cybersecurity

What is Cyber Security?

Share On facebook linkedin twitter
Trajectus verticalline  5 Minute read eyeimg

Cyber security is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. It's also known as information technology security or electronic information security.

Types of cyber security

  • Network security : The process of protecting the network from unwanted users, attacks, and intrusions.
  • Application security : Apps require constant updates and testing to ensure these programs are secure from attacks.
  • Endpoint security : Remote access is a necessary part of business but can also be a weak point for data. Endpoint security is the process of protecting remote access to a company’s network.
  • Data security : Inside of networks and applications is data. Protecting company and customer information is a separate layer of security.
  • Identity management : Essentially, this is a process of understanding the access every individual has in an organization.
  • Database and infrastructure security : Everything in a network involves databases and physical equipment. Protecting these devices is equally important.
  • Cloud security : Many files are in digital environments or “the cloud”. Protecting data in a 100% online environment presents many challenges.
  • Mobile security : Cell phones and tablets involve virtually every type of security challenge in and of themselves.
  • Disaster recovery/business continuity planning : In the event of a breach, natural disaster or other event data must be protected and business must go on. For this, you’ll need a plan. End-user education : Users may be employees accessing the network or customers logging on to a company app. Educating good habits (password changes, 2-factor authentication, etc.) is an important part of Cyber Security.

Common cyber threats include :

  • Cyberterrorism : This threat is a politically based attack on computers and information technology to cause harm and create widespread social disruption.
  • Malware : This threat encompasses ransomware, spyware, viruses, and worms. It can install harmful software, block access to your computer resources, disrupt the system, or covertly transmit information from your data storage.
  • Trojans : Like the legendary Trojan Horse of mythology, this attack tricks users into thinking they're opening a harmless file. Instead, once the Trojan is in place, it attacks the system, typically establishing a backdoor that allows access to cybercriminals.
  • Botnets : This especially hideous attack involves large-scale cyberattacks conducted by remotely controlled malware-infected devices. Think of it as a string of computers under the control of one coordinating cybercriminal. What’s worse, compromised computers become part of the botnet system.
  • Adware : This threat is a form of malware. It's often called advertisement-supported software. The adware virus is a potentially unwanted program (PUP) installed without your permission and automatically generates unwanted online advertisements.
  • SQL injection : A Structured Query Language attack inserts malicious code into a SQL-using server.
  • Phishing : Hackers use false communications, especially e-mail, to fool the recipient into opening it and following instructions that typically ask for personal information. Some phishing attacks also install malware.
  • Man-in-the-middle attack : MITM attacks involve hackers inserting themselves into a two-person online transaction. Once in, the hackers can filter and steal desired data. MITM attacks often happen on unsecured public Wi-Fi networks.
  • Denial of Service : DoS is a cyber-attack that floods a network or computer with an overwhelming amount of “handshake” processes, effectively overloading the system and making it incapable of responding to user requests.

The most difficult challenge in cyber security is the ever-evolving nature of security risks themselves. Traditionally, organizations and the government have focused most of their cyber security resources on perimeter security to protect only their most crucial system components and defend against known treats. Today, this approach is insufficient, as the threats advance and change more quickly than organizations can keep up with. As a result, advisory organizations promote more proactive and adaptive approaches to cyber security. Similarly, the National Institute of Standards and Technology (NIST) issued guidelines in its risk assessment framework that recommend a shift toward continuous monitoring and real-time assessments, a data-focused approach to security as opposed to the traditional perimeter-based model.

