Blog

4 Most Common Types of Cybersecurity Threats

There’s every indication that the pandemic is changing the nature of cybersecurity. Online threats are evolving to match our new remote-work paradigm, with 91% of businesses reporting an increase in cyberattacks during the coronavirus outbreak. 

Hackers are getting more and more sophisticated and targeted in their attacks. Many of these cyber threats have been around for a while, but they are becoming harder for the average user to detect. Beware of these four common types of cyber threats – and learn what you can do to prevent them. 

 

Advanced phishing attacks

Phishing takes place when a hacker tricks an individual into handing over information or exposing sensitive data using a link (with hidden malware) or a false email. These types of security threats are quite common, but in recent months they are becoming even more advanced. 

Microsoft’s recent survey of business leaders in four countries found that phishing threats are currently the biggest risk to security. Since March, 90% of those polled said that phishing attacks have impacted their organization, and 28% admitted that attackers had successfully phished their users. Recently, phishing emails have targeted enterprises to capture personal data and financial information using one of the following tactics: 

Posing as a provider of information about COVID-19 vaccines, PPE, and other health and sanitation supplies

Creating false “portals” for business owners to apply for government assistance and stimulus funds during the economic shutdown

Using download links for platforms and tools that help remote teams communicate, such as video conferencing 

Posing as “critical update” downloads for enterprise collaboration solutions, such as Microsoft OneDrive, and social media applications

Targeting IT service providers that ask for payment in order to provide tech support. 

Phishing is so effective because it can be very hard to recognize and targets individual people, rather than IT vulnerabilities. Yet, they are still ways to lower your risk of phishing. 

How to prevent phishing: The best chance to prevent phishing attacks is to educate your teams on what to look for in a phishing message. Poor spelling and grammar, as well as an email address that doesn’t match the user, are telling signs of a phishing message. If an offer seems too good to be true, it is a good sign you’re being scammed.  In addition to user education, you can add multi-factor authentication and other interventions to stop phishing messages from getting through. “Spam filters with sandboxing and DNS filtering are also essential security layers because they keep malicious emails from entering the network, and protect the user if they fall for the phishing attempt and end up clicking on a malicious hyperlink,” said one security expert told ZDNet.

 

Ransomware

Ransomware is a type of security threat that encrypts a victim’s files so they can’t access their information. The hacker then asks for a ransom – usually payment – to restore access and decrypt the user’s data. 

Perhaps the most notorious recent example of a ransomware attack is that of Garmin. In July, Garmin – a navigation and fitness wearables company – was hit by a ransomware attack that downed service for virtually every Garmin customer.  “Hackers deployed the ransomware tool WastedLocker, which encrypts key data on a company’s digital infrastructure,” reported Cyber Security Hub. “In the case of Garmin, website functions, customer support, and user applications were all affected. Unlike typical ransomware software, WastedLocker does not steal identifying information and hold it for ransom. Instead, it renders programs useless until decrypted.” Garmin reportedly paid $10 million for the decryption key to resume services after four days of outages. 

Garmin isn’t alone, however. There’s been a seven-fold increase in ransomware attacks this year targeting companies of all sizes. So, what can your organization do to protect itself?

How to prevent ransomware: First and foremost, it’s important to make sure your security protocols are kept airtight – and apply security patches as quickly as possible to prevent hackers from exploiting vulnerabilities. A tool like Nightfall can make it easier to maintain a strong defense, with AI monitoring your network for any issues. Multi-factor authentication can also prevent hackers from getting too far into your system. And, you should regularly back up your system so if a ransomware attack does happen, you’ll be able to recover some data. 

 

Password-based cyberattacks

A password-based cyberattack is one that targets users who have the same password for multiple sites. Research from the World Economic Forum found that 4 out of 5 global data breaches are caused by weak/stolen passwords. 

There are several different ways a hacker can infiltrate your system using a password-based cyberattack. The most common method is known as a brute force attack. This attack uses a computer program to try to login to a user’s account by trying all possible password combinations, starting with the most common and easiest to guess options – for instance, “1234” or “abcde”.  Sensitive data like passwords, credentials and secrets are in constant danger of exposure, especially as more companies conduct the majority of their business in the cloud. The highly collaborative and always-on nature of cloud services make it hard to enforce good password practices. Therefore, organizations need data loss prevention (DLP) to secure essential data from being exposed. 

How to prevent a password-based attack: make it easy for users and security teams alike to circumvent the risk of password attacks by implementing password-free authentication methods. This is a type of authentication that requires a user to confirm their identity during the login process through a separate channel. This extra step can also protect your workspace in case there’s any account compromised or if a device gets stolen. 

