Cybersecurity is the practice of ensuring the integrity, confidentiality and availability of information. It represents the ability to defend against and recover from security incidents. These security incidents range from hard disk failures or power outages to cyber attacks from competitors. The latter include script kiddies, hackers, criminal gangs with the ability to execute Advanced Persistent Threats (APTs), and others who can pose a serious threat to a business. Business continuity and disaster recovery capabilities are critical to cybersecurity (e.g., application security and narrowly defined network security).
Security should be a top priority across the enterprise and mandated by senior management. The vulnerability of the information world we live in today also requires a strong cybersecurity control strategy. Managers should understand that all systems are built to certain security standards and that employees need to be properly trained. For example, all code can have vulnerabilities, some of which are critical security flaws. After all, developers are only human, and mistakes are inevitable.
Security training
People are often the weakest link in cybersecurity planning. Training developers to code securely, training operators to prioritize robust security profiles, training end users to recognize phishing emails and social engineering attacks -- in short, cybersecurity starts with awareness.
However, even with strong cybersecurity controls in place, it's still hard for all organizations to escape the threat of experiencing some sort of cyberattack. Attackers will always exploit the weakest link, but many attacks can be easily prevented by performing some basic security tasks - sometimes called "cyber hygiene. A surgeon is never allowed to enter an operating room without washing his hands. Similarly, organizations have a responsibility to perform the basics of maintaining cybersecurity, such as maintaining strong authentication practices and not storing sensitive data where it can be publicly accessed.
A good cybersecurity strategy, however, requires more than these basic practices. Skilled hackers can circumvent most defenses and attack surfaces -- and the number of ways, or "vectors," in which an attacker can compromise a system is expanding for most organizations. For example, as information and the real world become increasingly integrated, criminals and state spy organizations are threatening the ICA of physical cyber systems such as automobiles, power plants, medical devices, and even your IoT refrigerator. Similarly, the trend toward ubiquitous adoption of cloud computing, Bring Your Own Device to Work (BYOD), and the booming Internet of Things (IoT) have created new security challenges. Security defenses for these systems are becoming particularly important.
Another prominent manifestation of the further sophistication of cybersecurity is the regulatory environment around consumer privacy. Adherence to a stringent regulatory framework like the EU's General Data Protection Regulation (GDPR) also requires new roles to be assigned to ensure that organizations are able to meet the privacy and security compliance requirements of the GDPR and other regulations.
As a result, the demand for cybersecurity professionals has begun to grow even further, and hiring managers are struggling to select the right candidates to fill the vacancies. But the current imbalance between supply and demand requires organizations to focus on the areas of greatest risk.
Types of cybersecurity
The scope of cybersecurity is very broad, but the core areas are described below, and any organization needs to pay close attention to these core areas and factor them into its cybersecurity strategy:
1. Critical Infrastructure
Critical Infrastructure consists of the physical networked systems that society relies on, including power grids, water purification systems, traffic signals, and hospital systems. For example, power plants are vulnerable to cyberattacks when they are networked. The solution for organizations responsible for critical infrastructure is to perform due diligence to ensure that these vulnerabilities are understood and guarded against. Everyone else should also assess the impact that the critical infrastructure they rely on, in the event of a cyberattack, would have on themselves, and then develop contingency plans.
2. Cybersecurity (narrow)
Cybersecurity requires the ability to protect against unauthorized intrusions as well as malicious insiders. Ensuring network security usually requires trade-offs. For example, access control (e.g., extra logins) may be necessary for security, but it can also reduce productivity.
Tools used to monitor network security generate a lot of data, but effective alerts are often overlooked due to the sheer volume of data generated. To better manage network security monitoring, security teams are increasingly using machine learning to flag anomalous traffic and generate threat alerts in real time.
3. Cloud Security
The growing number of organizations moving data to the cloud also creates new security challenges. For example, data breaches due to misconfigured cloud instances were reported almost weekly in 2017. Cloud service providers are creating new security tools to help business users be able to better protect their data, but a word of caution: moving to the cloud is not a panacea for performing due diligence when it comes to cybersecurity.
4. Application Security
Application security (AppSec), particularly Web application security, has become the weakest point of attack technology, but few organizations have been able to adequately mitigate all of the OWASP Top 10 Web vulnerabilities. Application security should start with secure coding practices and be augmented by fuzzing and penetration testing.
The rapid development of applications and deployment to the cloud has led to the emergence of DevOps as an emerging discipline.DevOps teams often prioritize business needs over security, a focus that may change given the proliferation of threats.
5. Internet of Things (IoT) Security
The Internet of Things refers to a variety of critical and non-critical physically networked systems, such as home appliances, sensors, printers, and security cameras. IoT devices are often in an insecure state and offer little to no security patches, which can threaten not only the user but also others on the Internet, as these devices are often used by malicious actors to build botnets. This creates unique security challenges for home users and society.
Types of Cyber Threats
Common cyber threats include the following three main categories:
Confidentiality Attacks
Many cyberattacks begin by stealing or copying a target's personal information and include a wide variety of criminal attack activities, such as credit card fraud, identity theft, or stealing a Bitcoin wallet. State espionage has also made secrecy attacks an important part of its work, attempting to gain access to classified information of political, military, or economic interest.
