Definition of Cyber Security
Cyber security can be described as the collective methods, technologies and processes to help protect the confidentiality, integrity, and availability of computer systems, networks, and data against electronic attacks or unauthorized access. The main goal of cyber security is to protect all organizational assets from external and internal threats, as well as disruptions caused by natural disasters. Because organizational assets are made up of several disparate systems, putting in place effective and effective cyber security requires coordinated efforts across all of your information systems. Therefore, cyber security consists of the following sub-fields:
What are some sub-fields of cybersecurity?
- Application security involves implementing various defenses within all software and services used within an organization against a wide range of threats. It requires designing secure application architectures, writing secure code, implementing robust data entry validation, threat modeling, etc. To reduce the possibility of unauthorized access to or modification of application resources.
Identity management and data security
- Identity management encompasses the frameworks, processes, and activities that enable the authentication and authorization of legitimate persons for information systems within an organization. Data security involves implementing robust information storage mechanisms that ensure data integrity at rest and in transit.
- Network security involves implementing hardware and software mechanisms to protect the network and infrastructure from unauthorized access, disruption, and misuse. Effective network security helps protect enterprise assets from multiple external and internal threats.
- Mobile security refers to the protection of both organizational and personal information stored on mobile devices such as cell phones, laptops, tablets, etc. From various threats, such as unauthorized access, lost or stolen devices, malware, etc.
Also read, Internet of things (IoT)
- Cloud security is about designing secure cloud architectures and applications for organizations that use multiple cloud service providers such as AWS, Google, Azure, Rackspace, etc. Effective architecture and environment configuration guarantee protection from various threats.
Disaster Recovery and Business Continuity Planning (DR & BC)
- DR&BC deals with the processes, monitoring, alerts, and plans that help organizations prepare to maintain critical business systems online during and after any type of disaster, as well as to resume lost operations and systems after an incident.
- Formal training of people on information security issues is essential to raising awareness of industry best practices, organizational procedures and policies, as well as monitoring and reporting malicious activity.
The Importance of Cyber Security
Cybersecurity is important because government, military, corporate, financial, and medical organizations collect, process, and store unprecedented amounts of data on computers and other devices. Much of this data may be sensitive information, whether it is intellectual property, financial data, personal information, or other types of data whose unauthorized access or exposure could have negative consequences. Organizations transmit sensitive data across networks and other devices in the course of their business activities, and cyber security describes the system dedicated to protecting that information and the systems used to process or store it. As the scale and sophistication of cyberattacks grow, companies and organizations—particularly those tasked with protecting information related to national security, health, or financial records—must take steps to protect their business information and confidential employees. As early as March 2013, the country’s top intelligence officials warned that cyberattacks and digital espionage were the number one threat to national security, making terrorism dwindle even further.
Cyber Security Challenges
For effective cyber security, an organization needs to coordinate its efforts across the entire information system. Elements of cybernetics include all of the following:
- Network security: the process of protecting the network from unwanted users, attacks, and intrusions.
Application Security: Applications require constant updates and testing to ensure that these programs are protected from attacks.
- Endpoint Security: Remote access is a necessary part of the job, but it can also be a data vulnerability. Endpoint security is the process of protecting remote access to a corporate network.
- Data Security: Data exists inside networks and applications. Protecting company and customer information is a separate layer of security.
- Identity management: Basically, this is the process of understanding the access that everyone in the organization has.
- Database and Infrastructure Security: Everything on the network includes databases and physical equipment. Protecting these devices is just as important.
- Cloud Security: Many files reside in digital environments, or the “cloud”. Data protection in a 100% online environment presents its own set of challenges.
- Mobile Security : Mobile phones and tablets bring all kind of security challenges for themselves.
- Disaster Recovery/Business Continuity Planning: In the event of a security breach, natural disaster or other event, the data must be protected and the business must continue. For this, you will need a plan. End user education: Users can be employees accessing the network or clients logging into a corporate application. Education on good habits (changing your password and having a strong password, two-factor authentication, etc.) is an important part of cybersecurity.
More About Cyber Security
Cyber security is the practice of protecting critical systems and sensitive information from digital attacks. Also known as information technology (IT) security, cybersecurity measures are designed to combat threats against networked systems and applications, whether those threats originate from within or outside the organization.
In 2020, the average cost of a data breach was $3.86 million globally and $8.64 million in the United States. These costs include the expense of detecting and responding to the breach, the cost of downtime and lost revenue, and long-term damage to the company’s reputation and brand. Cybercriminals target customers’ personally identifiable information (PII) (names, addresses, national identification numbers (for example, Social Security number in the United States, tax codes in Italy), credit card information) and then sell these records on underground digital marketplaces. A breach of PII often results in loss of customer trust, regulatory fines, and even legal action.