 

IoT and smart medical devices 

The internet of things makes life a lot easier – and also more open to bad actors. Connected devices are an increasingly popular target for cyber threats. In 2019, cyberattacks on IoT devices increased by 300%, according to one report. This includes attacks on everything from laptops and webcams to smart homes (like Google Nest), smart watches, routers, and other home appliances. 

Our personal devices aren’t the only things that are vulnerable. The Software Engineering Institute of Carnegie Mellon University reported, “As more devices are connected to hospital and clinic networks, patient data and information will be increasingly vulnerable. Even more concerning is the risk of remote compromise of a device directly connected to a patient. An attacker could theoretically increase or decrease dosages, send electrical signals to a patient or disable vital sign monitoring.” Healthcare providers must also contend with protecting patient data. As many healthcare providers shift to remote work, they become an attractive target for hackers. Protected health information (PHI) must be kept safe during all cloud-based activities – yet many SaaS providers, including Slack, are not HIPAA-compliant right out of the box.

How to prevent IoT attacks: IoT attacks are sophisticated, and the best ways to protect your devices are to use strong passwords and keep your software up to date. Experts also suggest keeping your devices unlinked from social media.  Along with protecting your devices, look for a DLP partner who can protect your patient data while working on SaaS and IaaS platforms. Check out our coverage of instituting and maintaining HIPAA compliance on Slack and schedule a meeting below to learn more about how tools like Nightfall DLP play a role in keeping PHI safe.

 

This article was originally published at nightfall.ai

Published in Web Applications
Monday, 21 December 2020 21:59

What is Cybersecurity?

What is Cybersecurity?

The security of your Information Technology (IT) network
from end-to-end is cybersecurity.
That’s it?
Yes, but how we do this can get very complicated.
To make this easier, let us take a look at the Confidentiality – Integrity – Availability concept.
  • The CIA Triad
     

    01 Confidentiality

    If you stored your critical, super private information on your IT network, but everyone could see that information, you would agree that your super private information wouldn’t be private very long. You need a way to protect your super private information, or what is called the Confidentiality of your information. Many times, we utilize encryption to protect the Confidentiality of our information on our IT networks.

    02 Integrity

    You have worked very hard and many hours to create a listing of the critical assets of your business. You save this information and return to the listing the next day and find that the information you saved has been changed by someone else. You would not be happy – correct? What changed? How did it change? It will take you more hours and a lot more hard work to figure out what changed. The Integrity, or the accuracy, of your listing has been affected and you are not happy.

    03 Availability

    Picture your IT network that cannot access the internet, cannot talk to anyone or any other computer. Not much good – right? If we eliminate Availability to communicate on the network, the network is almost worthless to us and our business. Having our network communicate to other computers and people is critical; therefore, Availability is super critical to us.
    In Cybersecurity, experts determine how to protect information on IT networks, how to ensure accuracy of the information, and how to provide continuous availability of that information to those who use the information.
     
  • What is Information Security?

     
    imageThe world around us is full of information that we use, understand, and make decisions with. Most of us have paper around our homes and businesses. What kind of paper? Do you receive mail with your name, home address, and possibly other personal information inside? Did you print a document from your Information Technology (IT) network to a printer? If you have these paper documents, then you have information that is not electronically on your IT network.
    It’s important to understand that not all information that we use day-to-day resides on our IT networks. Remember, Cybersecurity protects the data that resides on our electronic, IT networks. Information Security protects all of our information – even that on our IT networks. Those paper documents are protected by Information Security.
     
    Let’s discuss ways that Information Security experts support overall security:
     
    image
    a. Did you open a door, use a key, or meet a security guard when you went to work today? These are all forms of physical security, which is a link to overall Information Security.
    image
    b. Have you seen or heard a fire truck responding to an emergency, maybe a fire? We use fire suppression systems and alerting devices to assist us in protecting ourselves and the information we have within our homes and businesses.
    image
    c. Let’s discuss an area that all of you deal with, but most never considered Information Security - laws, business and corporate policies, industry standards and best practices. How are these information security? Senior leaders create these documents or practices to support our Information Security through reduction of the risk to our facilities, our data, and even our personal safety.
    The next time you go home or to work, take a look around. We live in a world of information – in our personal and professional lives. Those who would do us harm will use our information to obtain access to our world and cause confusion, frustration, and possibly, considerable personal and professional loss. Understanding Information Security through training adds tremendous value to you and your organization.
    image
     
