DPTSI

Cybersecurity is the practice of protecting computers, networks, software applications, critical systems, and data from potential digital threats. Organizations have a responsibility to secure data to maintain customer trust and meet regulatory compliance. Organizations use cybersecurity measures and tools to protect sensitive data from unauthorized access, as well as prevent disruptions in business operations due to unwanted network activity. Organizations implement cybersecurity by streamlining digital defenses among people, processes, and technology.

Businesses in sectors such as energy, transportation, retail and manufacturing use digital systems and high-speed connectivity to provide efficient customer service and run cost-effective business operations. Just as businesses secure their physical assets, they must also secure their digital assets and protect their systems from unwanted access. Intentional events to breach and gain unauthorized access to computer systems, networks, or connected facilities are called cyberattacks. A successful cyberattack results in the disclosure, theft, deletion or alteration of confidential data. Cybersecurity measures provide defense against cyberattacks and provide the following benefits.

• Prevent or reduce the cost of breaches
  Organizations that implement cybersecurity strategies minimize the unintended consequences of cyberattacks that can affect business reputation, financial position, business operations and customer confidence. For example, companies enable disaster recovery plans to contain possible disruptions and minimize disruption to business operations.
• Maintaining regulatory compliance
  Businesses in certain industries and regions must comply with regulatory requirements to protect sensitive data from possible cyber risks. For example, companies operating in Europe must comply with the General Data Protection Regulation (GDPR), which expects organizations to take appropriate cybersecurity measures to ensure data privacy.
• Mitigate evolving cyber threats
  Cyberattacks evolve as technology changes. Criminals use new tools and devise new strategies to unlawfully access systems. Organizations use and enhance cybersecurity measures to keep up with these new and evolving digital attack technologies and tools.

Cybersecurity professionals strive to contain and mitigate existing and new threats that infiltrate computer systems in different ways. We provide some examples of commonly occurring cyber threats below.

• Malware
  Malware stands for malicious software. Malware includes a variety of software programs built to allow third parties to gain unauthorized access to sensitive information or disrupt the normal working of critical infrastructure. Common examples of malware include Trojans, spyware, and viruses.
• Ransomware
  Ransomware refers to a business model and various related technologies that malicious actors use to extort money from various entities.
• Man-in-the-middle attack
  Man-in-the-middle attacks involve an outside party attempting to gain unauthorized access through a network during data exchange. Such attacks increase the security risk of sensitive information such as financial data.
• Phishing
  Phishing is a cyber threat that uses social engineering techniques to trick users into revealing personally identifiable information. For example, cyber attackers send emails that result in users clicking and entering credit card data on fake payment web pages. Phishing attacks can also result in the download of malicious attachments that install malware on corporate devices.
• DDoS
  A distributed denial of service (DDoS) attack is a coordinated attempt to overwhelm a server by sending a large number of fake requests. The event prevents normal users from connecting or accessing the targeted server.
• Insider threat
  Insider threats are security risks posed by ill-intentioned personnel within an organization. Personnel have high-level access to computer systems and can destabilize infrastructure security from within.

Organizations implement a cybersecurity strategy by engaging cybersecurity specialists. These specialists assess the security risks of existing and connected computing systems, networks, data storage, applications and other devices. The cybersecurity specialists then create a comprehensive cybersecurity framework and implement protective measures within the organization.

A successful cybersecurity program involves educating employees on security best practices and leveraging automated cyber defense technologies for existing IT infrastructure. These elements work together to create multiple layers of protection against potential threats at all data access points. They identify risks, protect identities, infrastructure, and data, detect anomalies and events, respond and analyze root causes, and recover after events occur.

A robust cybersecurity approach addresses the following issues within an organization.

• Critical infrastructure cybersecurity
  Critical infrastructure refers to digital systems that are essential to society such as energy, communications and transportation. Organizations in these areas require a systematic cybersecurity approach as data disruption or loss can destabilize society.
• Network security
  Network security is cybersecurity protection for computers and devices connected to a network. IT teams use network security technologies such as firewalls and network access control to regulate user access and manage permissions for certain digital assets.
• Cloud security
  Cloud security describes the steps an organization takes to protect data and applications running in the cloud. Strengthening customer trust, ensuring fault-tolerant operations, and complying with data privacy regulations in a scalable environment are important. A strong cloud security strategy involves shared responsibility between the cloud vendor and the organization.
• IoT Security
  The term Internet of Things (IoT) refers to electronic devices that operate remotely on the internet. For example, a smart alarm that sends periodic updates to your smart phone would be considered an IoT device. These IoT devices introduce an additional layer of security risk due to constant connectivity and hidden software bugs. Therefore, it is important to introduce security policies on the network infrastructure to assess and mitigate the potential risks of different IoT devices.
• Data security
  Data security protects mobile and stationary data with robust storage systems and secure data transfer. Developers use protection measures such as encryption and isolated backups for operational resilience against possible data breaches.
• Application security
  Application security is a coordinated effort to strengthen application protection against unauthorized manipulation during the design, development, and testing stages. Software programmers write secure code to prevent bugs that can increase security risks.
• Endpoint security
  Endpoint security addresses security risks that arise when users access the organization’s network remotely. Endpoint security protection scans files from individual devices and mitigates threats when detected.

A strong cybersecurity strategy requires a coordinated approach that involves an organization’s people, processes and technology.

• Personnel
  Most employees are unaware of the latest threats and security best practices to protect their devices, networks and servers. Training and educating employees on cybersecurity principles reduces the risk of oversights that could lead to unwanted incidents.
• Process
  The IT security team develops a robust security framework for continuous monitoring and reporting of vulnerabilities discovered within the organization’s computing infrastructure. The framework is a tactical plan that ensures the organization responds to and quickly recovers from potential security incidents.
• Technology
  Organizations use cybersecurity technologies to protect connected devices, servers, networks and data from possible threats. For example, businesses use firewalls, antivirus software, malware detection programs and DNS filtering to automatically detect and prevent unauthorized access of internal systems. Some organizations use technologies that operate on the principle of zero trust security to further strengthen their cybersecurity.

The following are modern cybersecurity technologies that help organizations secure their data.

• Zero trust
  Zero trust is a cybersecurity principle that assumes no application or user is trusted by default, even if that application or user is hosted within the organization. Instead, the zero trust model assumes least privilege access control, which requires strict authentication of each authority and continuous monitoring of applications.
• Behavioral analytics
  Behavioral analytics monitors data transmission from devices and networks to detect suspicious activity and abnormal patterns. For example, IT security teams are alerted to sudden spikes in data transmissions or suspicious file downloads to certain devices.
• Intruder detection system
  Organizations use intruder detection systems to quickly identify and respond to cyberattacks. Modern security solutions use machine learning and data analysis to uncover dormant threats in an organization’s computing infrastructure. Intruder defense mechanisms also retrieve a data trail in the event of an incident, which helps security teams locate the source of the incident.