In the Information Age, Cyber-Security is key

Cyber war skips battlefield. Systems that people rely upon, from banks to air defense radars, are accessible from cyberspace and can be quickly taken over or knocked out without first defeating a country’s traditional defense.

For example, Take this image below and multiply the number of dots you see by ~1.4 Million; This represents the attack surface for Cyber Crime. For Reference, there are 2321 dots in the image. Multiplying by ~1.4 Million gives roughly

...3.15 Billion

attack vectors; Each one an entrance and exit to and from the Internet.

Dotted Map of The World

How do we combat this issue?

Every Internet-connected device represents a vulnerability to the security of the entire infrastructure; How do we mitigate risk in such a dynamic environment?

The methods listed below are derived directly from this article by Symantec found on Forbes.com.

  1. Update Security Tools
    • Security tools are the first line of defense against attacks, so it’s important to make sure these are current. Malware authors constantly update their software and devise new attacks, which puts organizations with outdated technology at an elevated risk. At a minimum, take advantage of latest security technologies and tools that are built into the products already owned from current security vendors.

  2. Think Like A Hacker aka “Attack Actor”
    • Samir Kapuria, VP, Cybersecurity Group, Symantec, on a recent ZDNet interview, shared his insights on how hackers conduct attacks in phases:
      • Reconnaissance – casing and scoping out the victim
      • Incursion – breaking in
      • Discovery – finding the asset of choice
      • Exfiltration – unauthorized transfer of data from a computer
    • Kapuria suggested companies put themselves in the role of the hacker.

      “If you walk in the adversaries’ footsteps and assume that point of view, you understand all of the phases they’re going to conduct to execute an attack,” said Kapuria. “When we’re looking at it from a layered approach, as security practitioners, we got to have the right countermeasures that allow us to prevent each of those phases of attack.”

  3. Know What To Do When A Security Breach Occurs
    • Organizations of any size, industry or geography can and do experience data breaches. According to Symantec’s latest Internet Security Threat Report, the number of targeted campaigns increased 91 percent in 2013, and went up across the board for small, medium and large businesses.

      While large companies that experience data breaches make the headlines, Kapuria noted that, “All organizations are open to attack,” and that there was an increase in small to medium-sized enterprises being attacked.

      There’s no such thing as 100 percent security, so it’s imperative that companies (small and large) are able to detect threats. Preparation should also include tools, technology and policies that help detect and respond as quickly as possible. Make sure there is an internal team to see and respond to breaches.

      Be sure to read What To Do-And What Not To Do-When You Discover a Breach.

  4. Get Everybody Companywide Involved
    • Cybersecurity has now become mainstream, because no company wants to be the next one in the news. Data protection is not only an IT discussion, but also a companywide concern. From the boardroom to break rooms, companies must educate employees about the risk of cybercrime and practice safe security measures.

      Ultimately, to successfully win the cybersecurity battle, security has to become everyone’s business and enterprises have to make the right investments in security protection, detection and response.