Businesses don’t often compare themselves to nations, but they have at least one important thing in common – the need to handle threats across multiple spheres or environments.
Nations must be on constant alert to security threats from land, air, sea, space and – increasingly – cyberspace. Depending on the complexity of your cyber infrastructure, your business may need to protect itself with up to five forms of cybersecurity, namely operational security, cloud security, application security, IoT security and network security.
National defense wasn’t always this complicated; until recent times, governments never really had to worry about defending space or cyberspace. Likewise, cybersecurity used to be simpler. But as businesses have added increasingly complex forms of hardware, software, and systems, new threats have emerged – increasing the vulnerability of businesses to various forms of cybercrime.
Read on for our guide to the five types of cybersecurity your organization needs to handle all types of cyberattacks.
In recent months, ransomware attacks targeting critical infrastructure have demonstrated the rising threats to operational technology (OT) assets and control systems, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) noted in a June 2021 communique.
Operational technology consists of hardware and software that monitors, manages and controls physical assets of the sort used in manufacturing, power generation, transport and other industrial processes. In the past, operational cybersecurity was not required because OT systems were not connected to the internet. But the increasing connectivity of OT assets to IT infrastructure has opened up new vulnerabilities for cybercriminals to exploit.
CISA recommends that owners and operators of OT assets implement a number of measures, including:
- Identifying critical processes that must continue uninterrupted in order to provide essential services;
- Develop and regularly test workarounds or manual controls to ensure that critical processes—and the industrial control system networks supporting them—can be isolated and continue operating without access to IT networks, if needed;
- Implement robust network segmentation between IT and OT networks; and
- Ensure backup procedures are implemented and regularly tested and that backups are isolated from network connections.
As CISA notes, these steps will help organizations improve functional resilience by reducing their vulnerability to ransomware and reducing the risk of severe business degradation if affected by ransomware.
From a technology once used almost solely for backup storage, cloud computing has transformed how organizations use and share data. Predictably, increasing usage of cloud services like Amazon Web Services, Microsoft Azure, Google Docs and Microsoft 365 has led to increasing attempts from cybercriminals to attack the cloud. According to the 2020 Trustwave Global Security Report, attacks on cloud-hosted software-as-a-service (SaaS) environments accounted for 20% of data breaches it investigated in 2020, up from 9% in 2019.
Foreign Policy magazine observed recently that cloud services have been at the center of some of the most serious cyber-attacks of the past few years – such as the 2019 attack on Capital One Financial Corporation. In that incident, an Amazon Web Services cloud vulnerability, compounded by Capital One’s struggle to properly configure a complex cloud service, led to the disclosure of tens of millions of customer records, including credit card applications, Social Security numbers, and bank account information.
As we have discussed best practices for cloud incident response before, incident response should be part of your organization’s cloud-migration strategy and planning from the outset, in order to avoid a reactive path involving delayed resolutions, financial loss and potential damage to brand equity. When investigating an incident, operational log files provided by the cloud service provider can help your organization identify the IP address of the attacker, the attack timeline and which systems were targeted. Lastly, with the goal of accelerating cloud incident response, we recommend maintaining a dedicated incident response environment in the cloud.
Application vulnerability refers to flaws or weaknesses in an application that can be exploited by a cybercriminal, potentially leading to a data breach.
The Open Web Application Security Project (OWASP), a nonprofit foundation dedicated to the improvement of application security, lists the top 10 application vulnerabilities as:
- Broken access control – enables users to act outside of their intended permissions.
- Cryptographic failures – includes lack of proper encryption for sensitive data.
- Injection – includes SQL injection (SQLi), cross-site scripting (XSS), code injections, and other tactics used by cybercriminals to retrieve or delete data.
- Insecure design – a broad category representing different design flaws in software.
- Security misconfiguration – another broad category representing vulnerabilities such as improperly configured permissions, inclusion of unnecessary features (e.g. unnecessary pages, accounts or privileges) and default accounts and their passwords still being enabled and unchanged.
- Vulnerable and outdated components – includes having unsupported or out-of-date software, not scanning for vulnerabilities regularly, and not fixing or upgrading the underlying platform, frameworks and dependencies in a timely fashion.
- Identification and authentication failures – includes permitting default, weak or well-known passwords (such as ‘Password1’ or ‘admin/admin’), using weak or ineffective login-recovery processes, and lacking effective multi-factor authentication.
- Software and data integrity failures – relates to code and infrastructure that doesn’t protect against integrity violations, e.g. an application that relies on plugins, libraries, or modules from untrusted sources, repositories, and content delivery networks.
- Security logging and monitoring failures – includes failure to log auditable events such as logins, failed logins, and high-value transactions, not monitoring logs of applications and APIs for suspicious activity, and only storing logs locally.
- Server-side request forgery – occurs whenever a web application is fetching a remote resource without validating the user-supplied URL. This allows an attacker to coerce the application to send a crafted request to an unexpected destination, even when protected by a firewall, VPN, or another type of network access control list.
We hinted at some of the solutions to application vulnerability above, such as multi-factor login authentication. Other common methods of application security are antivirus programs, firewalls, and encryption.
The Internet of Things (IoT) refers to all ‘smart’ devices connecting wirelessly to your network, such as webcams, sensors, routers and smart security systems. Not surprisingly, the Internet of Things presents a serious vulnerability to users – including the 63% of enterprises (according to Check Point Software Technologies) that use IoT devices.
Kaspersky, one of the world’s largest cybersecurity and antivirus software providers, detected 1.5 billion attacks on smart devices in the first half of 2021, more than double the 639 million attacks it detected in the previous half year. The attacks weren’t restricted to personal devices either. With millions of people working from home, cybercriminals have taken to targeting businesses via home networks and smart devices used by employees.
Like OT and IT security, good IoT security begins by identifying IoT security risks, carrying out continual threat detection and risk analysis, and preparing an incident response plan to quickly secure IoT devices.
A network attack is an attempt to gain unauthorized access to an organization’s network in order to perform some sort of malicious activity. There are two types of network attacks: passive and active. In passive attacks, criminals gain access to a network in order to monitor or steal sensitive data. In active attacks, criminals gain access to a network in order to modify, delete, encrypt or otherwise damage data.
Good network security begins with strong login authentication, such as two-factor authentication and regular changing of passwords, and implementation of antivirus software, firewalls, and encryption.
The growth of web and networking technologies has been an overwhelmingly positive development for businesses. After all, imagine where your business would be without cloud-based services, smart devices or the Internet for that matter! However, with these positives come some negatives – namely, the risk of falling victim to a cyber-attack. Therefore, we urge you: when planning your organization’s cybersecurity posture, please take into consideration all the different cyber infrastructure environments in which you operate.