  • Information Security
    VIS-A-VIS Cybersecurity

     
    If you are asking, “What’s the difference, are they not the same?” The simple answer is "No".
    image
    Information Security deals with understanding risks and how we protect our information. Cybersecurity deals with protecting our Information Technology (IT) networks and data within.
    image
     
    Here are two approaches to see the difference between the two:
    A.
    image
    You would agree that the computer at your home or business has a lot of information that you have created and stored within its storage devices – Correct?
    How do we protect this information?
    image
    We will use Cybersecurity to protect the electronic data. That’s good, but how do you keep someone from gaining access to your computer and your electronic data? That’s a very good question.
    image image
    We will use Information Security to protect information within our home or business, provide user training, and ensure the right people have access to our IT networks. Information Security includes Cybersecurity since electronic information is still information.
    Still not convinced you understand? Let’s try another description:
    B.
    image
    Let’s assume that your home or apartment has several rooms – the kitchen, the television room, the bedroom, and maybe a bath. These rooms serve a purpose within the home or apartment.
    image
    Visualize that Information Security is your home or apartment – You have doors, keys, locks, possible alarm systems, and maybe a fire suppression system. You may even have a neighborhood security company that protects the outside of your home.
    image
    Visualize that Cybersecurity is a room in your home or apartment (i.e. the Kitchen). This specialized room supports you by providing a special function within the home.
    You likely agree that if Cybersecurity is a room within the home, and the home is Information Security, then Cybersecurity is a part of Information Security. Information Security protects all information, while Cybersecurity protects the electronic information.
     
  • Types of Cybersecurity

     
    Cybersecurity is a diverse field that covers a wide range of security measures. A neat way to classify these measures is on the basis of what is it that is being secured. Let us take a look at the various categories below.

    Application Security

    We rely on computers and Information Technology (IT) networks to provide us everything from work, social networking, entertainment, and shopping to name a few. You likely know that many of these are provided through software programs (Amazon, Microsoft Office, Computer games) and hardware (laptops, smart phones, Bluetooth speakers). We use these everyday and those who might wish to harm us know that we depend on these.
    So how do we protect ourselves while we use these programs and devices?
    image
    Have you heard of Norton or McAfee Antivirus software? Most likely you have as these are some of the biggest names in both antivirus and computer firewalls. Let’s discuss antivirus programs:
    When you get sick, what does the doctor do for you? Determine what is making you sick and possibly give you medicine? You understand the medicine will make you better. An antivirus program is similar to your doctor – it looks at the illness (virus) trying to infect your computer or IT network system and provides the medicine to prevent the virus from infecting your computer further.
    We stated that Norton and McAfee also provide computer firewalls – you ask, “What is a firewall?” I want you to think of a firewall as a large brick wall that attempts to prevent intruders from gaining access to your building. In a computer or IT network system, we use firewall applications to provide a barrier to those who wish to harm us. What kind of barrier? Not a physical barrier like a visible fence or wall, but an electronic barrier that prevents network intrusions.
    image
    Remember in Cybersecurity, we stated we use encryption to protect our computers and IT networks. How does encryption programs provide that protection? Think of encryption as scrambling information to make it unreadable or extremely difficult to understand. Encryption programs protect our information on computers and IT networks by making that information very hard to read or understand.
     
  • Cloud Security

    It’s amazing that we utilize something called a ‘Cloud’ to support our computers and Information Technology (IT) networks. In fact, we have become extremely dependent upon it. We cannot, however, discuss Cloud Security until we understand what a Cloud is within our computer and IT networks. So, what is a Cloud?
    image
    Just like real clouds in the sky, a computer or IT network cloud is an entity that ‘visibly’ exists in the IT world, but just like real clouds in the sky, you can’t say that there’s a one-size, fits all category for it. A computer or IT network cloud can change shape, size, and characteristics to match the environment desired by those who utilize them. Interesting! It has the ability to adapt and change within seconds to meet your needs – just like a real cloud in the sky can alter its shape based upon its environment.
    image
    We use the cloud (like Amazon Web Services (AWS) or Microsoft Azure) to store and manage our vast array of information. If you have ever used Google Drive, Microsoft OneDrive, or Apple’s iCloud, then you have used the cloud to store your information or data. Cool, huh?
    image
    Cloud Security protects our information in the cloud through applications that:
    image
    1. Identify those who should have access to our information stored in the cloud
    image
    2. Prevent unauthorized use of our information
    image
    3. Protect our information through strong security measures
    The use of the cloud is critical to our everyday personal and professional lives and we rely on cloud security to secure and protect our information.
     
