In a previous post ” Covid-19 and cybersecurity” we looked at what cybersecurity entails, and shared examples of recent cyber-attacks. Today we will examine threat vectors, cybersecurity elements and challenges.
A threat vector is a path or means a hacker uses to gain access to a computer or network server and exploit system vulnerabilities, including human operators. Popular attack vectors include:
- USB sticks and other portable storage devices
- Unsupported browser extensions
- Infected websites
- Online quizzes and personality tests
Elements of cybersecurity
It can be a challenge in cybersecurity to keep up with the changing security risks. The traditional approach has been to focus resources on crucial system components.
Today, ensuring cybersecurity requires the co-ordination of efforts throughout an information system, including:
- Application security: minimise the likelihood that apps will be compromised to access, steal, modify or delete sensitive data
- Information security (infosec): protect information assets, regardless of its formatting or whether it is in transit, being processed or in storage
- Network security: detect, prevent and respond to threats through the use of security policies, software tools and IT services
- Business Continuity planning/Disaster Recovery planning: maintain or quickly resume mission-critical functions
- Operational security: classify information assets, and determine the controls to protect them
- End-user education: provide directives on what employees must do – or avoid – to protect corporate assets
Cybersecurity is continually challenged by hackers, data loss, privacy, risk management and changing cybersecurity strategies – and there’s no indication that cyber-attacks will decrease. With more kinds of entry points for attacks, more strategies for securing digital assets are needed.
One of the biggest challenges is the continually evolving nature of security risks. Keeping up with these continual changes and advances in attacks and ways to protect against them can be challenging to organisations, especially smaller ones.
Additionally, with more data being collected than ever before, the theft of personally identifiable information (PII) is a concern. For example, an organisation that stores PII in the cloud may be subject to a ransomware attack and should thus do what it can to prevent a cloud breach.
Cybersecurity should also address end-user education, as employees may accidentally bring a virus into a workplace on their work computer, laptop or smartphone.
Another challenge for cybersecurity is lack of staffing. As growth in data becomes more important, there is an increasing need for more cybersecurity personnel with the right required skills to analyse and respond to incidents. It’s estimated that there are 2-million unfilled cybersecurity jobs worldwide – a figure that will increase to 3.5-million by 2021!
Advances in machine learning and artificial intelligence (AI) will help security professionals organise and manage log data. AI and machine learning can assist in areas with high-volume data streams, such as the following:
- Correlating data by organising it, identifying possible threats and predicting an attacker’s next step
- Detecting infections by implementing a security platform that can analyse data and recognise threats
- Generating protections without putting a strain on resources
- Continually auditing the effectiveness of protections in place
Ultimately, you will be best protected by clearly understanding the nature of cyber threats and how you and your business are affected, and by taking appropriate steps to be as cyber secure as possible.
That includes cyber insurance cover for when you do happen to come under attack, so that you can be covered for remedial actions, financial loss, business interruption, and communications and reputation management.
Source: Hollard Insurance Co Ltd