One in three organisations were victims of a successful cyber attack during 2021, according to SoSafe’s 2022 Human Risk Review. Cyber attacks have the potential to destroy the IT infrastructure of a business. Scams, data manipulation, and theft can massively impact both organisations and individuals, and with the digital world becoming increasingly blended with our working lives, implementing proper cyber security measures has never been more important.
Data is now the cornerstone of not only business, but the networks that nearly every public sector relies upon. Cyber security serves to protect that data through preventative and proactive measures.
With increased complexity in cyber security, more dependence on third-party providers, an expertise deficiency, and risk from cyber attack often not treated as a business issue, there is a lot at stake. We’ve compiled a comprehensive guide to cyber security to help you navigate through the world of staying safe in the digital age.
Subsets of Cyber Security
Cloud Security
Cloud security, although relatively modern, has quickly become a facet of our everyday lives. Many organisations are choosing to make the switch to operating via the cloud as part of a digital transformation strategy, which has become even more prevalent since the remote-work takeover catalysed by the pandemic.
Cloud-based security systems protect data, applications, and other computing environments stored in the cloud from hacking attempts through certain security protocols. As cloud providers host third-party services, they will usually have these features in place as standard, but users of the cloud are also responsible for properly configuring their service and using it safely.
Application Security
Also known as AppSec, application security is the process of protecting applications from hacks, malware, unauthorised access, and other forms of attack through security features.
This is one of the most crucial components of cyber security as the web application layer of a system is most susceptible to attack, with almost 50% of all data breaches during recent years originating from this, according to research from Imperva. Flaws in the design and security vulnerabilities can be easily exploited, meaning hackers can often obtain access to sensitive user information like login and payment details.
AppSec usually involves regular and rigorous testing to continuously monitor for these vulnerabilities and strengthen the security processes in place.
Internet of Things (IoT) Security
IoT security protects devices that can connect or otherwise communicate with a network entirely independent of human interaction. Think of motion sensors – devices that largely operate on their own, without having to be controlled by humans in order to work.
IoT devices are host to a wealth of personal information and data, which can pose an opportunity for hackers and other cyber threats. IoT security helps to secure these assets, as well as the networks they’re connected to.
Critical Infrastructure Security
Critical infrastructure encompasses a region or nation’s cyber and physical networks, systems, and assets that work to provide things such as public health and safety or economic security.
This could be anything from traffic lights, to water systems, to electricity grids, many of which are made up of digital components or use the Internet in some way to operate, making them susceptible to cyber attack. Critical infrastructure security works to secure these systems to mitigate any risk of threat.
Network Security
Network security protects computer networks and the data they contain against any form of threat, whether that be external or internal, through processes such as VPNs, two-factor authentication, and firewalls. It can be broken down into three categories:
- Physical: Prevents unauthorised people from gaining physical access to items that operate within the network such as WiFi routers or cabling cupboards, usually through locks and biometric authentication (eg. fingerprint scanners).
- Technical: Protects all data stored on the network, whether that’s data coming in or
- going out. This requires protection both from external parties and internal employees who might be doing something malicious.
- Administrative: This covers any security processes that monitor or control user behaviour, such as extent of access, user authentication, and the execution of infrastructure updates.
Essentially, network security is there to ensure the wrong people don’t get access to any component of the network.
Common Cyber Threats
Brute Force Attack
Also known as ‘credential stuffing’, a brute force attack involves an attacker trying to obtain the login details of a user, attempting to breach the data using a combination of passwords and usernames.
When creating passwords for accounts, you will often be met with a message advising on how to create a ‘strong’ password. This is because brute force attacks are most successful in cases of weak and commonly-used passwords, as these are easier to crack.
These kinds of attacks can also be fought against with two-factor authentication, which relies on an external device or account in order to successfully login.
Malware Attack
With the rate of malware attacks up 11% from 2021 to more than 2.8 billion total attacks during 2022 so far, the risk is definitely on the rise, with the need for proper protection more prevalent than ever.
Malware attacks are essentially cases in which hackers use software to infiltrate systems, networks, and devices, usually in order to harness or manipulate data.
This can be in the form of viruses, whereby code is replicated by copying itself into a program or application and manipulating the computer it’s running on, or worms, which are independent programs that infect systems, for example through network share devices. They can also be delivered via trojan horses, which, as their namesake suggests, are disguised as legitimate software in order to gain access to a computer.