11 top cyber security best practices to prevent a breach

  1. Conduct cyber security training and awareness
    A strong cyber security strategy would not be successful if the employees are not educated on topics of cyber security, company policies and incidence reporting. Even the best technical defences may fall apart when employees make unintentional or intentional malicious actions resulting in a costly security breach. Educating employees and raising awareness of company policies and security best practices through seminars, classes, online courses is the best way to reduce negligence and the potential of a security violation.
  2. Perform risk assessments
    Organizations should perform a formal risk assessment to identify all valuable assets and prioritize them based on the impact caused by an asset when its compromised. This will help organizations decide how to best spend their resources on securing each valuable asset.
  3. Ensure vulnerability management and software patch management/updates
    It is crucial for organizational IT teams to perform identification, classification, remediation, and mitigation of vulnerabilities within all software and networks that it uses, to reduce threats against their IT systems. Furthermore, security researchers and attackers identify new vulnerabilities within various software every now and then which are reported back to the software vendors or released to the public. These vulnerabilities are often exploited by malware and cyber attackers. Software vendors periodically release updates which patch and mitigate these vulnerabilities. Therefore, keeping IT systems up-to-date helps protect organizational assets.
  4. Use the principle of least privilege
    The principle of least privilege dictates that both software and personnel should be allotted the least amount of permissions necessary to perform their duties. This helps limits the damage of a successful security breach as user accounts/software having lower permissions would not be able to impact valuable assets that require a higher-level set of permissions. Also, two-factor authentication should be used for all high-level user accounts that have unrestricted permissions.
  5. Enforce secure password storage and policies
    Organizations should enforce the use of strong passwords that adhere to industry recommended standards for all employees. They should also be forced to be periodically changed to help protect from compromised passwords. Furthermore, password storage should follow industry best practices of using salts and strong hashing algorithms.
  6. Implement a robust business continuity and incidence response (BC-IR) plan
    Having a solid BC-IR plans and policies in place will help an organization effectively respond to cyber-attacks and security breaches while ensuring critical business systems remain online.
  7. Perform periodic security reviews
    Having all software and networks go through periodic security reviews helps in identifying security issues early on and in a safe environment. Security reviews include application and network penetration testing, source code reviews, architecture design reviews, red team assessments, etc. Once security vulnerabilities are found, organizations should prioritize and mitigate them as soon as possible.
  8. Backup data
    Backing up all data periodically will increase redundancy and will make sure all sensitive data is not lost or comprised after a security breach. Attacks such as injections and ransomware, compromise the integrity and availability of data. Backups can help protect in such cases.
  9. Use encryption for data at rest and in transit
    All sensitive information should be stored and transferred using strong encryption algorithms. Encrypting data ensures confidentiality. Effective key management and rotation policies should also be put in place. All web applications/software should employ the use of SSL/TLS.
  10. Design software and networks with security in mind
    When creating applications, writing software, architecting networks, always design them with security in place. Bear in mind that the cost of refactoring software and adding security measures later on is far greater than building in security from the start. Security designed application help reduce the threats and ensure that when software/networks fail, they fail safe.
  11. Implement strong input validation and industry standards in secure coding
    Strong input validation is often the first line of defense against various types of injection attacks. Software and applications are designed to accept user input which opens it up to attacks and here is where strong input validation helps filter out malicious input payloads that the application would process. Furthermore, secure coding standards should be used when writing software as these helps avoid most of the prevalent vulnerabilities outlined in OWASP and CVE.

Security breaches and threats can affect nearly any system including

  • Communication — phone calls, emails, text messages, and messaging apps can all be used for cyberattacks
  • Finance — naturally, financial institutions are a primary target for attackers, and any organization processing or dealing with bank or credit card information are at risk
  • Governments — government institutions are commonly targeted by cybercriminals, who may be after private citizen information or confidential public data
  • Transportation — connected cars, traffic control systems and smart road infrastructure are all at risk of cyber threats
  • Healthcare — anything from medical records at a local clinic to critical care systems at a national hospital are vulnerable to attack
  • Education — educational institutions, their confidential research data, and information they hold about students or staff, are at risk of attack

Common Application Security Strategies

Application security ensures user-facing applications are protected from penetration or disruption by external threats, attacks on the devices that host or use the application (endpoints), and insider threats. Below are three of the most common application security strategies.

  • Data Masking — Many data breaches occur not in production environments, but on testing or DevOps environments. These environments are often not secured, but are commonly loaded with live, sensitive customer data. Data masking makes it possible to use realistic data on testing servers, while using transformation techniques to hide or scramble the original data.
  • Vulnerability Discovery — Many software systems have known vulnerabilities, which can be exploited by hackers to compromise the system. Vulnerability discovery is a process that relies on vulnerability databases, which contain details about known vulnerabilities. It allows an organization to detect which systems are affected by vulnerabilities, understand severity and impact, and remediate the vulnerabilities.
  • Endpoint Security — The number of endpoint devices at organizations is exploding. There are millions of laptops, mobile devices, and Internet of Things (IoT devices), which connect to the Internet and represent a growing security risk. Endpoint security involves deploying an agent on each endpoint, which can provide security capabilities like Next-Generation Antivirus (NGAV), to detect zero day attacks and inside threats, and Endpoint Detection and Response (EDR), to help security teams investigate and block attacks on endpoints in real time.

