What Is Cybersecurity?

Understanding Your Cybersecurity Environment

How can organizations better understand their cybersecurity environment?

Understanding your cybersecurity environment and related cyber threats involves following a few key steps:

1. Developing a map of your enterprise assets, including an understanding of all computing systems and all of the enterprise’s data.

2. Ranking these systems and data stores based on their level of sensitivity and how critical they are to business operations.

3. Building a plan and developing technology tools to protect and monitor these systems, and prioritizing security strategies based on the level of risk to each asset.

4. Creating a culture of awareness around cybersecurity that focuses on education, training, and contingency planning for all employees in the enterprise.

What is the difference between security risk and security threat?

Risks and threats are often confused because they are closely related to one another. A security threat is something that can cause damage to a digital asset. Malware, a malicious hacker, or a misconfigured cloud server are all examples of security threats. A security risk opens a potential for damage that can result due to a threat. The avenue by which a threat becomes a risk is known as a security vulnerability, a point of weak security in a computer system.

The discipline of information security is designed to prevent the danger of threats and decrease their severity to minimize the risk of loss to the enterprise.

What are the different types of security risks?

The most common and costly security risks include the following:

• Loss of sensitive data – Sensitive data can include anything of value to an attacker that is present on your network: trade secrets and intellectual property, internal documents and emails, employee and customer information such as Social Security and credit card numbers, as well as patient and medical data. In addition to liabilities from data loss, risk also includes compliance fines and other penalties associated with a breach.
• Compromised systems and computing resources – This includes the risk of a business’s systems being infected with malware and turned into a DDoS zombie, cryptocurrency mining bot, a spam relay, or other malicious threats. These risks essentially put your business directly into the service of the attacker.
• Direct financial loss – A compromised system allows an attacker to gain access to a business’s financial accounts, representing a massive and financially devastating security risk.

Creating a Cybersecurity Strategy

How can organizations improve their security posture?

An organization’s security posture is defined by its overall readiness and preparation level to guard against a cyber attack. There are several cybersecurity measures organizations can take to improve their security posture.

1. Begin with a security audit – Assessing risk lets you identify all of your technology assets and assigns a vulnerability level to each of them based on their underlying technology and importance to the business, allowing you to prioritize the systems most in need of protection.

2. Create a strong security policy – To maximize security and safety, organizations need rules governing how their technology systems are allowed to be accessed by end users. These policies should include rules around password length and reuse; the use of unauthorized equipment, software, and services; protocols for incident response; and points of contact for the cybersecurity operations team.

3. Expand cybersecurity tools – Security posture can be dramatically improved by implementing solutions that can automate large portions of your security defenses, including firewall devices, antimalware, authentication and access management, encryption software, penetration testing and vulnerability scanning tools, intrusion detection software, and network monitoring tools.

4. Monitor service providers – Today’s typical network involves myriad third parties, largely in the form of cloud services. Each of these represents a potential cybersecurity risk requiring the same careful monitoring as if it was part of your own internal network.

5. Track metrics over time – After determining what the key metrics are — total number of discovered vulnerabilities per day, mean time to correct a vulnerability, etc. — the organization can track them over time to determine whether overall security posture is improving or degrading.

6. Implement employee training – The above tactics are useless without dedication to ongoing employee training that ensures workers are aware of and are following the security policies you’ve carefully designed.

What are some cybersecurity frameworks?

There are dozens of security frameworks designed to help organizations develop a strong cybersecurity posture. Some of the most notable and widely adopted include:

• National Institute of Standards and Technology (NIST)IST Cybersecurity Framework — This presidential initiative was designed to enhance the country’s cybersecurity infrastructure, but it has broad applicability to private businesses as well.
• ISO/IEC 27001 and 27002 — A pair of international standards that define a risk-based approach to cybersecurity, with a focus on detecting threats and creating specific controls that should be put into place to secure enterprise systems.
• CIS Critical Security Controls — A set of 20 tactics designed to protect an organization from “known cyber attack vectors.”
• IASME Governance — Billed as an alternative to ISO 2700, which small and medium-sized businesses may find more attainable.
• COBIT — Control Objectives for Information and Related Technologies aims to integrate cybersecurity with other business processes and transformation activities.

What are the best approaches for risk management?

