Cyber security is the practice of ensuring the integrity, confidentiality and availability (ICA) of information. It represents the ability to defend against and recover from accidents like hard drive failures or power outages, and from attacks by adversaries.
The latter includes everyone from script kiddies to hackers and criminal groups capable of executing advanced persistent threats (APTs), and they pose serious threats to any enterprise. Business continuity and disaster recovery planning are every bit as critical to cyber security as application and network security.
Security should be top of mind across the enterprise, and come with a mandate from senior management. The fragility of the information world we now live in also demands strong cyber security controls. Management should see that all systems are built to certain security standards and that employees are properly trained. All code, for example, has bugs, and some of those bugs are security flaws. Developers are only human after all.
Types of cyber security
The scope of cyber security is broad. The core areas are described below, and any good cyber security strategy should take them all into account.
Critical infrastructure includes the cyber-physical systems that society relies on, including the electricity grid, water purification, traffic lights and hospitals. Plugging a power plant into the internet, for example, makes it vulnerable to cyber-attacks. The solution for organizations responsible for critical infrastructure is to perform due diligence to understand the vulnerabilities and protect against them. Everyone else should evaluate how an attack on critical infrastructure they depend on might affect them and then develop a contingency plan.
Network security guards against unauthorized intrusions as well as malicious insiders. Ensuring network security often requires trade-offs. For example, access controls such as extra logins might be necessary but would slow down productivity.
Tools used to monitor network security generate a lot of data — so much that valid alerts are often missed. To help better manage network security monitoring, security teams are increasingly using machine learning to flag abnormal traffic and alert to threats in real time.
The enterprise’s move into the cloud creates new security challenges. For example, 2017 has seen almost weekly data breaches from poorly configured cloud instances. Cloud providers are creating new security tools to help enterprise users better secure their data, but the bottom line remains: Moving to the cloud is not a panacea for performing due diligence when it comes to cyber security.
Application security (AppSec), especially web application security, has become the weakest technical point of attack, but few organizations adequately mitigate all the OWASP Top Ten web vulnerabilities. AppSec begins with secure coding practices, and should be augmented by fuzzing and penetration testing.
Rapid application development and deployment to the cloud has seen the advent of DevOps as a new discipline. DevOps teams typically prioritize business needs over security, a focus that will likely change given the proliferation of threats.
Internet of thinds (IoT) security
IoT refers to a wide variety of critical and non-critical cyber physical systems, like appliances, sensors, printers and security cameras. IoT devices frequently ship in an insecure state and offer little to no security patching, posing threats to not only their users, but also to others on the internet, as these devices often find themselves part of a botnet. This poses unique security challenges for both home users and society.
Types of cyber threats
Common cyber threats fall under three general categories:
Attacks on confidentiality: Stealing, or rather copying, a target's personal information is how many cyber-attacks begin, including garden-variety criminal attacks like credit card fraud, identity theft, or stealing bitcoin wallets. Nation-state spies make confidentiality attacks a major portion of their work, seeking to acquire confidential information for political, military, or economic gain.
Attacks on integrity: Also known by its common name, sabotage, integrity attacks seek to corrupt, damage, or destroy information or systems, and the people who rely on them. Integrity attacks can be subtle — a typo here, a bit fiddled there — or a slash and burn campaign of sabotage against a target. Perpetrators can range from script kiddies to nation-state attackers.
Attacks on availability: Preventing a target from accessing their data is most frequently seen today in the form of ransomware and denial-of-service attacks. Ransomware encrypts a target's data and demands a ransom to decrypt it. A denial-of-service attack, typically in the form of a distributed denial-of-service (DDoS) attack, floods a network resource with requests, making it unavailable.