Cybersecurity: Guide and Best Practices - Practice of Protecting Systems, Networks, and Programs from Digital Attacks - Mitiget Assurance and ...
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Cybersecurity: Guide and Best Practices
Practice of Protecting Systems, Networks, and Programs from Digital Attacks.
KEEP TOTAL VISIBILITY www.mitiget.com | info@mitiget.com
Inside-Outside 21-23 Ize Iyamu Street,
Ceflix-Scepter Centre,
Off Billings Way, Oregun Ikeja, Lagos
P. O. Box 10448, Marina, Lagos, Nigeria
+234 806 719 1062, +234 806 007 8227
2. The Focus of 3. Cybersecurity Defense 4. Why is Cybersecurity
1. What is Cybersecurity?
Cybersecurity In Depth Important?
THE CONTENT
5. Types of Cybersecurity 6. Elements of 8. Cybersecurity Best 9. Cybersecurity Tips For
Threats Cybersecurity Practices Businesses
12. Train, Educate &
10. Cybersecurity Tips For 11. Start Your
Create Cybersecurity
Individual Cybersecurity Journey
Awareness for Your Team
KEEP TOTAL VISIBILITY www.mitiget.com | info@mitiget.com
Inside-Outside 21-23 Ize Iyamu Street,
Ceflix-Scepter Centre,
Off Billings Way, Oregun Ikeja, Lagos
P. O. Box 10448, Marina, Lagos, Nigeria
+234 806 719 1062, +234 806 007 8227
What is Cybersecurity?
Practice of Protecting Systems, Networks, and Programs from Digital Attacks.
Cybersecurity is the practice of protecting computers, systems, networks, data and programs from attack, damage or unauthorized access. The objective of the
attacks could be for accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes.
Cybersecurity has been a C-Level matter in business; a national security concern in governments around the world; a sleepless concern for individuals in their
career, especially where they are accountable for mitigating cyber-risks.
The cybersecurity market is expected to grow from USD 120 billion in 2017 to USD 300 billion by 2024, according to a 2019 Global Market Insights, Inc. report.
The market is propelled by the increasing need among enterprises to minimize security risks. This rapid market growth is being fueled by an array of technology
trends, including the onslaught of initiatives with ever-evolving security requirements, like “bring your own device” (BYOD) and the internet of things (IoT); the
rapid adoption of cloud-based applications and workloads, extending security needs beyond the traditional data center; and stringent data protection mandates.
In this material you will discover a comprehensive breakdown of the most important cybersecurity terms, some best practices to secure your business' data, and
how cybersecurity builds trust with your customers.
Cybersecurity Focus The focus of cybersecurity is to protect data such as medical records, contact information, passwords, credit card numbers, bank account information, passport and driver license numbers, national identification numbers or social security numbers, family photos, and any other information with classification – non-public. Cybersecurity focus is also for the protection of critical infrastructure including security services - the police and military; transportation infrastructure - roads and ports; utility infrastructures - the power grid and telecommunication systems; and government facilities, among others. Securing these and other systemically important organizations is essential to keeping our society functioning. Personal data is incredibly valuable. Hackers know it, and businesses know it. That’s why both go to great lengths to collect it — albeit one following a much more legal and moral avenue to do so. Unfortunately, as technology and data collection practices progress, so do the methods that hackers follow to steal data. It is important for business owners to know that they have a special responsibility to protect their customers’ data and be transparent with cybersecurity practices. cybersecurity breaches are expensive, frustrating and frightening for organizations and their stakeholders – employees, customers, vendors, shareholders, and so on. Investing in cybersecurity builds trust with citizens and customers regarding data protection and privacy. It encourages transparency and reduces friction as customers become advocates for your brand.
CYBERSECURITY DEFENSE-IN-DEPTH
A successful cybersecurity In an organization, the people,
approach has multiple layers of Data processes, and technology must all
protection spread across the Protection complement one another to create
computers, networks, programs, or an effective defense from cyber
data that one intends to keep safe. attacks.
