On the Internet, as in real life, there are basically three ways to stay out of trouble, or at least get out of trouble. They are avoidance, prevention, and then detection and removal.
- Avoidance – this is actually the easiest and best solution to cybersecurity. Learn what trouble looks like, and avoid contact. If you want to avoid malware intrusions, learn how to recognize clever phishing emails and resist the urge to click on a link or open a file attachment without checking them out first. A very large percentage of malware exploits begin life as an email.
- Prevention – this is the tradition cybersecurity solution set of Internet security software products, firewalls and unified threat management (UTM) devices. This is the most common solution set we find when working with small business clients, yet is is only one third of the solution, and has become the least effective measure.
- Detection and Removal – In this scenario, you have been breached, but you are watching for signs of malware infection, and have a protocol in place for recovery. This may involve quarantining the affected system, restoring operations from a backup or to a redundant system. It would mean tracking down and removing the malware, and the remote access point, and then watching for any anomalous network activity that might signal that there is more work to do.
A lot of the articles I have been reading lately have basically conceded the perimeter to the cyber-attackers. Basically, you can assume that eventually you will be breached – and what to do about it, not “If” but “When.” In a recent Silicon Beat article, they quoted Charles Blauner as saying “You are going to get hacked. The bad guy will get you. Whether you are viewed as a success by your board of directors is going to depend on your response.” He is global head of information security at Citigroup, who said the bank faces attacks 10 million times a month and that financial institutions are “at war” with cybercriminals
A recent article on TechRepublic took a look at anomaly detection, which lead me to a 66 page O’Reilly e-book that takes a very deep and technical look at this process. While the book may be a bit too technical for most, chapter 6 “No Phishing Allowed” was a very useful look at the whole issue of phishing for access, and is useful in developing skills around avoidance.
So the bottom line is this: if your cybersecurity solution is limited to traditional “blocking and tackling” solutions (Prevention)such as installing security software on every system, and turning up a hardware firewall system, you are not doing enough. You need to develop strategies around the other two cybersecurity methods listed about. There needs to be an active traffic monitoring and anomaly detection solution at work on your network (Detection and Removal.) And you need to be training your employees on how to spot and avoid cyber-threats that they are likely to encounter on the job (Avoidance.)
For more information on this topic, check out the links that follow
TechRepublic – Anomaly detection should be the weapon of choice..
Practical Machine Learning – A New Look At Anomaly Detection
Silicon Beat – Quoted: on financial industry’s ‘war’ with cybercriminals
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com