Building a Cyber Security Strategy

Addressing the cyber security problem in your organization starts from a strategy, which should be supported by senior management and shared with the entire organization. Here is a process you can use to build your security strategy :

  1. Perform an inventory of computing assets
    Identify which applications and data your organization possesses, and the consequences if they should be attacked or compromised. Create a list of assets that need to be protected.
  2. Identify compliance requirements
    Is your organization subject to any regulations or industry standards that affect cybersecurity? Identify the compliance requirements related to cybersecurity and add them to your list of protected assets.
  3. Identify threats and risks
    Review a comprehensive list of threats affecting your industry, identify which of them are the most relevant for your organization, and review key systems to how vulnerable they are to an attack. For example, an organization that operates a website should be concerned about web application threats like code injection and malicious bots and should perform an assessment of its web applications to see how vulnerable they are.
  4. Prioritize risks
    Given the systems you need to protect, your compliance responsibilities, and the common threats, map out your biggest risks. Which are the systems that are the most valuable to the business and most likely to be attacked? These are the first risks you should target with your cybersecurity program.
  5. Identify your security maturity level and existing tooling
    Do you have a cybersecurity program in your company? Are there in-house staff or existing vendors that provide security services? Also map out cybersecurity measures that already exist. Consider protection of physical facilities (a security guard, locked doors for server rooms), security systems like firewalls and antivirus, and security measures in applications and services the organization uses, including cloud services.
  6. Build a cybersecurity team
    Leverage existing staff in your organization with cybersecurity skills, hire new staff and involve consultants if necessary. Create a capable team that is able to execute on a cybersecurity plan to improve your security posture.
  7. Build a timeline and milestones for improving your cybersecurity
    What are the quick wins you can immediately carry out to improve protection of critical systems? What are longer term measures that need more time but can be important to improving cybersecurity? Build a long-term plan for at least 1-2 years, with clear milestones indicating what should be achieved by the security team each quarter.

7 Cyber Security Trends

  1. Cyber Security and Machine Learning
    In the past, cyber security systems relied on manually defined rules and human inspection to identify and classify security incidents. This was effective but limited, because it required a high level of expertise to manage security tools, and overloaded security staff. Many modern security tools use machine techniques to automate security decision making, without requiring rules to be defined in advance. This can save a lot of time for security teams and result in a faster and more accurate response to threats.
    A few examples of the use of machine learning in cyber security are :
    • Next-generation antivirus (NGAV) tools use automated malware classification, identifying malware even if it does not match any known binary pattern
    • Data loss prevention (DLP) systems use machine learning to read documents or other materials and automatically classify their sensitivity
    • Email protection systems are trained using a large dataset of phishing vs. legitimate emails, and can identify emails that “look like” they might be phishing attempts
  2. API Security
    Application Programming Interfaces (APIs) allow computing systems to communicate with each other and share data. An entire API economy has emerged that allows organizations to share data and software capabilities with each other.
    While APIs provide a lot of value to organizations, they also represent a security risk. There is limited awareness for the importance of API security, and many API endpoints lack basic security measures. They can be manipulated by attackers to abuse the service behind the API and can also be an entry point to an organization’s critical systems.
    In the past few years, dedicated API security solutions are emerging that help organizations lock down API endpoints, protect them from malicious traffic, and defend against DDoS attacks. The Open API initiative helps organizations define their APIs in a standardized way, making it possible to enforce a security policy built around API capabilities.
  3. Advanced Bot Protection
    Bots are systems that access websites and perform automated actions. Some bots are legitimate, for example, the Googlebot crawls websites in order to add them to Google’s search index. But other bots are malicious, used by threat actors to launch attacks against millions of vulnerable websites.
    Bots account for 58% of web traffic today, and a full 22% of web traffic is attributed to bad bots. Bad bots can be installed on end-user devices compromised by attackers, forming massive botnets. These devices might be home computers, servers, and IoT devices such as game consoles or smart TVs. Attackers leverage networks of compromised devices to launch DDoS and many other types of attacks.
    Bot management systems help organizations identify unwanted bot traffic and filter it out, while allowing legitimate bot traffic and user traffic to continue uninterrupted. To do this, they need to identify bad bots, using a variety of methods like :
    • Reputation management — managing a database of known good and bad bots
    • Device fingerprinting — identifying attributes of the operating system or browser that may indicate a bad bot
    • Challenges — subjecting a bot to a “challenge” such as a dynamic page element or a CAPTCHA, which human users can process while bots cannot.
  4. File Security
    File security is critical to ensure sensitive data has not been accessed or tampered with by unauthorized parties, whether internal or external. Many compliance standards require that organizations put in place strict control over sensitive data files, demonstrate that those controls are in place, and show an audit trail of file activity in case of a breach.
    File security technology can automatically identify suspicious file activity, which may represent an attempt at data exfiltration, a ransomware attack, or even a careless user deleting files by mistake or copying them to an insecure location.
  5. Runtime Application Self-Protection
    Historically, many organizations adopted Application Security Testing (AST) tools that automatically scanned application code for code quality issues and software vulnerabilities. Today, many organizations are shifting to Runtime Application Self-Protection (RASP), which scans and monitors application code in real time, when it is running in production.
    RASP is deployed together with a web application. It monitors traffic and user behavior, and if it detects an issue, it can block specific user requests and alert security staff. RASP does not rely on specific attack signatures and is able to block entire categories of attacks.
    The unique element of RASP is that it leverages inside knowledge of an application’s source code. It knows how an application behaves and can detect attacks that leverage weaknesses in the code, like code injection and exploits of known vulnerabilities.
  6. Cloud Security
    As organizations undergo digital transformation and move mission-critical workloads to the cloud, cloud security becomes an essential part of a cyber security strategy. Securing the cloud is a challenge, because cloud-based systems do not have a traditional security perimeter and can provide attackers access to almost every aspect of the IT environment.
    Organizations must understand the division of responsibility between themselves and their cloud provider, and correctly configure security features offered by the cloud provider, in particular network isolation features like Virtual Private Cloud (VPC). They must also have a robust Identity and Access Management (IAM) solution – a way to define user accounts, roles and access control policies.
    When deploying hybrid cloud or multi-cloud infrastructure, which connects between private and public clouds or multiple public clouds, organizations must ensure security is consistent across all their cloud environments and pay special attention to integration points.
  7. Alert Fatigue
    Organizations collect a huge volume of logs and events from IT systems and security tools. It is now common, even in small to medium organizations, to use Security Information and Event Management (SIEM) to aggregate security data and create alerts for security teams.
    The sheer number of alerts, together with the chronic shortage of security staff at many organizations, results in alert fatigue. Security teams receive thousands of alerts at all hours of the day, making it difficult to sift through the alerts and identify real security incidents.
    The problem is not new and there are several approaches to mitigating alert fatigue. For example, organizations implement threat intelligence to identify when an alert correlates with a signature or attack pattern of a known attacker. Machine learning approaches like User and Event Behavioral Analytics (UEBA) help identify unusual behavior, and automatically score it to identify events that are more likely to be malicious.

