He11o, Cybersecurity: getting our heads around the issues In my previous communication, we looked at what cybersecurity entails, and shared examples of recent cyber-attacks. Today we will examine threat vectors, cybersecurity elements and challenges. I hope this content will assist you in understanding this very serious issue, which is likely to affect at least some of your clients in the not-too-distant future, if it hasn’t already. Threat vectors A threat vector is a path or means a hacker uses to gain access to a computer or network server and exploit system vulnerabilities, including human operators. Popular attack vectors include: · USB sticks and other portable storage devices · Unsupported browser extensions · Infected websites · Malvertisements · Online quizzes and personality tests Elements of cybersecurity It can be a challenge in cybersecurity to keep up with the changing security risks. The traditional approach has been to focus resources on crucial system components. Today, ensuring cybersecurity requires the co-ordination of efforts throughout an information system, including: · Application security: minimise the likelihood that apps will be compromised to access, steal, modify or delete sensitive data · Information security (infosec): protect information assets, regardless of its formatting or whether it is in transit, being processed or in storage · Network security: detect, prevent and respond to threats through the use of security policies, software tools and IT services · Business Continuity planning/Disaster Recovery planning: maintain or quickly resume mission-critical functions · Operational security: classify information assets, and determine the controls to protect them · End-user education: provide directives on what employees must do – or avoid – to protect corporate assets Cybersecurity challenges Cybersecurity is continually challenged by hackers, data loss, privacy, risk management and changing cybersecurity strategies – and there’s no indication that cyber-attacks will decrease. With more kinds of entry points for attacks, more strategies for securing digital assets are needed. One of the biggest challenges is the continually evolving nature of security risks. Keeping up with these continual changes and advances in attacks and ways to protect against them can be challenging to organisations, especially smaller ones. Additionally, with more data being collected than ever before, the theft of personally identifiable information (PII) is a concern. For example, an organisation that stores PII in the cloud may be subject to a ransomware attack and should thus do what it can to prevent a cloud breach. Cybersecurity should also address end-user education, as employees may accidently bring a virus into a workplace on their work computer, laptop or smartphone. Another challenge for cybersecurity is lack of staffing. As growth in data becomes more important, there is an increasing need for more cybersecurity personnel with the right required skills to analyse and respond to incidents. It’s estimated that there are 2-million unfilled cybersecurity jobs worldwide – a figure that will increase to 3.5-million by 2021! Automation Advances in machine learning and artificial intelligence (AI) will help security professionals organise and manage log data. AI and machine learning can assist in areas with high-volume data streams, such as the following:
Correlating data by organising it, identifying possible threats and predicting an attacker's next step
Detecting infections by implementing a security platform that can analyse data and recognise threats
Generating protections without putting a strain on resources
Continually auditing the effectiveness of protections in place
Ultimately, our customers will be best protected by clearly understanding the nature of cyber threats and how they and their business are affected, and by taking appropriate steps to be as cyber secure as possible. That includes cyber insurance cover for when they do happen to come under attack, so that they can be covered for remedial actions, financial loss, business interruption, and communications and reputation management. Kind regards credits to
Hollard Insurance E-mail communication received 30_03_2020 08:01am