PEOPLE PROCESS TECHNOLOGY
Users must understand and comply with Organizations must have a framework Technology is essential to giving
basic data security principles like for how they deal with both organizations and individuals the
choosing strong passwords, being wary attempted and successful cyber computer security tools needed to
of attachments in email, and backing attacks. Application of standards and protect themselves from cyber
up data. Learn more about basic frameworks will make a focused attacks. Three main entities must be
cybersecurity principles in subsequent cybersecurity strategy. Some of them protected: endpoint devices like
pages. include ISO 27001, ISO 22301, NIST, computers, smart devices, and
PCI DSS, etc. routers; networks; and the cloud.
Common technology used to protect
these entities include next-generation
firewalls, DNS filtering, malware
protection, antivirus software, and
email security solutions.
USE A STRONG
PASSWORD.
Better, Use 2 Factor
Authentication.
…it is more secure!
Why is Cybersecurity Important?
A strong cybersecurity stance is a key defense against cyber-related failures and errors and malicious cyber attacks, so having the right cybersecurity measures in
place to protect your organization is vital. The cost of cyber crime is at an all-time high, and incidents can easily take months to be discovered – often by a third
party. For instance, APTs (advanced persistent threats) use continuous hacking techniques to gain access to a computer system and can remain inside for months
before the intrusion is observed. The following are the reason for effective cybersecurity practice:
Cyber attacks are becoming
The costs of data breaches are Cyber attacks are lucrative with Cyber security is a critical, board-
increasingly sophisticated with
soaring due to regulatory sanctions. financial gains being a motivation. level issue.
tactics.
TYPES OF CYBERSECURITY THREATS
As seen in the previous pages, cybersecurity focuses on protecting information and systems from cyberthreats. These cyberthreats take many forms.
Unfortunately, cyber criminals take on different ways to attack, most of which are low cost methods including automated and sophisticated attacks. As
a result, keeping pace with cybersecurity strategy and operations can be a challenge. Some of the common threats are outlined below in more detail:
1. Malware is a software designed to gain unauthorized access or to infiltrate computers and network to cause damage. Malware types are:
Ransomware is a malicious software designed to encrypt data and hold Spyware/adware can be installed on your computer without your
it hostage, forcing users to pay a ransom in order to unlock and regain knowledge when you open attachments, click malicious links or download
access to their data. In most cases, it blocks access to files or the malicious software. It then monitors your computer activity and collects
computer system until the ransom is paid. However, paying the ransom personal information.
does not guarantee that the files will be recovered or the system
restored. Furthermore, malware can be delivered via:
-
Virus is a piece of malicious code or software that is loaded onto a
Trojan is a type of malware that disguises itself as legitimate software, computer without the user’s knowledge to corrupt, erase, modify, or
such as virus removal programs, but performs malicious activity when capture data and, at times, physically damage computers. It can replicate
executed. itself and spread to other computers by attaching itself to another
computer file.
Keyloggers is a piece of code that tracks everything a person types on
their keyboard in order to capture passwords and other private Worm is similar to viruses in that they are self-replicating, but they do not
information, such as security numbers. need to attach themselves to a program. They continually look for
vulnerabilities and report any weaknesses they find to their creator.
In continuation, these are other types of cybersecurity threats:
TYPES OF CYBERSECURITY THREATS 5. Zero-day attack - A zero-day exploit can occur when a vulnerability is
2. Social engineering is a tactic that adversaries use to trick users into
revealing sensitive information. They can solicit a monetary payment made public before a patch or solution has been rolled out by the
or gain access to your confidential data. It can be combined with any developer. Using outdated (unpatched) software opens up opportunities for
of the threats listed above to make you more likely to click on links, criminal hackers to take advantage of vulnerabilities to bring entire systems
download malware, or trust a malicious source. down.
