Cybersecurity is more important than you and most people think. The protection of computer systems and networks is known as computer security, cybersecurity or information technology security (IT security). Having the right computer security in place is critical to minimize risks and vulnerabilities within your organization. A study conducted by Michel Cukier, an assistant professor at the University of Maryland states that on average, there is a cyber-attack every 39 seconds.
Why do I need computer security?
Hackers are becoming more advanced every single day leaving store-bought anti-virus useless. There are many different types of vulnerabilities that are used to attack computer systems, some more common than others. To secure your system, you must fully understand the different attacks that can be made against it.
Here are some of the most common types of cyber attacks:
- Malware: This includes various types of attacks including viruses, ransomware and spyware. Malware uses vulnerabilities to breach networks when a user clicks a dangerous link or email attachment. Malware is intentionally designed to cause damage to your computer or network.
- Phishing: Phishing attacks are extremely common and involve the sending of mass amounts of malicious emails claiming to be from a trustworthy source. These emails often look and seem legitimate. Cyber criminals attempt to acquire sensitive information such as usernames, passwords and credit card information.
- Hacking: Hacking is when cyber criminals attempt to gain access to a computer system or network by breaching defenses and exploiting weaknesses. Hackers may be motivated for reasons such as profit and information gathering.
- Password Attacks: There are numerous types of password attacks done by cyber criminals. The use of common passwords increases your risk for a cyber-attack. We recommend you implement the use of a password manager to help you generate strong, complex passwords.
How to protect your organization:
The solution is simple. Layered security is the practice of combining multiple security controls to protect resources and data.
Layered security is also known as defense in depth. Defense in depth is a military strategy that involves multiple layers of defense that resist rapid penetration by an attacker. The idea behind this is to defend a system against any specific attack using several independent methods. Having a layered security approach implemented within your organization, will greatly reduce your chances of having an attack on your computer system.
We have divided the layers into 3 controls:
- Physical Controls
- Physical controls include anything that physically secures your system and prevents access to your IT systems. This can include fences, locks, and alarm systems.
- Technical Controls:
- Technical controls involve the hardware/and or software used to manage and provide protection. Multi-Factor Authentication, DNS filtering, and Endpoint Detection & Response are all examples of technical controls.
- Administrative Controls:
- Administrative controls are policies and procedures defined by an organization that focuses on cybersecurity practices. The purpose is to ensure that there is proper guidance available in regard to cybersecurity and that regulations are met. This includes continuous cybersecurity awareness training for employees and response and resilience plans.
There are many other things that should be considered when creating your security stack depending on your level of risk. For every threat, there should be an effective control deployed to eliminate that treat. Some additions to your stack could include, spam filtering, virtual private network (VPN), security event information management (SIEM), and patch management.
Every organization is at risk, attacks are being done at volume targeting weak links. IronTech Security believes in the layered security approach, it provides your organization security strength and reduces the chances/effects of a threat. Have the right protection in place to prevent your next breach.
Check out an infographic on layered security here.