CYBERSECURITY STRATEGY FOR 2021 IN 5 STEPS - DEVELOP YOUR WHITE PAPER
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
WHITE PAPER DEVELOP YOUR CYBERSECURITY STRATEGY FOR 2021 IN 5 STEPS
2 Develop your Cybersecurity Strategy for 2021 in 5 Steps Synoptek
Introduction
The pace of technology development is As security incidents like the ones at Marriott
unprecedented; but these advancements bring with and Capital One become increasingly common,
them a gamut of security-related vulnerabilities strengthening cybersecurity is no longer an option
that are being exploited by hackers. Data breaches but a core business requirement that is needed to lay
at small and big corporations alike are dominating the groundwork for innovative, agile, and successful
the headlines, with reports suggesting a total of 540 enterprises. Developing a robust cybersecurity
publicly reported data breaches taking place until strategy and constantly updating it to keep up with
June 2020, affecting more than 163,551,023 users the changing business landscape is critical to fuel
worldwide. productivity, build reliable products and stronger
customer relationships, as well as drive value.
Here are some shocking cybersecurity statistics for 2020:
43% of data breaches are cloud-based 67% of data breaches resulted from
web applications credential theft, human error or social attacks
70% of breaches are caused by external Organized crime gangs account for 55%
actors of attacks
37% of credential theft breaches use stolen Human error accounts for 22% of security
or weak credentials
Ransomware is found in 27% of malware 41% of customers would stop buying from
incidents a business victim of a ransomware attack
There is a cyberattack every 39 seconds 75% of cyberattacks start with an email
21% of online users are victims of hacking 11% of online users have been victims of
data theft
72% of breaches target large firms 80% of hacking breaches involve brute
force or stolen credentials3 Develop your Cybersecurity Strategy for 2021 in 5 Steps Synoptek
With the average cost of a data breach amounting to $3.86 million, security today needs to take a more holistic
and all-encompassing approach, and needs to be tightly integrated with the underlying IT infrastructure.
In this whitepaper, we will cover:
• What cybersecurity is
• The growing importance of cybersecurity
• The benefits of having a robust strategy in place
• 5 steps for developing a cybersecurity strategy in 2021
What is Cybersecurity?
Kaspersky defines cybersecurity as, “the practice The sophistication with which cyber criminals plan
of defending computers, servers, mobile devices, attacks has grown manifold over the years: what
electronic systems, networks, and data from began as simple malware or virus attacks has now
malicious attacks”. It helps organizations protect transformed into SQL injection, DoS, botnets, and
their business from cyber-attacks and ensure normal more. Listed below are some of the common ways
business operations while making it difficult (or in which malicious actors gain control of enterprise
impossible) for hackers to access, change, exploit, or systems:
destroy sensitive information.
Malware SQL Injection Phishing DoS and DDoS
Man-in-the-middle Cross-site Scripting Social engineering Zero-day exploits4 Develop your Cybersecurity Strategy for 2021 in 5 Steps Synoptek
Malware Man-in-the-middle
The most common type of security attack, malware Man-in-the-middle attack involves hackers placing
or malicious software is when unwanted software themselves between client and server systems, while
is installed into a system – without user consent. partially or completely altering communication
By attaching to legitimate code, it propagates between them. By relaying messages between
or replicates itself to expand its reach across an the parties, such attacks make victims believe they
enterprise’s network. Common forms of malware are talking directly to each other over a private
include adware, virus, ransomware, worms, trojans connection, when in fact the complete dialog is
etc. steered by the attacker.
SQL injection Cross-site scripting
SQL injection is a code injection mechanism where Cross-site scripting attacks make use of third-
malicious SQL statements are inserted into a party resources to run scripts in a web browser
database to exploit an existing security vulnerability. or application. By injecting malicious code into
They are mostly used as attack vectors for websites a database, they cause users to execute the
but are also used to attack any type of SQL database, malicious script while logging key strokes, capturing
exposing sensitive information with the intent of screenshots, collecting network information,
modifying, updating, or deleting data. and remotely accessing and controlling attacked
machines.
