What is cyber security?
Cyber Security is the practice of protecting critical systems and sensitive information from digital attacks. Also known as information technology (IT) security, cyber security measures are designed to combat threats against networked systems and applications, whether those threats originate from inside or outside of an organization.
In 2020, the average cost of a data breach was USD 3.86 million globally, and USD 8.64 million in the United States. These costs include the expenses of discovering and responding to the breach, the cost of downtime and lost revenue, and the long-term reputational damage to a business and its brand. Cybercriminals target customers’ personally identifiable information (PII) — names, addresses, national identification numbers (e.g., Social Security number in the US, fiscal codes in Italy), and credit card information — and then sell these records in underground digital marketplaces. Compromised PII often leads to a loss of customer trust, the imposition of regulatory fines, and even legal action.
Security system complexity, created by disparate technologies and a lack of in-house expertise, can amplify these costs. But organizations with a comprehensive cyber security strategy, governed by best practices and automated using advanced analytics, artificial intelligence (AI) and machine learning, can fight cyberthreats more effectively and reduce the lifecycle and impact of breaches when they occur.
Cybersecurity terms and domains
A strong cyber security strategy has layers of protection to defend against cyber crime, including cyber attacks that attempt to access, change, or destroy data; extort money from your users or the organization; or aim to disrupt normal business operations.
Countermeasures should address:
Critical infrastructure security
Practices for protecting the computer systems, networks, and other assets that society relies upon for national security, economic health, and/or public safety. The National Institute of Standards and Technology (NIST) has created a cyber security framework to help organizations in this area, while the U.S. Department of Homeland Security (DHS) provides additional guidance.
Network security
Security measures for protecting a computer network from intruders, including both wired and wireless (Wi-Fi) connections.
Application security
Processes that help protect applications operating on-premises and in the cloud. Security should be built into applications at the design stage, with considerations for how data is handled, user authentication, etc.
Cloud security
Specifically, true confidential computing that encrypts cloud data at rest (in storage), in motion (as it travels to, from and within the cloud) and in use (during processing) to support customer privacy, business requirements and regulatory compliance standards.
Information security
Data protection measures, such as the General Data Protection Regulation or GDPR, that secure your most sensitive data from unauthorized access, exposure, or theft.
End-user education
Building security awareness across the organization to strengthen endpoint security. For example, users can be trained to delete suspicious email attachments, avoid using unknown USB devices, etc.
Disaster recovery/business continuity planning
Tools and procedures for responding to unplanned events, such as natural disasters, power outages, or cyber security incidents, with minimal disruption to key operations.
Storage security – any platform that stores critical data should deliver rock solid data resilience with numerous safeguards. This may include encryption and immutable, isolated data copies. These remain in the same pool so they can quickly be restored to support recovery, minimizing the impact of a cyber attack.
Mobile security
Enables you or your provider to manage and secure your mobile workforce with app security, container app security and secure mobile mail.
Dangerous cyber security myths
The volume of cyber security incidents is on the rise across the globe, but misconceptions continue to persist, including the notion that:
Cybercriminals are outsiders
In reality, cyber security breaches are often the result of malicious insiders, working for themselves or in concert with outside hackers. These insiders can be a part of well-organized groups, backed by nation-states.
Risks are well-known
In fact, the risk surface is still expanding, with thousands of new vulnerabilities being reported in old and new applications and devices. And opportunities for human error – specifically by negligent employees or contractors who unintentionally cause a data breach – keep increasing.
Attack vectors are contained
Cybercriminals are finding new attack vectors all the time – including Linux systems, operational technology (OT), Internet of Things (IoT) devices, and cloud environments.
My industry is safe
Every industry has its share of cyber security risks, with cyber adversaries exploiting the necessities of communication networks within almost every government and private-sector organization. For example, ransomware attacks are targeting more sectors than ever, including local governments and non-profits, and threats on supply chains, “.gov” websites, and critical infrastructure have also increased.
Common Cyber Threats
Although cyber security professionals work hard to close security gaps, attackers are always looking for new ways to escape IT notice, evade defense measures, and exploit emerging weaknesses. The latest cyber security threats are putting a new spin on “known” threats, taking advantage of work-from-home environments, remote access tools, and new cloud services.
