Cybersecurity is the practice of ensuring the integrity, confidentiality and availability of information. It represents the ability to defend against and recover from security incidents. These security incidents range from hard disk failures or power outages to cyber attacks from competitors. The latter include script kiddies, hackers, criminal gangs with the ability to execute Advanced Persistent Threats (APTs), and others who can pose a serious threat to a business. Business continuity and disaster recovery capabilities are critical to cybersecurity (e.g., application security and narrowly defined network security).
Security should be a top priority across the enterprise and mandated by senior management. The vulnerability of the information world we live in today also requires a strong cybersecurity control strategy. Managers should understand that all systems are built to certain security standards and that employees need to be properly trained. For example, all code can have vulnerabilities, some of which are critical security flaws. After all, developers are only human, and mistakes are inevitable.
Security training
People are often the weakest link in cybersecurity planning. Training developers to code securely, training operators to prioritize robust security profiles, training end users to recognize phishing emails and social engineering attacks -- in short, cybersecurity starts with awareness.
However, even with strong cybersecurity controls in place, all organizations are still immune to the threat of experiencing some sort of cyberattack. Attackers will always exploit the weakest link, but many attacks can be easily prevented by performing some basic security tasks - sometimes called "cyber hygiene. A surgeon is never allowed to enter an operating room without washing his hands. Similarly, organizations have a responsibility to perform the basics of maintaining cybersecurity, such as maintaining strong authentication practices and not storing sensitive data where it can be publicly accessed.
A good cybersecurity strategy, however, requires more than these basic practices. Skilled hackers can circumvent most defenses and attack surfaces -- and the number of ways, or "vectors," in which an attacker can compromise a system is expanding for most organizations. For example, as information and the real world become increasingly integrated, criminals and state spy organizations are threatening the ICA of physical cyber systems such as automobiles, power plants, medical devices, and even your IoT refrigerator. Similarly, the trend toward ubiquitous adoption of cloud computing, Bring Your Own Device to Work (BYOD), and the booming Internet of Things (IoT) have created new security challenges. Security defenses for these systems are becoming particularly important.
Another prominent manifestation of the further sophistication of cybersecurity is the regulatory environment around consumer privacy. Adherence to a stringent regulatory framework like the EU's General Data Protection Regulation (GDPR) also requires new roles to be assigned to ensure that organizations are able to meet the privacy and security compliance requirements of the GDPR and other regulations.
As a result, the demand for cybersecurity professionals has begun to grow even further, and hiring managers are struggling to select the right candidates to fill the vacancies. But the current imbalance between supply and demand requires organizations to focus on the areas of greatest risk.
Types of cybersecurity
The scope of cybersecurity is very broad, but the core areas are described below, and any organization needs to pay close attention to these core areas and factor them into its cybersecurity strategy:
1. Critical Infrastructure
Critical Infrastructure consists of the physical networked systems that society relies on, including power grids, water purification systems, traffic signals, and hospital systems. For example, power plants are vulnerable to cyberattacks when they are networked. The solution for organizations responsible for critical infrastructure is to perform due diligence to ensure that these vulnerabilities are understood and guarded against. Everyone else should also assess the impact that the critical infrastructure they rely on, in the event of a cyberattack, would have on themselves, and then develop contingency plans.
2. Cybersecurity (narrow)
Cybersecurity requires the ability to protect against unauthorized intrusions as well as malicious insiders. Ensuring network security usually requires trade-offs. For example, access control (e.g., extra logins) may be necessary for security, but it can also reduce productivity.
Tools used to monitor network security generate a lot of data, but effective alerts are often overlooked due to the sheer volume of data generated. To better manage network security monitoring, security teams are increasingly using machine learning to flag anomalous traffic and generate threat alerts in real time.
3. Cloud Security
The growing number of organizations moving data to the cloud also creates new security challenges. For example, data breaches due to misconfigured cloud instances were reported almost weekly in 2017. Cloud service providers are creating new security tools to help business users be able to better protect their data, but a word of caution: moving to the cloud is not a panacea for performing due diligence when it comes to cybersecurity.
4. Application Security
Application security (AppSec), particularly Web application security, has become the weakest point of attack technology, but few organizations have been able to adequately mitigate all of the OWASP Top 10 Web vulnerabilities. Application security should start with secure coding practices and be augmented by fuzzing and penetration testing.
The rapid development of applications and deployment to the cloud has led to the emergence of DevOps as an emerging discipline.DevOps teams often prioritize business needs over security, a focus that may change given the proliferation of threats.
5. Internet of Things (IoT) Security
The Internet of Things refers to a variety of critical and non-critical physically networked systems, such as home appliances, sensors, printers, and security cameras. IoT devices are often in an insecure state and offer little to no security patches, which can threaten not only the user but also others on the Internet, as these devices are often used by malicious actors to build botnets. This creates unique security challenges for home users and society.