  • Infrastructure Security

    Every day we rely on critical infrastructure to support our lives – traffic lights,hospitals, electricity through the electrical grid. In fact, we cannot imagine a world that does not have these ‘modern’ conveniences.
    image
    Some refer to days without electricity or running water as ‘the stone age.’ Critical infrastructure dates back to the Roman Empire and the aqueduct systems.
    image
     
    Why is critical infrastructure a type of Cybersecurity?
    1. Although critical infrastructure dates back to the Roman Empire, the use of Information Technology (IT) to support and enhance critical infrastructure is much more recent – in the late 1900s. Much like the vulnerability of IT networks to possible attacks, our use of IT to support critical infrastructure makes them vulnerable to attacks.
     
    2. Can you imagine your electric company being attacked through the IT network? What could happen? You could lose your power – how do you like life without electricity? Not good, right? What about your water supply? If attackers stopped the flow of water to your home by shutting down the pumps, how do you take a shower or get a drink of water? You don’t.
     
    3. Infrastructure Security focuses on programs (software applications) and computer devices (hardware) to: a. Identify and detect events taking place in our IT networks that might affect our critical infrastructure systems, and protect those systems with electronic barriers against those who would do them harm.
     
    4. Infrastructure Security supports laws, regulations, and standards that enhance companies and governments ability to adopt methods of limiting the impacts to us if we are attacked:
    a. Backup generators and alternate work locations in the situation our environment becomes unusable (no water or electricity).
    b. Physical security around our critical infrastructure areas like water, electricity, hospitals, and food production.
     
  • Network Security

    image
    Many businesses with even a small number of employees have an Information Technology (IT) network to support its operations.
    image
    Can you imagine the cost of purchasing, installing, and maintaining many copies of Microsoft Office on every computer within your company?
    image
    Many networks have a central repository of common, shared programs (Microsoft Office, Adobe) that allow rapid installation and maintenance.
    image
    Networks also tie our individual IT equipment (computers, laptops, printers, scanners) together allowing quick, efficient deployment of programs and assets.
     
    Now that you know more about a network, it’s time to discuss Network Security. What is it? How does it work? How does it support our cybersecurity effort? All great questions –
    let’s answer them:
    01
    Network Security seeks to protect our internal networks through prevention, detection, and correction of intrusions – I know your question, “What’s an ‘internal’ network?” Many experts state that the ‘External’ network is the Internet – that part of your business network which you don’t have direct control over. If the ‘External’ network is that portion of your business network you don’t have control over, then the ‘Internal’ network is that which you do have direct control over.
    Where’s that ‘Easy’ button!
    image
     
    02
    Network Security uses many types of software and hardware assets to support its function.
    image
    a. Artificial Intelligence and Machine Learning-
    by harnessing the power and speed of the computer (yes, it’s much faster than a human), the network rapidly scans our networks to identify intrusions and bad situations (called anomalies).
    image
    b. Vulnerability Management programs-
    scuba diving at night in the ocean – trust me, you feel vulnerable! Well, vulnerability management looks into our internal networks to identify those areas which might be susceptible or vulnerable to an intrusion.
    image
    c. Intrusion Detection and Prevention Systems-
    software and hardware devices that constantly search and notify us of intrusions.
     
    03
    Like a hand in a glove, Network Security is integral to cybersecurity with its focus on maintaining the security of our internal networks.
     
  • Internet of Things (IoT) Security

    It is amazing how every facet of our lives are being scrutinized and devices which have computer chips are being created and placed in most homes and businesses to make our lives easier, more connected. If you go to an appliance store, you will find ovens, refrigerators, dishwashers, and washer and dryers that utilize the power of the internet to allow you to control their actions from a smart device, or do activities more efficient. In a recent commercial, a man was in a grocery store and could not remember if he had milk – he logged into his refrigerator at home and used the internal camera to see if there was milk inside. Really? How about our home security systems, cameras, thermostats? Do you have Alexa in your home? “Hey Alexa, get me a soda from the smart refrigerator – I see I have one in there from the camera inside.” NOPE! Alexa can’t do that yet.
    What are we talking about? We know we have these devices in our homes, but what do cybersecurity experts call these devices – Internet of Things (IoT). As a society, we have become use to ‘things’ that utilize the internet to provide us information, entertainment, or assistance. These devices are not necessarily connected to our Information Technology (IT) networks. Some devices connect directly to your smart device using a different connection capability called ‘Bluetooth’. Bluetooth uses a wireless signal that is very short range to normally communicate between two devices (a smart phone and wireless headsets or a smart toy).
    image
    Internet of Things (IoT) Security is focused on protecting our IT networks when IoT devices are connected. How much security do you believe is built into a $10 smart toy? Not much, if any. The problem with this $10 smart toy is that it could be vulnerable to an attack, and if it is connected to your IT network – well, guess what? You’ve been attacked by an intruder.
    So how do we protect ourselves if IoT devices are everywhere?
    image
    1. Training – the more you know about the vulnerabilities of IoT devices, hopefully, the more you will be smart in how you use them.
    image
    2. Limited use on our IT networks – Genius! So why don’t we simply not use them on our networks? Problem solved right? No. Remember, one of the major three components of cybersecurity is Availability. That’s right – people want their IoT devices.
    image
    3. Increased protection on our IT networks specifically tailored to look for IoT device vulnerabilities. That’s easier said than done since we are constantly changing our IoT devices and how we use them.
     