Phishing
Social engineering
Phishing is the act of sending emails that appear to
be from trusted sources, with the aim of accessing The act of psychological manipulation of people,
personal information and/or influencing users to take social engineering makes users perform certain
a desired action. By combining social engineering actions or divulge sensitive information – which is
with technical deceit, it loads malware into systems usually not in their best interest. By taking advantage
while tricking users to downloading malware or of people’s emotions, these attacks trick people
handing over personal information. through baiting, phishing, email hacking, and other
means.
DoS or DDoS attacks
Zero-day exploits
Denial-of-service or distributed-denial-of-service
Zero-day exploits are software vulnerabilities that
attacks overwhelm a system’s resources to an
hackers exploit to affect computer applications, data,
extent where there can no longer respond to service
or networks. These attacks are generally carried out
requests, making it temporarily or permanently
on newly launched pieces of software, and requires
unavailable to intended users. A number of Internet-
development organizations to create patches or
connected devices called botnets inundate the
workarounds as soon as possible to fix or mitigate
targeted system or resource with surplus requests,
those vulnerabilities.
overloading the machine and preventing some or all
valid requests from being fulfilled.5 Develop your Cybersecurity Strategy for 2021 in 5 Steps Synoptek
The Growing Importance of Cybersecurity
Global cybersecurity threats are evolving at a rapid With organizations across the world collecting,
pace, with a rising number of data breaches being processing, and storing unprecedented amounts
reported each year – and several others going of IP, financial, personal, and other types of data on
unreported. Companies in financial and government computers and other devices, any unauthorized
sectors are most vulnerable to breaches as access or exposure could have several negative
cybercriminals can get access to crucial financial and consequences. Those transmitting this sensitive
customer data. In order to respond to rising cyber data across networks and devices need to have
threats with increased precision, organizations need mechanisms in place to protect the data as well as
to implement effective cybersecurity practices. IDC the systems that process or store it. Here are 6 key
predicts that worldwide spending on cybersecurity elements or components of cybersecurity that every
solutions will reach $133.7 billion by 2022. organization needs to be aware about:
Application Security Information Security Network Security
To safeguard software, To protect the integrity and To secure on-premise, cloud,
systems, devices, and privacy of data and mobile networks from
applications from threats intruders
Disaster Recovery Operational Security End Point Protection
Planning
To ensure business continuity To build processes that can To secure end-points
in the event of a cyber-attack handle and protect data including mobile devices,
assets laptops, servers, and desktop
PCs6 Develop your Cybersecurity Strategy for 2021 in 5 Steps Synoptek
Today, as the business world
People
functions via a remote model,
a successful cybersecurity • Be aware of their role in preventing and reducing cyber attacks and
approach with multiple • Understand and comply with basic security principles
layers of protection that
spread across the computers, Processes
networks, programs, or
• Have a framework in place to deal with cyber attacks
data is critical to keep
• Define activities, roles, and documentation to identify attacks,
enterprises safe. With the protect systems, detect and respond to threats, and recover from
right combination of people, successful attacks.
processes, and technology,
organizations can create an Technology
effective defense from cyber-
• Provide the right security tools needed to protect the organization’s
attacks while accelerate network, endpoints, and cloud from cyber attacks.
detection, investigation, and • Implement next-generation firewalls, DNS filtering, malware
remediation. protection, antivirus software, and email security solutions.
The Benefits of Having a Robust Strategy in Place
Traditional approaches to cybersecurity focus only on insufficient. Such methods only can only attempt
safeguarding an organization’s perimeter, with the to fix systems or carry out workarounds in a reactive
aim of protecting only crucial system components manner while requiring substantial amounts of time
and defending against known vulnerabilities. and effort in trying to contain the breach, recover
However, the widespread use of technology and from it and re-build the brand and the customer
ongoing advancements have opened up a world of base.
novel threat vectors, providing hackers with several
What organizations need is to take more proactive
opportunities to carry out attacks such as malware,
and adaptive approaches to cybersecurity, with a
phishing, social engineering, and more.
complete shift towards continuous monitoring and
Using outdated methods to protect systems in a real-time assessments as well as using a data-focused
world where threats advance and change more approach to security as opposed to the traditional
quickly than organizations can keep up with is perimeter-based model.
