The Strategic Guide to IT Security
From Data Security Fundamentals to the Latest Cybersecurity Trends
You depend on IT security to safeguard data and keep your business running. But your IT security perimeter is dynamic, and cybersecurity expertise is limited. A failure of IT security could result in a data breach or downtime. The success of your business depends on your IT security plan.
IT security helps your business stay ahead of external and internal threats. An IT security services provider helps you plan for and limit the impact of threats to data, applications, and infrastructure. You can minimize costly security breaches and downtime with a well-designed IT security program.
In this guide, you’ll learn about IT security trends, types of attacks, and how to develop an IT security policy. You’ll also learn the important differences between security and compliance, how to create a security-first culture, and how to choose a managed security service provider.
IT security, or information technology security, is a strategy designed to protect the network, server, and application layers in an IT environment by stopping unwanted access to networks, computers, and data. Organizations large and small implement these essential strategies to keep their businesses operational.
The list of threats (such as ransomware, spyware, other cybercrime, and much more) continues to grow, and organizations need a strategy to keep their business running. Proactive IT security shortens the time needed to identify attempted cybercrime and take action to prevent or remediate damage.
Security terms to know
Overall strategy to prevent unauthorized access to business networks, computers, and data
Protecting electronic information and devices from internet-based crime
Protects the confidentiality, integrity, and availability of information (such as business-critical data)
What is cybercrime?
Cybercrime is a thriving and sophisticated industry of malicious actors (or cyber-criminals) infiltrating data sources for their own benefit. They use tools such as malware, ransomware, DDoS services, and hacking tools, and sell the stolen data on the dark web (also called the darknet).
Cyber-criminals constantly evolve their approach and invent new attack technologies and evasion tactics. Cybersecurity is aimed at preventing intrusions by cyber-criminals.
How does cybersecurity relate to IT security?
IT security is your overall approach to all unauthorized access to your systems, whether that access is by criminals or the merely curious. Your IT security perimeter is dynamic, and your attack surface will keep changing, so the success of your business depends on an agile approach to security.
In a landscape of evolving security threats, IT security teams face challenges that include:
- Serving remote workers, wherever they are
- Keeping organizations safe from cyber-criminals and insider threats
- Staying compliant with changing regulatory and compliance mandates
Proactive IT security takes many forms across multiple defensive layers, including:
Cybercrime costs are projected to double to $6 trillion annually by 2021.
Whether your company’s data is in the cloud or a traditional brick and mortar data center, it is a target for cyber-thieves supported by a thriving criminal ecosystem. A data breach is an unauthorized intrusion into company data, usually associated with a cybercrime.
The dark web provides a ready market for breached data, including personal data such as credit card accounts, PayPal accounts, bank accounts, healthcare data, and login credentials of all kinds. But thieves are after any information that can be monetized, including corporate secrets and intellectual property.
According to Ponemon Institute’s 2018 Cost of a Data Breach Study, 28% of companies suffered data breaches in 2017, with an average cost in the U.S. of nearly $8 million. According to the report, 18.5 million records were lost or stolen every day during the first half of 2018.
The costs of breaches are rising and the threat isn’t going away any time soon.
Prices paid for stolen credentials on the darknet
Preventing a costly data breach provides a substantial return on investment in IT security. As a business, you have the responsibility to protect your client and employee data. While the numbers above reflect the monetary losses, there are also reputation consequences, which can lead to losing out on new business, losing existing clients and business partners, and other unexpected costs associated with those consequences, such as employee training. Source: NBC News
Business costs of data breaches
Even if cyber-thieves don’t want your organization’s data, your IP address and computing resources are targets. Hackers can hijack your computers and use them for cryptojacking, installing DDoS botnets, or spreading malware within your network and to others.
Every year brings new attack vectors that cyber-criminals use to undermine IT security and take advantage of vulnerabilities.
A denial of service (DDoS) attack overwhelms a network, website, or application with junk traffic, usually from a botnet on infected computers or devices. An attack can last for days. Learn about five types of DDoS attacks and how to mitigate them.
Cryptojacking is the unauthorized use of a computer or computing device to mine cryptocurrency, such as bitcoin, without the owner’s knowledge. By hijacking computing resources, thieves make free money with little effort and at low cost.
A botnet is a group of hundreds or thousands of devices controlled by a malicious actor, who turns them into a zombie army. A bot master is capable of launching powerful volumetric DDoS attacks or using botnets as spammers or cryptominers. The criminal can control millions of IoT devices with near-zero cost.
Web application attacks
In a web application attack, a hacker exploits application vulnerabilities to gain a foothold in a network. From there, they can upload malware, run malicious code, or do reconnaissance to find vulnerabilities in systems deeper in the environment.
