Enterprise security: key threats and defenses

In the modern world, information is a significant resource, its safety and proper use are among the primary tasks for the development of organization and production and reducing the level of various risks. The most important urgent issue for an enterprise is the issue of information security.



image alt




In this article we will look at



  • What is information security?
  • What is the difference between information security and cybersecurity?
  • Information security objectives in the organization and in the enterprise
  • Types of information security
  • General information security risks
  • High-profile security incidents in 2019
  • Information security technologies


Information Security (InfoSec) enables organizations and businesses to protect digital and analog information. InfoSec provides coverage of cryptography, mobile computing, social media, and infrastructure and networks containing private, financial and corporate information. Cybersecurity, on the other hand, protects both raw and meaningful data, but only from Internet threats.

Organizations pay significant attention to information security issues for many reasons. The main purpose of InfoSec is to ensure the confidentiality, integrity and availability of information about the enterprise. Because InfoSec spans many areas, it often includes the implementation of various types of security, including application security, infrastructure security, cryptography, incident response, vulnerability management, and disaster recovery.



What is information security?



InfoSec, or Information Security, is a collection of tools and techniques used to protect your digital and analog information. InfoSec covers a variety of IT areas, including infrastructure and network security, auditing and testing. It uses tools such as authentication and permissions to restrict unauthorized users from accessing private information. These measures will help you prevent harm from theft, alteration, or loss of information.



What is the difference between information security and cybersecurity?



Cybersecurity and information security cover different goals and areas, but they also have some common features. Information security is a broader category of protection that encompasses cryptography, mobile computing, and social media. It deals with information security, which is used to protect information from non-human threats such as server failures or natural disasters. In turn, cybersecurity covers only Internet threats and digital data. In addition, cybersecurity provides protection for raw, unclassified data, while information security does not.



Information security objectives in the organization and in the enterprise



There are three main objectives protected by information security , collectively known as the CIA:



  • โ€“ . . - , .

  • โ€“ . . , , .
  • โ€“ , . , , . , - .




When considering information security information security, there are several classifications. These classifications cover the specific types of information, the tools used to protect the information, and the areas where the information needs to be protected.



Application Security Application



security policies protect applications and application programming interfaces (APIs). You can use these strategies to prevent, detect, and fix bugs or other vulnerabilities in your applications. If not secured, application and API vulnerabilities can become a gateway to wider systems, putting your information at risk.



Infrastructure security



Infrastructure security strategies protect infrastructure components, including networks, servers, client devices, mobile devices, and data centers. The growing connection between these and other infrastructure components puts information at risk without proper precautions.



This risk stems from the fact that connectivity exposes vulnerabilities in your systems. If one part of your infrastructure fails or is compromised, all dependent components are also affected. Therefore, an important goal of securing the infrastructure is to minimize dependencies and isolate components while ensuring interoperability.



Cloud Security



Cloud security provides similar protection to application and infrastructure security, but focuses on the cloud or cloud-connected components and information. Cloud security adds additional protections and tools to focus on vulnerabilities that come from Internet services and shared environments such as public clouds. When using cloud resources and applications, you often have complete control over your environments as the infrastructure is usually managed for you. This means that cloud security practices must take into account limited controls and take action to limit availability and vulnerabilities from contractors or vendors.



image alt




Cryptography



Cryptography uses encryption to protect information by hiding its content. When information is encrypted, it is only available to those users who have the correct encryption key. If users do not have this key, then information is not available for it. Security teams can use encryption to protect the confidentiality and integrity of information throughout its life, including during storage and transmission. However, once the user decrypts the data, it becomes vulnerable to theft, exposure, or modification.



Security teams use tools such as encryption algorithms or technologies like blockchain to encrypt information. Encryption algorithms such as the advanced encryption standard (AES) are more common because there is more support for these tools and less overhead of using them.



Incident



response Incident response is a set of procedures and tools that can be used to identify, investigate, and respond to threats or disruptive events. It repairs or mitigates damage to systems as a result of attacks, natural disasters, system failures, or human error.

A commonly used incident response tool is Incident Response Plan (IRPs). IRPs define roles and responsibilities for incident response. These plans also contain information about the security policy, guidelines or procedures for action.



Vulnerability Management Vulnerability



management is a practice to mitigate the inherent risks of an application or system. The idea behind this practice is to discover and fix vulnerabilities before problems are disclosed or exploited. The fewer vulnerabilities a component or system has, the more secure your data and resources.

Vulnerability management techniques are based on testing, auditing and scanning to find problems. These processes are often automated to ensure that components are assessed against a specific standard and to ensure vulnerabilities are discovered as quickly as possible. Another method you can use is Threat Scan, which involves examining systems in real time to identify signs of threats or detect potential vulnerabilities.



Disaster recovery



Disaster recovery strategies protect your organization from loss or damage caused by unforeseen events. For example, ransomware, natural disasters, or single points of failure. Disaster recovery strategies typically define how information can be recovered, how systems can be recovered, and how operations can be resumed. These strategies are often part of a Business Continuity Management (BCM) plan designed to enable organizations to maintain operations with minimal downtime.