Integrity Attacks
In general, integrity attacks are designed to disrupt, damage, or destroy information or systems, as well as the people who rely on them. Integrity attacks can be subtle - small-scale tampering and destruction - or catastrophic - large-scale damage to the target. Attackers can range from script kiddies to national spy organizations.
Availability attacks
Blocking a target's access to data is the most common form of ransomware and denial of service (DoS) attacks today. Ransomware typically encrypts data on the target device and demands a ransom to decrypt it. Denial-of-service (DoS) attacks (usually in the form of distributed denial-of-service attacks) send a large number of requests to the target taking up network resources and making them unavailable.
How these attacks are implemented:
1. Social engineering
If an attacker can find an entry point directly from a human being, he or she can't go through the trouble of hacking into a computer device. Social engineering malware, which is commonly used to spread ransomware, is the number one ranked attack (as opposed to buffer overflows, misconfigurations, or advanced vulnerability exploits). Social engineering enables end users to be tricked into running Trojan horse programs, often from websites they trust and visit frequently. Ongoing user security awareness training is the best measure against such attacks.
2. Phishing attacks
Sometimes the best way to steal someone's password is to trick them into providing it themselves, depending on the successful practice of phishing attacks. Even smart users who are well-trained in security can be subject to phishing attacks. That's what makes two-factor authentication (2FA) the best protection - without a second factor (such as a hardware security token or a software token authentication program on the user's phone), a stolen password will mean nothing to an attacker.
3. Unpatched software
It may be hard to blame an organization if an attacker launches a zero-day exploit against you, but if an organization doesn't install a patch it's as if it hasn't performed due diligence. If the vulnerability has been disclosed for months or even years, and the organization still hasn't installed a security patch program, it will inevitably be accused of negligence. So remember patch, patch, patch, say the important thing three times!
4. Social Media Threats
The term "Catfishing" generally refers to the practice of concealing one's identity in an online environment by crafting a quality online persona with the goal of impressing others, especially in order to entice someone to develop a romantic relationship with them. Catfishing isn't just for the dating scene, however. Trustworthy "vest" accounts can spread the worm through your LinkedIn network. Would you be surprised if someone who knows your professional contacts well enough to initiate a conversation about your work? As the saying goes, "a bad mouth sinks a battleship," so hopefully both companies and countries should take social media espionage more seriously.
5. Advanced Persistent Threats (APTs)
State espionage is not limited to countries and government organizations, but there are attackers in the enterprise as well. So don't be surprised if there are multiple APT attacks playing hide-and-seek on your company's network. If your company is in a business that is of lasting benefit to anyone or any region, then you need to consider your company's security posture and how to deal with sophisticated APT attacks. This is especially true in the tech sector, an industry filled with all kinds of valuable intellectual property that has been coveted by many criminals and state spies.
Cybersecurity careers
Executing a strong cybersecurity strategy also requires the right people. The demand for specialized cybersecurity professionals has never been higher, including C-level executives and front-line security engineers. While companies are becoming more aware of data protection, security department leaders have begun to make their way into C-level management and boardrooms. A chief security officer (CSO) or chief information security officer (CISO) is now a core management position that any formal organization must have.
In addition, roles have become more specialized. The days of the generic security analyst are on the wane. Today, penetration testers may focus on application security, network security, or strengthening the security awareness of phishing users. Incident response is also becoming popularized around the clock (724 hours). Here are some of the basic roles on a security team:
1. Chief Information Security Officer/Chief Security Officer
The CISO is a C-level executive responsible for overseeing the operational behavior of an organization's IT security department and other related personnel. In addition, the CISO is responsible for directing and managing strategy, operations, and budgets to ensure the security of an organization's information assets.
2. Security Analyst
A security analyst is also known as a network security analyst, data security analyst, information systems security analyst, or IT security analyst. This role typically has the following responsibilities:
Plan, implement, and escalate security measures and controls;
Protect digital files and information systems from unauthorized access, modification, or destruction;
Maintain data and monitor security access;
Perform internal/external security audits;
Administer network, intrusion detection, and protection systems ; analyze security breaches to determine their realization and root cause;
define, implement, and maintain an enterprise security policy;
coordinate security programs with external vendors;
3. Security Architect
A good information security architect needs to be able to work across both business and technical domains. While the role can vary in industry detail, it is also a senior position that focuses on planning, analyzing, designing, configuring, testing, implementing, maintaining, and supporting an organization's computer and network security infrastructure. This requires the security architect to be able to fully understand the organization's business, and its technology and information needs.
4. Security Engineer
The job of a security engineer is on the front lines of protecting company assets from threats. The job requires strong technical, organizational and communication skills.The IT Security Engineer is a relatively new position that focuses on quality control in the IT infrastructure. This includes designing, building, and protecting scalable, secure, and robust systems; operating data center systems and networks; helping organizations understand advanced cyber threats; and helping businesses develop cybersecurity strategies to protect those networks.