In the tech media and in the boardroom, talk about cybersecurity is everywhere. It's even becoming a staple of the nightly news as national governments gear up to attack one another over the internet. With that in mind, it's extremely important for executives or any business leaders to have a defined concept of what constitutes good cybersecurity and how to protect networks. (Learn more about cybercrime in How I Got Here: 12 Questions With Cybercrime-Fighter Gary Warner.)
There are many strategies that companies use to safeguard their systems – some fundamental security principles will help make sure that a firm’s sensitive data and assets are at a decreased risk.
At the Perimeter
Some of the most basic cybersecurity tools operate at the perimeter of a network or in places where IT professionals can catch viruses or malware where they can do the least damage. The firewall is one traditional example, along with email monitoring software and a spate of anti-virus and anti-malware tools.
However, what businesses are realizing today is that perimeter controls are really only a good start. They can keep out a lot of disruptive traffic, but they can't always intercept harmful Trojan attacks that worm their way into a system. For that, it's necessary to practice what a lot of professionals call “layered security” or “defense in depth” – adding a range of additional tools to traditional perimeter security.
Another key step to better cybersecurity is composed of tools and resources that will monitor activity inside systems to look for anything suspicious. Many of the most modern event monitoring tools can be useful against ransomware, distributed denial of service attacks, malware and other types of hacking attempts.
Event monitoring starts with either human or automated inspection of event logs, but it often goes far beyond that. New machine learning capabilities are powering cybersecurity tools that can learn from the past, and adapt to new threats before they happen.
IT professionals often refer to this as “threat intelligence” – it's important to note that threat intelligence is really still in its infancy, and many companies don't have tools that are robust enough to really preemptively stop attacks. However, moving from basic Bayesian logic systems to advanced machine learning systems driven by artificial neural networks could enable more businesses to fully protect their assets in the future.
Controls on Devices
Endpoint security is another big piece of the picture. Companies have to be willing to institute across-the-board device control policies and deal with the screens that their sensitive data may someday be displayed on.
Cybersecurity professionals discussing endpoint security often talk about the “bring your own device” phenomenon that has led to so much free play of company data on personal devices. These days, it's tough to avoid BYOD setups altogether, because it's so manifestly useful for employees to have access to company data when they're off the clock, or when they're out in the field. However, that makes it necessary for companies to really innovate when it comes to endpoint security and figure out how to control data at the endpoints of a system.
In discussing real, vibrant cybersecurity, you can never ignore the paradigm of user awareness. That means being relentless in training – putting consistent onboarding training solutions in place, and continuing to drive home the point to the rank-and-file of users that many hacking attempts happen in a social setting. Fancy new threat intelligence tools may be able to stop things like ransomware, but they won't do a thing against sophisticated spearphishing attacks. (Learn more about phishing attacks in Whaling: Phishers Look to Land a Big Catch.)
The only way to prevent various kinds of insider threats is by really instilling awareness and internal intelligence in every employee who has access to business data. Social media policies and privacy awareness are just a start – the company has to really fully train each individual to make sure that there's no weak link in the organizational chart.
State of the System
Another key component of ongoing cybersecurity administration regards the state of the network as a whole. Top IT people and executives can evaluate how the network is outfitted with anti-hacking software – whether an anti-virus system is in place and updated, whether patches are routinely applied, and whether a vulnerability scanner is applied. Professionals can assess the “cyber kill chain” – the usual pattern by which malicious attacks work, and make sure that specific solutions are in place for each step of the process. For example, resources like the firewall, sandbox anti-virus tools and some types of training will prevent intrusion at the delivery level, while patch management and behavior-based anti-virus can work against the exploitation stage. Hardened systems can protect against virus installation. By analyzing each step, security pros can build in step-by-step defenses.
Attack Surface Reduction
Another lesser-known principle of cybersecurity is the act of controlling the attack service by looking at what hackers target or where they could target, and removing tools or changing architectures accordingly. Behavior-based antivirus packages can look for the points where the network is most appealing to attackers. Businesses can set up “honeypot” systems to similarly observe hacker activity. Changing the attack surface is an additional way to control vulnerability, and has a big impact on corporate cybersecurity.
All of the above can help make a firm's network less open to hackers, and promote better overall enterprise cybersecurity. Partner with vendors that make true protection a priority, and get prepared for the onslaught of hacking in the new cyber-age.