Security system complexity, resulting from disparate technologies and lack of in-house expertise, can add to these costs. But organizations with a comprehensive cyber security strategy, guided by best practices and automated using advanced analytics, artificial intelligence (AI), and machine learning, can combat cyber threats more effectively and reduce the life cycle and impact of threats and breaches when they occur.
Common Cyber Security Threats
Although cybersecurity professionals work hard to close security holes, attackers are always looking for new ways to escape IT attention, evade defensive measures, and exploit emerging vulnerabilities. The latest cybersecurity threats are revolutionizing “known” threats, leveraging work-from-home environments, remote access tools, and new cloud services. These evolving threats include:
- The term “malware” refers to various types of malicious software, such as worms, viruses, Trojan horses, and spyware, that provide unauthorized access to or damage a computer. Malware attacks are becoming increasingly “fileless” and are designed to evade familiar detection methods, such as antivirus tools, that look for malicious attachments.
- Ransomware is a type of malware that obscures files, data, or systems, and threatens to wipe or corrupt data, or make sensitive or private data public, unless a ransom is paid to the cybercriminals who launched the attack. Recent ransomware attacks have targeted state and local governments, which are easier to hack than organizations and are under pressure to pay ransoms to restore apps and websites that citizens trust.
Phishing / Social Engineering
- Phishing is a form of social engineering that tricks users into providing their personally identifiable information or sensitive information. In phishing scams, the email or text message appears to be from a legitimate company asking for sensitive information, such as credit card details or login information. The FBI has noted an increase in phishing related to the pandemic, linked to the growth of remote work.
- Current or former employees, business partners, contractors, or anyone who has had access to systems or networks in the past could be considered an insider threat if they misused their access permissions. Internal threats can be invisible to traditional security solutions, such as firewalls and intrusion detection systems, which focus on external threats.
Distributed Denial of Service (DDoS) attacks
- A DDoS attack attempts to destroy a server, website, or network by overloading it with traffic, usually from multiple coordinated systems. DDoS attacks overwhelm enterprise networks through the Simple Network Management Protocol (SNMP), used in modems, printers, switches, routers, and servers.
Advanced Persistent Threats (APTs)
- In APT, an intruder or group of hackers infiltrates a system and remains undetected for a long period of time. A hacker leaves networks and systems intact so that he can spy on business and steal sensitive data while avoiding activating defensive countermeasures. Solar Winds’ recent hack into US government systems is an example of APT.
- Man-in-the-middle is an espionage attack, where a cybercriminal intercepts and transmits messages between two parties to steal data. For example, in an unsecured Wi-Fi network, an attacker could intercept the data being sent between the host device and the network.
Domains of Cyber Security
A strong cyber security strategy contains layers of protection to defend against cyber crimes, including cyber attacks that attempt to access, alter or destroy data; extort money from users or the organization; or intended to disrupt normal business operations. Countermeasures should address:
- Critical Infrastructure Security: Practices to protect computer systems, networks, and other assets that society depends on for national security, economic health, or public safety. The National Institute of Standards and Technology (NIST) has created a cybersecurity framework to assist organizations in this area, while the US Department of Homeland Security (DHS) provides additional guidance.
- Network security: Security measures to protect a computer network from hackers, including wired and wireless (Wi-Fi) communications.
- Application Security: The processes that help protect applications that run on premises and in the cloud. Security should be built into applications at the design stage, considering how data will be handled, user authentication, etc.
- Cloud Security: Specifically, truly confidential computing that encrypts data in the cloud at rest (stored), in motion (as it travels to, to and within the cloud), and in use (during processing) to uphold user privacy. Business requirements and regulatory compliance. Standards
- Information security: Data protection measures, such as the General Data Protection Regulation, or GDPR, that protect your most sensitive data from unauthorized access, exposure, or theft.
- End User Education: Build security awareness across the organization to enhance end user security. For example, users can be trained to remove suspicious email attachments, avoid using unknown USB devices, and so on.
- Disaster Recovery/Business Continuity Planning: Tools and procedures for responding to unplanned events, such as natural disasters, power outages, or cybersecurity incidents, with minimal disruption to key operations.
- Storage security: IBM FlashSystem® provides powerful data resilience with comprehensive safeguards. This includes encryption and isolated, immutable copies of data. These remain in the same group so they can be quickly restored to support recovery, and reduce the impact of a cyber attack.
- Mobile security: IBM Security® MaaS360 with Watson lets you manage and protect your mobile workforce with application security, container application security, and secure mobile mail.