Cybersecurity

SOUL

A company’s know-how is one of its most valuable assets. The customer information that the company possesses is just as important. The loss or leaking of said information may represent a serious economic threat to the company and its image.

Furthermore, cybercrimes are now considered more lucrative than drug or arms trafficking.

We all Know ...

"The largest cyber-attack in 10 years blocks access to websites such a CNN, Yammer, New York Times, PayPal and Twitter”

 “Pen-drives with viruses are handed out at the door of an important company”

“Mass attack on Endesa customers with fake invoices. Cyber criminals attempt to get the recipients to open their emails, which allows them to infiltrate a virus that blocks their personal files."

 “The United States imposes sanctions on Russia for cyber-attacks launched during the elections.”

 “Thousands of companies (and their customers) are endangered after a mass ‘ransomware’ attack”

 

On the hand, platforms such as the Internet of Things, Big Data, Machine Learning and of course Cloud technology allow the perimeters of a company’s cybersecurity to be broadened, and as such, means cybersecurity strategies are needed in order to address Digital Transformation without putting at risk any of the company’s information assets.

How to create a security plan

 

To create a Cyber Security Plan that protects confidentiality, integrity and the availability of the principal cyber security issues (ISO 27000, NIST-800), follow these steps:

  1. Find out what the current cyber security profile is.
  2. Establish an inventory of assets and classify them in order of severity.
  3. Make a Risk Analysis. What are the main threats? What vulnerabilities are there? What is an acceptable level of risk and what has to be addressed immediately?
  4. Establish a cyber security objective.

What type of controls shall have to implemented to keep the services secure? The recommendation is to apply what is known as “deep defence” applying several security layers to the same element, and dividing the makeup of the network into various sections with the purpose of making it even more complicated to access information:

                              deep defence-security layers

 

What security measures can be taken?

 

Some of the security measures that can be established on each layer are:

  • Network level security: encrypted communications, the establishment of virtual local area networks (VLAN), firewalls, intrusion detection systems (iPS /i DS), perimeter antivirus, sandboxes, NAC (Network Access Control) …
  • Server level security: fortification of servers (patching, limiting the use of applications and using only those services which are strictly necessary) registering events, privilege separation …
  • Application level security: application firewalls, encrypted communications and especially the presence of secure programming regulations that avoid any programming errors which may be pounced on by a potential attacker. The OWASP project (https://www.owasp.org) is an excellent reference to develop secure software.
  • Date level security: strong passwords, double token authentication methods, data encryption, ACLs files …

However, to avoid the loss or leaking of any information, or to avoid being the victims of a cyber-attack, merely having powerful security systems is not enough, as each person who has access to the network is a potential point of attack for cybercriminals. The weakest link in a company’s security system is people.

Nowadays, most attacks are launched by using Social Engineering. Attackers benefit from the trust of the users, following these basic statements:

  • We all want to help. Emails or social media messages encouraging people to donate money to save sick children or something similar.
  • We are naturally trusting, although on the Internet we are now a little bit more careful. That is why attackers change the senders of emails, making them appear as if they were from some sort of institution or a trusted email address or person of the recipient. Or more directly, the attacker poses as a member of an IT support team, and the user gives them their access password.
  • We do not like to say no. We visit a URL recommended to us by a personalized email, perfectly adapted to the information that the attacker already knows about us from social networks, putting the security systems of the company at risk.
  • We all like to praise. A tactic used by attackers to gain the trust of a victim.

 

There is no doubt that without a suitable USER AWARENESS PLAN, even the most powerful security systems are worthless.

And if all that does not work? Well, suitable procedures shall need to be implemented for the early detection of security incidents, as well as rapid responses and the recovery of any damaged services. 

Comments

Please login or register to leave a response.