Cyber Security

Cyber security is aimed at preventing cybercriminals, malicious insiders, or others, from accessing, harming, disrupting or modifying IT systems and applications.

Security breaches and threats can affect nearly any system including:

  • Communication — phone calls, emails, text messages, and messaging apps can all be used for cyberattacks
  • Finance — naturally, financial institutions are a primary target for attackers, and any organization processing or dealing with bank or credit card information are at risk
  • Governments — government institutions are commonly targeted by cybercriminals, who may be after private citizen information or confidential public data
  • Transportation — connected cars, traffic control systems and smart road infrastructure are all at risk of cyber threats
  • Healthcare — anything from medical records at a local clinic to critical care systems at a national hospital are vulnerable to attack
  • Education — educational institutions, their confidential research data, and information they hold about students or staff, are at risk of attack

Principles of Cyber Security

The primary objective of cyber security is to protect data. The security community commonly refers to a triangle of three related principles that ensure data is secure, known as the CIA triad:

  • Confidentiality — ensuring sensitive data is only accessible to those people who actually need it, and are permitted to access according to organizational policies, while blocking access to others.
  • Integrity — making sure data and systems are not modified due to actions by threat actors, or accidental modification. Measures should be taken to prevent corruption or loss of sensitive data, and to speedily recover from such an event if it occurs.
  • Availability — ensuring that data remains available and useful for its end-users, and that this access is not hindered by system malfunction, cyber attacks, or even security measures themselves.

Common Application Security Strategies

DDoS protection

A Distributed Denial of Service (DDoS) attack uses a large number of connected devices controlled by an attacker, to overwhelm a website’s resources with fake traffic. Because of the massive scale of today’s DDoS attacks, a common protective measure is a cloud-based DDoS mitigation service. These services use either DNS or BGP routing to divert traffic to cloud-based scrubbing servers, dropping malicious requests and forwarding legitimate ones to the web server.

Web Application Firewall

A web application firewall (WAF) is deployed on the network edge as a reverse proxy, inspects incoming and outbound HTTP/S traffic to a web application, and filters out malicious traffic. A WAF uses security policies, and threat intelligence data such as known bad traffic sources and known attack patterns, to determine which traffic should not reach the application.

Advanced Bot Protection

Bots are automated programs that perform actions over the Internet. Some bots are legitimate and should be allowed access to a website, while others are malicious and can be used to launch automated attacks. Bot management is a rapidly evolving field that protects organizations from bad bots using bot reputation databases, challenges that test whether a bot is a real user or not, and behavioral analysis that identifies suspicious bot behavior.

Common Data Security Strategies

Data Masking

Many data breaches occur not in production environments, but on testing or DevOps environments. These environments are often not secured, but are commonly loaded with live, sensitive customer data. Data masking makes it possible to use realistic data on testing servers, while using transformation techniques to hide or scramble the original data.

Vulnerability Discovery

Many software systems have known vulnerabilities, which can be exploited by hackers to compromise the system. Vulnerability discovery is a process that relies on vulnerability databases, which contain details about known vulnerabilities. It allows an organization to detect which systems are affected by vulnerabilities, understand severity and impact, and remediate the vulnerabilities.

Endpoint Security

The number of endpoint devices at organizations is exploding. There are millions of laptops, mobile devices, and Internet of Things (IoT devices), which connect to the Internet and represent a growing security risk.

Endpoint security involves deploying an agent on each endpoint, which can provide security capabilities like Next-Generation Antivirus (NGAV), to detect zero day attacks and inside threats, and Endpoint Detection and Response (EDR), to help security teams investigate and block attacks on endpoints in real time.

Common Cyber Threats

ThreatHow it WorksRisk to Your Organization
PhishingAttackers send emails and messages to victims, disguised as legitimate, but in fact tricking the recipient into compromising security.Phishing can be used by attackers as a precursor to almost every other type of cyber attack. It opens the door to your network and internal systems.
Advanced Persistent Threats (APT)An organized group of cybercriminals wages a long-term cyber attack campaign against a specific organization.APT groups can compromise data, including sensitive customer data, steal funds, and destroy or disrupt critical systems.
MalwareSoftware built to assist or carry out cyber attacks or cause damage to computer systems. It is typically able to spread itself and infect additional computer systems.Malware can cause direct damage, for example corrupting data or disrupting system operations, and may include backdoors that give attackers unlimited access to perform other malicious actions.
RansomwareA type of malware that encrypts data on computer systems, rendering it inaccessible to users, and demands a ransom for its release.Ransomware is a threat to all organizational data. It can be very difficult to recover from it without an effective backup and disaster recovery plan.
Zero-day exploitA first attempt to perform a cyber attack by exploiting a security vulnerability in a computer system. Because the vulnerability is not yet known, the attack is highly likely to succeed.Zero-day exploits can have deadly consequences. Depending on the system targeted, they can result in attackers accessing critical systems, disrupting service and compromising sensitive data.
Code injectionAn attempt by attackers to send malicious code to a computer system and cause it to process and execute that code. Common variants are SQL Injection and Cross-Site Scripting (XSS).Code injection can be used to gain control of systems like web servers, application servers or databases, and manipulate them to perform actions desirable to the attacker.
Denial of Service (DDoS)Involves sending large amounts of fake traffic to a computer system, until the volume of traffic overwhelms it, denying access to legitimate users.Disruption of critical services, damage to reputation. Can also serve as a diversion, used to draw the attention of security staff and hide other malicious activities.
Bots and automated attacksThe vast majority of cyber attacks are carried out by automated systems called bots, which can scan systems for vulnerabilities, try to guess passwords, infect systems with malware, and perform many more malicious actions.Bots are dangerous because they operate at large scale, constantly scanning the Internet for victims and attacking relentlessly. All websites are constantly hit with bot traffic, some of it malicious.

Building a Cyber Security Strategy

  • Perform an inventory of computing assets—identify which applications and data your organization possesses, and the consequences if they should be attacked or compromised. Create a list of assets that need to be protected.
  • Identify compliance requirements—is your organization subject to any regulations or industry standards that affect cybersecurity? Identify the compliance requirements related to cybersecurity and add them to your list of protected assets.
  • Identify threats and risks—review a comprehensive list of threats affecting your industry, identify which of them are the most relevant for your organization, and review key systems to how vulnerable they are to an attack. For example, an organization that operates a website should be concerned about web application threats like code injection and malicious bots, and should perform an assessment of its web applications to see how vulnerable they are.
  • Prioritize risks—given the systems you need to protect, your compliance responsibilities, and the common threats, map out your biggest risks. Which are the systems that are the most valuable to the business and most likely to be attacked? These are the first risks you should target with your cybersecurity program.
  • Identify your security maturity level and existing tooling—do you have a cybersecurity program in your company? Are there in-house staff or existing vendors that provide security services? Also map out cybersecurity measures that already exist. Consider protection of physical facilities (a security guard, locked doors for server rooms), security systems like firewalls and antivirus, and security measures in applications and services the organization uses, including cloud services.
  • Build a cybersecurity team—leverage existing staff in your organization with cybersecurity skills, hire new staff and involve consultants if necessary. Create a capable team that is able to execute on a cybersecurity plan to improve your security posture.
  • Build a timeline and milestones for improving your cybersecurity—what are the quick wins you can immediately carry out to improve protection of critical systems? What are longer term measures that need more time but can be important to improving cybersecurity? Build a long-term plan for at least 1-2 years, with clear milestones indicating what should be achieved by the security team each quarter.
  • .