For many years, “information security” or “InfoSec” comprised a collection of controls and countermeasures aimed at protecting an organization’s information. Today, the term has evolved into “cybersecurity,” which refers to the updating of traditional information security in order to address the digital information environment today.
Today, information systems are often located “in the cloud” and exposed to cyberspace, with all the good and bad things that exposure brings. Cybersecurity takes the pillars of InfoSec and expands them to defend digital assets against attackers that run the gamut from lone hackers to cybercriminal gangs, botnets, nation state actors and insiders. Malicious actors are hyper-aggressive, relentlessly probing cyber defenses for weaknesses they can exploit to steal information or defraud their targets. Attack techniques have grown extremely sophisticated in parallel. Cybersecurity is about achieving a strong security posture in this challenging and threatening environment.
Get the cybersecurity white paper: There’s Help for CISOs Overwhelmed By Security Threats
Cybersecurity is important because businesses and public sector organizations rely on technology and digital information to function. When their technology is disrupted and critical information is stolen, they can’t operate and deliver on their missions, whether they involve making money or serving the public. Also, as data grows increasingly important in business and life in general, a data breach or cyberattack that damages data has serious consequences. Data breaches damage brands while also causing legal liability, financial losses and regulatory problems. Cybersecurity aims to prevent these negative outcomes, so it’s an important area of focus for most organizations.
Cybersecurity works in different ways depending on the size of an organization. The larger the organization, and the more sensitive it is to cyber issues, the more complex and extensive its cybersecurity efforts will be. Some organizations will rely on a standard industry framework, such as those published by the National Institute of Standard (NIST) to establish how they perform cybersecurity.
However, the simplest and most sophisticated cybersecurity programs share certain common elements in the core areas of information security, cloud security, network security, and endpoint security. Efforts typically include a mix of technologies, analytics, processes, and people to address:
More advanced cybersecurity programs include security monitoring processes or threat detection and response. In some cases, the security team will engage in proactive “threat hunting,” where it goes looking for threats inside their infrastructure—rather than simply reacting to security logs and alerts.
Disaster Recovery (DR) and business continuity may also be part of a cybersecurity program. It can also be a standalone entity in an organization, but it’s a good practice to have these two areas closely connected.
Compliance is another related workload. Indeed, a lot of compliance measures are actually security controls, e.g., ensuring compliance with data privacy laws by establishing an auditable data access control process.
Cybersecurity works when all of these various elements function well together. This is a matter of people, organization, and tools. In a large organization, each subsection of security, like email security, is its own department or team. Each team, in turn, usually has its own security toolset. The SOC typically ties it all together, with reporting and monitoring of each subsection as well as coordinated alert management and incident response system.
Finding people with the right skills to do all this work can be a major challenge. Experienced cybersecurity analysts are hard to find. Because these talents are in such high demand, they may be expensive to employ and not easy to retain. Compounding this problem is the tendency for security work to burn employees out. For example, complying with the NIST framework requires 24/7/365 detection and response from a SOC. If people have to deal with too many false positive alerts, for instance, that can cause stress and low morale, leading to premature resignations that start the recruiting cycle all over again.
Also, existing security policies may not work well in the cloud. For example, in the data center, a system admin may need permission to install a server, according to a company’s security policy. However, even if that same admin is required (by policy) to get permission to install a cloud-based server, the policy may be impossible to enforce. He or she might just deploy the server and not tell anyone. This happens a lot more than people might think. Then, there’s a data asset in the public cloud that no one in the corporate IT department knows about except the person in the marketing department who set it up on their own. This very risky scenario results in “shadow IT” that can increase the attack surfaces that criminals and other bad actors can potentially exploit to gain access to a company’s network.
Learn more about Shadow IT and getting the visibility you need.
It’s not an either/or decision—you probably need both. If you are using cloud computing, cloud assets, or cloud applications, you need some form of cloud security. And today, most companies are leveraging the cloud more and more. Cloud security may be part of your overall cybersecurity program or it could be a standalone group. However, it is imperative to define and apply strong security policies and controls to the cloud.
Masergy helps clients with cybersecurity by functioning as a Managed Security Service Provider (MSSP). For some clients, this outsourced approach to security offers many advantages. It removes some of the pressure organizations experience with staffing for security roles. Indeed, an MSSP can instantly provide a working portfolio of security technologies and analytics, along with the people to operate them—monitoring the security logs and alerts generated and also taking action in response. In comparison, it might take months to deploy solutions and recruit the staff to run them in-house.
Masergy provides technologies, analytics, and SOC services all working together. This includes the use of behavior analytics and machine learning for threat detection and system monitoring—what we call our Security Analytics Engine, which prioritizes alerts and keeps the SOC running efficiently. The result is a comprehensive threat detection and incident response that can be purchased alone or bundled with any of Masergy’s solutions; whether it’s SD-WAN, SASE, Unified Communications or Contact Center.
Our offerings include:
With AI, how much of security can be automated today? It’s time to unpack advances in cybersecurity technologies.
Online security threats are constantly evolving. What should you worry about now? Here’s the latest line up of cybersecurity threats and how to stay ahead.
As WFH companies perform much-needed security audits today, here are the biggest concerns they face and a list of do’s and don’ts for addressing them.