As the number of end-points and attack surfaces
get increasingly big, having a robust cybersecurity Implement Evaluate
strategy in place is extremely important. A strong
strategy can help organizations:
Develop Maintain7 Develop your Cybersecurity Strategy for 2021 in 5 Steps Synoptek
• Establish a set of objectives and protocols as • Ensure compliance with evolving security
well as outline duties of individuals within the requirements - no matter how rigorous those
organization to respond to a threat. requirements are.
• Align security goals with overall business goals, so • Be up to date on the latest cybersecurity threats
everything works together holistically to make the and leverage the best tactics to protect your data.
company more efficient.
• Respond to the cyber incidents with increased
• Detect and prevent possible attacks while agility, restore normal operations as quickly
constantly working towards updating and as possible, and ensure company assets and
upgrading security practices. reputation are protected.
• Ensure business functions normally without • Build (and maintain) a plan of action designed
interruption while boosting employee morale, to maximize the security and resiliency of the
customer trust, and market reputation. enterprise.
• Make users aware of their roles and
responsibilities while empowering them to adhere
to the required security policies and use the
required security tools.
5 Steps for Developing a Cybersecurity Strategy
As the average business attack surface continues to of the threat landscape as well as in knowing
grow significantly, due to the growing prevalence of where vulnerabilities lie while making necessary
cloud computing, increased use of mobile devices, IoT modifications to get to where they need to be. That
wearables, and more, organizations need to be more said, here are 5 critical steps for developing a robust
diligent than ever. Having a cybersecurity strategy in cybersecurity strategy:
place enables them to have a deeper understanding
Understand Build a
the threat cybersecurity
landscape plan
Assess what Conduct a Choose a
needs to be thorough risk qualified
protected assessment partner8 Develop your Cybersecurity Strategy for 2021 in 5 Steps Synoptek
Assess what needs to be protected the hazard cannot be eliminated. The results of the
assessment will help in curating the right actions to
The first key step in developing a robust cybersecurity
tackle risks and help in fine-tuning their response
strategy is to gain a clear understanding of the data
to cybersecurity incidents and focusing resources to
and systems that need to be protected. Since not
protect the most vulnerable assets.
every asset can be 100% protected, it is important
to understand the organization’s risk appetite and
the acceptable level of risk. Organizations must Build a cybersecurity plan
begin by reviewing existing business systems Building a robust cybersecurity plan requires
and understanding which systems would impact organizations to implement a set of security policies,
business revenue – if they become unavailable or if procedures, and prioritized actions that will help
their data is stolen. They must also identify data and them in proactively identifying looming threats and
other IT assets such as applications, devices, servers, taking the right action to mitigate the risks. Here are
and users that are critical to the business as well as some critical components of a good cybersecurity
understand systems and applications that need to be plan:
protected for compliance reasons.
a. Carry out real-time monitoring
The constantly evolving threat landscape requires
organizations to carry out real-time threat
Understand the threat landscape
monitoring, so networks and endpoints can
Once organizations have clarity on what assets constantly be monitored for risks from malware,
need to be protected, they then need to analyze identity theft, web-based attacks, and more. When
the existing threat landscape in which they operate. done right, real-time monitoring can enable
From existing market trends, competitive standing, organizations to have an understanding of data
to what products are being sold to which customers: and network usage while detecting possible
organizations must continually evaluate the threat vulnerabilities and fixing them in the quickest
landscape and be aware of malicious actors who possible time.
would benefit the most from disrupting the business.
They must also have a thorough understanding b. Enable endpoint security
of the types of threats the business needs to be As an increasing number of employees begin to use
protected against in order to have the upper hand in their personal (or corporate) mobile devices and
defending your business against these threats. home computers to carry out business operations,
enabling endpoint protection can help safeguard
Conduct a thorough risk assessment mobile devices, laptops, servers, and desktop PCs.