Cybersecurity frameworks like those outlined above specify specific approaches and practices each organization should undertake in order to improve security. This process begins by developing an understanding of the organization’s tolerance for risk. At a large bank, this risk tolerance is likely to be zero, while the cybersecurity risk tolerance of a middle school PTA may be considerably higher. With this tolerance in mind, the organization can then begin to prioritize its specific cybersecurity investments. Whether that involves attempting to decrease risk, eliminating risk entirely, transferring risk to someone else, or simply accepting the risk becomes a strategic question that can be applied on a case-by-case basis.

What are some approaches for secure development?

Software development occupies a particular (and unique) place in the broader cybersecurity landscape. Not only is secure software able to protect the organization’s infrastructure, it is also able to protect any customers who may use externally-facing software tools.

Secure development today is commonly defined by the Security Development Lifecycle, an approach originally pioneered by Microsoft in 2002 and defined by 12 practices. These include:

• Provide training — Get everyone on the same page regarding best practices and security awareness.
• Define security requirements — Determine what standards must be adhered to and what risks the application may face.
• Define metrics and compliance reporting — Set a “bug bar” to define the maximum allowable severity thresholds for security vulnerabilities.
• Perform threat modeling — Develop models to create threat scenarios so developers can more easily identify vulnerabilities.
• Establish design requirements – Determine whether to leverage encryption, authentication, or other needed tools.
• Define and implement cryptography standards — Encrypt everything, especially data stored in the cloud.
• Manage the third-party security risk — External code components represent a unique risk that must be managed separately, so conduct regular risk assessments to understand how your security posture has evolved.
• Use approved tools – Create a list of tools and security checks that developers are authorized to use.
• Perform Static Analysis Security Testing (SAST) – Conduct a security review of source code prior to compilation.
• Perform Dynamic Analysis Security Testing (DAST) – Stress test software for security during run time.
• Perform penetration testing – “White hat” hackers attempt to break an application by uncovering hidden vulnerabilities.
• Establish a standard incident response process – Develop a playbook to deal with new and evolving threats.

Building Security Defenses

What are the most effective cybersecurity tools or next-generation technologies organizations can implement?

Some of the most powerful cybersecurity tools — all of which are considered essential parts of any cybersecurity infrastructure — include the following:

• Firewall – This is the first line of defense against any number of attacks, a network security system that monitors network traffic and serves as a barrier between the enterprise and the internet.
• Anti-malware – These suites (commonly known as antivirus software) typically reside on client PCs to prevent malicious software such as trojans and other APTs from being installed, often via email attachments, malicious websites, or removable media.
• Authentication – This software uses next-generation authentication technologies, whether two-factor authentication or multi-factor authentication, to detect unusual patterns of behavior and ensure people accessing your network are who they claim they are.
• Encryption – If an attacker breaches the network, the best way to protect your enterprise’s data is to ensure it is encrypted, both in storage and in transit.
• Penetration Testing/Vulnerability Scanning – These tools scan your network for vulnerabilities, using the latest known exploits to attempt to bypass your security defenses, and alerting you as to where your systems are weak.
• Intrusion Detection Systems – This works as the perimeter security on your network, monitoring for malicious behavior in real time and reporting any violations to the security operations staff.
• Network Monitoring Tools – In addition to security violations, network monitoring tests for device health, which can help to prevent the downtime attributed to a burst of malicious traffic or simple device failure.

How can organizations get started building cybersecurity defenses?

Organizations can start building cybersecurity defenses by following the advice for improving your security posture and reducing the number of security incidents. Audit your existing hardware, software, and services ecosystem to get a solid understanding of where you stand. Create policies built to protect the systems that are most at risk of attack (including third-party services, such as cloud providers), then acquire the appropriate tools needed to protect those systems. After implementation, develop metrics to track performance and ensure staff are appropriately trained on your policy expectations and the aforementioned cybersecurity tools.

What is the future of cybersecurity?

Cybersecurity continues to grow in importance and size as an industry, both in the United States and around the world. Allied Market Research projects the total value of this industry to hit more than $300 billion by 2027, as organizations continue to fight against increasingly sophisticated and pervasive attacks. Looking ahead, some of the most noteworthy trends include the growth of cloud-based security services in lieu of traditional hardware, increased incidences of insider-based attacks, and updated approaches to security frameworks. The expansion of privacy legislation will further enhance the need for companies to take cybersecurity more seriously — or risk facing costly fines and legal liability when their perimeters are breached.