Cyber Security refers to the security concepts that are applicable across computing devices and networks, be it private, public or hybrid networks. These concepts aim at bringing about protection of network systems and data from unintended or unauthorized access, many of which threaten to cripple or destroy robust information systems. In today’s global economy with interconnected systems, Cyber Security is a critical issue for businesses, since vulnerability in one system can open the doors for various modes of threats across multiple interconnected systems.
Organizations across the globe - Governments, Businesses, Financial institutions, Research and Development organizations and even individuals store sensitive and confidential data in individual servers or secure online spaces. Further, this data is constantly being transmitted across multiple systems while carrying out transactions. Availability of such information in the wrong hands can lead to severe consequences. Cyber security aims at preventing the misuse of data by ensuring that data remains within secure confines.
Top government officials rank cyber-attacks and digital spying as one of key threats to national security. There have also been reports on hacking of the websites and servers of well-established organizations. The financial implications of such security breaches have been heavy and often cripples organizations. A fully structured approach to cyber security not only prevents organizations from falling victim to security breaches but also ensures peace of mind for the organization and its customers.
What is not known cannot be protected. This saying is all the more prominent for cyber security. Leading research shows that 65% do not have the ability to detect data breaches within minutes, 20% can detect a breach in a day, 5 % could detect it may be within a week5. Detection of vulnerabilities is the first and foremost step in understanding the cyber security program that can be implemented in an organization.
The starting point of a cyber-security program is the installation of a network monitoring system that can enhance data protection, and improve monitoring and analyse tool performance. Multi-level protection for information infrastructure can be adopted depending on the vulnerability level of the organization. Password management can be implemented for cases with password vulnerability, physical security can be implemented for cases with physical access management issues and so on.
The most robust security management system would be to have multi-level access management for the network and the computers on it, proper firewall management, prompt access management for remote access and ensuring that the remote access process does not use an open protocol and weak passwords. Vigorous configuration management system, which ensures that all the security updates are applied properly, is paramount. Access to critical system components should be monitored and log information regularly collected and evaluated on an ongoing basis.
Many tools and technologies are used to mitigate cyber risk, the selection of the appropriate tool depends on the requirement of the organization. Some of the commonly used mitigation modes include network based mitigation, host based mitigation, advanced SIEM solutions and using Network traffic visibility.
Network based mitigation aimed at installing Next generation of IDS/IPS/Firewall with the ability to track application level traffic, heuristics based detection capabilities along with signature based detection techniques. These solutions shall be able to build a better visibility by doing a deep packet inspection and establish correlation across the various types of traffic.
Host based mitigation techniques which enhances the detection and prevention capabilities of Anti-virus solution today. Usage of additional solutions to track and monitor unauthorized file and registry changes, host-based firewall and intrusion detection solutions which can detect any unauthorized changes on the systems.
Advanced SIEM Solution aimed at looking at the audit information from all systems across the enterprise to provide rich contextualization and correlation capabilities to detect threats. The SIEM shall be capable to intake and analyses huge amounts of data ( including structured and unstructured) to establish better visibility and context for various events.
Network traffic visibility. "A 100% network visibility technique" that allows the administrator to listen into all the and all other zones on the network landscape network traffic i.e. between switches, routers and all other zones on the network landscape. These uses network TAPs which are non-obtrusive, are not detectable on the network (having no physical or logical address), can deal with multiple types of traffic and protocols in terms of anomaly detection, pattern detection and session re-creation.