Cyber security can be described as the collective methods, technologies, and processes to help protect the confidentiality, integrity, and availability of computer systems, networks and data, against cyber-attacks or unauthorized access. The main purpose of cyber security is to protect all organizational assets from both external and internal threats as well as disruptions caused due to natural disasters.
As organizational assets are made up of multiple disparate systems, an effective and efficient cyber security posture requires coordinated efforts across all its information systems. Therefore, cyber security is made up of the following sub-domains:
Application security involves implementing various defenses within all software and services used within an organization against a wide range of threats. It requires designing secure application architectures, writing secure code, implementing strong data input validation, threat modeling, etc. to minimize the likelihood of any unauthorized access or modification of application resources.
Identity Management and Data Security
Identity management includes frameworks, processes, and activities that enables authentication and authorization of legitimate individuals to information systems within an organization. Data security involves implementing strong information storage mechanisms that ensure security of data at rest and in transit.
Network security involves implementing both hardware and software mechanisms to protect the network and infrastructure from unauthorized access, disruptions, and misuse. Effective network security helps protect organizational assets against multiple external and internal threats.
Mobile security refers to protecting both organizational and personal information stored on mobile devices like cell phones, laptops, tablets, etc. from various threats such as unauthorized access, device loss or theft, malware, etc.
Cloud security relates to designing secure cloud architectures and applications for organization using various cloud service providers such as AWS, Google, Azure, Rackspace, etc. Effective architecture and environment configuration ensures protection against various threats.
Disaster recovery and business continuity planning (DR&BC)
DR&BC deals with processes, monitoring, alerts and plans that help organizations prepare for keeping business critical systems online during and after any kind of a disaster as well as resuming lost operations and systems after an incident.
Formally training individuals regarding topics on computer security is essential in raising awareness about industry best practices, organizational procedures and policies as well as monitoring and reporting malicious activities.
What is a cyber-attack?
A cyber-attack is a deliberate attempt by external or internal threats or attackers to exploit and compromise the confidentiality, integrity and availability of information systems of a target organization or individual(s). Cyber-attackers use illegal methods, tools and approaches to cause damages and disruptions or gain unauthorized access to computers, devices, networks, applications and databases.
Cyber-attacks come in a wide variety and the following list highlights some of important ones that criminals and attackers use to exploit software:
3.Injection attacks (e.g., cross-site scripting, SQL injection, command injection)
4.Session management and Man-in-the-Middle attacks
6.Denial of service
9.Remote code execution
What’s the difference between a cyber-attack and a security breach?
A cyber-attack is not exactly the same as a security breach. A cyber-attack as discussed above is an attempt to compromise the security of a system. Attackers try to exploit the confidentially, integrity or availability of a software or network by using various kinds of cyber-attacks as outlined in the above section. Security breach on the other hand is a successful event or incident in which a cyber-attack results in a compromise of sensitive information, unauthorized access to IT systems or disruption of services.
Attackers consistently try a multitude of cyber-attacks against their targets with a determination that one of them would result in a security breach. Hence, security breaches also highlight another significant part of a complete cyber security strategy; which is Business Continuity and Incidence Response (BC-IR). BC-IR helps an organization with dealing in cases of a successful cyber-attacks. Business Continuity relates to keeping critical business system online when struck with a security incident whereas Incidence Response deals with responding to a security breach and to limit its impact as well as facilitating recovery of IT and Business systems.
Cyber security best practices
1. Perform risk assessments
Organizations should perform a formal risk assessment to identify all valuable assets and prioritize them based on the impact caused by an asset when its compromised. This will help organizations decide how to best spend their resources on securing each valuable asset.
2. Ensure vulnerability management and software patch management/updates
It is crucial for organizational IT teams to perform identification, classification, remediation, and mitigation of vulnerabilities within all software and networks that it uses, to reduce threats against their IT systems. Furthermore, security researchers and attackers identify new vulnerabilities within various software every now and then which are reported back to the software vendors or released to the public. These vulnerabilities are often exploited by malware and cyber attackers. Software vendors periodically release updates which patch and mitigate these vulnerabilities. Therefore, keeping IT systems up-to-date helps protect organizational assets.
3. Implement a robust business continuity and incidence response (BC-IR) plan
Having a solid BC-IR plans and policies in place will help an organization effectively respond to cyber-attacks and security breaches while ensuring critical business systems remain online.
4. Perform periodic security reviews
Having all software and networks go through periodic security reviews helps in identifying security issues early on and in a safe environment. Security reviews include application and network penetration testing, source code reviews, architecture design reviews, red team assessments, etc. Once security vulnerabilities are found, organizations should prioritize and mitigate them as soon as possible.
5. Design software and networks with security in mind
When creating applications, writing software, architecting networks, always design them with security in place. Bear in mind that the cost of refactoring software and adding security measures later on is far greater than building in security from the start. Security designed application help reduce the threats and ensure that when software/networks fail, they fail safe.
6. Backup data
Backing up all data periodically will increase redundancy and will make sure all sensitive data is not lost or comprised after a security breach. Attacks such as injections and ransomware, compromise the integrity and availability of data. Backups can help protect in such cases.