Chapter 9: Common Cybersecurity
Countermeasures
It is difficult to find a business or an
individual who doesn't use computers and the internet in some way
or another. Therefore, any individual or company can become a
victim of a cyber-attack. Even larger organizations such as
government institutions, law firms, banks, non-profits, and even
tech companies have been breached in the past.
Cyber-attacks can come in many ways,
including hacking, ransomware, insider threats, malware, and more.
Therefore, an individual or a business must understand the type of
threats they may be vulnerable to before adopting cybersecurity
measures. Forward-thinking businesses are investing in
cybersecurity in a bid to reduce and eliminate risks of
cyber-attacks. However, many individuals and businesses, especially
smaller businesses and start-ups, do not consider cybersecurity as
a high priority.
Although many are slowly focusing on protecting themselves and
their companies from cyber-attacks, it is important to note the
fact that the progress has been slow. In this chapter, we discuss
common cybersecurity measures that many individuals and businesses
adopt to protect themselves, their data, computers, and networks
from cyber-attacks.
Biometric Security
This method verifies the identities of users
before providing access to computers and networks. It has become
highly popular due to its accuracy and difficulty in breaching.
Biometric Security provides fast authentication, accurate employee
monitoring, and safe access management
with the use of fingerprint scans, voice recognition, palm, and
behavioral biometrics, facial recognition, and gait analysis. These
methods are difficult to breach since they take unique physical
features of users when authenticating.
The use of biometrics for cybersecurity has
proven to be much safer than conventional verification methods such
as username/password combinations and two-factor authentication.
Furthermore, it must be highlighted that authentication isn't the
only purpose and use of biometrics. The use of biometrics offers a
range of tools that allow individuals and organizations to quickly
identify any suspicious behaviors as well as any compromised user
accounts.
Every user has unique and distinctive
behaviors when it comes to the way they interact with computers.
Behavioral biometrics analyze such behaviors to detect any
abnormalities and warn those in charge of cybersecurity if abnormal
behavior is detected. It allows organizations to take quick action
against breaches.
Keystroke dynamics is one behavioral biometric. It analyzes
and monitors the typing speed and unique mistakes that individuals
make when they type. Mouse dynamics, on the other hand, takes
factors such as time between clicks, speed of clicks, rhythm, and
the way the cursor is moved around into consideration. Eye movement
biometrics track distinctive movement patterns of the eyes using
various tracking devices to ensure that the users that are granted
access to computer systems and networks are who they are claiming
to be.
Formation of Hierarchical
Cybersecurity Policies
Documented policies are essential for any
business that uses computers and the internet irrespective of its
size. A written policy ensures that all the employees, including
those who are tasked with ensuring the
company's cybersecurity, are on the same page. Well- documented
policies also make it easier for business leaders and management to
enforce cybersecurity practices and maintain them.
It is important to consider the workflows of
different departments when putting a cybersecurity policy in place.
Certain security measures may disrupt workflows of some
departments. Therefore, a centralized cybersecurity policy should
act as a basic guideline for the entire organization without
covering each and every process in each department.
Hierarchical cybersecurity would be more
effective and beneficial if it allows different departments to
create their own policies while considering their workflows.
However, the policy of a particular department should not deviate
too much from the company's general cybersecurity policy.
The creation and implementation of hierarchical cybersecurity
policies offer numerous benefits to a company. Such a policy
considers the specific needs of different departments while
ensuring that their workflows are not affected in the name of
cybersecurity.
Backing-Up Data
One of the most effective and simplest ways
to protect oneself or an organization from the threat of ransomware
is by regularly backing-up data. Doing so would ensure that almost
all important data will be accessible even in the event of a
successful ransomware attack. The individual or company may not
need to pay the ransom demanded by the attackers. Furthermore, no
time will be lost due to the attack.
Back-ups must be well-protected encryption. Furthermore, they
need to be frequently updated to be effective in the event of a
ransomware attack. In the case of companies, the duties of creating
back-ups are divided among employees to
ensure that they do not burden a single employee.
