The world of cybersecurity constantly changes, making ongoing education the key to understanding the threats businesses face and how to possibly deal with them.
Cybersecurity is often defined as a set of techniques for protecting an organization’s digital infrastructure – the networks, systems, and applications – from being compromised by attackers and other threat actors. Cybersecurity is comprised of the efforts to design, implement, and maintain security for any organization network which is connected to the Internet.
Cybersecurity is made up of the technology, people, and processes which create strategies to protect sensitive data, ensure business continuity, and safeguard against financial loss.
To understand what cybersecurity entails, it is important to have a basic understanding of the relevant terminology.
Starting with a few that are frequently misused, here are some cybersecurity terms to add to your business vocabulary.
Data are the bits and bytes. When multiple bits and bytes are combined, they make up information. Knowledge is required to turn information into action.
A threat is the possibility that something bad that might happen, while a risk includes the probability of the bad thing happening and the possible result.
Risk Management is the process of responding to the possibility that something bad might happen. Traditionally, there are four options for managing risk in the business: accept it, transfer it to someone else, avoid it altogether, or mitigate it (reduce the severity). To manage cybersecurity risk, many businesses establish requirements or controls to identify activities, processes, practices, or capabilities an organization may have. Controls may or may not be mandatory, but requirements generally are.
Information Security, or Information Assurance, is the protection of facts, news, knowledge, or data in any form. Information Assurance is an important aspect of preserving business resources and is often combined with cybersecurity, although it isn’t squarely in that area. Where cyber addresses digital, information security must also address non-digital such as paper, human knowledge or memorized, stone tablets, pictures, and signals or whatever.
Authentication is the process of proving an individual is who they say they are (claiming an identity and then proving it), whereas authorization is the use of access controls to determines and enforces what authenticated users are permitted to do within a computer system. Access Controls are the means and mechanisms of managing access to and use of resources by users.
Audits, in cybersecurity, are usually performed after a security incident. In general, an audit is an official inspection of some type. An assessment is often more like a health check for gauging capability or status. Audits may be performed internally or by outside entities. Compliance is meeting a requirement, whether internal or external. Sometimes these are regulatory requirements where a certification or attestation of some type is shown. Both audits and assessments may be required to be compliant with certain standards or designations.
A cyberattack is any attempt to violate the security perimeter of a logical environment. This could be a single computer system, a local or wide-area network, a cloud server, etc. – whatever is within your “perimeter” and is interconnected with your systems, regardless of location in the physical world. Cyberespionage, on the other hand, is the unlawful and unethical act of violating the privacy and security of an organization for the purposes of leaking data or disclosing internal, confidential, or private information.
And then there’s malware (malicious software), which includes any code that is written for the specific purpose of causing harm, disclosing information or in some other way violating the security or stability of a system. The malware category includes lots of different types of terrible and potentially damaging programs including virus, worm, Trojan horse, logic bomb, backdoor, Remote Access Trojan (RAT), rootkit, ransomware, and spyware/adware and more.
To better-secure your systems, multi-factor or two-factor authentication is suggested. Multi-(multiple) factor and two-factor authentication are a means of verifying a “claimed” identity using two or more types of proof (authentication factors). The password is typically the initial proof provided, and the other factor/method might be SMS to your phone or possibly an authenticator app.
For example: You claim that the email address is your identity, and you verify that by entering your password. That is one “factor” that proves your identity. But if your password gets hacked or revealed, it would be good to have another layer of protection on that login. Two is better than one in this case; MFA (multi-factor) and 2FA (two-factor) authentication is considered stronger than any single factor authentication and requires another method (factor) of identification to prove your identity.
Finally, there are zombies. Yes, Zombies. This is a term that relates to the concept of a malicious network of “bots” (a botnet). Botnets are made up of poor, innocent computers that are compromised by malicious code so that they can run remote control or other agents. The agents give the attackers the ability to use the system’s resources to do nefarious things, like perform illicit or criminal actions. The zombie can be the system that hosts the malware agent of the botnet, or it could be the malware agent itself. Either way, zombies are bad.
Security is an essential consideration for every business, and the Internet and the interconnected design of today’s technology has made things so much more complicated. The most important thing is to be aware of the threat and how that landscape is changing, and to educate team members so that everyone in the company participates in keeping the system, and the business, protected.