  • Is Cybersecurity for..

     
    There are many who would like to get into Cybersecurity but find the market full of certifications and technical jargon. They search to find the right certification, the right training organization, and a way to gain the experience needed to pursue a career they desire. Let’s look at several questions and attempt to lift the veil of technical jargon and understand how to get into cybersecurity.
     
    How do I understand the importance of a certification?
    Certifications inform employers and cybersecurity experts that you have both the experience and knowledge that the certification covers. Certifications don’t replace experience – they complement experience prerequisites
    Working in a different career field or just finished school – how do I get into cybersecurity?
    1. First, congratulations on your career path to date – it takes dedication and perseverance to achieve what you have so far. Guess what? The perseverance you have displayed is what it takes to make a career change or pursue a life as a cybersecurity expert
    2. Cybersecurity has so many different paths – forensics, malware analysis, vulnerability management, incident response, etc. For certain, there are hundreds of titles for various positions. A good reference is the National Institute for Science and Technology (NIST) National Initiative for Cybersecurity Education (NICE) framework – it identifies those career fields that are fully recognized as the foundation of all other cybersecurity career areas
    3. Lastly, what interests you ? Seriously – what really intrigues you? If you like crime scene investigations and getting into the understanding of cybercrime and finding the ‘bad guy’, then Forensics may be your area. The primary key to getting into cybersecurity is finding what you really like to do and understand – promise, there’s a cybersecurity area that deals with what you enjoy. Why can we say that? Because Information Technology (IT) permeates everything we do – cybersecurity protects IT
    Are you saying there’s no correct answer? No, we’re saying there’s so many different answers that no answer fits all possibilities
    Here’s what you need to do:
    1. What interests you – not your friends, family, or significant others – just you! Give yourself a Top-3 list
    2. Look at NIST NICE references or other cybersecurity websites – which cybersecurity career fields match to each of your Top-3
    3. Research (Google, GreyCampus) these cybersecurity career fields – identify the requirements for your Top-3
    4. Don’t procrastinate – make a decision and pursue your dream! Cybersecurity is fun, rewarding, and challenging
     
  • CyberSecurity Certifications
     

    Path to Certification

    imageWhere do I start?
    Most want to know the answer to that question – in fact, almost every cybersecurity expert in the industry today has asked that question more than once. Remember – you are not alone in wanting to know. In fact, you will likely search for this answer many times as you become more involved with cybersecurity. Understanding cybersecurity and the path that guides you to your career goal is circular – let’s explain.
    1. Where am I now?
    Your experience whether in technical or non-technical brings valuable insights into cybersecurity. Some of the best experts in the industry were musicians, artists, journalists – it’s not how technical you are, it’s how you pursue your goals
    2. What education and training do I need?
    image
    a. Much of this depends on how you learn – are you a classroom-style learner? Visual learner? Virtual learner? Book learner? Practice-exam learner? So many different methods these days – what works best for you?
    image
    b. Education is a formal program similar to college – typically longer in duration with a very structured format
    image
    b. Training is a semi-formal program that supports shorter duration (a few days to few weeks) courses that are more focused than education
    • Certification programs are likely training-style
    3. If certifications, education, or training don’t replace experience – how do I get the experience?
    a. Some career fields have beginner or starter positions – help desk, entry-level analysts, technicians
    b. Each career field has different certification requirements – obtaining some certifications require little to no experience
    You never stop learning – even after you obtain the experience and certifications, you need to continuously support your understanding of the global cybersecurity environment. The world is changing – and so must you!
    Now, based on your target focus area and level of competence, let us discuss certain cornerstone certifications, both entry-level and advanced.
     