General information security risks



In your daily activities, many risks can affect your system and information security. Below are some common risks to be aware of.



Social engineering involves the use of psychology to trick users into providing information or access to attackers. PhishingIs one of the common types of social engineering, usually done via email. In phishing attacks, attackers pretend to be trusted or legitimate sources, requesting information or warning users to take action. For example, emails can ask users to verify their identity or log into their accounts through an included (malicious) link. If users obey, attackers can gain access to credentials or other sensitive information.



Advanced persistent threats(APT) are threats in which individuals or groups gain access to and remain on your systems for an extended period of time. Attackers carry out these attacks to collect confidential information over time or as a basis for future attacks. APT attacks are carried out by organized groups that may be paid for by rival nation states, terrorist organizations, or industrial competitors.



Insider Information ThreatsAre vulnerabilities created by individuals in your organization. These threats can be accidental or deliberate and include attackers abusing โ€œlegitimateโ€ privileges to access systems or information. In the case of accidental threats, employees can inadvertently share or disclose information, download malware. In intentional threats, insiders deliberately damage, download, or steal information for personal or professional gain.



Cryptojacking , also called crypto mining, is when attackers abuse your system resources to mine cryptocurrency. Attackers usually achieve this by tricking users into downloading malware or by opening files with malicious scripts enabled.



Distributed Denial of Service (DDoS). DDoS attacks occur when attackers overload servers or resources with requests. Attackers can carry out these attacks manually or through botnets, networks of compromised devices used to propagate request sources. The goal of a DDoS attack is to prevent users from accessing services or distract security teams during other attacks.

Ransomware uses malware to encrypt your data and store it for ransom. Typically, attackers require information in order for some action to be taken, or payment from the organization in exchange for decrypting the data. Depending on the type of ransomware you are using, you may not be able to recover the encrypted data. In these cases, you can only recover data by replacing the infected systems with clean backups.



Attack Man-in-the-middl (MitM) MitM attacks occur when the messages are transmitted over insecure channels. During these attacks, attackers intercept requests and responses in order to read content, manipulate data, or redirect users.

Types of MitM attacks:

  • โ€“ IP- , .

  • IP- โ€“ , .
  • โ€“ , .


2019



In March , Norsk Hydro, the world's largest aluminum producer, was forced to suspend production facilities due to an attack by the ransomware LockerGoga. According to the company's estimates, the damage from the incident was about $ 35-41 million. Among the victims of various ransomware programs were also the Swiss manufacturer of special equipment Aebi Schmidt, the German concern Rheinmetall, etc.



At the end of June, details of a large-scale cyber espionage campaign were released, in which criminals infiltrated the networks of the world's largest telecommunications companies in order to intercept information about specific individuals. The organizer of the campaign was allegedly the APT10 group associated with the PRC. The attackers managed to steal about 100 GB of information and, using Call Detail Records (CDR), track the movements and actions of the persons of interest.



Information security technologies



Creating an effective information security strategy requires the use of various tools and technologies. Most strategies use some combination of the following technologies.



image alt


Firewalls are a layer of protection that can be applied to networks or applications. These tools allow you to filter traffic and pass traffic data to monitoring and detection systems. Firewalls often use established Allow or Deny lists and policies that determine the speed or amount of traffic allowed.



SIEM solutionsfor incident and security event management allow you to receive and correlate information from different systems. This aggregation of data enables teams to more effectively detect threats, better manage alerts, and provide a better context for investigations. SIEM solutions are also useful for logging events that occur in the system or for reporting on events and performance. You can then use this information to validate or optimize configurations.



Data loss prevention strategies(DLP) includes tools and techniques that protect data from loss or modification. This includes classifying data, backing up data, and monitoring how data is shared within and outside the organization.



Intrusion Detection System (IDS) are tools for monitoring incoming traffic and detecting threats. These tools measure traffic and warn you about any cases that appear suspicious or malicious.



Intrusion Prevention System (IPS) - These solutions respond to traffic that is identified as suspicious or malicious by blocking requests or terminating user sessions. You can use IP-based solutions to control network traffic according to specific security policies.



User Behavioral Analytics (UBA) - UBA solutions collect information about user actions and relate their behavior to a baseline. Decisions then use this baseline as a comparison to new behaviors to identify inconsistencies. The solution then marks these inconsistencies as potential threats.



Blockchain cybersecurity is a technology that relies on immutable transactional events. In blockchain technology, distributed networks of users verify the authenticity of transactions and maintain integrity.



Cybersecurity solutionsEDRs allow you to track endpoint activity, detect suspicious activity, and automatically respond to threats. These solutions are designed to improve the visibility of endpoints and can be used to prevent threats from entering your networks or information escaping. EDR solutions are based on continuous endpoint data collection, detection and event logging mechanisms.



Cloud Security Position Management(CSPM) is a set of practices and technologies that you can use to assess the security of your cloud resources. These technologies enable you to scan configurations, compare defenses against benchmarks, and ensure consistent application of security policies. Often, CSPM solutions provide recommendations or troubleshooting guidelines that you can use to improve your security posture.



All Articles