“It takes 20 years to build a reputation and few minutes of cyber-incident to ruin it.”― Stephane Nappo
Cybercrime has reached a new level of sophistication. Cybercriminals have become adept in exploiting the latest technologies to their advantage and are constantly upgrading and implementing new tools and methods that have never been seen before. They have a well-connected network across the globe allowing them to plan and execute Cybercrimes of any nature and complexity with ease. From Botnets to the Darknet, from Malware to Ransomware, now Cybercrime is also available as a service in the market. The terms which were not even a part of tech lingo have now become common in our daily conversations. Individuals, businesses, and even governments have been victims of serious cyber-attacks causing irrevocable personal and financial damages.
If you still believe that you are not vulnerable to such crimes and investing in cybersecurity is not required for your organization, please look at some of the statistics related to cybercrimes in the below infographic to understand the graveness of the situation.
In addition to the existing challenges, with the Internet of Things (IoT) almost all digital devices are being interconnected to provide a seamless technology experience for the users. However, this is resulting in a newer set of problems related to network exposure at multiple endpoints and an increase in the number of cybercrimes at an alarming rate. To a great extent, these cyber-attacks are being caused by human error and a lapse in the preparedness of individuals and organizations alike. To defend against any unwarranted cyber-attack attempts it is critical to understand and implement stringent cybersecurity measures at every layer of the network.
Decoding the Layers of Cyber Security
A layered security approach is critical to safeguard organizations, people, and data from external and internal cyber threats. Let us decode each layer in detail.
- Human Layer – End users are the easiest and most frequent victims of cybercrimes. Despite knowing the threat of the unknown, people often click on links from unknown sources, have passwords of poor security standards, and breach internal security norms by sharing details. Regular training and security drills should be conducted to protect this layer.
- Physical Layer – This layer comprises the infrastructure needed to protect people and assets including hardware, network, applications (software), and data from activities that could result in damage. Authentication, access control, and video surveillance are key components of this layer.
- Network Layer – This layer comprises the network of systems, devices, and applications used by people internal or external to the organization. This layer decides the path that the data will take. Having firewalls, monitoring internal and external traffic, traffic filters, encrypted connections, and maintaining access control lists can enhance the protection of this layer.
- Platform Layer – This is where the business logic for application resides. Resources to build the business applications are provided in this layer. Since this layer allows third-party collaboration, businesses must guard this layer. Having minimum security specifications for platforms, apply timely security patches, and robust antivirus software can shield this layer from attacks.
- Application Layer – This layer comprises all the applications used for the smooth functioning of business operations. These may include ERP Software, custom applications, websites, and other third-party applications. Following cybersecurity guidelines while developing the application and using only cyber safe applications having robust security standards helps businesses to ward off the cyber-attacks in this layer.
- Data Layer – With all the interconnectivity of devices and applications, data continuously moves back and forth within complex networks. With employees, customers, vendors, and individuals accessing data from multiple endpoints, securing the data is becoming more and more challenging. Businesses must assume that everything and everyone is a threat to data security, however, very few organizations understand and implement data-layer security. Data encryption, stringent data storage, and information sharing framework, enterprise-level data right management, and data classification protocols will help in protecting the data layer.
Understanding NIST Cybersecurity Framework
“The five most efficient cyber defenders are: Anticipation, Education, Detection, Reaction and Resilience. Do remember: “Cybersecurity is much more than an IT topic.”― Stephane Nappo
The Cybersecurity framework developed by the National Institute of Standards and Technology focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization’s risk management processes. Below are the steps involved and the activities carried out in each step in this framework:
- Identify – The potential risks and vulnerabilities of an organization concerning cybersecurity are understood. The key resources required for the smooth functioning of the business and related cybersecurity risks are assessed. In application development identifying the risks during the early stages of development helps eliminate weak code. Tools like Seeker and Fortify can be used for the early identification of security lapses in the application while it is still under development.
- Protect – To limit the impact of cyber threats, organizations must be prepared and take measures to protect their people and assets against any kind of attack. The actions to take include having firewalls for physical systems and web application firewalls for applications run on the web.
- Detect – This function deals with the timely discovery of cybersecurity events. Penetration Testing and Dynamic Analysis Testing help organizations to detect and attack vulnerabilities. Additionally, businesses can use tools like Acunetix and Burp Suite Pro for complete web application security testing solutions.
- Respond – In case of occurrence of a cyber-attack, organizations must have an incident response plan in place. An incident response plan is a framework that guides an organization to take timely action to prevent further damage. Regular updates and training are essential for the response to be immediate and effective. A single response plan may be suitable for all the layers. Having a decentralized plan for each layer makes it easier to implement the incident response plans.
- Recover – Based on the layer and the level of sensitivity taking regular backup of critical data should be made mandatory. After a cyber-attack, finding the root cause and collecting vital information related to the crime with the help of Cyber Forensics helps organizations to investigate the attack and defend themselves in the court of law.
Below are some proactive measures that organizations can take to fight cybercrime:
- Quarterly Security Assessment of Each Layer – Having proper checks in place is not sufficient. Every layer must be thoroughly scrutinized every quarter and any deviation from the standard practices must be identified and corrected.
- Half Yearly ISMS Audit – Information Security Management System (ISMS) audit must be conducted every 6 months by following the ISO/IES27000 standards. A comprehensive review and analysis of the organization’s IT infrastructure must be performed to detect any threats and vulnerabilities and to expose and correct any malpractices related to cybersecurity.
- Cyber Security Integrated with DevOps – Integrating cybersecurity at every step of DevOps pipelines aids in early detection, prevention, and correction of any weak points in the application while still in the development stage. Creating a constant feedback loop from security testing to development helps to create a robust application. Though this process may be a little slow, the outcome of this approach is rewarding.
- Monitoring Internal, Physical, and Human Layers – All the layers must be constantly monitored. Proper training must be conducted at regular intervals and information provided should be up to date and relevant.
“You are an essential ingredient in our ongoing effort to reduce Security Risk.”― Kirsten Manthorne
Cybersecurity is everyone’s responsibility. With cybercriminals becoming increasingly smarter, it is not enough to have policies in place. Relentless implementation of these policies and security guidelines is vital to protect businesses from cyber thugs. However, this is easier said than done. The intricacy of the entire process makes it a tedious effort for any organization. If you are not sure where to start, seek the help of experienced professionals who can provide the required guidance.
How to start and not stop at the end of this article piece?
I would recommend starting simply by just taking this approach, which has negligible risk, simple and yet an amazingly effective positive step towards our goal of a proactive strategy
A) Take pen -paper or manual method (start now)
Start reviewing your current security measures in place against the NIST framework guidelines and see how many checkboxes it ticks. Indeed, this causes efforts, but this will pave the way for better clarity around unknown risks.
B) Take help from technology
Work towards making it unattended, assisted by using Super-fast digital solution such that it works autonomously without losing its efficacy by engaging a solid, affordable Business and Technology solution partner. Once a solution called iCyberMate has been developed by Aurion Systems it autonomously captures threats, vulnerabilities and provides real-time intel to assist proactive mitigation of the Cyber and Information security risks.
If you are a CEO/COO/CIO/Managing Director/General Manager who is spending more time in reactive/preventive mode than future-facing, please reach out for an exploratory conversation.
Our Contact details
Pradeep Mishra (Director and Co-founder)
Ashok Mulchandani(Partner – Business Success and Strategic Transformation)
Amit Bhagat(Director – Business Strategy)
Please feel free to leave your suggestions and thoughts in the comment box below!