Cybersecurity is a moving target, and security processes, practices, hardware and software must evolve with the technologies, applications and threats.
History teaches us that everything changes, and that’s particularly true when it comes to cybersecurity where a vulnerability, accidental or malicious, can put a business at risk any time, any where. While cybersecurity must address the core functions -- Identify, Protect, Detect, Respond and Recover -- in a holistic manner, what are the processes, practices, hardware and software that when combined and integrated together can provide effective cybersecurity? The following is not a definitive list, but it does cover the basics required to better secure your information assets.
Cybersecurity is only as good as the weakest link, and too often that link is people. To ensure a safer environment, there are a number of processes that should be implemented, including:
Designing security into your software - i.e. addressing confidentiality, integrity, availability, accountability, and assurance - is a good first step. It can include:
Access control ensures that only authorized personnel or processes acting on your behalf can access specific devices, programs and data. Elements to be addressed in an access control policy should include: account management; log-in attempts; least privilege; and access enforcement.
Sometimes called the backbone of cybersecurity strategies, encryption is the process of making data unreadable through the use algorithms to create complex codes. Only authorized personnel with the current encryption key can make the data readable, so that even if the information is intercepted, it it useless until decrypted.
A combination of security information management (SIM) and security event management (SEM), security information and event management (SIEM) software and services provide real-time analysis of security alerts generated by applications and network hardware.
A strategy - or software - for ensuring that people do not send critical or restricted information outside the company network, data loss prevention uses business rules to classify and protect data from abuse by unauthorized people.
Either hardware or software-based, or a combination of both, a firewall is a network security system that uses rules to control incoming and outgoing network traffic and prevent unauthorized access.
Intended to detect network or system attacks in progress, and assist in post-attack forensics, an intrusion detection system is hardware, software or combined capability that monitors malicious activity and policy violations.
Originally intended to detect and destroy computer viruses - software programs that can corrupt or delete data, replicate and transmit themselves and infect other computers, programs and data - antivirus software now provides protection against a gamut of malware, including adware and spyware, ransomware, Trojan horses, worms, spam, phishing attacks, botnets, and advanced persistent threats (APTs).
The likelihood of a breach - accidental or malicious - or some kind of malware attack is pretty much guaranteed, regardless of the size of your organization, or the protective measures you take. However, practicing safe computing by putting in place the appropriate processes, practices, hardware and software, and keeping them current, will help you to address cybersecurity’s core functions (Identify, Protect, Detect, Respond and Recover) and help ensure that even if you do suffer a misfortune you are prepared to weather any security issue.
Far from sci-fi depictions, artificial intelligence – through machine learning algorithms and big data – is key to defusing today's evolving cyberthreats.
WannaCry ransomware, expected to cost up to $4 billion, could have been drastically curtailed with automated patching.