Technical Elements of a Cybersecurity Compliance Program (IV of IV)
The term cybersecurity is thrown about because it covers so many risks. There is no common definition of cybersecurity and the technical elements included in the term. From a technical standpoint, cybersecurity covers multiple types and layers of protection for technology.
A company needs to identify and understand elements of its Information Technology infrastructure, including specific types of devices and uses. The goal is to identify areas of risk that could permit a phishing attack to occur, or permit a hacker to gain unauthorized access to a company’s IT system or cloud application. The difficulty in this process is identifying network vulnerabilities that may be exploited by hackers and the different tools they use to gain unauthorized access.
Nonetheless, there are certain common elements of a cybersecurity program:
- Application security
- Information security
- Disaster Recovery planning
- Network Security
- End-Point/User Security
- Operational Security
Application Security is the protection of software applications. Businesses that misconfigure security settings can result in cloud account data breaches. Companies that rely on major cloud services have to design their security settings. There are a number of reasons for such misconfigurations: (1) lack of familiarity with cloud security policies; (2) absence of adeq2uate controls and oversight; and (3) User errors. In this area, multi-factor controls and administration privileges are critical steps to strengthen application security and prevent breach of applications.
Information Security is steps taken to protect internal company data, and data collected from customers, clients and vendors/suppliers. When it comes to data, companies have to follow strict security standards to protect personal identifiable data. The importance of such data can depend on the specific industry since there are specific data risks applicable to personal health information, financial data and other sensitive types of business-related data. To understand the risks, companies have to examine how they collect, store, and transmit data. To protect the data, companies will employ encryption and other strategies to protect data from a possible breach.
Disaster Recovery protections consist of two important functions: (1) Strategies to prevent a breach or malware infection from spreading; and (2) Preparation of protocols for recovery in response to a possible attack. In this area, companies have to implement backup and recovery systems, incident response drills and endpoint protections.
Network Security covers protection of a company’s physical network and the devices that are used with the network. Most companies use firewalls to monitor incoming and outgoing traffic for cyber threats and attacks. Also, companies have to secure their wireless network and ensure that remote connections are encrypted. Network security is focused on protecting the system to ensure only authorized users have access, and detection of possible anomalies or intrusions into the network.
End-User Security is often referred to as end-point security. This includes protection of devices that employees use. Given the prevalence of phishing attacks, companies have to focus on this important area since hackers typically gain unauthorized access through end points (e.g. employee laptops or mobile devices). End-user security often consists of: (1) ensuring that devices are updated with security programs and firewalls; (2) installation of anti-virus applications; (3) availability of DNS filtering to block malicious websites; (4) installation of firmware protections; (5) passcode-protections for screen locks; and (6) remote monitoring and device detection services.
Given the importance of end-point security, cyber training of employees to raise awareness is a critical addition to protecting company end-points from hackers who may gain access to the network and spread viruses. Employees have to understand how to detect phishing emails, to maintain password security, the handling of sensitive data and other important cyber hygiene habits.
Operational or Holistic Security involves a holistic examination to ensure that across the organization the security strategy operates effectively. In other words, companies have to consider how the system operates overall and identify any potential vulnerabilities that could be exploited by a hacker. This is an important aspect of a program to ensure that a company keeps up with current threats and security developments.
In the end, cybersecurity fails when there is a lack of adequate controls and security readiness. Companies have to make smart strategic decisions when developing IT controls and cybersecurity systems. It is always important to focus on the human element – common mistakes, effectiveness of controls and vulnerabilities to hacker strategies to exploit any weaknesses. Employees have to know and understand cyber risks and steps to defend against possible attacks.