In phishing, an actor attempts to gain access to information by imitating a trusted individual, such as by sending a fake email from a company’s help desk. In spear phishing, they target a specific individual, such as an executive or system administrator.
Unlike a data breach, which takes data out of an organization, a criminal using ransomware locks up the data and demands payment to let it go. Ransomware is often unleashed by a user clicking a link in an email. In 2017, ransomware appeared in 64% of malicious emails.
Insider threats come from people within an organization. An insider may have current credentials or be a former employee with personal knowledge of the company’s IT environment. An insider can steal data or cause damage if access is not restricted.
Fast facts about cybersecurity
Cyber-criminals change tactics constantly. A multilayered IT security approach is your best defense against next-generation threats.
7 types of physical security
Maintaining physical security of your data can be just as important as cybersecurity. Physical threats can involve theft of hardware or attempts to sabotage a data center. Ways to mitigate physical threats in data centers include:
- Gates and fences
- 24x7x365 on-site personnel
- Badge/photo ID access
- Biometric access screening
- Secure cages
- Full-building video capture
Establish a cybersecurity framework
The NIST Cybersecurity Framework (CSF) is a popular structure of standards, guidelines, and best practices guiding IT security strategy in organizations. Follow the CSF’s five actionable steps to assess potential vulnerabilities and identify ways to protect your business.
Step 1: Identify
Determine which of your workloads are most valuable and most vulnerable. High-priority workloads involve data that is:
- Mission-critical to your business
- Extremely valuable to cyber-thieves, such as financial data
- Covered by regulations such as PCI or HIPAA
Periodically assess vulnerabilities with scanning and penetration testing. Remediate the vulnerabilities found and ensure best practices managing inventory, patches, and applications.
Think about the value of your data to a hacker.
Step 2: Protect
Reduce your attackable landscape by protecting your valuable and vulnerable assets. IT security protection is achieved with tools and managed services such as:
- Next generation firewall (NGFW)
- Security information and event management (SIEM)
- Recurring third-party testing and validation
- Data loss prevention (DLP)
- Email security (anti-spam and anti-phishing)
- Denial of service mitigation and protection (DDoS)
- Endpoint, operating system, and application encryption
- Web application firewalls (WAF)
- Identity and access management (IAM)
- Intrusion prevention system (IPS)
- Multi-factor authentication (MFA)
- Penetration testing
- Patch management
- System hardening
- Threat management
- Anti-virus / anti-malware
- Virtual private networks (VPNs)
- Vulnerability scanning
- Web content filtering
Application and operating system management services help ensure patches get installed in a timely manner and with minimal disruption of operations.
Step 3: Detect
Identify incoming attacks and threats. Most damage occurs before intruders are detected, when they have free rein in systems and access to data.
IT security detection tools include:
- Intrusion detection system (IDS)
- Anti-virus and anti-malware protection for servers, networks, and endpoints
- Security information and event management (SIEM)
- File integrity monitoring
- Log management
Opt for tools and solutions that monitor continuously and provide real-time protection.
Step 4: Respond
Before an attack occurs – and it will – put a response team in place. Include cyber-attacks in your disaster recovery and business continuity plans.
When the attack comes, respond by identifying the scope of the attack, defending your assets, and plugging the hole. Adhere to compliance reporting requirements.
Vet legal firms, media consultants, and other outside experts before an incident occurs, then practice your response with them, so you are ready.
Step 5: Recover
The final step is recovery: restoring damaged capabilities and services. Three goals for recovery are to:
- Minimize the financial impact on the business
- Repair lost consumer and market confidence
- Conduct a post-mortem to identify how the incident occurred and take steps to ensure it won’t happen again
The types of threats and opportunities for cybercrime are ever-evolving. You need to understand the landscape in order to defend yourself. Here are some of the more important trending threats and opportunities.
Advances in artificial intelligence
AI and machine learning help attackers identify and evaluate targets, penetrate systems, and create more advanced methods of attack. In response, security and managed service providers also use AI to make faster, smarter decisions during attacks.
Machine learning for cyber-defense
Defensive systems improve as they learn about what they are protecting. Neural networks, which use connected systems and continuous algorithmic testing, make IT security systems better at identifying potential attacks and suspicious files.
Emergence of the Internet of Things (IoT)
IoT devices include cameras, routers, logistics trackers, and medical devices. Attackers exploit the potential of IoT devices to create botnets for launching DDOS attacks and mining cryptocurrencies. They can also hijack other bot masters’ IoT botnets.
The tamper-free nature of blockchain may enhance cybersecurity. It can accurately track transactions and data and provide endpoint protection. Decentralized and transparent, blockchain has the potential to improve historical record-keeping and reduce fraud.
According to Ponemon’s 2018 Study on breaches, an organization with a plan for security saves an average of more than $340,000 per breach. Developing an information security policy not only helps you save, but also shows your overall commitment to protecting the technology and data that make up your most critical business functions.