3. Phishing is the practice of sending fraudulent emails that resemble 6. DDoS (distributed denial-of-service) attack attempts to disrupt normal
emails from reputable sources in order to steal sensitive data like web traffic and take a site offline by flooding a system, server or network
credit card numbers and login information. It is the most common with more requests than it can handle.
type of cyber attack these days. You can help protect yourself through
education or a technology solution that filters malicious emails. 7. Sequel Injection (Structured Query Language - SQL) occurs when an
attacker inserts malicious code into a server that uses SQL. SQL injections
4. Advanced Persistent Threat is an attack in which an unauthorized are only successful when a security vulnerability exists in an application’s
user gains access to a system or network and remains there for an software. Successful SQL attacks will force a server to provide access to or
extended period of time without being detected. modify data.
8. MITM (man-in-the-middle) attack occurs when a hacker inserts 11. Cyberwarfare involves nation-states using information technology
TYPES OF CYBERSECURITY THREATS themselves between the communications of a client (device) and a server. to penetrate another nation’s networks to cause damage or
MITM attacks often happen when a user logs on to an insecure public Wi-Fi disruption. In the U.S. and many other nations, cyberwarfare has been
network. Attackers are able to insert themselves between a visitor’s device acknowledged as the fifth domain of warfare (following land, sea, air
and the network. The user will then unknowingly pass information through and space). Cyberwarfare attacks are primarily executed by hackers
the attacker. who are well-trained in exploiting the intricacies of computer
networks, and operate under the auspices and support of nation-
9. Vulnerabilities in web applications and networks - Cyber criminals are states. Rather than “shutting down” a target’s key networks, a
constantly identifying new vulnerabilities in systems, networks or cyberwarfare attack may intrude into networks to compromise
applications to exploit. These activities are conducted via automated valuable data, degrade communications, impair such infrastructural
attacks and can affect anyone, anywhere. services as transportation and medical services, or interrupt
commerce.
DO YOU HAVE TOTAL VISIBILITY OF YOUR ENVIRONMENT?
Who is Accessing What? When? Build A Security Operations Centre (SOC) Today.
10. Brute Force Attack (Password guessing or credential stuffing) is 12. Cyberespionage is the practice of using information technology to
continual attempts to guess usernames and passwords by using known obtain secret information without permission from its owners or
credentials from past data breaches. An attacker exploits weak passwords holders. It is most often used to gain strategic, economic, political or
or tracks a password used on different systems or accounts such as using military advantage, and is conducted using cracking techniques and
same password on a Facebook and Twitter accounts. malware.
Cyberterrorism is the disruptive use of information technology by terrorist
groups to further their ideological or political agenda. This takes the form of
attacks on networks, computer systems and telecommunication
infrastructures.
A strong cybersecurity posture hinges on a systematic approach that encompasses the following:
Application Security Network Security Operational Security Cloud Security
ELEMENTS OF CYBERSECURITY
Web application vulnerabilities Network security is the process Operations security protects Cloud Security provides
are a common point of intrusion of protecting the usability and your organization's core protection for data used in
for cyber criminals. As integrity of your network and functions by tracking critical cloud-based services and
applications play an increasingly data. This is usually achieved by information and the assets that applications.
critical role in business, conducting an enterprise interact with it to identify
organizations urgently need to network penetration test, which vulnerabilities. Solutions like
focus on web application aims to assess your network for DLP, IDS,/IPS, IAM and
security to protect their vulnerabilities and security encryption are applied to
customers, their interests and issues in servers, hosts, devices protect data in the organization.
their assets and network services.
