What Does Cybersecurity Mean?
Cybersecurity is a broad, umbrella term that describe any preventative measure designed to protect information from being stolen, compromised or attacked.
Digital security has three important objectives: confidentiality, integrity, and availability (CIA). This applies to:
- Application security – the software characteristics or behavior an app must exhibit to be considered secure.
- Network security – the criteria used to monitor and protect a network’s perimeter.
- Encryption – the transformation of plaintext into ciphertext. May also include strategies for decrypting ciphertext.
- Cloud security – policies and procedures designed to mitigate vulnerabilities in distributed infrastructures and Software-as-a-Service (SaaS) deployments.
- Infrastructure security – policies and procedures designed to secure physical and cyber assets that are so vital that their incapacity or destruction would have a debilitating impact.
- Identity and Access Management (IAM) – processes, policies and tools for managing access privileges and permission levels.
Cybersecurity may also be referred to as information technology (IT) security, digital security or cyber vulnerability management.
Cybersecurity Tips and Best Practices
Best practices for cybersecurity include the following:
Ensure antivirus software is kept up-to-date.
Be sure to use antivirus/antispyware software and configure it to install updates automatically.
Secure the network
Safeguard Internet connections by using a firewall and encryption. Be sure to password-protect access to the network’s router and make sure the wireless access point (WAP) does not broadcast the network name (Service Set Identifier).
Use strong passwords
Enforce the use of strong passwords and use different passwords for different accounts. A strong password has:
- 10 characters or more
- At least one uppercase letter
- At least one lowercase letter
- At least one number
- At least one special character
Use multifactor authentication
Require multifactor authentication (MFA) for network access and access to sensitive information, especially financial information.
Use Encryption
Use hashing or encryption algorithms to secure data transfers and protect sensitive information.
Back up data regularly
Set up backups to run automatically and store backup copies in the cloud or off site.
Use secure payment processing
Consider isolating payment systems from less secure programs. Encourage employees who process payments to refrain from using the same computing device to surf the Internet.
Control physical access to hardware
Unattended laptops are vulnerable to attack. Ensure hardware attack surfaces are password protected, require strong passwords and support the Principle of Least Priviledge (PoLP)
Techopedia Explains Cybersecurity
The Department of Homeland Security (DHS) has established October as National Cyber Security Awareness Month and has helped create resources to educate business owners and the general public about cybersecurity.
The website also provides instructions for how information security (IT) professionals can report zero day attacks to the Cybersecurity and Infrastructure Security Agency (US-CERT).
The Importance of Cybersecurity
Every day companies of all size fend off thousands of cyberattacks. Some of these attacks are simple and some of them are more sophisticated, long-term attacks (APT).
As information technology becomes increasingly integrated with physical infrastructure operations, there is increased risk for wide scale or high-consequence events that could cause harm or disrupt services on a large scale.
In order to proactively address the risk and potential consequences of a politically motivated cyber event (cyberwar), it has become increasing important to strengthen the security and resilience of cyberspace.
Challenges of Cybersecurity
It can be difficult for organizations to create and maintain a comprehensive cybersecurity strategy. In 2022 there has been an incremental increase in cyberattacks.
Three important things make it difficult to secure cyberspace :
1. Malicious actors can use the internet to conduct an attack manually or with malicious software bots anytime, from anywhere in the world.
2. As the Internet of Things (IoT) continues to grow, physical systems are increasingly being smart clients that use the internet to exchange information.
3. Distributed computing has increased the number of potential attack surfaces and made it more difficult to track breaches.
Cybersecurity Attack Vectors
An attack vector is defined as the technique by means of which unauthorized access can be gained to a device or network resources. Popular attack vectors include:
- Phishing – the attacker sends an e-mail that appears to be from a trusted source and asks the victim to be helpful by providing information that might seem harmless, but can actually be used for identity theft or get network access.
- DoS and DDoS – the attacker floods the victim with so many client requests that it becomes impossible for servers to keep up.
- Ransomware – the attacker uses encryption to make a resource unavailable and then demands payment in exchange for the encryption key.
- Misconfigured hardware – misconfiguration is one of the most dangerous vulnerabilities because misconfigured servers and other digital resources can be exploited to gain unauthorized access to network services.
- Unpatched vendor software – a patch is a code segment that gets added to a program in order to temperarily fix a defect. Successful attacks on unpatched software vulnerabilities have interrupted supply chains and caused billions of dollars in damage.
- Weak credentials – attackers are increasingly using machine learning (ML) and artificial intelligence (AI) to take advantage of weak access controls. Enforce multifactor authentication and the use of strong passord. Make sure employees only have access to network resources on a “need to know” basis.
- Poor encryption key management – when encryption is used to improve cybersecurity, the management of cryptographic keys is a critical. This is especially true for large enterprises, that need to manage private keys and public keys both locally and in the cloud.
- Insider threats – insider threats are conducted by someone who has some level of authorized access.
- Supply chain attacks – the attacker cyber infiltrates a software vendor’s network in order to compromise the vendor’s software in some way before it is distributed to customers.
Managing Cybersecurity
Cybersecurity preventive measures can be enforced at the personal, corporate or governmental levels. Many companies appoint a chief security officer (CSO) or chief information security officer (CISO) to oversee their cybersecurity initiatives.
Typically, the CSO or CISO becomes the person responsible for risk assessment and is charged with maintaining the organization’s cyber-incident response plan (CIRP). A CIRP describes the organization’s current security posture and documents how the organization plans to protect its digital assets by:
- Using risk management strategies to prioritize security initiatives.
- Supporting an action plan that reduces the likelihood that a specific type of known attack could cause serious harm.
- Establishing best practices for detecting intrusions as soon as they occur.
