Cyber security is a fast-paced field unlike any other. With 15 potential leaks in a company security network every day, anywhere between 5.000 and 7.000 new software threats emerging on a yearly basis and tens of millions of unique malware programs attacking IT networks a year, the job is only becoming harder and harder. Moreover, a simple misstep from the people responsible for maintaining the appropriate security levels could compromise company assets, hurt revenues, destroy company reputation and cost people jobs. That is precisely why it’s paramount to know how to fight back and which moves you should make.
1) Understand the opponent
Fighting against the intruder into your IT network starts when you understand their motives for doing so. If you know which of your valuable assets they are after, you will form a clear idea of what you need to defend and how to do it. Furthermore, by knowing what they want, you may also be able to predict the methods and techniques they might use in the attack, thus providing yourself with a new layer of protection. Most motives for cyber attack fall into these categories:
- Financial gain
- Resource theft
- Corporate espionage
The WHY after every action that endangers the security of your company’s IT network is another clue in finding the best way to defend it against cyber attacks. Identifying the right one can be of crucial importance.
2) Know the threat
There are several types of malware, each with its own distinctive features and ways it can endanger your IT network and business:
- Virus – Hidden in executable files, undetectable without specialized programs, the virus multiplies until it spreads through the system and shuts it down
- Spyware – A malware used to spy on the target and collect sensitive information about and individual or entire organization without their knowledge
- Adware – Popping up as annoying ads or windows that cannot be closed, not harmful in itself, but can come with other types of malware
- Worm – Usually in existing files like email, they replicate in the system until they corrupt or destroy all files
- Trojan – Disguised as useful programs, Trojans create backdoors for unauthorized access to the infected computers to record sensitive information and use it without the knowledge or consent of the target
- Ransomware – Denies access to files and data to the target until ransom is paid, usually carried out by a Trojan
- Scareware – Simulates warnings from legitimate security programs about a large number of detected problems, but the real malware may be in the suggested solution.
Understanding the categories of malware can help you determine how they got into the system (if they did) and how they can spread further.
3) Protect the data
In over 98% of times, hackers will not steal your data. They will replace it with their own or make you host malicious content, redirect you to a malicious website without your knowledge, and generally, make your life a living hell.
To protect the data stored in your IT network, it needs to be made secure against unauthorized access and modification – through digital cryptography. Some of the techniques it includes are:
- Symmetric encryption
- Asymmetric encryption
- Key distribution and protection.
However, to completely protect data, it also needs to be lawfully collected and used, stored securely and constantly available.
4) Pay attention to mobile
With the number of mobile devices constantly on the rise and currently surpassing the number of users, it’s only logical that mobile threats are also a big cyber security concern. The biggest mobile threats are of the same type as those targeting IT systems, but have different pathogens:
- Mobile malware
- Data or credential theft
- Picture theft
- Phishing attacks
- Unsecured wireless connection.
Knowing the differences between the threats targeting systems and mobile devices is an essential part of the CSO’s job description and can determine their success in maintaining the cyber security defense line uncrossed.
5) Keep cloud secure
Businesses that have their data stored on cloud systems have more difficulties to keep them secure because of these factors:
- Lack of control
- Constant availability on the Internet
- Multiple tenants mean shared services and servers
This all means that CSOs no longer directly control the servers, services and infrastructure used to store company data in the cloud. That’s the responsibility of the cloud vendor’s cyber security team – and you have to trust that they will do their jobs right. However, with each new tenant, the structure of the cloud network becomes more complex, thus making it that much more hard to secure properly.
6) Check event-logs
Research has shown that the most easily missed security threats were right there in the event logs all along, without anyone having thought of just looking. A good event-log system is a goldmine of information, so setting up one and consulting it regularly can definitely be one of the steps in securing your IT network. Here are the basic steps of event-logging:
- Event-log collection
(You can read how to detect a cyber attack in one of our previous blog posts.)
7) Promptly respond to incidents
An IT network, no matter how secure, is bound to suffer a breach of its defenses at some point. How the company reacts when that happens can result in swift recovery or mean its doom. The moment an attack occurs, the CSO should put into action an incident response plan. Here are its basic elements:
- Respond effectively and quickly
- Limit the damage
- Conduct forensic analysis
- Identify the threat
- Communicate the findings
- Limit future damage
- Learn from experience.
(Take a look at our infographic to see how to respond quickly to cyber attacks.)
8) Educate employees and communicate
Seeing as most cyber security threats are frequently recurring, everyone in the company needs to be aware of the current top threats and ways to fight them. Especially since there are those that can be prevented by educating employees on the dangers of company presence in cyber space and how they can endanger its cyber security. Here is what should be covered in the education program:
- The most significant cyber threats against the company
- Acceptable use of company devices with internet access and accounts
- Security policy
- How to use authentication and what to avoid
- Data protection
- Social engineering awareness
- How and when to report suspicious security behavior.
(You can also take a look at our infographic for 10 tips on making your employees care about cyber security.)