Leadership BCP/DRP Benchmarking End-User Education
Leadership intent and BCP/DRP is the responds plan of It is essential to consider the Human error remains the
commitment are the keys to the organization to a cyber-security standards and frameworks that leading cause of data breaches.
successful implementation of incident or any other event that will aid the implementation of Your cyber security strategy is
any cybersecurity program. causes the loss of operations or an effective cybersecurity only as strong as your weakest
Without them, it is very difficult data. Disaster recovery policies program. There are many that link, so organizations need to
to establish or enforce adequate guides on how to restore full can be used in the industry. Just make sure that every employee
and effective controls. Top operations and information just find what suits you and follow knows how to spot and deal
management must also invest in as before the event. Business the process and mature your with the threats or risks they
appropriate cybersecurity continuity enables fall back program over time while may face, whether it’s not
resources, whether it’s hiring while trying to operate without proactively monitoring controls becoming a phishing victim, not
qualified people, awareness certain resources. around the asset. sharing passwords, or being
training or technology. cautious about public Wi-Fi.Cybersecurity Best Practices: How to Secure Your Data The most effective strategy to mitigating and minimizing the effects of a cyber All businesses should invest in preventative cybersecurity solutions. attack is to build a solid foundation upon which to grow your cybersecurity Implementing these systems and adopting good cybersecurity habits will defense-in-depth stack. It enables you identify gaps and propose the controls protect your network and computers from outside threats. In the subsequent to mitigate the risk of an attack. Hence, you need a mix of best practices and page, we will a list six defensive cybersecurity systems and software options defensive cybersecurity techniques. Dedicating time and resources to both is that can prevent cyber attacks — and the inevitable headache that follows. the best way to secure your data and that of your customers. Don’t be a victim Think before clicking on any link or downloading any attachment. AVOID PHISHING ATTACK!
Antivirus software is a preventative measure that monitors computers, servers Two-factor authentication (2FA) is a login process that requires a username or
and devices for bugs. It detects viruses on your computer and remove them. It pin number and access to an external device or account, such as an email
also alerts you of potentially unsafe web pages and software. address, phone number, or security software. 2FA requires users to confirm
their identity through both and, because of that, it is far more secure than
A firewall is a digital wall that keeps malicious users and software out of your single factor authentication.
computer. It uses a filter that assesses the safety and legitimacy of everything
that wants to enter your computer. Firewalls are both software and hardware- A virtual private network (VPN) creates a “tunnel” through which your data
based. travels when entering and exiting a web server. That tunnel encrypts and
protects your data so that it can’t be read (or spied on) by hackers or malicious
Single sign-on (SSO) is a centralized authentication service through which one software. While a VPN protects against spyware, it can’t prevent viruses from
login is used to access an entire platform of accounts and software. If you’ve entering your computer through seemingly legitimate channels, like phishing or
ever used your Google account to sign up or into an account, you’ve used SSO. even a fake VPN link. Because of this, VPNs should be combined with other
Enterprises and corporations use SSO to allow employees access to internal defensive cybersecurity measures in order to protect your data.
applications that contain proprietary data.
Protection Starts with Your People.
PROTECT YOUR PEOPLE ON EVERY CHANNEL.Cybersecurity Tips For Businesses
Defensive cybersecurity solutions won’t work unless you do. To ensure your business and customer data is
protected, adopt these good cybersecurity habits across your organization.
Require strong credentials: Require both your employees and users (if applicable) to create Download patches and updates regularly: Software vendors regularly release updates that
strong passwords. This can be done by implementing a character minimum as well as address and fix vulnerabilities. Keep your software safe by updating it on a consistent basis.
requiring a mix of upper and lowercase letters, numbers, and symbols. More complicated Consider configuring your software to update automatically so you never forget.
passwords are harder to guess by both individuals and bots. Also, require that passwords be
changed regularly. Make it easy for employees to escalate issues: If your employee comes across a phishing
email or compromised web page, you want to know immediately. Set up a system for
Control and monitor employee activity: Within your business, only give access to critical data receiving these issues from employees by dedicating an inbox to these notifications or
to authorized employees who need it for their job. Prohibit sharing data from outside the creating an incident reporting form that people can fill out and forward. Simplify this process
organization. Restrict download of materials and software from external sources. Encourage as much as possible. Give incentive for prompt incident reporting practice by employees.
employees to lock their computers and accounts whenever not in use.