Employing a Risk-Based
Approach
Every individual, company and industry has
unique vulnerabilities to cyber-attacks. Therefore, an individual
or company must adopt cybersecurity measures upon assessing their
risks and vulnerabilities depending on the type of data that they
possess as well as other factors determined by the industry that
the entity belongs to.
Proper risk assessment helps individuals and
companies identify specific cyber-threats that can cause damages to
their data, computers, networks, and businesses. Furthermore,
adopting cybersecurity measures upon the assessment of risks
enables individuals and companies to avoid devastating impacts of
cyber-attacks such as fines for failing to comply with industry
regulations, costs related to breaches, and losses caused by
inefficient or absent processes.
Individuals and companies must identify
their weak points when it comes to cybersecurity. Doing so allows
them to adjust to various cybersecurity demands while ensuring that
the likelihood of them becoming victims of cyber-attacks remains
low. A thorough risk assessment must take technological aspects of
cyber-threats into careful consideration.
Cybersecurity measures can then be adopted to ensure that the
individual or the organization is immune against various threats,
including technologically complex ones.
The Use of Multi-Factor
Authentication (MFA)
Multi-Factor Authentication is one of the
best cybersecurity practices that ensure
only authorized personnel is granted access to computer systems and
networks belonging to various organizations. MFA adds an extra
layer of protection that leaves cyber-criminals with limited
options.
Various cyber-attacks have the means to acquire user
credentials. However, MFA ensures that the user account is not
compromised even if the attacker possesses user credentials such as
usernames and passwords. MFA utilizes various factors for verifying
the authenticity of users, including mobile phone numbers,
fingerprints, voice, and security tokens provided to
employees.
Management of IoT Security
The Internet of Things (IoT) industry is
growing rapidly. Many predict that the market for IoT will reach
$520 billion by 2021. However, just as with many other technologies
that rely on the internet, IoT is also prone to cyber-attacks.
Devices such as office equipment, central heating systems, door
locks and doorbells, and security cameras belong to IoT.
These IoT devices offer cyber-criminals
access points since they are connected to the networks of
individuals and businesses that they are owned by. A successful
cyber-attack on an IoT device such as a security camera allows
attackers to view what is going on in a business or someone's
home.
IoT devices must undergo penetration testing
to understand the risks to implement cybersecurity measures for IoT
devices. Providing end-to-end encryption and proper authentication
of connections are some of the best cybersecurity measures in
IoT.
Furthermore, hard-coded credentials must never be used as well
as common or obvious passwords. It is also important that routers
are up-to-date and secure with firewalls
enabled. Many experts also recommend that individuals and
businesses that use IoT devices create scalable frameworks to
manage the deployment of IoT devices.
Secure Handling of
Passwords
Any individual or employee needs to manage
their passwords carefully, given the probability of them falling
victim to a cyber-attack in the modern world. Cyber-attacks target
users in a bid to unearth the user credentials that will give them
easy and discreet access to computer systems and networks. The
risks of being targeted by such a cyber-attack are higher for
individuals with privileged accounts as they offer more access and
power to cyber-criminals once breached.
Proper management of passwords can be
achieved by the use of privileged access management (PAM) solutions
or specialized tools such as password vaults. These tools not only
prevent any unauthorized party from entering computer networks of
businesses but also make password management more streamlined for
employees.
An organization must have certain standards
and requirements when it comes to creating passwords for their
employees. It is also advisable that similar practices are followed
for personal computers and devices connected to the
internet.
One such requirement is to ensure that one
password is only used for one account. The use of memorable phrases
is also advised instead of using random characters. Users are also
recommended to use mnemonics or similar tactics to remember their
passwords.
Experts also recommend that companies make their employees
change passwords after a certain period.
The longer a password is used, the more time an attack has to steal
that password or access computer systems without being detected
using that password. Frequent changing of passwords makes them
difficult to crack while reducing the risk of breaches.
The Principle of Least
Privilege
An organization practices must caution when
granting privileges to their employees. Many experts recommend that
companies do not grant users any unnecessary privileges. Some
companies may grant vital privileges to new employees, increasing
the chances of inside threats. However, the principle of least
privileges recommends companies not to do so.
