Cybersecurity is a moving target, and security processes, practices, hardware and software must evolve with the technologies, applications and threats.
History teaches us that everything changes, and that’s particularly true when it comes to cybersecurity where a vulnerability, accidental or malicious, can put a business at risk any time, any where. While cybersecurity must address the core functions -- Identify, Protect, Detect, Respond and Recover -- in a holistic manner, what are the processes, practices, hardware and software that when combined and integrated together can provide effective cybersecurity? The following is not a definitive list, but it does cover the basics required to better secure your information assets.
Processes, Processes, Processes
Cybersecurity is only as good as the weakest link, and too often that link is people. To ensure a safer environment, there are a number of processes that should be implemented, including:
- Create a formal security policy and procedures
- Educate your employees and partners
- Test and practice your incident response plan
- Keep your software up-to-date
By 2020, 99% of vulnerabilities exploited will continue to be ones known by security and IT professionals for at least one year.
Security by design
Designing security into your software - i.e. addressing confidentiality, integrity, availability, accountability, and assurance - is a good first step. It can include:
- Defense in depth, where multiple security measures protect against any singular attack Principle of least privilege, which limits access and risk to the minimal level required for the system or personnel to function
- Audit trails that track system activity to determine the mechanism and extent of a breach or problem.
Access control
Access control ensures that only authorized personnel or processes acting on your behalf can access specific devices, programs and data. Elements to be addressed in an access control policy should include: account management; log-in attempts; least privilege; and access enforcement.
Encryption
Sometimes called the backbone of cybersecurity strategies, encryption is the process of making data unreadable through the use algorithms to create complex codes. Only authorized personnel with the current encryption key can make the data readable, so that even if the information is intercepted, it it useless until decrypted.
Security information and event management (SIEM)
A combination of security information management (SIM) and security event management (SEM), security information and event management (SIEM) software and services provide real-time analysis of security alerts generated by applications and network hardware.
Data loss prevention (DLPs)
A strategy - or software - for ensuring that people do not send critical or restricted information outside the company network, data loss prevention uses business rules to classify and protect data from abuse by unauthorized people.
Firewall
Either hardware or software-based, or a combination of both, a firewall is a network security system that uses rules to control incoming and outgoing network traffic and prevent unauthorized access.
Intrusion detection system (IDS)
Intended to detect network or system attacks in progress, and assist in post-attack forensics, an intrusion detection system is hardware, software or combined capability that monitors malicious activity and policy violations.
Antivirus (AV) software
Originally intended to detect and destroy computer viruses - software programs that can corrupt or delete data, replicate and transmit themselves and infect other computers, programs and data - antivirus software now provides protection against a gamut of malware, including adware and spyware, ransomware, Trojan horses, worms, spam, phishing attacks, botnets, and advanced persistent threats (APTs).
The likelihood of a breach - accidental or malicious - or some kind of malware attack is pretty much guaranteed, regardless of the size of your organization, or the protective measures you take. However, practicing safe computing by putting in place the appropriate processes, practices, hardware and software, and keeping them current, will help you to address cybersecurity’s core functions (Identify, Protect, Detect, Respond and Recover) and help ensure that even if you do suffer a misfortune you are prepared to weather any security issue.