Think football. The hackers are the other team. The one wanting your data or to do damage to you. They have different plays they run such as: denial of service (DDos) attacks, phishing / spear phishing, malware, social engineering, software / hardware flaws and/or insider threat.
You or your team (the home team, the good guys) need to stop the offensive or the bad guys win. These are the things that can be done to prevent a cyber security breach. They include: training/education, policies, law enforcement agreements, information sharing, threat intelligence, hardware/software, current patches and techniques to improve security, encrypted data and hard drives and phones, and counter intelligence. Many of these will be covered in future posts. The reason defense is so hard is that the bad guys need to find a single opening while you have to defend hundreds or thousands of points in your network.
After an successful attack (post game), these are the things that must be addressed: forensics, legal, insurance (hopefully purchased before the attack), damage assessment, and target cleanup/validation. In addition, one must examine policies and defenses to figure out what went wrong and how to do a better job next time.
Computer/data security is broadly divided into physical security and logical security. Physical security (sometimes referred to as just ‘security’) includes building and personnel security. Logical security is focused on the data, both in storage and in transit on the network, sometimes called cyber security. Cyber comes from the word cybernetics which means the science of communications and automatic control systems. The military uses ‘cyber’ to refer to computers or computer networking.
The perception is that cyber security is a relatively new field or one receiving added emphasis of late, due to media attention to hacking. In reality, cyber security has existed for years. However, it previously received minimal funding and attention due to costs of cyber defense. It also lacks visibility as you don’t see attacks that were deflected, nor do organizations want you to be aware of how many times they were attacked.
There are several sub-areas of cyber security, but not all experts classify cyber security the same way. There is not, as of yet, an agreed upon division or taxonomy of the subject. But, relax, this blog does NOT cover all these sub-areas and their sub-areas in detail, just enough highlights to make you an informed consumer, employee, or manager.
Cyber security tends to employ military terms like: defense in depth, target, attack, offensive, and defensive. Tomorrow I will introduce you to a glossary of terms.
The decision of a hacker (or the hacker’s sponsor) to mount an attack is based on the perceived reward versus the risk, in other words, their ability to obtain data without negative consequence. Likewise, a defensive investment in cyber security is also about the value of the data versus the perceived risk of it being stolen, changed, or destroyed. As an example of low cost security, I used to have a great guard dog that was part wolf and very ferocious. That problem was that my wife wanted the dog to accompany us on trips. While we were out of town, to create the illusion of high risk, I would leave a two inch chewed-through bone on the front porch while I was gone. It never failed to work.