Between phishing and ransomware, threats are always lurking and show no signs of abating. Cybersecurity presupposes resources, technologies, and people that enable the company to mitigate the risk of attack. Here are some suggestions for tackling the topic with an appropriate approach. Companies and people today must recognize the adoption of adequate cybersecurity tools.
The exponential increase in cyber attacks, detected every year, for example, by Clusit (Italian Association for IT Security), does not only represent an attack on the sphere of privacy but, in the case of companies, constitutes a real threat to company assets and to the business itself. This is why organizations must implement a strategy with a robust, proactive component that aims to prevent cyber attacks and cyber incidents. The ability to react more quickly and mitigate the effects of an attack if it occurs will also depend on this strategy.
Although cybersecurity has become a buzzword in recent years, following some sensational violations reported by the general media, its beginnings can be traced back to the early seventies. In this scenario, the attack techniques are different, with a taxonomy that can vary depending on the analysis criteria.
Plus, it has identified eight macro categories, at the top of which malware is positioned and was responsible for 41% of the attacks that occurred last year. In turn, the macro-categories are divided into 59 subcategories, indicating that cybersecurity has now become an area in which there is no more extended room for improvisation.
Among the possible categorizations of cyber attacks, Gartner offers a summary scheme of the most common ones.
Attackers trick users with fictitious login credentials, pushing them to perform actions that open the door for them to transfer information and data outside ( Data Exfiltration ).
These threats concern the inability of companies, partners, and suppliers to protect Cloud services or other Internet services adequately, such as, for example, lack of configuration management.
Unauthorized users use software or other hacking techniques to identify common, default passwords to access sensitive systems, data, or resources.
Authorized users inadvertently or deliberately leak information to which they have legitimate access, paving the way for its misuse.
They occur when attackers intercept unsecured network traffic, redirecting it or interrupting it due to failure to encrypt messages inside and outside an organization’s firewall.
They are those in which partners, suppliers, or third-party software are compromised, thus becoming a vector for attacking or exfiltrating information from company systems.
Attackers overload corporate systems, causing a temporary shutdown or slowdown. DDoS (Distributed DoS) attacks also aim to achieve the same goal but with the help of a network of devices.
It is malware that infects an organization’s equipment and limits access to data until a ransom is paid to the attacker. It is often paired with the threat of leaking or reselling your data on the Dark Web if you don’t pay the ransom.
In light of the above, how do you build a cybersecurity strategy for your company, taking into account five essential factors?
What are the categories of cyber threats to which we are most exposed today? Among those mentioned by Gartner, are there some that can damage the company in particular because its situation lends itself to greater vulnerability? For example, widespread Smart Working could expose you to phishing, just as a lack of endpoint control could facilitate the entry of malware. This is a constantly updated panorama for which we must be prepared.
Risk awareness must go hand in hand with an objective assessment of one’s cybersecurity maturity. There are some tools in this regard, such as the framework of the US agency NIST (National Institute of Standards and Technology), which allow you to take a snapshot of the actual situation. Their use can help the company know what level of protection is guaranteed by the policies, systems, and technologies currently in use.
The two previous activities serve to determine how to achieve strategic objectives through dedicated resources and tools. They are also the foundation on which IT must involve the company’s top management to direct investments in strengthening internal skills, in the involvement of external partners, or the mix of the two solutions.
All actions relating to cybersecurity must be carefully documented through Risk Assessment assessments, plans, policies, guidelines, and procedures, which, on the one hand, describe in detail their correspondence with the objectives that are intended to be achieved and, on the other, identify the various responsibility profiles. And since cybersecurity concerns all the people who work in the company, training must be considered an integral part of the strategy.
The development and implementation of a cybersecurity strategy is an ongoing process that must be reviewed periodically through internal and external audits, tests, and exercises that simulate what would happen in truly critical circumstances. As threats change, countermeasures must also change. Otherwise, an obsolete cybersecurity model would make the efforts made up to that point to secure company data and systems in vain.
For an effective cybersecurity strategy, its supervision should be the prerogative of an ad hoc figure such as that of the CISO (Chief Information Security Officer). The CISO should be distinct from the DPO (Data Protection Officer), the profile envisaged in the GDPR in some cases as a mandatory subject for the company to comply with the European privacy regulation. Unlike the DPO, in fact, the CISO does not supervise so many compliance requirements but carries out tasks ranging from the assessment of security and cyber risk to the definition of policies for the entire company.
The latest edition of the Cybersecurity & Data Protection Observatory of the Polytechnic of Milan, in addition to having recorded a 13% increase in the Italian cybersecurity market in 2023, also highlighted the growth in the formal presence of the CISO, with almost half (46 %) of companies that now use it. A sign of an interest in cybersecurity issues that is also gaining ground among Italian companies, even though our country’s spending is still the lowest within the G7.
A cybersecurity strategy obviously must recognize a series of activities and technologies that include network, endpoint, application, and data security. Which must be associated with identity and access management, as well as a Zero Trust architecture that replaces the so-called “implicit trust.”
The latter is based on the assumption that since a user is within the company perimeter, then there is certainty about his identity. The Zero Trust approach, on the other hand, is based on repeated multifactor authentication, regardless of where the user is located. However, there is no safe technology that can ignore a cybersecurity culture in which employees are first sensitized to behave in line with the mitigation of IT risk.
Even if what John Chambers, former CEO of Cisco, said at the time was true (“There are just two sorts of organizations: those that have been hacked and those that haven’t understood it yet”), this doesn’t imply that we can abandon a successful procedure for forestalling digital assaults. An arrangement at the focal point of which, along with innovations, abilities, and individuals, should be set.
Also Read: Social Networking & Economy: New Cultural Approach Is Needed
Cybersecurity is one of companies' top priorities. Defending your network from external attacks is an…
What Marketing Intelligence is, the way to make it happen and why it is critical…
The third generation of the Apple Pencil should be available shortly. Here's what we know…
ChatGPT is a definitive artificial consciousness-based language model that OpenAI planned. It is a chatbot…
The emergence of the latest technologies and artificial intelligence, the acceleration of digitalization, and the…
Social networks are essential in professional and personal life, even more so in the current…