We are in a time where businesses have undergone radical change as a result of COVID-19 and digital transformation is occurring at an unprecedented rate. In a recent IBM article, 96% of business leaders stated they will accelerate their digital transformation by an average of 5.3 years! They are looking to decrease operating costs (70%); decrease inventory costs (50%) and increase revenue (20%).
At the same time, as businesses accelerate their move to the Cloud, they are under greater risk of attack than ever before from bad actors of all hues – organized cybercrime, state actors, insiders, and more…
As digital transformation has progressed, already complex cybersecurity defenses have become even more fragmented and elaborate, making an adequate security posture more and more difficult to maintain. And failure has serious consequences – from IP theft and the data being sold to the highest bidder (usually your arch competitor), to ransomware that can take your business offline and tatter your hard-won customer data guardian reputation.
The cybercrime landscape is continually evolving, and bad actors go after any type of organization, so in order to protect your data, money, and reputation, it's critical that you gain real-time visibility of all of your data assets all of the time. But before you can start developing an adequate security program for your organization, you must understand the different types of security and how they all work together.
What is Information Security?
Information security (also known as InfoSec) ensures that both physical and digital data is protected from unauthorized access, use, disclosure, disruption, modification, inspection, recording, or destruction. Information security differs from cybersecurity in that InfoSec aims to keep data in any form secure, whereas cybersecurity protects only digital data. If your business is starting to develop a security program, information security is where you should begin, as it is the foundation for data security.
When you're creating your information security program, you'll want to start with having the proper governance structure in place. Governance is the framework established to ensure that the security strategies align with your business objective and goals. Governance bridges the gap between business and information security, so the teams can efficiently work together. Many excellent frameworks are available to work with today and adapt to your business including NIST, BISMM, ISO/IEC 27001 2013 to CIS, and more.
When InfoSec experts are developing policies and procedures for an effective information security program, they often use the CIA triad as a guide.
The components of the CIA triad are:
- Confidentiality: ensures information is inaccessible to unauthorized people and is most commonly enforced through IAM/zero trust, MFA, and data encryption – to name a few of the technical approaches.
- Integrity: protects information and systems from being modified by unauthorized people; ensures the data is accurate and trustworthy. Tools to help with this also exist to ensure such modifications are difficult to achieve.
- Availability: ensures that only authorized people can access the data appropriately and when needed, and that all hardware and software are maintained properly and updated when necessary.
The CIA triad has become a useful starting place to look at your data security to then help you build a vigorous set of security people, process and technology controls to preserve and protect your data.
What is Cybersecurity?
Cybersecurity, a subset of information security, is the practice of defending your organization's cloud, networks, computers, and data from unauthorized digital access, attack, or damage by implementing various defense processes, technologies, and practices. With the countless sophisticated threat actors targeting all types of organizations, it's critical that your IT infrastructure is secured at all times to prevent a full-scale attack on your clouds, networks, or endpoints and risk exposing your company to fines, data losses, and damage to reputation.
When cyber threat actors target your organization, they research not only your business, but your employees as well. They know that employees outside of IT security aren't as aware of cyber threats, so they execute cyberattacks that exploit human vulnerabilities. Through the process of social engineering, threat actors manipulate people into giving them access to sensitive information.
Some of the most current social engineering attacks include:
In the form of email, phone or SMS chats, where the threat actors start the process of gathering data, often credentials, to let them start compromising your network.
- MitM (Man-in-the-Middle) Phish Kits:
Today, in 2022, sophisticated reverse proxy attack phish kits are emerging that are designed to bypass the 2FA (2-factor authentication) and MFA (Multi-Factor Authentication) that is now standard security practice and steal tokens so they may bypass that security layer. This is a particularly difficult attack for defenders to tackle.
When a threat actor impersonates an authority figure or someone that the target would easily trust to get the person to do something they normally wouldn't.
When threat actors leave a malware-infected device, such as a USB or CD, in a place where it can be easily found by someone, who would then use the infected device on their computer and accidentally install the malware, giving the threat actors access to the target's system
- Quid Pro Quo:
When a threat actor requests personal information in exchange for some form of reward, e.g., money, free gift, or a free service
The 2021 Verizon Data Breach Information Report found that 85% of the successful breaches reported originated from phishing and pretexting and a very small percentage of other human errors. As a business leader, it is your responsibility to build a culture of cybersecurity awareness and fill in the gaps in your team's cybersecurity knowledge and understanding.