These evolving threats include:
Malware
The term “malware” refers to malicious software variants—such as worms, viruses, Trojans, and spyware—that provide unauthorized access or cause damage to a computer. Malware attacks are increasingly “fileless” and designed to get around familiar detection methods, such as antivirus tools, that scan for malicious file attachments.
Ransomware
Ransomware is a type of malware that locks down files, data or systems, and threatens to erase or destroy the data – or make private or sensitive data to the public – unless a ransom is paid to the cybercriminals who launched the attack. Recent ransomware attacks have targeted state and local governments, which are easier to breach than organizations and under pressure to pay ransoms in order to restore applications and web sites on which citizens rely.
Phishing / social engineering
Phishing is a form of social engineering that tricks users into providing their own PII or sensitive information. In phishing scams, emails or text messages appear to be from a legitimate company asking for sensitive information, such as credit card data or login information. The FBI has noted about a surge in pandemic-related phishing, tied to the growth of remote work.
Insider threats
Current or former employees, business partners, contractors, or anyone who has had access to systems or networks in the past can be considered an insider threat if they abuse their access permissions. Insider threats can be invisible to traditional security solutions like firewalls and intrusion detection systems, which focus on external threats.
Distributed denial-of-service (DDoS) attacks
A DDoS attack attempts to crash a server, website or network by overloading it with traffic, usually from multiple coordinated systems. DDoS attacks overwhelm enterprise networks via the simple network management protocol (SNMP), used for modems, printers, switches, routers, and servers.
Advanced persistent threats (APTs)
In an APT, an intruder or group of intruders infiltrate a system and remain undetected for an extended period. The intruder leaves networks and systems intact so that the intruder can spy on business activity and steal sensitive data while avoiding the activation of defensive countermeasures. The recent Solar Winds breach of United States government systems is an example of an APT.
Man-in-the-middle attacks
Man-in-the-middle is an eavesdropping attack, where a cybercriminal intercepts and relays messages between two parties in order to steal data. For example, on an unsecure Wi-Fi network, an attacker can intercept data being passed between guest’s device and the network.
Key cyber security technologies and best practices
The following best practices and technologies can help your organization implement strong cyber security that reduces your vulnerability to cyber attacks and protects your critical information systems, without intruding on the user or customer experience:
Identity and access management (IAM) defines the roles and access privileges for each user, as well as the conditions under which they are granted or denied their privileges. IAM methodologies include single sign-on, which enables a user to log in to a network once without re-entering credentials during the same session; multi factor authentication, requiring two or more access credentials; privileged user accounts, which grant administrative privileges to certain users only; and user lifecycle management, which manages each user’s identity and access privileges from initial registration through retirement. IAM tools can also give your cyber security professionals deeper visibility into suspicious activity on end-user devices, including endpoints they can’t physically access. This helps speed investigation and response times to isolate and contain the damage of a breach.
A comprehensive data security platform protects sensitive information across multiple environments, including hybrid and multi-cloud environments. The best data security platforms provide automated, real-time visibility into data vulnerabilities, as well as ongoing monitoring that alerts them to data vulnerabilities and risks before they become data breaches; they should also simplify compliance with government and industry data privacy regulations. Backups and encryption are also vital for keeping data safe.
Security information and event management (SIEM) aggregates and analyzes data from security events to automatically detect suspicious user activities and trigger a preventative or remedial response. Today SIEM solutions include advanced detection methods such as user behavior analytics and artificial intelligence (AI). SIEM can automatically prioritize cyber threat response in line with your organization’s risk management objectives. And many organizations are integrating their SIEM tools with security orchestration, automation and response (SOAR) platforms that further automate and accelerate an organization’s response to cyber security incidents and resolve many incidents without human intervention.
Zero trust security strategy
Businesses today are connected like never before. Your systems, users and data all live and operate in different environments. Perimeter-based security is no longer adequate but implementing security controls within each environment creates complexity. The result in both cases is degraded protection for your most important assets. A zero-trust strategy assumes compromise and sets up controls to validate every user, device and connection into the business for authenticity and purpose. To be successful executing a zero-trust strategy, organizations need a way to combine security information in order to generate the context (device security, location, etc.) that informs and enforces validation controls.
Cybersecurity and Cynergy Technology
Cynergy Technology offers a comprehensive and integrated portfolio of enterprise security products and services. The portfolio, supported by our partnerships with national and global leaders in the cyber security industry, provides security solutions to help organizations drive security into the fabric of their business so they can thrive in the face of uncertainty.