- Documenting and sharing internal protocols and procedures for incident response with employees and business partners.
Management Tools
There’s no substitute for dedicated IT support — whether an employee or external consultant — but businesses of more limited means can still take measures to improve their cybersecurity by using government resources.
Free tools sponsored by the United States government include:
FCC Planning Tool
The Federal Communications Commission offers a cybersecurity planning tool that is designed to help organizations build their security strategy based according to their own unique business needs.
Cyber Resilience Review
The Department of Homeland Security’s (DHS) Cyber Resilience Review (CRR) is a non-technical assessment for evaluating operational resilience and cybersecurity practices. The assessment can be carried out in house, but organizations can also request a facilitated assessment by DHS cybersecurity professionals.
Cyber Hygiene Vulnerability Scanning
The Department of Homeland Security website offers cyber hygiene vulnerability scanning for small businesses. This free service is designed help small businesses secure their internet-facing systems from known vulnerabilities, including misconfigurations.
Supply Chain Risk Management
The DHSSupply Chain Risk Management Toolkit is designed to raise awareness and reduce the impact of an attack on an organization’s supply chain.
Cybersecurity Awareness Training
Employee social engineering, malware and phishing emails are popular tactics for data breaches because they can be used to give the attacker a direct path into an organization’s digital assets.
Training employees about basic internet hygiene can lessen the risk of a cyber-attack. The Department of Homeland Security’s “Stop.Think.Connect” campaign offers training and other materials. Training topics include:
- Popular social engineering attack vectors
- How to spot a phishing email
- How to create strong passwords
- What to do with a suspicious download
- The importance of backups
- How and when it’s ok to use public Wi-Fi or removable storage media
- When to report a cybercrime to the Internet Crime Complaint Center (https://www.ic3.gov/).
The Importance of Security Audits
It’s important to perform security audits on a regular basis to ensure that security systems, policies and procedures are effective and that no gaps exist. An effective audit provides a comprehensive assessment of an organization’s security and informs an ongoing process of improvement Security audits often include pen testing and typically will include:
- Checks to verify security procedures are being followed and security systems are not being bypassed.
- A review of past breaches to verify that a successful future attack is likely to have less impact.
- An assessment of protection against new types of threats.
- Periodic review of access rights to support enforcement of the Principal of Least Priviledge (PoLP).
The Role of Cybersecurity Frameworks
A cybersecurity framework is a system of standards, guidelines and best practices for managing digital risk. Frameworks typically match specific security objectives with security controls. For example, if the objective is to prevent unauthorized access, the control might be to require a username and biometric authentication with facial recognition. Security frameworks can be categorized as being either control, program or risk frameworks.
Control frameworks seek to:
- Assess the current security posture.
- Create security controls.
- Prioritize control implementations.
- Enforce security controls.
Program frameworks seek to:
- Assess the effectiveness of current security initiatives.
- Simplify communication between security team and business leaders.
- Research what security initiatives are being used by competitors.
Risk frameworks seek to:
- Determine how to identify, measure and quantify security risks.
- Prioritize security initiatives.
Popular cybersecurity frameworks in use today include:
- US National Institute of Standards and Technology (NIST) Framework
- Center for Internet Security Critical Security Controls (CIS)
- ISO/IEC 27001 and 27002
- SOC2
- NERC-CIP
- HIPAA
- GDPR
- FISMA
- PCI-DSS
IT Security Certifications
Cybersecurity certifications are valuable tools for anyone seeking work in cybersecurity. Certifications provide a good starting point for new graduates and IT professionals who want to advance their career path. Popular security certifications include:
- Advanced Security Practitioner
- Certified Authorization Professional (CAP)
- Certified Cloud Security Professional (CCSP)
- Certified Cyber Forensics Professional (CCFP)
- Certified Ethical Hacker (CEH)
- Certified Expert Penetration Tester (CEPT)
- Certified Incident Handler (CIH)
- Certified Information Security Manager (CISM)
- Certified Information System Auditor (CISA)
- Certified Information Systems Security Professional (CISSP)
- Certified Internal Auditor (CIA)
- Certified Penetration Tester (CPT)
- Certified in Risk and Information Systems Control (CRISC)
- Certified Secure Software Lifecycle Professional (CSSLP)
- Certified Security Analyst (CSA)
- Certified Security Testing Associate (CSTA)
- Certified Virtualization Professional (CVP)
- CompTIA Security+
- CyberSec First Responder (CFR)
- DOD Information Technology Security Certification and Accreditation (DITSCAP)
- GIAC Security Essentials (GSEC)
- HealthCare Information Security and Privacy Practitioner (HCISPP)
- Information System Security Engineering Professional (ISSEP)
- Master Mobile Application Developer (MMAD)
- Network+
- Offensive Security Certified Professional (OSCP)
- Security Essentials Certification (SEC)
- Security+
- Server+
- Systems Security Certified Practitioner (SSCP)
Cybersecurity Job Titles
According to Cyber Seek, the U.S. Department of Commerce’s tech job-tracking database, there are more than 500,000 open cybersecurity jobs in the United States today. Popular job titles for security professionals include:
- Business Continuity Analyst
- Chief Information Security Officer (CISO)
- Computer Forensics Analyst
- Cryptographer
- Data Recovery Specialist
- Director Information Security
- Information Assurance Analyst
- Information Assurance Engineer
- Information Security Analyst
- Information Security Engineer
- Information Security Officer
- Intrusion Analyst
- Malware Analyst
- Network Security Engineer
- Penetration Tester
- Security Architect
- Security awareness training specialist
- Security Engineer
- Security Incident Response Engineer
- Security Researcher
- Threat Analyst