In these times it's essential that your workforce be informed of cybersecurity risks, so it's less likely for an employee to fall victim to a scam or sophisticated phishing attack. Providing your employees with the continuous security awareness training necessary is not difficult or expensive (in either technology or time). Rather than just paying ‘lip service' through ineffective sporadic involvement, education on a continuous basis brings great results in strengthening an organization's human firewall and effectively mitigating the results of a cyberattack targeting personnel both at home and in the office.
What are Cloud and Network Security?
For most organizations, digital transformation is in progress, meaning they still have both a traditional network as well as newly transformed cloud-based workload to secure. This situation is known as Hybrid Cloud.
Both Cloud and Network security aim to protect any data and ensure that the information is not changed or intercepted. The role of both cloud and network security is to protect the organization's IT infrastructure from all types of cyber threats, including:
- Insider attacks
- Malware like viruses, worms, and Trojans
- Zero-day attacks
- Tradecraft attacks that bypass normal technical controls
- Denial of service attacks
- And more…
The security implications and responsibilities also vary according to what Cloud transformation is being used. IaaS (Infrastructure as a Service) demands a different approach than PaaS (Platform as a Service), which in turn stipulates a more demanding approach than SaaS (Software as a Service), which places most of the security burden upon the service provider.
When considering the defenses suitable for both Cloud and Network security, many controls are the same, but the Cloud demands you take on board other factors.
The CSA (Cloud Security Alliance) is a useful source of information on cloud security and they publish a very useful Cloud Controls Matrix (CCM) that provides a cybersecurity control framework for cloud computing. It offers 197 Control Objectives that are structured into 17 domains covering all key aspects of cloud technology. It is designed as a way of systematically assessing cloud implementations and gives guidance on which security controls should be implemented by which party within the cloud supply chain.
Responding to today's threat landscape
With the sophistication of today's attacks and the inability of endpoint security to detect threats early enough, (It's estimated endpoint security, including EDR – Endpoint Detection & Response – only sees and detects 14% of attacks early enough.) it is essential to adopt a more holistic and integrated approach to Network, Cloud, and Endpoint security.
This pressure is exacerbated by all the new security controls adopted to effectively cover cloud, network, and endpoints within a highly distributed data infrastructure. This has introduced a high complexity to the IT Security stack, one that is outpacing security teams' skills, expertise, and time to manage each element in an integrated and effective way.
What's needed is an approach that cost-effectively integrates and ties all your security technology investments, processes, and procedures together for network, cloud, and endpoints. A solution that delivers early warning of potential threats and attacks and allows you to respond at speed (often automatically using the deep visibility provided by your data), without false positives or negatives, to stop those attacks before they cause an incident.
Given no security is 100% all of the time, you also need incident response capabilities, so if your data is compromised you can contain the threat as quickly as possible and minimize the damage the bad actor will inflict.
The approach that is helping organizations be nimble and able to achieve this IT Security agility across their infrastructure is XDR (Extended Detection & Response). XDR manages IT Security insight in a very different way than other security integration tools. Firstly, it has been designed to continuously monitor and detect threats from the telemetry data provided by its agents and the agents, clients, and logs of a wide range of security and other applications.
Unlike retroactive Security Incident Management and Security Incident and Event Management that are exhaustive and often retrospective responses to attacks, XDR is designed to detect and stop those incidents immediately using security analytics engines and external threat intelligence data combined with machine learning.
XDR also includes the abilities of a SOAR tool (Security Orchestration and Response) to maximize the automation of responses and provide 24x7x365 continuous security operations, even when security staff are not present.
Apart from being available as software, XDR is also offered as a managed service, Managed XDR, so organizations can outsource much of the mundane work their security analysts perform and turn their skills to accelerating digital transformation and their security strategy.
One thing is for certain: bad actors are not going away, and every business with data that needs to be used and protected needs to elevate their security game continuously to ward off the impacts of today's threat landscape.
Hopefully this blog has pointed out some key areas to look into as you evolve your business security to meet today's data security challenges.