How is automation used in cybersecurity?

Automation has become an integral component to keep companies protected from the growing number and sophistication of cyberthreats. Using artificial intelligence (AI) and machine learning in areas with high-volume data streams can help improve cybersecurity in three main categories :
Threat detection. AI platforms can analyze data and recognize known threats, as well as predict novel threats.
Threat response. AI platforms also create and automatically enact security protections.
Human augmentation. Security pros are often overloaded with alerts and repetitive tasks. AI can help eliminate alert fatigue by automatically triaging low-risk alarms and automating big data analysis and other repetitive tasks, freeing humans for more sophisticated tasks.
Other benefits of automation in cybersecurity include attack classification, malware classification, traffic analysis, compliance analysis and more.

Cybersecurity vendors and tools

Vendors in the cybersecurity field typically offer a variety of security products and services. Common security tools and systems include :
  • Identity and access management (IAM)
  • Firewalls
  • Endpoint protection
  • Antimalware
  • Intrusion prevention/detection systems (IPS/IDS)
  • Data loss prevention (DLP)
  • Endpoint detection and response
  • Security information and event management (SIEM)
  • Encryption tools
  • Vulnerability scanners
  • Virtual private networks (VPNs)
  • Cloud workload protection platform (CWPP)
  • Cloud access security broker (CASB)

Well-known cybersecurity vendors include Check Point, Cisco, Code42, CrowdStrike, FireEye, Fortinet, IBM, Imperva, KnowBe4, McAfee, Microsoft, Palo Alto Networks, Rapid7, Splunk, Symantec, Trend Micro and Trustwave.

Trajectus Solution

If all these are too much for one Administrator or small companies to handle, contact Trajectus. We have experts who can setup, install security best practices, removal of viruses, perform Security Audits and SLAs for managing your environments. We can do security audits of network, servers, firewalls, and applications and present you a report of all vulnerabilities present at different levels with suggestions to remove them.
author
THE AUTHOR
Avinash Panchal
Head of Information Technology