Now more than ever – it’s important for every organization to have a cybersecurity strategy. Every company will experience a security breach, it’s no longer a matter of it, but when. Below we’ll discuss the main areas of cybersecurity, the different types of cyber threats, and the methods of attacks. All three areas should be evaluated when discussing a cybersecurity strategy with your customers.
Let’s define cybersecurity as the practice of ensuring the integrity, confidentiality and availability of information. Can your client defend against and recover from accidents such as hard drive failures or power outages and attacks from adversaries? If not, they need to start planning immediately. An attack can mean a variety of things, from script kiddies to hackers and even criminal groups capable of executing advanced persistent threats (APTs). Business continuity and DR planning are as important to cybersecurity planning as network and application security.
All systems within an organization should be built to security standards and employees should be properly trained on them. Again, the threat of a cybersecurity attack is a when, not an if scenario.
Humans are the weakest element of a cybersecurity plan or program. Start with the basics and ensure that the organization has trained developers to code securely, has taught staff to prioritize security, and trained end users on how to spot threats like phishing emails, etc. — a good cybersecurity strategy begins with awareness.
Every company will experience some form of cybersecurity threat, even if strong controls are in place, but many attacks are preventable by performing basic tasks, sometimes referred to as “cyber hygiene.” For example, a chef wouldn’t start cooking until all the tools were washed as well as their hands. It’s the same for a network. An enterprise should perform the basic tasks of maintaining strong authentication practices and storing sensitive data in secure locations.
These basics are only the first step, there are many other ways an attacker can access your customers’ systems and those ways are expanding every day. BYOD and the IoT are just two scenarios that create new security challenges daily.
Cybersecurity has five main areas of focus and a good strategy should incorporate all of them.
Critical infrastructure is exactly what it sounds like – the things that we rely on every day to make things work – the electrical grid, water system, traffic lights, hospitals, etc. Every business should evaluate how an attack on critical infrastructure would affect them and develop a plan to combat each scenario.
Network security is protecting the network from intruders/attacks. This often requires trade-offs in other areas, longer password authentication, extra logins, etc. that could slow down efficiencies and productivity.
Cloud security involves protecting your customers’ data. Moving to the cloud doesn’t guarantee security and as more and more data, application and processes are moving and it’s essential that organizations perform due diligence.
Application Security – AppSec – is like cloud security and has become one of the easiest points of entry for hackers. Companies need to check and then re-check the OWASP Top Ten Web Application Security Risks – most recent list found here. AppSec should start with secure coding and then grow to fuzzing and penetration testing.
IoT Security – Internet of Things is a collection of devices that have their own cyber-physical systems – things like appliances, printers, and security cameras. These devices are usually unsecured and become part of networks both in the office and at home – posing unique security challenges. We’ve all heard stories of attackers infiltrating networks through baby monitors…this is from a lack of IoT security.
Now that we’ve covered the main areas of focus for cybersecurity, we should cover the types of cyber attacks.
There are three general categories, attacks on confidentiality, integrity, and availability. Attacks on confidentiality is the act of stealing or copying personal information, think credit card fraud and identity theft. Attacks on integrity involve damaging or destroying information systems. These attacks can be subtle or obvious. Attacks on availability is stopping a company or person from accessing their own information. Think ransomware, where the attacker encrypts the data and won’t decrypt it without a “ransom.” This usually comes in the form of a distributed denial-of-service DDoS attack, which floods a network resource with an overwhelming number of requests making it unavailable.
Now that we know the three types of attacks – we can discuss how they’re carried out.
The number one method of attack is social engineering. Attackers prefer a human to a machine, and that’s where they’ll attack first, using socially engineered malware. An end-user is tricked into running a Trojan horse program. The best way to combat this is to vigilantly train end-users on social engineering tactics and tricks so they don’t fall for this.
Phishing attacks can be the best way to steal personal information – because users just simply give up their passwords. Two-factor authentication is the best defense for this – one password is useless without the other.
If you know of a vulnerability in your network, you need to patch it, failure to do so is a failure in “cyber hygiene” and due diligence and unpatched software is an open door waiting for an attacker
Social media is another hotbed of attacks. Fake accounts can go through and become connected to a large amount of and end-users contacts, so when they finally strike up a conversation, it seems normal and makes perfect sense. Keep your employees and customers trained and vigilant on sharing information.
There is probably someone, somewhere who thinks your customer is doing something interesting, and that’s really all the intent anyone needs for an Advanced Persistent Threat (APT). If your customer has intellectual property – this is especially important to be vigilant about.
Cybersecurity is something that should be mentioned in every account management meeting. If you aren’t experienced in this area, consider partnering with an MSSP. The Versa Network-as-a-Service program enables you to sell SD-Security like NGFW and UTM but selling is only half the battle, you also need to manage this technology. Managing network security and preventing threats is now an essential part of every organization’s DR planning and a huge open market for MSPs. If you want more information on the VNaaS program visit our Reseller Programs page or email us at firstname.lastname@example.org.