From Cybersecurity to Cyber-Resilience

From Cybersecurity to Cyber-Resilience

Cybersecurity is an ever-present issue, especially in these times of rapid innovation. With this innovation, companies need to remember the importance of protecting systems, devices, networks and data from cyber attack. But what if we all went a few steps beyond, thinking of what to do to deal with an incident while it’s occurring and after it happens. Read on to learn how to work toward making your organization cyber resilient in the face of today’s threat landscape. Cybersecurity and Cyber-Resilience The two concepts sound similar, but the difference between cybersecurity and cyber-resilience is the focus. Cybersecurity refers to protecting systems, networks and data from cyberattack, whereas cyber-resilience is about an organization’s ability to withstand and recover from an attack while and after it happens. Both are important, and both contribute to business resiliency. An attack happens about every 39 seconds, according to some sources. Common types include malware attacks, ransomware, and Distributed Denial of Service (DDoS), and these attacks can steal data or access to it, or even stall your system. And the effect on your business is potentially devastating; even a short power outage can result in costly downtime. How will your organization not just prevent these hazards, but deal with and recover from them, and stay running and resilient? Benefits of Cyber-Resilience The threat landscape continues to expand, with more attacks and the attacks becoming more sophisticated. Considering the rate of cyberattacks already occurring, the probability of one striking any one organization is high. Protecting yourself, as well as having a plan to respond to an attack when it happens, benefits your company in numerous ways....
Protect Your Network Using Defense in Depth

Protect Your Network Using Defense in Depth

The old defenses against cyberattacks–firewalls, antivirus programs and operating system patches–worked well when the security perimeter was the office. Now that remote work is here to stay and more devices are connected to company networks, protecting networks is more complicated. Read on to learn how defense in depth, an integration of individual tools, can help you better protect your technological assets. The Significance of Defense in Depth   With business operations having altered in the last several years, more endpoints are connected to networks, and the threat surface expands. Not every remote worker may have the most up-to-date antivirus protection, for example. Bad actors could use brute-force attacks, seeking entry into numerous parts of the network. With defense in depth, other controls would keep the criminals from getting very far. This redundancy can give administrators time to enact countermeasures to keep the intruder from penetrating the network deeply Typically, defense in depth involves three layers of controls–administrative, physical and technical. Administrative controls have to do with the policies and procedures that workers follow; for example, restricting permission to certain portions of the network, and allowing access to the data and applications they need to do their work (least privilege). Another layer involves physical security, and protects data centers and IT systems from threats like data theft. These controls include guards, security cameras and biometrics and/or ID cards. The layers of controls are working at different layers yet are integrated to provide a strong defense against cyberattack.   Getting Started with Defense in Depth   But where to start? CompTIA’s article on the topic makes several suggestions. One is to...
From Aware to Prepared

From Aware to Prepared

With an increasing number of devices connected to networks, as well as increasingly sophisticated cyber attacks, the threat landscape is incredibly broad. In 2003, the US government and various industries collaborated and created Cybersecurity Awareness Month. Each October, the spotlight falls again on keeping your system secure and being secure online. Read on to learn about becoming not just aware, but prepared, all year long.   Benefits of the Awareness Movement   The goal of the collaboration on Cybersecurity Awareness Month is to raise awareness about the importance of cybersecurity, and to ensure that businesses–including small to medium-size businesses–have the resources to be safer and more secure online. Such resources include educational tools like guides, planners, training modules, and much more, to help your business make cybersecurity awareness a visible part of your organization. Not only do these tools come in different languages, but they can be modified to fit the specific needs of your organization.   Awareness Just the Beginning   While awareness is certainly important, it’s just the beginning of being prepared. A good first step in preparedness is mapping your entire network, finding out every device connected to it and learning whether those devices are secure. Another step is keeping track of the latest threats–phishing emails that can introduce malware to your network, or hacking attacks to take advantage of weak spots in your infrastructure. Evaluating the risks particular to your geographic location is important, though even a low-risk location is still subject to the risks of power outages and the resulting downtime.  And don’t forget assessing the knowledge of your workers, including any weak spots...
Cloud Security – A Shared Responsibility

Cloud Security – A Shared Responsibility

While cloud computing is now a common way to provision computing resources and outsource IT functions, security can be a (perceived) obstacle to adoption. Cloud security can be a shared responsibility, however, between the customer and provider. Read on to learn more about what to expect from a current or prospective provider, and what you can do yourself to stay secure.    Cloud Security and Why it Matters   Cloud computing, although providing multiple benefits, also presents security concerns. With compute resources available through the Internet, the greater amount of data moving between networks and devices, data which can be lost or stolen. Cloud security is a combination of technology, processes and policies that can keep your applications and data safe, reliable and available. Who ensures this, your company or the provider?   Cloud Security a Shared Responsibility   The answer is, both. In general, the provider provides and maintains the infrastructure, and the company looks after the data and applications “in” the cloud. How much responsibility either party assumes depends on the type of platform used. For instance, for Infrastructure as a Service (IaaS), the provider furnishes just that – infrastructure–and your company needs to manage the security of its own data and applications.  Other platforms like PaaS and SaaS provide more oversight. Sometimes the CSP will also offer data storage and monitoring. Top providers may even offer security-by-design or layered security as well as network monitoring and identity access management.    Your Company’s Role   In general, a provider that handles more of the functions also protects more. Beginning with Infrastructure as a Service (IaaS), you secure...
Using Workers and Technology to Fight Phishing Attacks

Using Workers and Technology to Fight Phishing Attacks

Now that Generative AI (e.g. ChatGPT) is here, phishing attacks may increase both in number and sophistication. How do businesses protect themselves? Awareness is a good first step, but gathering data using a security information and event management system (SIEM) is even better. Read on to learn how SIEM along with education and awareness training can reinforce your company’s efforts to prevent phishing attacks and resulting malware.   What is SIEM?   Security information and event management (SIEM) combines two separate systems to not only gather information but develop rules to help analysts understand what occurs in your company’s network. Security information management involves the gathering, monitoring and analysis of security-related information across different computer logs–including email applications.    Security event management is involved in helping respond to incidents. SIEM brings the two functions together – the strong log-keeping functions of SIM with the response capabilities of SEM. The information is put together in a standard format, then aggregated and analyzed, helping IT professionals prioritize their threat response. Since SIEM can be outsourced to managed service providers (MSPs), it is possible for small to medium-sized businesses to afford it and not have to hire extra staff.   SIEM and Phishing Attacks   The security operations center of an average organization can receive tens of thousands of threats, and some can receive ten times more. What’s a small or medium-sized business to do? How do they know they are victims of a ransomware attack until the damage is already done? Security information and event management has the capacity to gather and analyze information about user authentication attempts, separating normal logins...
Skip to content