The principle of least privilege dictates
that an account is granted the fewest possible privileges at the
time of its creation. Any additional privileges that are deemed
necessary can be allowed later. Furthermore, the principle also
focuses on revoking vital privileges once they are deemed
unnecessary for a particular user.
Numerous organizations fail to constantly manage privileges
since it consumes time, especially for larger companies. However,
such difficulties can be easily avoided by the use of access
management software. The principle of least privilege is a security
model that is based on zero trust. As a result, implementing it can
significantly reduce risks of insider threats by avoiding placing
unwarranted levels of trust on employees.
Monitoring Privileged
Users
Any organization highly values privileged
user accounts due to the high levels of access and control they
provide those users. When it comes to cybersecurity, they can be
considered enormous threats to the
security of data and operations of that organization for the same
reasons. A privileged user account is usually equipped with all the
access and powers to steal data and sabotage operations of a
company discreetly.
An organization can undergo devastating
consequences if a cyber-attack or an inside threat manages to gain
access to a privileged account. Therefore, it is of paramount
importance for any organization to minimize risks associated with
privileged user accounts.
One of the best ways to minimize risks
associated with such accounts is to implement the principle of
least privilege. Under the principle, privileges are only granted
when it is absolutely necessary. Furthermore, any unnecessary
privileges are revoked soon after they are deemed unnecessary.
Experts also recommend that organizations disable/remove privileged
accounts as soon as an employee who owns such an account is
terminated or resigns.
A lot can go wrong with privileged accounts, even with such
cybersecurity measures in place. Therefore, it is a must for any
organization to monitor actions taken by privileged accounts within
their network actively. Monitoring allows organizations to respond
quickly to any breaches or attempts at sabotage.
Monitoring Third-Party
Access
It is common for organizations to have users
accessing their computer systems and networks from remote locations
due to numerous reasons. Employees, business partners,
subcontractors, vendors, and suppliers are types of individuals who
may remotely access a company's computer networks. Although
third-party access enables a company's operations to run smoothly
irrespective of the users' locations, it also puts the company
under immense risk of
cyber-attacks.
Third-party access paves the way for
numerous cyber-attacks, including malware and ransomware to breach
an organization's computer systems and networks. However,
restricting or terminating third-party access may not be practical
for many businesses, especially larger ones.
One of the best ways to reduce risks associated with
third-party access is by monitoring the actions of users who
connect to networks remotely. A company can limit the scope of
third-party users by identifying who exactly connects to the
network and their purpose of connecting remotely. Furthermore, it
is highly recommended that any credentials provided for third-party
access are used only once, with one-time passwords being a prime
example.
Raising Awareness of
Phishing
An individual can unintentionally put their
personal computer or the computers and networks belonging to their
employer at the risk of a breach with their actions. Phishing is a
technique that uses emails, various links, and phone calls to
misguide individuals to submit sensitive information, including
user credentials. The methods and techniques used by phishing
attacks have become more advanced and increasingly deceitful,
posing an enormous threat to the cybersecurity of individuals and
organizations.
However, phishing attempts can be countered with simple
precautionary measures. The use of spam filters ensures that any
spam is blocked, and media and links attached to such emails are
warned against. One of the best ways an individual or a company can
protect themselves against phishing is through awareness and
education. Although highly deceitful and realistic, most phishing
attempts can be identified by users. Raising awareness and
providing education to users can help
them identify such attempts and refrain from submitting information
to attackers.
Raising Cybersecurity
Awareness
Any individual or organization can benefit
from raising awareness regarding cybersecurity. The majority of
successful cyber-breaches are aided by the actions or errors of
individuals and employees. Therefore, raising awareness can reduce
the chances of user actions putting computer systems and networks
at risk of breaches.
It is safe to say that many individuals lack
knowledge regarding cyber-threats. The evolving nature of
cyber-attacks also makes it difficult for individuals to keep up.
Improving cybersecurity knowledge and becoming up-to-date can help
individuals secure themselves from cyber-attacks. When it comes to
organizations, they must provide training and education to their
employees so that they are updated and informed regarding the
cyber-threats that exist.