Examples include:
- Ransomware: This encrypts and holds users’ data, which forces users to pay a ransom if they want to regain access. Bigger organisations can often be vulnerable to these types of attack as there is more financial gain at play for the hacker, and attackers are also able to infect many devices across a company at the same time.
- Spyware: This spies on users’ activity, monitoring their digital movements for the hacker that enforced it.
- Keyloggers: This keeps track of everything users type on their device’s keyboard, meaning hackers are easily able to catch personal and private information.
Phishing Attacks
Like trojan horses, phishing attacks also involve trickery. These are delivered through a link, download, or message that appears to be legitimate in order to persuade the user into clicking on it, allowing their device to be infiltrated.
Phishing, also known as ‘spoofing’, is also one of the most common forms of cyber attack, with 57% of users reporting that their organisation had been the subject of a phishing attack during 2022, a 55% increase from the year before. These attacks are usually committed via email, or through fake websites.
‘Spear phishing’ refers to an attack on a specific individual or organisation, rather than a more general-purpose scam, perhaps in situations where a hacker is trying to steal someone’s identity.
SQL Injection
Short for Structured Query Language, an SQL injection attack involves an attacker submitting code via an unprotected search box or form to gain access to a website’s database, giving them the ability to modify it. In other words, an attacker cracks a site’s database through malicious code.
These attacks are common on software such as WordPress, who use SQL as the preferred language for database management.
Man in the Middle (MitM) Attack
The clue’s in the name with MitM attacks – an attacker puts themselves in the middle of a communication between two people in order to take control of data. Before the data reaches its intended destination, ie. the parties involved in the transaction or communication, the attacker is able to manipulate the data and gain access to personal and private information such as payment details or login credentials.
As MitM attacks have an air of invisibility, they are often extremely successful. Users have no idea their information is being intercepted, as on their end, it will simply appear as if they are logging into an account or accessing a website.
Staying Cyber Safe
Preventative Measures
Antivirus Software
Antivirus software is designed to prevent, detect, and remove malicious software and viruses from a device. Essentially, this software stops bugs from infecting your computer with harmful data, and is also used to alert you when accessing anything potentially unsafe.
It’s essential to incorporate some form of threat detection and prevention software into your cyber safety regime, whether that be for an application, software program, or common website hosting service.
Firewall
A firewall acts as an invisible barrier between your device and the digital world, designed to keep malicious users, software, and hardware from accessing your computer and data. It runs a comprehensive assessment of anything and everything that attempts to access your computer, and makes a judgement on whether or not you’ll be kept safe if access is granted.
Two-Factor Authentication (2FA)
A two-step login process, 2FA adds an extra layer of security to limit any hackers or attackers from accessing users’ accounts.
2FA not only requires a username and password, but external authentication through a second device or account. This could be a pin or code being sent elsewhere that the user has to retrieve and enter, or a call to the user’s phone that they have to answer in order to gain access. This means that even if a password has been leaked or compromised, the account will be protected.
As 2FA means the user must confirm their identity in some way, it makes it near impossible for hackers to infiltrate accounts or systems that have this preventative measurement in place.
Single Sign-On (SSO)
A centralised authentication service, SSO calls for one login to access an entire platform of different accounts. Have you ever tried to create a new account for an app or a website, and been given the option to login with your existing Google or Facebook account? This is SSO – using an existing account to access others.
While this is certainly an effective cyber security measure, and almost all SSO platforms will also have 2FA enforced, users do need to be aware of the risks involved with having one account to access all their data.
Virtual Private Network (VPN)
A VPN gives you access to a network as if you were in another location. It creates a tunnel for data to safely travel through when entering or exiting a network, by encrypting the information travelling between your computer and the network. This tunnel acts as an impenetrable barrier against hackers, and attackers, and malicious software, encrypting and protecting data so it can’t be accessed and read by external forces. You would use this to connect to office resources like a server or you would use it to mask your actual location for security purposes.
However, VPNs can’t actually prevent viruses from infecting a computer through channels that appear legitimate, such as a phishing scam or a fake VPN link. It’s recommended to combine a VPN with added cyber security systems for full protection.
Encryption
Encryption converts data into code and that conceals the real meaning of the data’s information. When data is encrypted, the information it contains has been ciphered to resemble something else. In computing terms, unencrypted data is referred to as plaintext, while encrypted data is referred to as ciphertext.
