WHAT IS CYBER SECURITY

The protection of networks, devices, and data from unauthorized access or illegal use and the practice of ensuring confidentiality, integrity, and availability of information. How much of your daily life relies on technology? How much of your personal information is stored either on your computer, smartphone, tablet, or someone else’s system?

What are the risks of having poor cybersecurity?

There are many risks, some more serious than others. Among these dangers are malware erasing your entire system, an attacker breaking into your system and altering files, an attacker using your computer to attack others, stealing your credit card information, and making unauthorized purchases. There is no guarantee that even with the best precautions, some of these things won’t happen to you, but there are steps you can take to minimize the chances.

What are the risks of having poor cybersecurity?

The first step in protecting yourself is to recognize the risks. Familiarize yourself with the following terms to better understand the risks:

Hacker, attacker, or intruder

These terms are applied to the people who seek to exploit weaknesses in software and computer systems for their gain. Although their intentions are sometimes benign and motivated by curiosity, their actions are typically in violation of the intended use of the systems they exploit. The results can range from mere mischief (creating a virus with no intentionally negative impact) to malicious activity (stealing or altering information).

Malicious code

Malicious code (also called malware) is unwanted files or programs that can cause harm to a computer or compromise data stored on a computer. Various classifications of malicious code include viruses, worms, and Trojan horses.

Vulnerabilities

Vulnerabilities are flaws in software, firmware, or hardware that can be exploited by an attacker to perform unauthorized actions in a system. They can be caused by software programming errors. Attackers take advantage of these errors to infect computers with malware or perform other malicious activities.

To minimize the risks of cyberattacks, follow essential cybersecurity best practices:

Keep software up to date

Install software patches so that attackers cannot exploit known problems or vulnerabilities.

Run up-to-date antivirus software

A reputable antivirus software application is an essential protective measure against known malicious threats. It can automatically detect, quarantine, and remove various types of malware. Enable automatic virus definition updates to ensure maximum protection against the latest threats.

Use strong passwords

Select passwords that will be difficult for attackers to guess and use different passwords for different programs and devices.

Change default usernames and passwords

Default usernames and passwords are readily available to malicious actors. Change default passwords as soon as possible to a sufficiently strong and unique password.

Implement multi-factor authentication (MFA)

Authentication is a process used to validate a user’s identity. Attackers commonly exploit weak authentication processes. MFA uses at least two identity components to authenticate a user’s identity, minimizing the risk of a cyberattacker gaining access to an account if they know the username and password.

Install a firewall

Firewalls may be able to prevent some types of attack vectors by blocking malicious traffic before entering a computer system and restricting unnecessary outbound communications. Some device operating systems include a firewall.

Be suspicious of unexpected emails

Phishing emails are currently one of the most prevalent risks to the average user. The goal of a phishing email is to gain information about you, steal money from you, or install malware on your device. Be suspicious of all unexpected emails. (CISA, ST04-001, 11.14.2019)

Taurean has a wealth of security experience. For more than 10 years, we’ve helped hundreds of organizations with our deep industry expertise and pragmatic approach.

Computer Network Defense (CND)

Is the processes and protective measures that use computer networks to detect, monitor, protect, analyze and defend against network infiltrations resulting in service/network denial, degradation, and disruptions. We at Taurean are dedicated to designing and developing cybersecurity solutions as part of the CND. For a Federal client, we developed and implemented ATHENA. This modular, cost-effective cyber defense system saved this client millions and provided the long-term flexibility necessary to support the dynamic nature of the cyber operating environment. Our personnel assisted with managing the ongoing efforts to transition from existing monitoring points across the Defense Information Systems Network (DISN) architecture to enable improved capabilities programmed for the targeted architecture and support all aspects of Enterprise Sensor platform installs at the Internet Access Points (IAP) and the 12 Secret Provider Edge (SPE) sites. This included designing a new sensor system, procurement support actions, hardware and software baseline installations and maintenance, and testing baselines at CONUS and OCONUS sites.

Risk Management Framework

Taurean Team Members are familiar with and experienced in applying various instructions, directives, policies, and procedures within the DOD and Industry, including DODI 8500 Cybersecurity, DoDI 8510 Risk Management Framework for DoD Information Technology, NIST RMF, and various Special Publications. As part of our Continuous Monitoring (CM) and Ongoing Authorization process, Taurean provides independent security assessments, as required by FISMA and Special Publication (SP) 800-37. We have experience in reviewing systems boundaries, completing and updating system security plans, developing security assessment plans and procedures, performing vulnerability assessments and security assessments as required by NIST 800-53A, reviewing vulnerability scan results, and performing risk analysis of the security controls to determine the level of risk to agency information and information systems. We provide a security assessment package consisting of artifacts such as the System Security Plan (SSP), Security Assessment Plan (SAP), Security Assessment Report (SAR), Risk Assessment Report (RAR), and Plan of Actions and Milestones (POAM). We also document security controls, test results and recommendations, and risk mitigation strategies in the Enterprise Mission Assurance Support Services (eMASS) tool.

Vulnerability Assessment

A vulnerability assessment is a process of defining, identifying, classifying, and prioritizing vulnerabilities in computer systems, applications, and network infrastructures. Vulnerability assessments provide the organization with the necessary knowledge, awareness, and risk background to understand and react to the threats in its environment.

A vulnerability assessment process is intended to identify threats and their risks. They typically involve automated testing tools, such as network security scanners, whose results are listed in a vulnerability assessment report. Because security vulnerabilities can enable hackers to access IT systems and applications, enterprises need to identify and remediate weaknesses before they are exploited.

Zero-Trust Architecture

The Zero-Trust model requires all users to be authenticated and authorized before accessing data and resources, even inside the organization’s enterprise network. This architecture takes nothing for granted. Internal attacks are placed side by side with external attacks, and both require equal treatment. As the name itself suggests, trust is a non-existent concept in these systems, and every environment is regarded as already breached. Applying a zero-trust model includes identifying critical data, mapping the flow of this data, logical and physical segmentation, and constant endpoint monitoring with automated threat detection and response capabilities. (Add the ZTA NIST SP 800-207 link here)

AI and Machine Learning

Artificial intelligence’s promises in cybersecurity are mainly related to risk identification systems. While automation provides detection of any wrongdoings, it can also safeguard the attack targets. Deep learning is used to track logs, transactions, and real-time data to discover threats in the network. Unsupervised machine learning can find all kinds of unknown patterns and detect anomalies. It can “learn” to spot patterns and signal a potential attempt of attack, but it can also adapt to disguise the same behavior so, at the same time, it opposes a cybersecurity threat. Innovative technologies like this are getting better every day while providing valuable insights on steps that can be taken to avoid issues caused by sophisticated attacker methods.