CYBER SECURITY: HOW TO PROTECT YOURSELF?

Cyber security refers to the body of technologies, processes, and practices designed to
protect networks, devices, programs, and data from attack, damage, or unauthorized
access. Cyber security may also be referred to as information technology security.

THE IMPORTANCE OF CYBER SECURITY

Cyber Security is important because government, military, corporate, financial, and

medical organizations collect, process, and store unprecedented amounts of data on
computers and other devices. A significant portion of that data can be sensitive
information, whether that is intellectual property, financial data, personal information, or
other types of data for which unauthorized access or exposure could have negative
consequences. An organization transmit sensitive data across networks and to other
devices in the course of doing businesses, and cyber security describes the discipline
dedicated to protecting that information and the systems used to process or store it. As
the volume and sophistication of cyber attacks grow, companies and organizations,
especially those that are tasked with safeguarding information relating to national
security, health, or financial records, need to take steps to protect their sensitive
business and personnel information. As early as March 2013, the nation’s top
intelligence officials cautioned that cyber attacks and digital spying are the top threat to
national security, eclipsing even terrorism.

CHALLENGES OF CYBER SECURITY

For an effective cyber security, an organization needs to coordinate its efforts

throughout its entire information system. Elements of cyber encompass all of the
following:

 Network security
Network security is any activity designed to protect the usability and integrity of your
network and data. It includes both hardware and software technologies. Effective
 network security manages access to the network. It targets a variety of threats and
stops them from entering or spreading on your network.
-Network security combines multiple layers of defenses at the edge and in the network.
Each network security layer implements policies and controls. Authorized users gain
accesses to network resources, but malicious actors are blocked from carrying out
exploits and threats.

 Application security
Application security is the process of developing, adding, and testing security features
within applications to prevent security vulnerabilities against threats such as
unauthorized access and modification. It describes security measures at the application
level that aim to prevent data or code within the app from being stolen or hijacked. It
encompasses the security considerations that happen during application development
and design, but it also involves systems and approaches to protect apps after they get
deployed.

Application security is important because today’s applications are often available over
various networks and connected to the cloud, increasing vulnerabilities to security
threats and breaches. There is increasing pressure and incentive to not only ensure
security at the network level but also within applications themselves. One reason for this
is because hackers are going after apps with their attacks more today than in the past.
Application security testing can reveal weaknesses at the application level, helping to
prevent these attacks.

 Endpoint security
Endpoint security refers to securing endpoints, or end-user devices like desktops,
laptops, and mobile devices. Endpoints serve as points of access to an enterprise
network and create points of entry that can be exploited by malicious actors. Endpoint
security software protects these points of entry from risky activity and/or malicious
attack. When companies can ensure endpoint compliance with data security standards,
they can maintain greater control over the growing number and type of access points to
the network.

Increasingly, enterprises and their employees are incorporating practices to make

access to data more fluid. The increase in BYOD (bring your own device) policies, in
addition to threats targeting mobile device access and networks, create multiple
endpoint vulnerabilities. In addition, employees working from home or connecting to Wi-
Fi networks to work on-the-go means that the enterprise network security perimeter is
more porous than ever. In the past, most security breaches came in through the
network. Today, however, threats are increasingly coming in through endpoints, which
mean centralized network protection does not go far enough. Shifting security
perimeters that lack clear definition require new layers of security through endpoint
 protection. Security must maintain greater control over access points to prevent the
vulnerabilities that can arise through the use of remote devices.

 Data security
Data security is a set of standards and technologies that protect data from intentional or
accidental destruction, modification or disclosure. Data security can be applied using a
range of techniques and technologies, including administrative controls, physical
security, logical controls, organizational standards, and other safeguarding techniques
that limit access to unauthorized or malicious users or processes.

