Cyber security or IT security is the protection of computer systems and networks from information disclosure, theft or damage of their hardware, software or electronic data, as well as the disruption or misdirection of the services they provide.
Cyber security aims to eliminate the risk of cyber-attacks and guard the system, networks, data and devices from unauthorized, unwarranted exploitation.
Legal requirement for cyber security
Yes, it is crucial for the organization to have cyber security measures in place. The GDPR (General Data Protection Regulation) and DPA (Data Protection Act) 2018 require organisations to implement fitting security measures to protect personal data.
Importance of cyber security
The rationale and benefits of cyber security are detailed as follows:
- Increasingly sophisticated cyber-attacks are coming up. The tactics and the reach of cyber attackers are ever-increasing, including malware and ransomware, phishing, social engineering, insider threats, advanced persistent threats and others.
- Unauthorized user access is prevented. Cyber security addresses vulnerabilities of the system and the network, thereby securing it from unauthorized access.
- End users and devices are protected. Data privacy is maintained by the upkeep of cyber security. Data and network protection is also ensured.
- Regulations are increasing the costs of cyber security breaches. Hefty fines are imposed by privacy laws like the GDPR and DPA on organizations that ignore the threat of cyber attacks.
- Cyber security ensures the continuity of the business which is critical to the success of any organization.
- Cyber security measures translate into a rise in the reputation of the company and consequently improved trust in the relationship with its clientele and all the stakeholders.
Types of Cyber-attacks
Cyber security risks can be even more challenging if the organization has resorted to remote working and hence has less control over employees’ activities and device security. A cyber attack can cost organizations billions and severely damage its reputation. Those organizations will likely lose sensitive data and face huge fines.
The different types of cyber-attacks include:
- Malware: It is a kind of malicious software that can use any file or software to harm a computer user, such as worms, viruses, Trojans and spyware.
- Social engineering: Users are tricked into breaking security procedures and the attackers gain sensitive, protected information.
- Phishing: Fraudulent emails and text messages resembling those from reputable sources are sent at random to steal sensitive information such as credit cards.
- Spear Phishing: It is a form of phishing attack but it has a particular (intended) target user or organization.
- Ransomware: It is another type of malware in which the system is locked by an attacker through encryption that they would not decrypt and unlock until the ransom is paid.
Other common attacks include insider threats, distributed denial of service, advanced persistent threats, man-in-the-middle attacks, botnets, vishing, business email compromise, SQL injection attacks and zero-day exploits.
Effective training of the employees will enable them to understand the significance of cyber security. Regular cyber security risk assessment to evaluate risks and checking if the existing security controls are appropriate and if not, making mid-course corrections, will protect the company from cyber-attacks.
Automation and cyber security
The ever-increasing sophistication in cyber threats has led to automation becoming an integral component of cyber protection. Machine learning and Artificial Intelligence (AI) help in threat detection, threat response, attack classification, malware classification, traffic analysis, compliance analysis and more.
ITGovernance.co.uk presents a cyber security checklist.
- Awareness training for the staff: Effective training of the employees and knowledge sharing of best practices with the employees about the threats they face is a necessary step in preventing cyber security breaches.
- Added focus on web applications security: Web applications are particularly vulnerable to security breaches: hence it is crucial to increase focus on web application security.
- Network security: It refers to the protection of the integrity and usability of the network and data. A network penetration test helps assess the network for security issues.
- Leadership commitment: This is a very important factor for cyber security: the top management should be involved in and committed to cyber security and invest appropriately.
- Strong passwords: The employees should be trained to create and maintain strong passwords.
Cyber security vendors, tools and services
TechTarget points out cyber security vendors who offer a variety of security tools and services.
- Identity and access management (IAM)
- Endpoint protection
- Intrusion prevention/detection systems (IPS/IDS)
- Data loss prevention (DLP)
- Endpoint detection and response
- Security information and event management (SIEM)
- Encryption tools
- Vulnerability scanners
- Virtual private networks (VPNs)
- Cloud workload protection platform (CWPP)
- Cloud access security broker (CASB)
Some of the career opportunities in cyber security include Chief Information Security Officer, Chief security officer, security engineers, security analysts, security architects, penetration testers (ethical hackers), data protection officers, cryptographers and threat hunters.
Cyber security at Hurix – Best Practices
A recent study has shown that there are Cyber Attacks every 39 seconds, and most of them are targeted towards Web applications. So let’s talk about some of the best practices we follow at Hurix Digital for protecting your Web application against these common attacks.
Input validation means checking user-submitted variables for malicious or erroneous input that can cause strange behaviour. One approach is to implement a whitelist, which contains a set of patterns or criteria that match benign input. The whitelist approach allows conditions to be met and blocks everything.
Single Sign-on: It is common to see Web applications that utilize single sign on authentication, which pulls a user’s credential from a directory or identity database service. Though convenient, multi-factor authentication can make your application more secure by adding additional authentication steps for authorization. We believe that granularity lease, privilege, and separation of duty should be applied to users in order to prevent access to confidential or restricted data. Applications should run under non-privileged service accounts, and user access to system-level resources should be restricted. We have all seen information error messages that range from simple built-in notes to full-blown debugging information.
Application error should never reveal sensitive application implementation or even configuration settings, as this can be exploited by an attacker. So we keep those error messages generic. Storing secrets in a plain text password is also a big No. Information should never be stored in a publicly accessible location, such as a web directory or repository. We utilize the strongest encryption protocols and algorithms that meet compliance requirements.
Code reviews during the development and testing stages should always be done to provide code coverage and ensure secure code practices are utilized. Application scanning can help identify vulnerabilities prior to deployment. Vulnerability and compliance scanning can be done for supporting infrastructure of the application. At HurixDigital, we make sure that the security requirements are baked into our agile design and implementation process. Also, we ensure continuous monitoring and application scanning aligned to meet compliance requirements.
Protection from malicious attacks: We implement input validations, anti-forgery tokens, cross-site scripting attacks, brute force attacks, checking sensitive information disclosure and other strong coding practices. Also, continuous monitoring and scanning of the application are used to address vulnerabilities and patches required to maintain security compliance.
Insecure Direct Object Reference: IDOR vulnerabilities occur when authorization requirements have not been implemented by the developers to access the application. By changing just an identifier i.e., a rest parameter, user1 can access the information of User2. At HurixDigital, we restrict and enforce authorization between objects and do not allow attackers to enumerate or list the values and test access to other points of data. We use GUID (Globally Unique Identifier) or UUID (Universally Unique Identifier) when referencing between data.
Authentication and session management: Vulnerabilities resulting, potentially, in user impersonation, protection and credential strength are also considered.
Authorization: It is testing the application’s ability to protect against vertical and horizontal privilege escalations.
Business logic: Applications are tested keeping in mind business logic.
Client-side logic: We use the latest versions of the UI technologies like angularJs, reactJs etc.
Malware: We do not expose the internal hardware configuration details as much as possible in the web app and use Known modules which are used worldwide.
Port scanning: We keep the unused ports with closed and restricted access so that hackers do not easily hack them.
Denial of service attacks: We do not allow continuous hits to the specific APIs (Application Programming Interface) which are sensitive in terms of vulnerabilities or functionalities of the web application.
Password strength: It is a measure of a password’s efficacy against guessing or brute-force attacks. We follow these guidelines to enhance password strength:
- Use 8 or more characters as a minimum password length.
- Use both lowercase and upper-cases, letters, numbers, and symbols.
- If the user is already using passwords on other websites or systems, then avoid the same passwords.
Whether you are starting from scratch, going through upgrades or making unexpected changes, let us be your security expert. Contact us to get started.