Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorised access. Thus security includes both cybersecurity and physical security.
New software vulnerabilities are found daily, web application attacks leave websites vulnerable and viruses become increasingly silent and stealthy. As cybercrime rises exponentially and cybercriminals find new ways to gain unlawful access into corporate infrastructures, organisations are often at a loss at what to do.
Ensuring cybersecurity requires coordinated efforts throughout an information system. Elements of cybersecurity include:
- Application security
- Information security
- Network security
- Disaster recovery / business continuity planning
- Operational security
- End-user education
Often, the simplest things such as weak passwords and uneducated staff can be the cause of an entire company infrastructure being compromised.
Cost is one of the main reasons organisations put off addressing cybersecurity threats. There is also the mistaken belief by organisations that they are unlikely to be hit by a cyber-attack.
By being better informed, organisations can ensure they have the most appropriate cybersecurity policies in place. The IT department of any organisation is a good place to start to get a basic understanding of its overall cybersecurity posture.
The IT department should be able to provide details on controls, ports, services, firewall rules and device configurations. They should monitor network health, and continuously improve security by hardening configurations and using best practice.
IT departments should also be able to provide details about how the network is sub-netted or segmented, thus ensuring staff have access only to the areas appropriate for their roles, in turn minimising the attack surface if the staff member’s computer is compromised. Segmenting a network can slow attackers down, making it more difficult for them to access protected areas.
Organisations should consider limiting access to dangerous sites and services, using firewalls with content filters and threat management gateways. Employing intrusion detection systems and the like. Organisations should also look at contingency plans for when things go wrong. This should include testing the integrity of data if a compromise is detected or suspected. Perform regular restore tests and disaster recovery tests. There should be a framework or policies and incident plans in place dictating steps and action to be taken in the event of a disaster.
IT departments should have a clear understanding at what point they would need to call for outside help, in the event of a disaster. It is also a good idea to establish a relationship with a professional service provider who has expertise in cybersecurity.
It is important to carry out investigations after every incident to understand the threat, to figure out which vulnerability was exploited and resolve these issues in order to prevent any future attacks.
Another area for organisations to look at is how updates and upgrades to IT infrastructure are conducted and to ensure that hardware and software upgrades are in sync, so that the hardware supports the latest software.
Organisations have to consider the human factor in security. This means requiring passwords to be changed regularly to ensure only authorised and current personnel have access to systems, and continually educating and reminding staff about cybersecurity. Proper processes in place, ensuring that if staff members leave the employ, that their credentials are revoked and services disabled.
Many organisations overlook & ignore the fundamentals or “the basics” of cybersecurity. Organisations should commit to a strategy and adopt a cybersecurity framework to help them more effectively understand their current level of maturity and what the desired state should be. A framework should help an organisation identify key assets, how those assets are going to be protected and monitored, and how they would respond and recover should a breach occur.
It is no longer sufficient for organisations to protect only themselves. They also have to actively monitor and manage the security risks of those of 3rd party vendors.
Technical controls should be put in place to neutralise some of these attacks (such as multi-factor authentication against password theft); however, technical controls are not sufficient. Organisations need to educate employees on the risks and how to respond. Humans make mistakes and will click on links and fall victim to attacks. A combination of technical controls and trained employees may be able to more rapidly identify issues and respond in order to limit the damage. Employees should learn about potential threats and how to report suspicious activity within the company.
Cybercrime is on the rise and infrastructure and network teams will continue to be challenged. Organisations will be much better positioned by taking these steps going forward.
RSM South Africa has the expertise and knowledge to advise and assist you on how to manage cybersecurity threats and assist with Threat & Risk Assessments, including attack & penetration testing and vulnerability assessments.
Senior Manager | IT Consulting, Johannesburg