Practising encryption ensures important information isn’t accessible to the wrong people – only the right person, a user with the correct key, can access the information by decrypting the data.
Encryption is usually enforced by the provider of a service, for example Microsoft 365 or Google Workspace, and not something the user would implement.
Tips for Work
CIA Triad
The CIA triad is a model that stands for three components that are crucial to an organisation’s cybersecurity systems:
- Confidentiality: Ensures data is only shared between authorised users.
- Integrity: Ensures data is always accurate.
- Availability: Ensures data can always be accessed by authorised users as and when they need it.
Monitoring Activity
A crucial component of cyber safety in the workplace means monitoring employee’s cyber activity, especially in the remote-work wake of the pandemic. This doesn’t mean snooping on your team’s digital habits – it simply means adopting a zero trust framework. This is a strategic approach which works to validate every single step of an employee’s digital interactions, whether that be on an external or internal level.
Devices
Following on from that, monitoring employees’ devices that they use to work on is incredibly important. With an increasing number of people working from home or adopting a hybrid approach to work, it has become more ‘normal’ to work on multiple devices across multiple locations.
As an employer, it’s important to be aware of all devices used to access a work account or network so you can properly monitor them for scams and attackers. A mobile device management platform such as Microsoft Endpoint Manager is the easiest way to manage devices across all users, apps, and platforms.
Regular Updates
Software programs will continuously have updates available that work to address any vulnerabilities existing in the current version you might have installed. You can make regular updates even easier by configuring your software so it automatically does it for you.
BDR Plan
Preventative measures and continuous digital monitoring are necessary, but what happens if something does go wrong? A BDR (Backup and Disaster Recovery) plan can save you time, money, and energy in the long run, helping you to resolve any issues quickly and effectively.
Having an official alert system in place for employees to report any suspicious or malicious activity also serves this purpose, as problems will be brought to the attention of the right people as soon as possible.
Improve Security Awareness
Cyber security training can often get overlooked in the workplace in favour of alternative learning and development initiatives. However, as we move increasingly towards a wholly digital way of operating in the workplace, and many other walks of life, it’s crucial that employees receive the education they need to keep themselves and your organisation cyber safe.
Tips for Home
Password Protection
Passwords are a simple stumbling block that can get in the way of effective cyber protection at home. According to the 2021 Verizon Data Breach Investigations Report (DBIR), 80% of all data breaches are caused by weak or stolen passwords. It’s wise to use a mix of password for different accounts, and to make sure they’re sufficiently ‘strong’, ie. utilise a variety of numbers, letters, and special characters.
It’s also recommended to use a password manager. This allows users to store the logins and passwords they use across accounts in a secured digital vault, which can only be accessed with a master password.
Regular Back-Ups
Backing up your data regularly means you’ll never have to go through the trauma of losing work, memories, or important documents to scammers or viruses. This can be physical or digital, although people are increasingly opting for cloud-based platforms over devices like harddrives as these have the advantage of being accessible from anywhere and everywhere and are less vulnerable to damage. We recommend using Datto Backup to tackle this, which provides protection from data loss with a comprehensive set of disaster recovery tools.
Developing a Cyber Security Plan
Effective risk management can be broken down into three key steps:
1. Scope the Assessment
Any good risk assessment begins by understanding the scope of the assessment. Who is involved? Is it an entire business, a single unit, or a specific location? Ensure all the stakeholders are fully on board with the plan as they will be crucial in offering input on various processes, risks, assets, and impacts.
2. Risk Identification
This step is two-fold:
- Assets: What digital assets are critical to the business? Which are likely to be the key target of any potential hackers or scammers?
- Threats: What processes might an attacker use to hack into these assets?
3. Risk Analysis & Evaluation
From here, you can now assess the likelihood of these risks actually happening and the damage they would cause to your business if they did. This means you’ll be able to create a comprehensive assessment of the likelihood of a risk happening compared to the impact it would have, so you can properly plan and adjust your approach to each risk and the cyber security systems you’ll need to put in place in order to protect yourself.
Proper cyber security doesn’t have to be complicated. Ultimately, staying knowledgeable and relevant in a continuously changing environment is key, especially with the speed and complexity of emerging tech.
If you’d like to learn more about effectively managing your IT systems and protecting your data, book a commitment-free appointment with our MD and Chief Geek, Gildas Jones.