10 ways that cyber specialists keep us safe
Online security breaches are increasingly hitting the headlines, and businesses all over the world are trying to fight the onslaught of ransomware attacks and phishing scams. A recent example would be a hack on KP Snacks that threatened delivery of crisps, nuts, and other snacks unless the ransom demands were met. But this is just one of more than 30,000 data breaches and hacks worldwide.
As threats continue to rise, the industry is also beginning to tackle the global deficit of cybersecurity professionals needed to protect everyone against the rising levels of cybercrime. With a high demand for unfilled vacancies and an average salary of £70,000, it has never been a better time to become a cyber security professional. But where do you begin?
The good news is that a wide range of accredited cyber security courses will put you on the right path to becoming a fully fledged cyber security analyst, ethical hacker, or penetration tester. However, before you begin your journey, we recommend exploring the following ten ways cyber specialists keep us safer in this beginner’s guide to cyber security.
Two-Factor Authentication (2FA) and Multi-Factor Authentication (MFA)
Companies must ensure that either two-factor authentication (2FA) or multi-factor authentication (MFA) capabilities are used to secure everything from network and remote access to email and web-based applications. An increasing concern around using SMS 2FA means that the safest option is to use a hardware token or mobile app to grant users access to their workspace.
A high turnover of staff and an overreliance on short-term contractors are often responsible for IT teams struggling to keep up with the pace of closing old accounts. It is crucial to remember that an attack on the Colonial Pipeline was made possible by accessing an inactive account without MFA. This oversight resulted in closing a 5,500-mile natural gas pipeline for five days and 10,000 gas stations running out of fuel.
Cybersecurity specialists insist that every employee uses 2FA because this double authentication method increases the protection of company data and makes it much harder for hackers. They will also work with stakeholders to ensure that every employee has role-based access control (RBAC) to help restrict system access to authorised users.
The best tools for cyber security
The world of cybersecurity is a constant game of cat and mouse against the bad actors looking for weak entry points and poor cyber hygiene. Network security auditing will play a critical role in auditing every IT asset and policy. Regular audits will help expose any potential vulnerability across an organisation when a proactive approach to cybersecurity is table stakes.
The SolarWinds Network Configuration Manager is a popular network security auditing tool that comes with configuration management and vulnerability scanning along with reporting features and real-time alerts. In addition, it provides much-needed visibility into user activity or suspicious activity around changes to files and folders, which helps minimise the impact of insider threats.
Nessus is another excellent example of a solution that cybersecurity teams have trusted for over a decade by highlighting vulnerabilities across a corporate network. Elsewhere, Wireshark is a trusted tool that enables analysts to capture network traffic and perform in-depth analysis and works seamlessly alongside other solutions to provide a more holistic view of potential vulnerabilities.
With most enterprises having hundreds of applications, tools such as Zed Attack Proxy (ZAP) provide an invaluable web application vulnerability scanner that acts as a proxy between the web browsers of users and the cloud web applications they work from in and outside of the office. Ultimately, every cybersecurity analyst will have an extensive toolkit to help them scan and monitor for threats while also removing any vulnerabilities along the way.
Securing the cloud
AWS, Microsoft Azure, and Google Cloud remain the largest cloud computing providers. The original purpose of cloud computing was to increase resilience against natural disasters and power failures by ensuring critical data was backed up, protected, and available from multiple safe and secure locations. But in the post-pandemic age, the cloud also provides flexibility to work from anywhere in a remote and hybrid working world.
Securing the cloud can be complicated. For example, in a public cloud, the provider will take responsibility for securing the corporate infrastructure. However, the private cloud model is slightly different and offers more control and visibility around suspicious behaviour with monitoring tools that can help identify detect insider threats or compromised accounts.
However, hybrid clouds are rising in popularity by combining on-premise data centres, public and private clouds. This approach requires a single security framework and a standard set of controls across the hybrid environment. The cybersecurity team’s responsibilities include identifying and securing every integration point between all environments.
Identity management and password policy
The introduction of password policies and identity management has often been deemed an inconvenience by employees and customers. But when qwerty and 123456 remain the most used passwords online, a password policy will essentially ensure that everyone has unique login credentials. In addition, cyber security analysts will also be monitoring users to ensure they do not leave passwords written on sticky notes on monitor screens or share details with colleagues.
