What do you think of when you hear the word “cybersecurity”?
For some, just the name sounds ominous and somewhat overwhelming. Years ago, it was simply called IT Security, and all you needed was a good firewall and antivirus protection software to protect your company’s information. But in recent years, the information security landscape has changed significantly, as the adversary has dramatically stepped up methods for attacking a company’s vulnerable IT infrastructure.
So, before you move on to other work priorities, please dive into this 5 Things Everyone Needs to know about Cyber security guide related to the internet security...
1. Intro
We will always have cyber threats, as the adversary continually looks for new methods and ways to infiltrate your organization. The best way to prevent a cyber-attack is to build a strong defense, by systematically and continually addressing your company’s cyber vulnerabilities. A cyber vulnerability can be software that is not patched, a dis-configured firewall or even a weak password.
There are several cost-effective cloud-based vulnerability monitoring solutions that can continually identify and help resolve your company’s existing vulnerabilities. For example, vulnerability management software can inform you about patches you absolutely need to apply today versus less critical patches.
In fact, the Wanna Cry ransomware virus that crippled many European banks in May 2017 could have been avoided by applying a critical Microsoft patch issued in March 2017. So, in order to build a strong defense against a cyber-attack, you need to continually and systematically address your cyber vulnerabilities.
2. Types of cyber threats
There are many types of cyber threats that can attack your devices and networks, but they generally fall into three categories. The categories are attacks on confidentiality, integrity, and availability.
1. Attacks on confidentiality.
These include stealing your personal identifying information and your bank account or credit card information. Many attackers will take your information and sell it on the dark web for others to purchase and use.
2. Attacks on integrity.
These attacks consist of personal or enterprise sabotage, and are often called leaks. A cyber criminal will access and release sensitive information for the purpose of exposing the data and influencing the public to lose trust in that organization.
3. Attacks on availability.
The aim of this type of cyber attack is to block users from accessing their own data until they pay a fee or ransom. Typically, a cyber criminal will infiltrate your network and block you from accessing important data, demanding that you pay a ransom. Companies sometimes pay the ransom and fix the cyber vulnerability afterward so that they can avoid halting business activities.
Here are a few types of cyber threats that fall into the three categories listed above:
Social engineering, a type of attack on confidentiality, is the process of psychologically manipulating people into performing actions or giving away information. Phishing attacks are the most common form of social engineering. Phishing attacks usually come in the form of a deceptive email that tricks the user into giving away personal information.
APTs (Advanced Persistent Threats), a type of attack on integrity, are attacks where an unauthorized user infiltrates a network undetected and stays in the network for a long time. The intent of an APT is to steal data and not harm the network. APTs happen most often in sectors with high-value information, such as national defense, manufacturing, and the finance industry.
Malware, or malicious software, is a type of attack on availability. It refers to software that is designed to gain access or damage a computer without the knowledge of the owner. Several common types of malware include spyware, key loggers, true viruses, and worms.
3. Cyber protection
Only use trusted sites when providing your personal information. A good rule of thumb is to check the URL. If the site includes “https://,” then it’s a secure site. If the URL includes “http://,” note the missing “s” avoid entering sensitive information like your credit card data or Social Security number.
Don’t open email attachments or click links in emails from unknown sources. One of the most common ways people are attacked is through emails disguised as being sent by someone you trust.Always keep your devices updated. Software updates contain important patches to fix security issues. Cyber attackers thrive on outdated devices because they don’t have the most current security software. Back up your files regularly to prevent cyber security attacks. If you need to wipe your device clean due to a cyber attack, it will help to have your files stored in a safe, separate place.
Cyber security is constantly evolving, which can make it difficult to stay up to date. Staying informed and being cautious online are two of the best ways to help protect yourself and your business. To learn more about cyber security, visit our emerging threats center for the latest cyber security news.
4. Risk of Cloud information
Many people believe that putting their information in the cloud shifts responsibility to the cloud provider for information protection. They often may fail to consider that end users access information in the cloud from their desktop or mobile device, from the company’s network, or even worse, from a public network, where they are connecting their company’s cloud resources to any security vulnerabilities on their device or network!
For example, a single compromised password can provide legitimate access to the cloud and exploit cloud resources. Also, depending on the type of cloud service, some cyber security responsibilities still fall on the company to secure. According to Gartner, the cloud will require a different approach to security. On-premises security habits and designs won’t work well for information stored in the cloud.
Therefore, it is highly recommended that companies take a comprehensive view of their company’s cyber security and extend security boundaries to include cloud resources. No matter where information is hosted, all company information assets should be monitored and secured.
5. Internet Risks
It’s news we hear almost daily that another prominent company has fallen victim to a cyber- attack. Large, well-funded companies with sophisticated cyber security programs like Target, Sony, Equifax, Anthem, and eBay, have all experienced security breaches in recent years that have compromised sizable amounts of sensitive information.
Large companies are often on the radar for hackers, but did you know 61% of data breach victims are businesses with under 1,000 employees? In fact, according to a recent survey, 80% of organizations have been negatively impacted by a cyber-attack in the past 12 months.
So, if you haven’t suffered a cyber security breach yet, you’ve either been incredibly well prepared, or very lucky, since most malware indiscriminately searches for vulnerable companies across the internet.
Comments