Train and educate your people periodically: Understanding cybersecurity trends and threats
Know your network: These days, Internet of Things (IoT) devices are showing up in is vital and relevant implementation measure that will mitigate cyber threats effectively.
workplaces through the employees. Some of these devices are unsecured and run vulnerable There is need give adequate support and provision for cybersecurity training and education in
software that can be exploited by hackers and provide a direct pathway into an internal order to ensure that staff know what is expected of them and have the necessary skills to
network. You need have control of such devices while they are in your environment, if they follow through. Periodically commit to strengthening your cybersecurity workforce through
must access your network resources. You also need to put in place Bring Your Own Device standardizing roles and helping to ensure you have well-trained cybersecurity workers today
(BYOD) policy for proper governance. as well as a strong pipeline of future cybersecurity leaders of tomorrow.Cybersecurity Tips For Individuals
Cyber threats can affect you as an individual consumer and internet user, too. Adopt these good habits to protect
your personal data and avoid cyber attacks.
Mix up your passwords: Using the same password for all your important accounts is the Be intentional online: Keep an eye out for phishing emails or illegitimate downloads. If a link
digital equivalent of leaving a spare key under your front doormat. A recent study found that or website looks fishy, it probably is. Look for bad spelling and grammar, suspicious URLs, and
over 80% of data breaches were a result of weak or stolen passwords. Even if a business or mismatched email addresses. Lastly, download antivirus and security software to alert you of
software account doesn’t require a strong password, always choose one that has a mix of potential and known malware sources.
letters, numbers, and symbols and change it regularly. Use biometric systems where available
on the device in use. Back up your data regularly: This habit is good for businesses and individuals to master
because data can be compromised for both parties. Consider backups on both cloud and
Monitor your bank accounts and credit frequently: Review your statements, credit reports, physical locations, such as a hard drive or thumb drive.
and other critical data on a regular basis and report any suspicious activity. Additionally, only
release your Social Security Number, National Identification Number, Bank Verification
Number, when absolutely necessary.
DON’T BE THE WEAK LINK IN THE CHAIN
Be A Cybersecurity Ambassador.Mitiget has a wealth of experience in the cybersecurity and risk management field. We have been carrying out cybersecurity projects
for many organization - private and public - in many industries for several years. All of our security analysts and consultants are
qualified, experienced practitioners. Our services can be tailored for organizations of all sizes in any industry and location. Browse
our wide range of products and services on our website (https://www.mitiget.com) to kick-start your cybersecurity project.
Start Your Journey To Being Cyber
Secure Todaywith specialized training courses + certifications in collaboration with our partners Train, Educate & Create Cybersecurity Awareness for Your Team
GET AHEAD & STAY AHEAD IN YOUR CAREER
Security Awareness &
Microsoft PECB ISACA & ISC2 EC-Council
Education
MS Excel – Advanced Governance, Risk &
Course Compliance ISC2 - CISSP
C|CISO We deliver
InfoSec Management performance-based
MS PowerPoint – security awareness
ISACA - CISA and education to help
Advanced Course
IT Security build security culture/
consciousness in your
CEH people.
MS Word – Advanced Continuity, Resilience & ISACA - CISM
Course RecoverySecurity Solutions: Industrial There are a number of weak links that
expose businesses to risks. Do you truly
know your weakest link? Is it your people,
Security, Info-Sec & Cybersecurity process, technology or facility?
Cybersecurity Solutions Physical Security Solutions Safety Solutions
Nowadays, desired information is available at one’s fingertips and accessible from anywhere at any As part of our safety and fire security solutions, we supply, install
time. As a result, data privacy and protection stand at great risk. Next-gen cybersecurity encompassing and support safety technologies for mitigating workplace risks.
a holistic approach—right from detection to protection, prevention and remediation—is most needed Such equipment includes safety glasses, hearing protection,
by individuals and organizations. Mitiget helps to strengthen Cybersecurity capabilities by enabling respirators and face masks, face shield, search lights, fall arresters,
effective identification of potential cybersecurity threats, incidents, and facilitating preventive action personal protective equipment, protective hood, etc.
right in time.