  • Entry-Level Certifications

    imageChoosing the right certification for your entry into cybersecurity is important, but don’t fear if you select one that is not perfect. Most cybersecurity experts have many certifications to represent many different focus areas. What we need to do is identify those certifications that cover a broad range of areas, allowing you to seek a career in an entry-level position and gain both the experience in cybersecurity, and knowledge of addition certifications to pursue over time. All of these certifications require little to no experience to get started.
    1. CompTIA is an organization that specializes in entry-level certifications, many are cybersecurity related
    a. A+, Network+, Server+ - these certifications provide you the initial understanding of IT systems. Many beginning IT and cybersecurity individuals take these certifications to certify that they understand the basics of an IT network
    b. Security+ - this is the first certification that most cybersecurity experts pursue. The Security + states that an individual has spent considerable time researching and studying cybersecurity and has gained a very good understanding of the basics and has some knowledge at the intermediate levels
     
    2. EC-Council is an organization that primarily focuses on vulnerability assessments and analysis
    Certified Ethical Hacker (CEH) – the CEH states that you have a basic understanding of penetration testing (looking at a computer network and finding the weak areas within). Many cybersecurity experts begin with this certification, especially if they seek to become a Security Control Assessor
     
    3. Cisco is an organization that has for decades supported the creation and implementation of IT networks, switches, and routers
    Cisco Certified Network Associate (CCNA) – provides valuable insights into the basics of how networks operate. Most signals that travel within a network need to be switched or routed to their destinations. Understanding how networks work is vital for a cybersecurity expert in devising how to protect the network
     
  • Advanced-Level Certifications

    imageYou are already a cybersecurity practitioner and possibly an expert in several cybersecurity domains. Fantastic, we have both information and certifications that can support your continued growth within the industry. Most advanced-level cybersecurity certifications focus around specialization – seeking to understand specific areas at a greater depth than surface-level; however, there are a few broad certifications that are superb, advanced-level certifications to obtain. All of these certifications require experience to earn the certification or to become fully certified.
    1. CompTIA is an organization that specializes in entry-level certifications, but does have one that meets the intermediate/advanced-level
    CompTIA Advanced Security Practitioner (CASP+) – the CASP+ is a very technical-based certification that addresses your knowledge of Command Line Basics (Unix-based code), network operations, and advanced, cybersecurity support requirements
     
    2. ISACA is an organization that focuses on cybersecurity within a business; seeking to ensure understanding of how cybersecurity involves and is impacted by business decisions and senior management
    a. Certified Information Security Manager (CISM– addresses how cybersecurity strategy and operations mesh with business decisions – addresses the symbiotic relationship that must be nurtured
    b. Certified Information System Auditor (CISA) looks at cybersecurity from the perspective of an auditor, or as a business preparing for a cybersecurity audit. Cybersecurity audits are critical to our defense-in-depth and understanding of where our security gaps are
     
    3. (ISC)2 is an organization that has many of the global, Gold-Standard certifications for cybersecurity – both broad scope and focused; heralded as the prime certifications for most Federal and State governments, Military, and commercial entities
    a. Certified Information Systems Security Professional (CISSP) – the gold-standard, broadscoped, cybersecurity certification focusing on all eight of the recognized cybersecurity domains (or areas of knowledge)
    b. Certified Cloud Security Professional (CCSP) – the gold-standard, cloud-based certification focused on non-specific cloud environments, operations, and security
     
  • Career Options in Cybersecurity

     
    You’ve done your research on cybersecurity, looked at various cybersecurity certifications, and have decided that you are ready to embrace a career in cybersecurity. Fantastic, but it appears that you have a few more questions:
    image
    1. Am I ready to make a move into cybersecurity? Do I need a college degree? Do I need to have a technical background?
    Great questions – let’s take a look at the answers:
    a. You’ve conducted hours of research on cybersecurity, certifications, and possible career opportunities within cybersecurity, and you are excited and motivated to get started – then it looks like cybersecurity might be a great choice for you
    b. No, you don’t need a college degree
    c. No, you don’t need a technical background – there are technical aspects to cybersecurity, but creativity and the ability to ‘think outside the box’ are extremely important traits or skills of a cybersecurity expert
     
    2. I’ve worked in a non-cyber, non-IT career field for many years – is it too late to change my career to cybersecurity?
    No, it’s never too late – we have cybersecurity experts who started their career in human resources, logistics, or project management, plus many others.
     
