins, passwords, and other sensitive, personally identifiable data
Cyber security helps your organization stay ahead of cyber threats by providing a toolbox of approaches, tactics, and software to identify and protect against threats.
A comprehensive cyber security strategy, supported by strong policies, processes, practices, and tools can significantly reduce the risk that an organization or individual will be targeted or damaged by cyber-attacks.
Cyber Security and How it is Evolving
Cyber security is an “arms race” between IT security teams and cyber criminals, who want to exploit company systems and steal data. Here are some key areas to bear in mind when evaluating cyber security strategies, policies, and tools:
There are a numerous data breaches, hacks, and new malware every year. Data breach tracking service, Have I Been Pwned? lists almost 300 breaches impacting over 5 billion accounts, as of mid-2018.
External attackers and malicious insiders are often a step ahead. You will need software, tools, and techniques that are continually updated so you can identify and resolve threats in a timely way.
Security tools can be updated quickly to keep up. Good security software can be rapidly updated to find and resolve threats almost as soon as they become known. Additionally, heuristic detection, machine learning, and algorithms can help to identify and resolve even the newest types of attack.
The attack surface is expanding. The growth in cloud services and hosting, DevOps, internet of things (IoT) devices, mobility, and more means that security tools must emerge or evolve to handle new use cases and increasingly complex environments. This means a robust, comprehensive approach that protects company assets and access, wherever they are.
The need for a proactive approach. Modern security teams and software are actively managing security risks. This involves using vulnerability assessments, penetration tests, and more to find and fix gaps in the environment.
Common Cyber Threat Vectors
Cyber security teams need to deal with a wide range of risks and threats. Here are some of the most common cyber threat vectors.
- Credential Theft & Password Cracking
These attacks involve either the guessing or stealing of credentials (passwords, tokens, SSH keys, DevOps secrets) to gain illicit access to accounts, assets, or data
- Malware
Viruses, worms, and trojans that find their way into IT systems and replicate across the networks. These may often be combined with keyloggers, or other malicious software to steal access details and other data.
- Ransomware
A special type of encrypted attack malware that locks up and encrypts files, demanding a ransom (often in Bitcoin) in exchange for removing the encryption and restoring access for the system owner.
- Social Engineering
Criminals use confidence tricks and other techniques to get employees to let their guard down and share sensitive information, such as logins and passwords.
- Phishing
Use of fraudulent emails and other messages to convince people to install malware or otherwise reveal sensitive information about business systems.
- Vulnerability Attacks
Unpatched software and systems create vulnerabilities that criminals exploit through targeted attacks.
- Privileged Attacks
Unauthorized use or abuse of system, machine, or user privileges, including privilege escalation
- Sabotage
Denial of service (DoS) and other attacks designed to take down business assets like websites or publicly available applications and services.
Cyber security Strategies, Policies, and Processes
Your cyber security approach will vary depending on the type of environment you operate within. For example, if you use a Managed Services Provider (MSP) to host your data and systems, you will need to align your cyber security strategy, policies, and processes with the MSP.
If you’re moving to a cloud-based infrastructure, you will need to adapt your approach accordingly. Essentially, you must make every attempt to protect business IT assets wherever they are located, and at all times. Ensure that the software you use has the capability to operate across multiple environments and use cases.
Cybersecurity Best Practices
Cyber security involves the application of a number of tools, approaches, and best practices that can significantly reduce cyber risk.
- Audit your existing IT ecosystem
Audit every element of your networks, servers, infrastructure, operating systems, applications, and data. It is only through having a complete map of your IT systems that you can identify attack vectors and threats.
- Complete a gap analysis
Once you understand the potential threats to your IT security, understand the existing tools and approaches you have in place to deal with cyber security threats.
- Use a risk-based approach to cyber security
Once you have identified potential threats, rate each one based on likelihood and impact. This will help you prioritize which risks to deal with first.
- Take advantage of modern cyber security software
Seek out vendors and software that use modern detection techniques to identify and report on threats. Ideally, this software should be updated on a regular basis to take advantage of new learning and identified issues.
- Implement robust identity and access management
Tools like biometrics, single sign-on, two-factor authentication, and adaptive security controls can help you ensure that you are requesting proper authentication from authorized users.
- Implement Password Managers
Use personal password managers stools for employee passwords and privileged password management solutions for any accounts—human, application, or machine—that involve privileged access.
- Use privileged access management
The principle of least privilege will ensure that you only provide the access necessary for individuals to perform their roles. This will keep the most sensitive data off-limits, available only to those who have reason to access it.
- Employ vulnerability scanning
Vulnerability scanning and penetration testing will identify potential flaws in your IT security. This will help you create an effective patch schedule to resolve any issues.
- Train your employees in good security practices
Employees are often the weakest link in the cyber security chain. Make sure they are educated about social engineering, phishing, malware, and other scams, and that there is proper reporting and escalation routes if they identify threats.
- Take account of cyber security frameworks
There are a number of frameworks, best practices, and regulations you can use to guide cyber security. These include PCI DSS, ISO 27001/27002, CIS Critical Security Controls, and the NIST Cybersecurity Framework.
Types of Jobs and Roles in Cyber Security
Cyber security has several distinct job roles that are commonly found across well-staffed IT teams. These roles include:
- Chief Information Security Officer (CISO)
Accountable for all IT security across the entire organization.
- Security Engineer
Reviews, tests, and implements processes and technology to protect IT and company assets from cyber security threats, especially infrastructure.
- Security Architect
Identifies, plans, designs, and implement security tools to maximize security and minimize risk.
- Security Analyst
Will review assets, reports, outputs, and more to identify potential risks and arrange for resolution.
The following responsibilities may be assigned to specific IT security team members:
Design, manage, and maintain security strategy, policy, protocol, procedure, and process
Plan, design, implement, and upgrade security measures, tools, reports, and resolution
Protect software, systems, and data from unauthorized access or other cyber security issues
Monitor systems and data for unauthorized access or changes
Carry out vulnerability scanning, penetration testing, audits, and other gap analysis
Monitor and manage systems for intrusion attempts
Investigate and remediate the root cause of security breaches
Manage relationships with security vendors
