Security Check: Cybersecurity Defense

Ransomware locks down systems and gives control to malicious actors. It allows attackers to hold a system hostage until a ransom is paid. In our information economy, understanding and fortifying your company’s cybersecurity defenses is critical to protecting your essential business data.

What is cybersecurity?

There is a movie trope in which a hacker types furiously on a keyboard and easily breaches the security of the server they are attacking. The reality is much different and frankly, a lot more boring.

A cybercriminal attempting to access a secure system looks for flaws in the software to exploit. Cybersecurity is ultimately a contest between attackers and defenders. Attackers want a way in, and the defenders must stop them. Both sides use the same set of skills to find system vulnerabilities and either exploit (i.e., attack) or close (i.e., defend) them. Success — on either side of the battle — relies on a combination of sophisticated systems and software knowledge and an ability to view them in-depth from the other side’s perspective.

Who is responsible for cybersecurity?

Cybersecurity is a distributed responsibility in which everyone who participates in your business plays a role in protecting its data. Responsible parties include:

• The board of directors. Information security touches almost every aspect of every business. Your company will benefit from directors with the education, knowledge, and ability to communicate the importance of data security to less knowledgeable members. In addition, your board should make information security a priority among its strategic objectives.
• The C-suite. Too often, people outside of the IT sphere underestimate the risks posed by digital attacks. Your company’s executive management team must understand the gravity of potential data breaches. Without support from the C-suite, calls for enhanced information security will fall on deaf ears.
• Human resources. Keeping your company’s data secure means training every employee to be mindful of potential vulnerabilities, including phishing, vishing, and other social engineering pretexts. Your HR department can ensure employees are trained and when necessary, certified to ensure information security.
• Information technology. Your information technology (IT) department is the last line of defense against cyberattacks. If there are IT professionals taking active measures to stop data theft, several serious errors have already occurred.

Third-party vendors. Cloud and SaaS providers share cybersecurity responsibility with their clientele, but the extent and specifics of each party’s liability differs from one provider to the next. Read the fine print in your vendor agreements to understand who is responsible for what cybersecurity protections, and seek expert advice when necessary.

Defense classification

A company’s networks and data systems are categorized as either unprotected, static, enhanced, or dynamic. An unprotected system is just that. There are no hardware or software measures protecting the company’s systems from a data breach. This is the worst-case scenario.

Static systems typify most home networks. Home systems are likely running a firewall because they’re either built into the operating system or a standard part of the internet service provider’s offering. An effective home cybersecurity system should also incorporate strong passwords and comprehensive, reliable antivirus protection.

Enhanced, perimeter-based security employs firewalls, antivirus programs, and both intrusion detection and intrusion protection systems, which take a more active role in seeking out and shutting down external network attacks.

A dynamic, moving-target defense system continuously monitors hardware and software for potential compromise and deploys smart, automated tools to alert IT staff and/or counter cybersecurity attacks.

The size and vulnerability of a given system dictates the level of security it requires.

Types of defenses

Cybersecurity fortifications demand at least as much training as they do technology, but tech defenses fall into a few broad categories, including:

• Firewalls to control inbound and outbound traffic on a trusted system based on a specific set of rules.
• Antivirus software to compare new code on a protected system with record files of known and potential threats.
• Intrusion detection systems to monitor system traffic, locate and identify suspicious data packets, and alert IT staff.
• Dynamic defense systems to go beyond traditional detect and alert protection.

Dynamic systems come in a range of advanced security options:

• Endpoint detection and response (EDR) uses threat intelligence, machine learning (ML), and advanced analytics to proactively identify and alert for both persistent and unknown threats engineered to avoid traditional cybersecurity measures.
• Extended detection and response (XDR) doesn’t stop at endpoints. It can detect and analyze data across multiple integrated systems and software platforms. XDR systems incorporate artificial intelligence (AI), ML, and advanced automation to “help improve productivity, threat detection and forensics.”
• Managed detection and response (MDR) is a range of data defense resources provided by a managed security service provider (MSSP). Available tools include endpoint detection, security information event management (SIEM), user and entity behavior analytics (UEBA), EDR, XDR, and more. MDR is a good option for organizations with limited technical resources and/or expertise.

Layered, coordinated, and automated defense systems are the most effective for cybersecurity, but without the human element, none of it happens. The first line of defense is always the people using your system. Good, well-established cybersecurity habits, and organization-wide efforts to educate users on their risk and responsibilities, will do more for data security than an army of people typing as fast as humanly possible.

Learn more about improving and enhancing your company’s information security at nccdata.com.