    3. Who should pursue a cybersecurity certification?
    Anyone who has an interest in cybersecurity – some certifications require experience, some do not. Review our information on Entry-Level and Intermediate/Advanced cybersecurity certifications – this will provide valuable information on certification organizations and the certifications that could support your desire to be in cybersecurity
     
    4. What jobs are available to a cybersecurity expert?
    There are far too many to name them all, but Cyber Defense Analyst, Information Assurance Analyst, Vulnerability Management Analyst, Security Engineer, Forensics, Malware Analyst, Penetration Tester, Security Controls Assessor – there are dozens of different titles and positions that are in high demand within the government, military, and commercial sectors
     
  • How to prepare for Cybersecurity?

     
    There are so many organizations promoting their cybersecurity training – which is best? You likely know the answer already – it depends. Not the answer you were looking for? We understand, so let’s discuss this question and why it depends:
    1. Are you an ‘in class, bootcamp-style’ learner?
    Many cybersecurity students need that face-to-face interaction with an instructor, especially an instructor who provides the information in a way that makes the material relevant to today, as well as an instructor who is dynamic – interacting with each student in a way that best meets all students requirements for learning
    2. Are you a ‘virtual’ learner?
    Some cybersecurity students want to learn in the comfort of their homes, or they are at work and cannot leave their desk for a week to attend an ‘in class’ course. The virtual environment allows interaction with an instructor either in a visual, audio, or both format. The virtual environment does limit the amount of interaction you have with the instructor, but many virtual platforms have superb methods of enhancing the interaction to provide that feedback to and from the instructor
    3. Do you only want the original certification organization (for the CISSP that would be (ISC)2) to present the course to you?
    In most situations this is a viable option, however, the cost for the course can be much higher than from a qualified organization presenting certification materials that provide similar quality materials
    4. Are you seeking the cybersecurity certification with the best value to you, and to your organization?
    There are many certification organizations that provide high quality certification courses that equal or sometimes exceed the original certification organization’s course. These certification organizations may enhance the learning experience with highly skilled instructors, labs, webinars, workshops, course study materials, and practice exams
    When choosing a certification training organization, ask yourself if they meet your needs in a way that you can learn the best.
     
  • Attacks

     
    Did you know that most cybersecurity experts stated, “It’s not if we’ll be attacked, it’s when we will be attacked”. All we have to do is look around – listen to the news, read the headlines, look at history. Most attacks go unpunished and result in gains of prestige and significant monetary funds.
    Did you know that there are hundreds of cyber-attacks per day around the world? That number could be in the thousands if a true accounting was completed of all known and unknown attacks. Really, you say? Let’s pose a question – assume that you could legitimately (100% lawful), make $10,000 by conducting 20 phone calls to possible connections and just asking a simple question – nothing to sell and no pressure. Would you do this? Most of you would. So, why is it so hard to believe that a threat (someone or something who would do us harm) would take $10,000 of your monies by simply gaining access to your computer? You might report, but doubtful that you or anyone else would catch the cyber thief.
    image
    Cyber attacks target people, computer systems, governments, and industry (just a few):
    1. In 2014, Russian hackers gained billions of user names and passwords. Credit card data from banks (JP Morgan Chase among others) are stolen
    2. In 2015, suspected Russian efforts shutdown Ukrainian electrical power, and another disrupted French television networks
    3. In 2016, the Petya ransomware attacked worldwide. A botnet (a very large array of internet devices) caused a major availability problem for Netflix, Paypal, and others
    4. In 2017, Equifax had 143 million customer records stolen. WannaCry ransomware affected hundreds of thousands
    5. In 2018, major brands – British Airways, MyFitnessPal, and Facebook had data stolen from internal databases costing millions
    6. In 2019, millions of cyber records stolen from Bulgarian National Revenue Agency, Fortune 500 companies, and Marriott-Starwood brands
     
  • News-Blog

     
    Staying connected and informed is very important to a cybersecurity expert. Our need to understand the environment (threats, new capabilities, old concerns) provides us both a sense of awareness and drives us to gain new training and experience to support the ever-changing Information Technology (IT) world.
    image
    We stay connected in many of the same ways you stay connected with our News, and Blogs. Let’s take a look at each:
    01
    News – did you know that most crime reported is really only about 10% of the actual crime that occurs? Most are never reported. The same can be stated about cybercrime. The three major reasons for non-reporting of cybercrime are:
    a. Didn’t know – many cybercrimes go unnoticed for days, weeks, months, and even years
    b. Wasn’t required to report – didn’t see this as a big deal and wasn’t required to tell anyone – we didn’t
    c. Reputation expense too great – if we report, we won’t be trusted or our brand will be tarnished
     
    02
    Blogs – many times an organization, researcher, or expert will create a running discussion (called a blog) on a topic or list of topics.
    a. Digital Guardian – focuses on data protection and threat research
    b. The Hacker News – provides up-to-date insights on technology and how that affects the global network
    c. Threatpost – an independent look at cybersecurity and the threats and vulnerabilities within
Published in Web Applications

Many businesses that have allowed employees to continue working from home for the foreseeable future are aware that they need to update their cybersecurity. It’s likely that they have allocated some budget and IT resources to make those necessary changes. However, IT budgets are finite. Given the economic disruption of the pandemic, enterprises must strategically decide where to invest their cybersecurity budget most effectively. 

