Hacking and cyber-security breaches make constant headlines as the world's businesses struggle to come to terms with the digital world. The mass adoption of cloud storage and digital services has provided plenty of opportunities for tech-savvy criminals, while sometimes organisations fail on the most basic measures, such as keeping up with patches.
Organisations with sensitive information like the NHS have been rocked by cyber attacks in recent years, with the NHS seriously impacted by the global ransomware WannaCry.
Clearly, the need to strengthen security in the digital age is of the utmost importance to businesses as cyber threats become more sophisticated.Financial organisations have also been found to have flaws in their online security, with hackers finding vulnerabilities in banking apps, putting millions of users at risk of fraud.
Intel Security predicts that a global cyber-security skills gap is set to widen between to one million and two million by 2019, and could leave businesses and organisations open to serious threats from hackers that they can neither thwart nor catch.
But what are the main security measures companies need to ensure they have covered? We discuss them below...
Network security
Cyber security isn't just about dealing with external threats -- internal threats, whether accidental or malicious, also pose a significant risk to businesses. Good network security is key to preventing data loss due to this type of incident and any candidate should be able to enact policies and controls within and around the network.
Such policies could include network access control, such as restricting the type of device that can access the network, or restricting what a device or user can do once connected. For example, those who aren't employed by the HR department shouldn't be able to access HR files, nor should those not working in the finance department be able to access financial data.
There is a wide range of tools available to administrators to enact these types of policies, including VPNs (virtual private networks), firewalls or more recent innovations like machine learning algorithms, which can quickly identify when a user or device is behaving unusually and cut it off. Software can also be deployed to divide servers into micro-segments, which can halt the spread of an infection throughout the network.
Cloud security
These days, virtually all organisations use the cloud to some degree, this means that these organisations need to secure data and applications using the cloud in addition to securing their own on-premise infrastructure.
There is, however, a shortage of cyber-security professionals with expertise in the cloud. Nearly a third (29%) of businesses claim to have a shortage of cloud security skills, according to 2017’s ISSA/ESG survey.
The responsibility for ensuring the security of data and apps in the cloud is with an organisation, and not with the company that provides the cloud service. As organisations move from dealing with on-premise threats to cloud-based threats, they need professionals with cloud security skills.
Among the cloud security threats is poor identity management, as hackers may mask themselves as legitimate users in order to access, modify and delete data.
Another cloud security issue is poorly-secured cloud apps. Most apps and cloud services use APIs to communication and transfer data. This means the security of the API directly affects a cloud service’s security. The chance of a data breach increases when third parties are granted access to APIs.
Institutions such as SANS and CSA offer cloud security certifications for professionals to increase their skill sets in this area.
Risk management
The base skill any cybersecurity specialist should have is an understanding of risk management - knowing how best to respond if and when the company is hit by a threat. Good risk management is always built on solid strategies and procedures for dealing with security events.
According to the National Cyber Security Alliance's Stay Safe Online initiative, such a strategy should follow three steps: prevention (how to reduce the risk of an attack), resolution (steps to follow if an attack is successful), then restitution (repairing customer trust, or generally mitigating any consequences of a hack).
Since risk can't be eliminated entirely, this skill is incredibly important. Risk management helps prevent or decrease uncertainty within an organisation, and improves its overall efficiency, confidence, and reputation.
Patching and software management
When an organisation stores a lot of data on-premise in its own data centres, it needs a security expert that understands the importance of regular software updates, as well as how to roll them out across the business with the least possible disruption. Patch management is key to ensuring malicious actors are unable to attack an organisation via a disclosed vulnerability.
Organisations using SaaS software will have an easier time, because updates are made to the cloud directly from the vendor. It's still important to keep an eye on any security issues within these products, though.
Big Data analysis
Analysing large amounts of data is another essential skill in cybersecurity. An example of how data analytics is a useful cyber security skill can be found when looking at advanced persistent threats (APTs).
According to Cloud Security Alliance, advanced persistent threats (APTs) generally aim to steal intellectual property or strategic business information and are currently among the most serious security threats to organisations.
Big Data analytics are beneficial for detecting APTs as there is typically a huge amount of data to look through in order to find anything abnormal. Without it, this process would take much longer and be less likely to identify any threats.
Non-technical skills
When it comes to cybersecurity, non-technical skills are just as important as technical expertise. For instance, strong communication skills are essential to communicating a threat clearly, and to make sure other departments understand the importance of security. Teamwork and collaboration also play a role, as experts work in various teams to ensure the job is done effectively.
Governance
Governance plays a large role in cyber-security as well. For example, if a cloud computing data breach occurs, the service provider should alert all customers of said breach - even the ones who were not impacted. The provider should then make efforts to identify and resolve any issues or vulnerabilities. Under new data protection laws, known as the General Data Protection Regulation (GDPR), organisations must inform affected users and the data protection authority within 72 hours of a breach, or face a fine of up to 2% of their annual turnover, or €10 million.
Time for some automation?
One solution being proposed to cover the problem of the cyber security skills gap, while also improving security in businesses overall, is the increased use of automation.
Most of this focuses on the use of machine learning and artificial intelligence (AI) to identify known and potential threats faster, while also reducing some of the false positives seen in earlier automation. This means that anything flagged as a potential issue is less likely to be a waste of human time.
AI and machine learning can identify threats by type, such as ransomware or phishing attempts, whether it's a known malware or not. They can also identify errant behavior by users, for example if a person who works 9-5 becomes active at 3 am, or starts trying to access systems and data they don't normally or don't have the the appropriate privileges for. This could be indicative of a successful hack or an insider threat and can be investigated by the appropriate members of the IT team.
Most modern enterprise security software offers AI and machine learning capabilities, although what you choose to adopt will depend on the skills already present in your business. If there's no one who knows how to investigate and remedy potential and actual hacks, you will need to train someone up in this area in order to use the software effectively.
Note: New updates related to information
security keep
follow: heducationservices.blogspot.com
No comments:
Post a Comment