We also supply the fire
Our security professionals always provide clarity around security strategies and policies for the safety equipment that
protection of asset and environment. Our Services include: CCTV Access Control CCTV Control Room caters to the needs of
your company or
facility. With the right
products available and
Security Governance and emergency plan in
Security Assessment Security Infrastructure
Capacity Building place, you can put
safety first and protect
your employees and
• Penetration Testing • Security Technology • Compliance:
company as a whole.
• Vulnerability Scanning Sourcing and Deployment Implementation of ISO
• Network Reviews including • Security Operations Centre 27001, ISO 22301, PCI DSS,
architecture, firewall, (SOC) Setup GDPR, NDPR, etc. Turnstiles Electric Fences Barriers
mobile and wireless. • SOC Management • Design and customization
• Application Assessment • Endpoint Security of Security Policies and
including code review, Deployment and Procedures. At Mitiget, we provide cost-effective turnkey physical and environmental security
database assessment, Management including • Design and including access control systems and technologies for perimeter surveillance and
projects. antivirus, antimalware, etc. Implementation of asset protection. These solutions meet requirements of businesses of all sizes, or
• Phishing Assessment • Secure Network Design Incident Response Strategy homes. We also supply and install suitable and diverse hidden cameras. Here are
• Social Engineering and Implementation • Data Protection and some:
• Server room Audit • Supply, Installation and Privacy
• Service Build Audit Support of IT Hardware • Security Training and
with Hardening Awareness
We address needs at the strategic security program level, tactical project level and all levels in between.
We help Mitiget helps organizations stay ahead of current threats and make the right technology Reach out to us today to discuss your needs
investments to support security program. We provide services designed to further equip you to plan, www.mitiget.com | info@mitiget.com
build and run an effective security program. +234 909 552 2003, +234 806 719 1062, +234 806 007 8227Information Technology (IT) Mitiget offers professional IT services and
resources at competitive rates.
Solutions & Managed Services
We supply IT, we install IT & we support IT
We strive to balance leading-edge technology innovation with highly skilled
resources to deliver cost-effective, reliable, and adaptive IT solutions that meet or
exceed customers’ needs. Being the #1 Business Continuity Solution Provider in
Nigeria, Mitiget operates a state-of-the-art Data Centre facility at Lagos Mainland
more than 25 km from Lagos Island with our partner, Ceflix-Scepter. In the data
center, we offers:
Contact Mitiget
• Co-location, Disaster Recovery & Backup Solutions;
To Do It Right
• Business Continuity Plan (BCP) Site Solutions;
• Application Hosting and Managed Security;
• Professional Data Centre Cleaning expertise.
Our Other IT Services
IT GOVERNANCE SET-UP SMART WORK AREA SERVER ROOM SERVICES HOME SECURITY SYSTEMS SOFTWARE SOLUTIONS IT PROJECT HANDLING
Design and Implementation of IT Design, Supply, Implementation & Data Centre Cabling & Home Automations, Design & Software Development, Code IT Project Management, IT
Strategy, Policies, SOPs, Support of Network Computers Management, Raised Floor Design Installation of Surveillance Systems Review, Licensed Product Equipment Decommissioning &
Segregation of Duties, Oversight and Servers, System Integrations, & Implementation, Power Audit, e.g. CCTV, Access Control Systems; Deployment e.g. Microsoft Products Evacuation, Patch Management,
Processes & Compliance IT Skill Outsourcing… Data Centre Professional Security Barriers e.g. Electric – Office 365, Cloud Email, IT Consulting, …
Frameworks. Cleaning… Fences… SharePoint Dev., etc.
Reach out to us today to discuss your needs
www.mitiget.com | info@mitiget.com
#1 Business Continuity Solution Provider in Nigeria – Take A Tour of Our Data Centre Today! +234 909 552 2003, +234 806 719 1062, +234 806 007 8227You can also read
