Enterprise Cyber Security 101

What is cyber security

Cyber Security refers to the state or process of protecting and recovering networks, devices and programs from various types of electronic and digital threats. The aim of Cyber Security is to have an excellent security posture for computers, servers, networks, mobile devices and the data stored on these devices that shields your digital assets from cyber-attacks.

At the end of this reading, you can expect to be knowledgeable in:

• what is cyber security and its scope
• how a lack of strong security measures can impact your digital assets
• some easy techniques to create a strong defense against these threats

Cyberattacks are an ever evolving & real risk to individuals, organizations, employees and consumers alike. These may be designed to illegally access information, damage your systems, or extort money. Continous and successful prosecution of criminals in US, UK and elsewhere has demonstrated that the heightened risks and threats have expanded so much that there are state actors involved, and criminal organizations are running cyber crime syndicates.

Why you need to worry about it

The importance of Cyber Security has increased manifolds with the emergence of cyber influence in our day to day lives, and businesses. In modern cyber age, we are heavily doing transactions online for business and personal purposes. With increased usage of cyber systems and online transactions, there is massive accumulation of sensitive information generated from all these transactions. More and more interconnection of these systems make it easy for one vulnerability to be exploited for accessing another system and/or information set.

Cyber security plays a vital role in securing the sensitive information. Detailed knowedge and stronger security measures will help prevent the cyber attacks from happening, and therefore safeguarding our digital assets and business interests.

Protectable digital assets is a huge list, but some of them area:

• Sensitive data
• Personally identifiable information (PII)
• Protected health information (PHI)
• Intellectual property
• Reputation, Data & information systems

With an exponential increase in the rate of cyber-attacks, the damage they cause to individuals, governments and private companies is also increasing.

In a 2018 Cybersecurity Ventures report on cybercrimes, the firm projects that:

• by 2021, the cost of cyber threats will rise to $6 trillion annually
• by 2021, a business will fall victim to a ransomware attack every 14 seconds
• FBI estimates that the total amount of ransom payments is approaching $1 billion annually

How to implement stronger security

First, get a high level understanding of world renowned Cyber Security frameworks, and how this applies to the industry, region and sector you operate in. This will allow you to define expectations, processes and metrics for tracking security measures in your enterprise. Various government bodies in different geographic regions have defined control frameworks including:

• NIST — National Institute of Standards and Technology; a non-regulatory agency of the U.S. Department of Commerce. Its mission is to promote innovation and industrial competitiveness. Its Cybersecurity Framework consists of standards, guidelines, and best practices to manage cybersecurity-related risk; its 19 control families contain 285 controls.
• ISO 27001- Best known part of the ISO/IEC 27000 family of standards; provides requirements for an information security management system (ISMS), a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes, and IT systems by applying a risk management process.
• COBIT — Control Objectives for Information and Related Technology; manual for IT Governance, for guaranteeing security, quality and compliance in information technology.
• ITIL — Control Objectives for Information and Related Technology; manual for IT Governance, for guaranteeing security, quality and compliance in information technology.
• Essential 8 — implementation of strategies can be cost-effective measure to prevent adversaries to compromise systems

Some of the most imporant enterprise computing sectors that the cyber security aims to cover are given below.

• Advanced Fraud Detection
• Cloud Security
• Data and Application Security
• Endpoint Security
• Identity and Access Management
• Mobile Security
• Network Security
• Security Analytics
• Threat Intelligence

There are some basic practices and technology controls that can help implement cyber Security measures at an acceptable level. There is no single strategy that can prove to be a complete protection against the cyber crimes, but following some very common guidelines can however reduce the chances of cyber attacks and helping in mitigating the most common IT Risks.

• Stronger passwords
• Password expiration and rotation policy framework
• Access Control
• Implement web filtering by a qualified security professionals
• Use firewalls with a limited [needed] ports, and whitelists / blacklists
• Secure WI-FI networks
• Secure IT gadgets
• Implement multi-factor authentication in all login mechanisms
• Routine data back up
• Educate users on cyber cecurity
• Cyber crime insurance policy

Pahul Gupta is a certified cyber security professional from Melbourne [AU]. Let us know how we can help your enterprise with your cyber security needs.

Contact us To Simplify Your IT Infrastructure - DataGenius IT Systems Pty Ltd

Thanks.

Authors

Pahul Gutpa, Amar Verma, Saurabh Bhattacharya

References

https://cybersecurityventures.com/hackerpocalypse-cybercrimereport-2016

Risk integration is key to better cybersecurity management