Cybersecurity 101: Back to the Basics
Too often in cybersecurity, business leaders are forced into the ‘what’ decisions before ever getting an opportunity to understand the ‘why’ behind them. The purchasing conversations with IT start with requests like “We need to upgrade our AV to a next-gen EDR solution.”, “Our firewalls need to be application aware and allow for DPI-SSL with full throughput.”, or “We need to move from VPN to a zero-trust solution.” (Note: if you are interested in what all this techno-babble means, check out the glossary at the end of the article)
While the above requests are all important parts of cybersecurity, an understanding that the many diverse pieces should come together to provide a layered and complete security solution is more important overall. Decision makers often either look at the financial impact and say yes to some pieces and no to others, they implement just enough to be compliant with regulators, or, in rare cases, they say yes to everything. Any of these responses can result in security holes, increased risk, or unnecessary spending. As business leaders, we need to begin by building a foundational understanding of what we are trying to accomplish. For this reason, we are going to go back to the basics in this article.
What is Cybersecurity?
Cybersecurity can take many forms, and the purposes of those forms vary. However, the basic definition of the word remains: Cybersecurity encompasses the measures taken to protect a computer—or entire network—from unauthorized access or attack.
This definition offers the first step toward understanding how massive the process of securing a network against cyberattacks really is. Shielding computer systems and networks requires everything from the people (cybersecurity experts and end users alike), to the processes, techniques, and technology put into place as forms of protection. Without properly implemented layers of security (sometimes called defense-in-depth), cyberattacks are easily executed and can greatly damage an organization’s reputation and lead to significant financial loss.
Why is Cybersecurity Important?
Each day, businesses rely more and more on the internet. The field of technology is an easy example of this, but financial, legal, and medical fields are quickly moving to cloud-based solutions and remote workforces. Cybersecurity serves as a wall of protection for the organizations in these fields, assessing the threats, risks, and vulnerabilities in their systems in order to keep their networks safe.
Cybercrime is, by its nature, far more abstract than the threats we see in our everyday lives. A cybersecurity threat may never present itself until after the damage is done. Unfortunately, that does not mean the threat is any less real. The importance of cybersecurity cannot be overemphasized. Every day at Element Technologies we work with victims of cybercrime. Phishing attacks, stolen credentials (or devices), and ransomware are just a few examples of how their lives have been turned upside down.
A dynamic cybersecurity practice keeps personal information and intellectual property from falling into the hands of attackers. User authentication, password security, multifactor authentication, and protection against phishing and keystroke logging are just a few of the first steps to building the layers of security necessary for excellent defense.
Of note, the legal, financial, and medical fields are prime examples of industries that risk the greatest loss if they fall prey to a cyberattack, because these organizations hold an exceptional amount of data on individuals, businesses, and governments.
Cyber Security for Law Firms, Financial Firms, and Healthcare
While cyberattacks on law firms are not a new occurrence, they are becoming increasingly prevalent because law firms have access to files and information on many other industries. Law firms keep records of crucial documents that could be accessed through a data breach: Case files, attorney-client documents, and patient records, for a start.
As with law firms, cyberattacks on healthcare facilities pose a grave danger, because each successful attack exposes patient medical records. These records may contain information that dates back over many years, and though exposure of a medical record may sound trivial at first thought, this kind of document contains a patient’s name, date of birth, social security number, and billing information. This is information that can cause unprecedented amounts of damage if it is exposed to unauthorized malicious parties.
So, how do organizations protect themselves, if there are this many threats out there, and even more layers to cybersecurity? Security Awareness Training is a good place to start.
What is Security Awareness Training?
It is, unfortunately, not uncommon for employees to focus primarily on continuously developing the knowledge they have within their own industries while forgetting to learn about the tools that make their jobs possible and—more importantly—safe.
Security Awareness Training from IT professionals educates employees on the different types of cyberattacks, as well as basic processes and techniques that can be applied in order to protect against threats. This training often simulates phishing, malware, and ransomware attacks to ensure that employees understand what potential cyberattacks look like, and how to not fall prey to them.
While this type of individual training may seem minimal when looking at the big picture, the more aware every employee is of the threats facing their companies and organizations, the safer they will be. And when business leaders build up an understanding of the basics, the ‘what’ decisions can be answered with the ‘why’ in mind: Cybersecurity threats can be thwarted before any damage is done.
If you have questions or would like to learn more, contact Craig Sixta at csixta@ele-ment.com
Glossary:
AV: Anti-Virus.
EDR: Endpoint Detection and Response—A solution that gives security teams a centralized platform for continuously monitoring endpoints in order to respond to incidents as they arise.
DPI-SSL: Deep Packet Inspection of Secure Socket Layer traffic — a type of data processing that inspects encrypted traffic in detail being sent in and out of the network. Encrypted traffic is often ignored during an inspection by firewalls meaning that the IT/Security team has no idea what is being sent in or out over the Internet.
VPN: Virtual Private Network—a network that is constructed using public wires—usually the internet—to connect remote users or regional offices to a company’s private, internal network.