Every morning when I arrive at work, I make it a small practice to do two things: check my emails from the night before and look at what happened in the world of cybersecurity the day before. Without fail, there’s something new and noteworthy every single day. Whether it be the recent Reddit attack, concerns of election hacking as we’re entering midterms, or the rise of cryptojacking, individuals and enterprises are contemplating, “Is my data safe?”
As enterprises ponder that very question, their drive to implement the technology strategy is without a doubt impacted. Whether they’re considering the Internet of Things (IoT), a hybrid cloud approach, or have full-blown cloud native aspirations, enterprises now days are a bit hesitant to jump in and commit. Data breaches across the industry continue to force decision makers to make smarter choices when implementing new workloads. At a minimum, the leaders of today need a foundational understanding of the threats facing them and how to protect their companies for tomorrow.
For those of us who are new to the landscape, consider this your cybersecurity 101 “lite.” We’ll take a step back and focus on the basics. Beginning with industry terms, we’ll slowly progress through building a defense, and end with considerations for offloading your security to a trusted third party, ultimately allowing for a focus on growth rather than industry security challenges.
Understanding the lingo
The first step to any crash course is understanding industry jargon. While the following list is not exhaustive, these are a few key terms to understand as they relate to businesses and trends today.
Notorious for lacking built-in security – IoT (Internet of Things) is described by Trend Micro as an extension of the internet and other network connections to different sensors and devices (“things”) affording even simple objects, such as lightbulbs, locks, and vents a higher degree of computing and analytical capabilities. IoT is a strong driver for cloud security as these devices are constantly gathering and storing consumer information and communicating with network workloads.
This is very similar to on-premise security, only without the need to consider physical hardware and devices. By definition, cloud security is a set of control-based technologies and policies designed to adhere to regulatory compliance rules and protect information, data applications, and infrastructure associated with cloud workloads. Perhaps a downfall, or at least a factor of apprehension toward cloud, is the lack of physically being able to see your workloads. This hesitation plays into why companies are not only worried about whether the cloud can sustain efficiency and scalability, but also concerned about security.
Cybercriminal / threat actor
Simply put, these are individuals who want access to your environment to take what’s not theirs. Threat actors can be classified by their skill level – we typically rate them by A, B and C-level actors.
C-level threat actors, or Script Kiddies, are individuals that can (through the web) obtain publicly available attacks as they’re freely available. These individuals typically don’t have the knowledge to develop custom malware or exploits on their own. They usually end up creating noise as the level of attack is unsophisticated.
B-level threat actors, or hacktivists, are typically more savvy and able to develop and carry out more sophisticated threats, such as ransomware attacks. These mid-level threat actors are generally financially motivated and have the know-how to easily offer their services as-a-service (i.e. cybercrime-as-a-service) on the Dark Web.
A-level threat actors, or state sponsored attackers, are the most advanced of the bunch. These cybercriminals can infiltrate a network unnoticed and patiently wait in an environment until they’ve gathered the information they want. These attackers have substantial funding and expertise; they are almost impossible to detect.
Penetration testing (aka pen testing) helps to identify gaps in an enterprise’s environment. Third party organizations are often outsourced to intentionally attempt to exploit vulnerabilities for the sake of determining a company’s cybersecurity posture.
I know – this one is easy! Antivirus software is designed to scan and remove viruses from your computer or network. However, companies often rely on antivirus software alone to protect their environments. That’s not enough. Antivirus should be one of the first steps to building your line of defense against cybercriminals, but by no means should it be your only line of defense.
Unified Threat Management (UTM) System
A UTM system is exactly what it sounds like – a type of network hardware or appliance, or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features. UTM services protect the network from combined security threats. UTM cloud services are also becoming increasingly popular with small and mid-sized businesses, as they eliminate the need for on-prem security appliances, while still providing centralized control and in-depth defense.
This may be one of the most difficult threats to spot. Social engineering is a technique employed by cybercriminals to trick unsuspecting users into sharing confidential data, for example, clicking on a malicious link to infect the computer or network. Social engineering requires the attacker to study the behaviors of a user – typically company employees – then send a phishing email that appears to be from a trusted source to an unsuspecting victim.
These terms and buzzwords are beneficial to understanding the basics of what – or who – to look for inside your environment, as well as how to protect your data. However, if you’re interested in learning more, or need a better understanding of a word, you can find an extensive glossary of terms here.
Building Your Defense
It’s important to keep these terms in mind as you begin building your defense against threat actors and the attacks they are likely to carry out against your organization. Begin with a pen test to determine your environment’s weak points. Then, once you realize who can get in and at what level, start to focus your efforts at that point. From there, consider tools to use to keep threats out. Tools, such as antivirus and UTM systems, do a good job of keeping you aware of what’s happening, and at some level, preventing attacks.
However, one threat that’s hard to detect and protect from are unintentional insider threats, which makes training employees critical to your company’s security strategy. If you’re not training internally and fostering a culture of security, the tests and tools alone won’t protect your company. Additionally, although it can be difficult to find, investing in a skilled IT staff is just as important as anything else to building a strong defense.
There’s help in numbers
As we move toward the future, technology is only going to continue advancing, meaning threats will grow in sophistication. For organizations that may not be equipped to appropriately staff and manage a robust security program, an easy way to get ahead of the issues and find properly skilled IT professionals, is to partner with a third-party vendor.
Cybersecurity vendors not only have the expertise but should also have a security operations center (SOC) to take care of monitoring, detecting and mitigating incoming threats. Vendor partners also remove risk and responsibility, as you’re off-loading it to someone that’s proficient in security. Passing along this responsibility not only creates peace of mind but allows companies to focus on customers and being profitable.
Individuals and enterprises are taking notice of the ramifications of each new headline-grabbing cyberattack and trusting their data is safe. For companies to remain successful, executives and decision makers must take an active role in understanding cybersecurity and the threats facing their organizations.