All businesses today deal in data to a degree. From the banking giants dealing in
massive volumes of personal and financial data to the one-man business storing the
contact details of his customers on a mobile phone, data is at play in companies both
large and small. The primary aim of data security is to protect the data that an
organization collects, stores, creates, receives or transmits. Compliance is also a major
consideration. It doesn't matter which device, technology or process is used to manage,
store or collect data, it must be protected. Data breaches can result in litigation cases
and huge fines, not to mention damage to an organization's reputation. The importance
of shielding data from security threats is more important today than it has ever been.

 Identity management
Identity management (ID management) is the organizational process for identifying,
authenticating and authorizing individuals or groups of people to have access to
applications, systems or networks by associating user rights and restrictions with
established identities. The managed identities can also refer to software processes that
need access to organizational systems.

Identity management is an important part of the enterprise security plan, as it is linked

to both the security and productivity of the organization. In many organizations, users
are granted more access privileges than they need to perform their functions. Attackers
can take advantage of compromised user credentials to gain access to organizations'
network and data. Using identity management, organizations can safeguard their
corporate assets against many threats including hacking, ransom ware, phishing and
other malware attacks. Identity management systems can add an additional layer of
protection by ensuring user access policies and rules are applied consistently across an
organization. An identity and access management (IAM) system can provide a
framework that includes the policies and technology needed to support the
management of electronic or digital identities. Many of today's IAM systems use
federated identity, which allows a single digital identity to be authenticated and stored
across multiple disparate systems.

 Database and infrastructure security

 Database security refers to the collective measures used to protect and secure a database or
database management software from illegitimate use and malicious threats and attacks. It is a
broad term that includes a multitude of processes, tools and methodologies that ensure security
within a database environment. Database security, and data protection, is stringently regulated.
Although the law struggles to keep up with the constant changes of an evolving digital world,
there are regulations in force which demand certain standards from any business with an online
component. Users across the globe expect their privacy to be taken seriously and modern
commerce must reflect this wish. If your company has an online component, then you must
consider database security as a priority.

 Infrastructure security
Infrastructure security is at the root of your entire corporate security plan. Other
individual security area plans (ISAPs) may overlap with your infrastructure security plan
to some extent. For example, a wireless network is part of your infrastructure, but it’s
also a large enough area to be addressed in a separate project plan. You’ll need to
ensure that your corporate IT security project and your ISAPs cover all the bases, but
be aware that there are overlapping areas that should be clearly delineated if you’re
working on several projects in parallel. You don’t want project teams wrestling over
ownership of one part of your network or another. In this chapter, we’ll look at the
basic infrastructure components and how to secure them; then we’ll create a project
plan utilizing this information.

 Cloud security
Cloud security, also known as cloud computing security, consists of a set of policies,
controls, procedures and technologies that work together to protect cloud-based
systems, data and infrastructure. These security measures are configured to protect
data, support regulatory compliance and protect customers' privacy as well as setting
authentication rules for individual users and devices. From authenticating access to
filtering traffic, cloud security can be configured to the exact needs of the business. And
because these rules can be configured and managed in one place, administration
overheads are reduced and IT teams empowered to focus on other areas of the
business. The way cloud security is delivered will depend on the individual cloud
provider or the cloud security solutions in place. However, implementation of cloud
security processes should be a joint responsibility between the business owner and
solution provider.

For businesses making the transition to the cloud, robust cloud security is imperative.
Security threats are constantly evolving and becoming more sophisticated, and cloud
computing is no less at risk than an on-premise environment. For this reason, it is
essential to work with a cloud provider that offers best-in-class security that has been
 customized for your infrastructure. Cloud security offers many benefits, including
centralized security, reduced cost, reduced administration and reliability.

 Mobile security
Mobile device security is the full protection of data on portable devices and the network
connected to the devices. Common portable devices within a network include smart
phones, tablets, and personal computers.

Nowadays, over 50 percent of business PCs are mobile, and the increase in Internet of
Things devices poses new challenges to network security. Consequently, IT must adapt
its approach to security. A network security plan must account for all of the different
locations and uses that employees demand of the company network, but you can take
some simple steps to improve your mobile device security.