The CIA Triad (aka the AIC Triad)
In information security, CIA stands for confidentiality, integrity, and availability, not Central Intelligence Agency. The three components of the CIA triad (also known as the AIC triad) can help guide your organization’s information security policies.
CIA stands for:
- Confidentiality: Limit information access and disclosure to authorized users
- Integrity: Monitor data sources and ensure only appropriate changes to the data are allowed
- Availability: Ensure security measures don’t hinder authorized access to information
In addition to best practices, your organization may have third-party IT security mandates set by industry or government. You’ll need to know:
- What are your compliance mandates today?
- How are compliance mandates changing in your industry?
- How can you help meet the security compliance requirements of your customers?
5 best practices to ensure your IT security policy is effective
These five best practices may help improve the implementation of your IT security policy:
- Mandate a foundation of security throughout the organization, to the network edge, and with partners and vendors
- Put individual controls in place
- Rule through technology
- Inspect to ensure employees follow the security policy
- Hire a third party to audit your IT security implementation and identify gaps
Checklist for a security-first culture
A security-first approach makes compliance easier and reduces risk. Employees can contribute to IT security in many ways every day:
- Educate your employees about the types of business-critical data – customer/partner data, internal data, and personal data.
- Secure workstations when they are not in use; don’t leave computers unlocked.
- Install and use only company-approved and authorized software.
- Change passwords regularly.
- Use company devices only for business purposes.
- Report incidents, following the company’s incident reporting plan.
- Avoid non-malicious incidents by not clicking on questionable links and attachments.
Compliance is a byproduct of a solid security framework, not the source of it.
Base your IT security program on best practices, not compliance, to achieve the best protection. Compliance is a follow-on reporting function that shows that your IT security program meets a specific standard, such as PCI, HIPAA, or the Sarbanes-Oxley Act.
6 compliance standards to know
The Payment Card Industry Data Security Standard applies to merchants taking credit cards.
The General Data Protection Regulation gives EU citizens more control over their personal data.
The Federal Risk and Authorization Management Program provides a standardized approach to security.
The Health Insurance Portability and Accountability Act protects the privacy of medical records.
The Health Information Technology for Economic and Clinical Health Act promotes the use of electronic health records.
The standardized framework of this alliance helps organizations achieve compliance with HIPAA.
If you outsource some security functions, it can pay off in five ways.
1. Ensuring your cloud solutions are secure
Digital transformation is driving cloud migration, but cloud security is a top concern. The security you need will depend partly on the type of cloud services you use.
For example, software as a service (SaaS) providers build security into their applications, infrastructure, and platform layers. In comparison, platform as a service (PaaS) providers may not secure the customer applications that run on their platforms.
A managed security service provider can implement and manage multiple types of cloud security technologies and unify security systems across hybrid IT environments to bridge security gaps for you.
2. Improving your security posture with certified security personnel
A shortage of security talent can lead to weaker defenses. Cisco advises CIOs to make use of security service providers to boost their security teams by increasing their reliance on security services to fill their talent gaps.
3. Meeting compliance mandates
Your managed security service provider can share its expertise to help you pass your compliance audits. TierPoint assists our customers with governance, audits, and security controls.
4. Improving the productivity of your employees
Your employees only have so much time in a day. Managed security service employees live and breathe security every day; it’s their job to stay on top of the latest threats and protection technologies.
5. Gaining critical insight
A security assessment or third-party security audit can provide critical insight by examining the state of your IT security and identifying areas for improvement. A security consultant can measure your security controls against best practices, review available tools and architectures with you, and create a road map to fill the gaps.
Already have a managed security service provider?
Every year, take another look at the MSSP you rely on to help you meet your IT security objectives.
Getting started on your journey to the right IT security for your business doesn’t need to be difficult. The right partner can help you achieve your goals and give you peace of mind. TierPoint’s IT security services support your comprehensive security strategy in three ways.
Customizing IT security solutions for you
As a leading managed security service provider (MSSP), TierPoint helps organizations like yours plan for and limit the impact of threats to data, applications, and infrastructure. Our IT security services let you customize your security solution to safeguard each layer within your environment.
Enabling digital transformation
At TierPoint, we build our solutions around security, rather than the other way around. Our architects and engineers use a proactive, security-first approach that helps ensure your data is secure by design. We collaborate with you and customize IT security solutions to help ensure security for your data, applications, and infrastructure. We’ll meet you where you are in your digital transformation journey.
Providing responsive partnership
TierPoint’s customer-first mindset makes it a responsive partner in the planning, implementation, and maintenance of your IT security solution. From planning to implementation and beyond, you’ll get 24x7 support from our responsive IT security experts.