By bridging the security gap that exists between
As soon as organizations have a good idea of the
a company network and the devices that are used
threat landscape, they need to conduct a thorough
by the workforce, endpoint security can enable
risk assessment to identify potential risks as well
organizations to implement the required antivirus,
as their likelihood of occurring and the damage
firewalls, intrusion prevention systems and protect
they can cause. The right assessment can help in
endpoints from security breaches.
identifying hazards and their potential to cause
harm as well as in determining appropriate ways to
eliminate the hazard or control the risk – when9 Develop your Cybersecurity Strategy for 2021 in 5 Steps Synoptek
c. Use the right security tools Choose a qualified cybersecurity partner
With the threat landscape changing, regulatory Given that today’s applications and data are only as
climate becoming tough, and IT infrastructure secure as the weakest link in the IT infrastructure,
getting increasingly complexity, using the right partnering with qualified cybersecurity partner
security tools can help organizations safeguard can ensure security is deeply integrated with the
systems, networks, and devices against existing and underlying IT infrastructure. A partner can:
looming threats. Today’s modern tools are built with
• Understand existing technology landscape,
new-age capabilities and functions that can help
business process and systems and chart out an IT
in addressing security challenges enterprises face security roadmap that is tailored to unique needs.
across networks, applications, systems, end-points,
• Work with top IT security vendors to fully
cloud, and more. understand the capabilities available and tailor a
solution that is best suited for the business.
d. Ensure access control • Manage cybersecurity risks and attacks in a
prioritized, flexible, repeatable, and cost-effective
Access control mechanisms are a great way of
manner.
safeguarding the security of an enterprise by
• Perform comprehensive analysis to identify gaps,
permitting only authorized users to access systems
recommend improvements, and judiciously
or data and detecting and preventing unauthorized implement security solutions.
access. By implementing the right hardware or
• Design and configure security policies and
software features and/or operating or management procedures and implement industry best
procedures, access control helps protect data assets practices to keep the business environment safe.
through user-based or host-based mechanisms.
e. Perform regular updates
Given the pace with which security threats are
evolving, constantly revisiting the cybersecurity plan
is critical to ensure they keep up with the changes
in the environment. Regularly upgrading policies
and procedures, updating antivirus software, and
tightening access control mechanisms can ensure
security posture is constantly evolving to protect
critical infrastructure and manage cybersecurity-
related risks.10 Develop your Cybersecurity Strategy for 2021 in 5 Steps Synoptek
Conclusion
In the current business environment, the threats helps organizations strengthen enterprise security
modern enterprises face are constantly evolving, the while enabling them to keep pace with the rapidly
complexities of which have made cybersecurity a evolving threat landscape. It also helps in building a
priority. Since no organization can fully eliminate the strong security-enabled IT infrastructure, enabling
risk of security incidents, it is important to have a strong organizations to ensure protection across network,
cybersecurity strategy in place that can help safeguard servers, applications, users, and secondary devices.
the business from illegal, unlawful, and unauthorized
Partnering with a qualified cybersecurity partner is a
access.
great way to strengthen the security posture of the
A cybersecurity strategy provides the best defense organization while constantly meeting needs of the
against cyber attackers who attempt to gain business and customers and driving maximum value
access to sensitive business or customer data. It from cloud, on-premises, and hybrid systems.
About Synoptek
Synoptek is a global systems integrator and managed IT services provider, offering comprehensive IT
management and consultancy services to organizations worldwide. The company works in partnership
with clients of all sizes – from mid-market to Fortune 100, and for over two decades, its focus has been to
provide maximum business value to its clients, by enabling them to grow their businesses, manage risk
and compliance, and increase their competitive position. Synoptek is committed to delivering improved
business results and unmatched service to every client, every time.
19520 Jamboree Road #110 Irvine, CA 92612
888.796.6783
www.synoptek.com
salesinquiries@synoptek.comYou can also read