 Disaster recovery/business continuity planning

Disaster recovery (DR) is an area of security planning that aims to protect an
organization from the effects of significant negative events. DR allows an organization
to maintain or quickly resume mission-critical functions following a disaster.

 Business continuity planning

Business continuity planning (BCP) is the process involved in creating a system of
prevention and recovery from potential threats to a company. The plan ensures that
personnel and assets are protected and are able to function quickly in the event of a
disaster. The BCP is generally conceived in advance and involves input from key
stakeholders and personnel.

 End-user education
An end user is the person that a software program or hardware device is designed for.
The term is based on the idea that the "end goal" of a software or hardware product is
to be useful to the consumer. The end user can be contrasted with the developers or
programmers of the product. End users are also in a separate group from the installers
or administrators of the product.

The most difficult challenge in cyber security is the ever-evolving nature of security risks
themselves. Traditionally, organizations and the government have focused most of their
cyber security resources on perimeter security to protect only their most crucial system
components and defend against known treats. Today, this approach is insufficient, as
the threats advance and change more quickly than organizations can keep up with. As a
result, advisory organizations promote more proactive and adaptive approaches to
cyber security. Similarly, the National Institute of Standards and Technology (NIST)
issued guidelines in its risk assessment framework that recommend a shift toward
continuous monitoring and real-time assessments, a data-focused approach to security
as opposed to the traditional perimeter-based model.

MANAGING CYBER SECURITY

The National Cyber Security Alliance, through SafeOnline.org, recommends a top-
down approach to cyber security in which corporate management leads the charge in
prioritizing cyber security management across all business practices. NCSA advises
that companies must be prepared to “respond to the inevitable cyber incident, restore
normal operations, and ensure that company assets and the company’s reputation are
protected.” NCSA’s guidelines for conducting cyber risk assessments focus on three
key areas: identifying your organization’s “crown jewels,” or your most valuable
information requiring protection; identifying the threats and risks facing that information;
and outlining the damage your organization would incur should that data be lost or
wrongfully exposed. Cyber risk assessments should also consider any regulations that
impact the way your company collects, stores, and secures data, such as PCI-DSS,
HIPAA, SOX, FISMA, and others. Following a cyber risk assessment, develop and
implement a plan to mitigate cyber risk, protect the “crown jewels” outlined in your
assessment, and effectively detect and respond to security incidents. This plan should
encompass both the processes and technologies required to build a mature cyber
security program. An ever-evolving field, cyber security best practices must evolve to
accommodate the increasingly sophisticated attacks carried out by attackers.
Combining sound cyber security measures with an educated and security-minded
employee base provides the best defense against cyber criminals attempting to gain
access to your company’s sensitive data. While it may seem like a daunting task, start
small and focus on your most sensitive data, scaling your efforts as your cyber program
matures.

Cyber security 101: Your End-Users are the First Line of

Defense
It’s a clear fact that phishing is one of the main cyber security risks that organizations of
any size face, and it’s a major way in which an organization can become compromised.
But it’s also a poignant truth that, despite the growing threats that organizations have to
face every day, many of them still don’t have a cyber security plan. Something to ensure
that baselines have been adopted within the organization.

The truth is many organizations’ corporate cultures truly lack the security basics of
working in this digital age. For example, do your employees know not to click on links
that people send to them unless they’re sure the links are coming from trusted sources?
In this blog, we’ll look at why your end users are the most basic, and arguably the most
effective, tool that you can hone, in order to keep your organization safe from cyber
security attacks.

Cyber security starts with Your Employees – A Cautionary Tale

One of the cool features about Office 365 is the ability to send fake phishing emails to
your employees/end-users to test whether or not they’d click on a malicious link, or
engage in other unsafe behavior. These emails are a fully-customizable, generated
email that fakes a phishing attack and provides reporting on the end-users that failed
the test.