There is no avoiding that every attacker will have several tricks up their sleeves to access their target. Many users also fall into the trap of clicking on a phishing link that tricks them into installing a keylogger that enables them to intercept passwords as they enter it into a device. Therefore, most IT teams will use a credential monitoring service to ensure that every employee adheres to the password policy, which prevents users from reusing their credentials or violating the policy when attempting to access the network or critical applications.
There have been countless examples of what happens when an executive leaves their smartphone on a train. In addition, it’s easy to forget how much highly confidential information we carry with us on devices that are shrinking in size. For these reasons alone, cybersecurity teams will be the driving force behind ensuring that every smartphone and laptop is encrypted to protect business-critical data.
By encrypting entire hard drives or devices, only authorised individuals can gain access through their secure password, PIN, or a biometric login. For remote workers, VPNs, RD gateways, and HTTPS technologies can all keep the connection secure while also ensuring encryption of all data in transit.
Since implementing the GDPR data protection regulation, every business must take data security seriously. In addition, authorities can now impose fines of up to up to €20 million, or 4 percent of worldwide turnover for the preceding financial year—whichever is higher. Amazon’s penalty for a data breach was €746 million, highlighting how data could quickly go from being an organisation’s biggest asset to the most significant liability.
With an increase in ransomware attacks preventing businesses from accessing their data, there must be offline backup copies of all critical data in an isolated location. Additionally, every stage of the data lifecycle from in transit, at rest, and when reaching its end of life must be always protected from unauthorised access, modification, or deletion.
Cryptographic algorithms can also play a vital role in protecting corporate data, especially when combined with tools that automatically log access to data and monitor for suspicious activity and any attempt to bulk export data.
The days where IT provided a new employee with a computer, monitor, mouse, and keyboard are now a distant memory. Instead, there are now many assets inside every organisation that can be difficult to keep track of. But cyber security professionals are challenged with identifying every asset to ensure that it’s running the latest software patches while also planning for upgrades and replacements.
If asset management goes unchecked, technical debt from legacy solutions will quickly impact a business’ bottom line and, most importantly, open it up to even more vulnerabilities. For these reasons alone, cybersecurity teams will want to work closely with asset managers to identify the level of risk across the ever-increasing list of assets across the business.
Cyber risk management
What technology, services, and applications are critical to the day-to-day running of your business? What would close the shutters of your office and prevent you from achieving your objectives? Before you can effectively protect your business from cyber attacks, you will need to understand where you are most at risk.
It could be your supply chain, reliance on third-party and cloud services, or access to customer data. Cyber security professionals instinctively know everywhere employees and customers will interact with your systems, networks, applications, and services. As a result, they will be armed with a vast selection of tools, frameworks, industry standards, and recommended controls that are right for that organisation.
By understanding the risks they face, cybersecurity teams can explore how to manage them. This will include a process that helps them identify, analyse, assess, and prioritise risks to make decisions on the best way forward. Analysts will also work closely with business stakeholders to help communicate cyber risk management and continually improve the iterative risk management process.
Detect and investigate threats
When a business or brand first hears about an attack from its employees or customers, they are already too late. Traditionally IT teams had a reputation for having a reactive mindset where they only discovered things were broken or insufficient when an incident was reported. Thankfully, proactive logging and monitoring have changed everything, and cybersecurity professionals know precisely how systems are used.
Now that it’s easier to detect unusual events and prevent a security incident before it happens, they can respond accordingly to minimise the impact before a user raises a call with the support desk. In addition, developing a tried and tested incident response plan allows teams to detect and investigate threats which helps them succeed in being one step ahead of attackers.
Education and training: not the beginners guide to cyber security
Employees are often accused of being the weakest link in security. But pointing the finger of blame at someone outside of IT for clicking on a phishing link or downloading an attachment that looked like an invoice is not going to help anyone. Maybe we need to accept that team’s dependent on technology need more help than a yearly compliance course, where they select next for 30 minutes.
Modern cybersecurity teams build effective dialogue with employees and run security awareness campaigns to create a positive cyber security culture. By moving away from a blame culture, every security incident can be treated as an opportunity for self-improvement across an organisation where security is considered everyone’s business.
There are many ways that cyber security specialists help keep everyone safe. It’s an exciting and meaningful career with excellent scope for progression. If you’d like further insight, you can read how one of our shining stars, Zack Gibbons, went from salesperson to Global IT security officer with world class education, guidance, and support from Learning People.
If you’re considering a new or enhanced exciting career in cybersecurity where there is a high demand for unfilled vacancies and an average salary of £70,000? Please get in touch with our team of cyber and IT specialists who will guide you on the best path for you and your unique journey in cybersecurity.