There are many different approaches to cybersecurity, and the way your business previously protected data may no longer work in a remote-work paradigm. Here’s how to understand how working from home impacts your data security – as well as some steps to take to make sure you are prioritizing the right things.

 Types of cybersecurity

Cybersecurity can be broken out into categories based on what you wish to protect. Cybersecurity practices are commonly classified into one of these five areas: 

  • Network or perimeter security: protection for your network traffic by controlling incoming and outgoing connections. This prevents hackers and malware from entering and spreading throughout a network. 

  • Data security or data loss prevention (DLP): protection for your data by enforcing strict protocols and safety measures on the location, classification and monitoring of data (both stored data and data as it is used). 

  • Cloud security: protection for data used in cloud-based services and applications. 

  • Device security: protection for on-premises devices such as computers and servers. 

  • Application security: protection for your apps from attacks with testing, app shielding strategies, and more. 

There are many subcategories within these broad cybersecurity distinctions, but IT professionals tend to focus on these areas. 

All these types of cybersecurity are important. When offices are working business as usual, most IT professionals tend to prioritize network security first; devices, applications, and data sharing are all linked through the same network, so protecting the perimeter makes sense. 

As more people work remotely, however, investing in network security makes less sense. Data protection and cloud security are more important as our online needs are rapidly changing. With limited investment available, how should you prioritize your cybersecurity? 

New approaches to cybersecurity

As one expert reported in Forbes, “To protect customers, employees, and reputations while ensuring compliance with evolving regulations, companies should shift their security strategies from an outdated reliance primarily on ‘perimeter protection’ to a companywide approach based on ‘secure data access.’”

As our online behavior changes, the threats evolve too. Cloud services, for instance, are becoming a new target for hackers. McAfee found that remote attacks on cloud services and collaboration tools, like Slack, increased 630% during the first four months of 2020. Employees are using their own devices and their own networks, so shifting your cybersecurity to focus on cloud security is a good first step to protecting data outside the office firewall. 

Data loss prevention, DLP, is another key area for IT professionals. Your enterprise must prioritize building a strategy that prevents unauthorized access to and use of data. There are three key areas here to consider:

  • Data discovery: measures to identify PII and other sensitive data as it is collected and used across your organization.

  • Data transformation: measures to secure data by masking or anonymizing PII so only those in the company who need access to data have it. 

  • Data access: granular controls that ensure the right people can access specific data or data formats – role-based and attribute-based measures.

In the immediate term, IT professionals need to ramp up cloud security and data security to accommodate remote employees. Here’s how to do it. 

Steps to improve your data security

One of the easiest ways to improve your data security is by educating your employees. This effort takes time, but very little financial investment. 

Teach your team ways they can improve their at-home security practices. Nightfall found that lax email policies contribute to a huge amount of data theft. Poor password hygiene for email accounts – like using “password1234” or another easily guessable code – is a big mistake that many people are (still) making. Companies are also not utilizing multi-factor authentication when signing into accounts. Lack of employee training and clear WFH security policies are further contributing factors to the increase in data theft via email.

Next, address changes to your network security by providing tools for employees to safeguard their personal devices. One study by Security Magazine discovered that 56% of employees are using their personal computers to work remotely in response to COVID-19. Moreover, nearly 25% of employees working from home don’t know what security protocols are in place on their device. IT teams should perform one-on-one audits with each remote worker to assess what security measures are in place and provide the tools and feedback needed to improve the cybersecurity of at-home networks and devices. 

Lastly, add an automated DLP solution like Nightfall to dramatically improve your data security.

 

About Nightfall

Nightfall is the industry’s first cloud-native DLP platform that discovers, classifies, and protects data via machine learning. Nightfall is designed to work with popular SaaS applications like Slack & GitHub as well as IaaS platforms like AWS. You can schedule a demo with us below to see the Nightfall platform in action.

“This article is originally posted on Nightfall.ai

Published in Web Applications