In an effort to make sure that ProServeIT’s end-users were practicing what they
preached, so to speak, the management team decided to send these fake emails to
various members of our team, to see what would happen. They sent an innocuous,
“here is the minutes from today’s meeting” email, with a fake phishing link. To his
chagrin, our go-to security expert actually clicked on the link! Imagine his surprise when
he received the message, “You’ve been phished!”

So, why did this happen? How could our security expert, with over 20 years of
experience in the technology sector (10 of those as a security expert), and a holder of
the Certified Information Systems Security Professional (CISSP) designation, fall for
such an easy dupe? His answer is simple – he became complacent.

In his defense, ProServeIT has implemented some great security tools, like Microsoft’s
Office 365 Advanced Threat Protection (ATP), to keep our organization safe. So, our
security expert no longer saw the need to be constantly reviewing malicious content.
But it’s a cautionary tale that even the most experienced people having an off-day can
click on a link that seems to be so banal. That’s why end-user education plays such an
important role in keeping your organization safe.

End-User Education – the Best Line of Cyber security Defense

Not educating your end-users in cyber security initiatives is like trying to keep a flood at
bay using a screen door. Your end-users are the first line of defense against attacks
(like phishing scams). So, how do you educate your user? What needs to happen?

Here are three steps you can take to make cyber security top of mind in your
organization:

1. Implement a cyber security policy and procedure document.

If you don’t already have a cyber security policy and procedure document in place, you
need one. This document should contain a section that details action items, in case your
end-users encounter perceived or real compromises. Remember, it doesn’t matter if
you’re a one-person organization, or a 10,000-person organization – you need to detail
your action items long before a threat is identified, or else you won’t be able to cover all
your bases when you’re under pressure.

2. Build your cyber security strategy around educating your end-users.

Education is paramount to building a successful strategy. Almost every employee has
an email address, and access to the Internet. These simple services that you provide to
your employees, unfortunately account for about 90% of the breaches that are seen
today. Very rarely do we see the “Hollywood version”, where someone in a basement
jumps past a company’s firewalls to compromise their network, namely because it’s too
time-consuming and expensive. From the hacker’s perspective, it’s far easier to send a
phishing email to your employees and let them do all the hard work for me (i.e. clicking
on that link).

3. Have cyber security tools in place to help prevent the potential for compromise.
Cyber security protection doesn’t just come from making sure your end-users don’t click
on the link or visit a site they shouldn’t. We’re human after all, and as humans, we can
always make mistakes. To mitigate that, it’s vitally important to make sure that you’ve
got the tools in place (like, for example, Advanced Threat Protection) for when your end-
users do slip up.

The Importance of Continuous Cyber security Training

Have you ever taken a course on something, but then you don’t practice what you’ve
learned, so you forget most (if not all) of it? We’ve all heard the old adage, ‘practice
makes perfect’, right? It’s true. One-time education is just not enough. Just like with fire
drills, everyone needs to practice what they’ve learned, on a regular basis, so they can
be ready for when something happens. Continuous training, therefore, is vitally
important to be able to make your end-users into that first line of defense for your
organization.

So, if you’ve done your educating on how your end-users can detect the most common
attacks, and you’ve done your practicing, now it’s time to ensure that your efforts are
fruitful. Here are two options that you can use:

1. Use a tool that creates a fake phishing email and see how many of your end-users
open it.
As our case study above proves, Office 365 can really help in determining which end-
users in your organization could fall for phishing attacks and other malicious activities.
This type of reporting becomes critical to understanding how effective your cyber
security program is – if you see a lot of your end-users failing the test, perhaps you to
put more into their training.
2. Deploy a cyber security awareness certification program as a part of your continuing
education process.
This certification process could be implemented in many different ways, depending on
how you want to build it out. The idea behind it, however, would be that every person
should be tested at regular intervals to ensure that they are reading and understanding
the training they’ve been given. For example, you could create multiple choice
evaluation questions to understand how your end-users are absorbing the lessons.
They’ll also help you identify what additional training might be required based on the
frequency of wrong answers. When they pass the tests given, they are re-certified for
that set period of time.