When it comes to new businesses, achieving a strong IT security foundation starts with understanding what is typically misunderstood or used interchangeably, often incorrectly, in IT security. We attempt to explain the most basic IT security terms that are common buzzwords doing circles in the cybersecurity domain. Don’t get bogged down by the cybersecurity jargons but try to be familiar with and understand these terminologies and add them to your security dictionary.
So, let’s begin…
The most common terms that we hear are Threat, Vulnerability, Security Breach, Cyberattack and that’s where we begin by having a rudimentary understanding of what these mean in IT Security parlance.
Threat
A threat, in IT Security, is defined as any event, or fact that can have a potentially negative impact on the operations, assets, reputation, etc. of an organization. These threats can be caused through information systems via unauthorized access, modification of information, destruction, disclosure, or denial of service.
We can further classify threats based on the source:
Natural Threats - fires, hurricanes, floods, etc.
External Threats - hackers, espionage, etc.
Internal Threats - posed intentionally or unintentional, actions of a disgruntled employee, deliberate sabotage by planting a logic bomb and so on.
The nature of threats determines the different types of security systems that have to be in place and the resources to be employed by an organization. For example, an uncontrollable threat like floods and hurricanes, the only safety measure is to implement and create a robust data backup strategy. There are certain internal threats, that are controllable and can be prevented by employing simple physical access controls. But serious external threats such as hacking would require multiple layers of security and implementation of cybersecurity best practices by an organization.
Other related terms that you may come across…
Threat Actor - A threat actor or attacker pertains to the individual, group, or entity that carries out the threat. The one sending a phishing email is the threat actor.
Threat Landscape - The threat landscape refers to the entirety of potential and identified cyberthreats affecting a particular area/domain, users or at a given period of time. It is dynamic as it changes with external factors such as the emergence of new products and technologies, the sophistication of attack tools, the discovery of new vulnerabilities, availability of skilled personnel, etc.
Threat Action - The realization of a threat or attack on the system's security.
Vulnerability
The concept of vulnerability has been a part of secure computing since the beginning. Since the concept's conception in the 70s, it has developed into the disciplines of penetration testing and vulnerability assessment. Penetration testing is a form of hacking in which a hacker is given access to the information system or a network and then examines security protocols.
A vulnerability assessment is the process of analyzing different areas of a system to identify and correct weaknesses. The term "vulnerability" is typically used to describe flaws in software or hardware. Vulnerabilities in hardware include problems with the BIOS, which is the program that allows a computer to start. In software, vulnerabilities are problems with programs, such as a weak password or a code injection
It can lead to the compromise of the entire network of the organization, not just of the vulnerable device or asset. Using this vulnerability in the system the attacker can install and run malware, gain administrative access to devices, and steal, modify, or delete sensitive data.
These vulnerabilities can exist in the design, implementation, configuration, operation, management, procedures, or administration. They pop up often in the form of security bugs in software and applications and that’s why software vendors are quick to release security patches or updates that fix those vulnerabilities.
Security Breach
There are three very closely related terms namely security incident, security breach, and data breach that we need to understand in the context of IT security.
Security Incident
A security incident can be defined as an event that violates an organization’s security policies, be it explicit or implied and has the potential to compromise an organization’s security measures, systems, or data. Though it doesn’t necessarily mean a failure of your security system, it just implies a change in the standard behaviour of a system, process, environment, or workflow, that may lead to a security breach.
For better understanding, let’s take an example: If a user is not able to able to access the company’s file server will be dubbed as a security event but if a large number of users face the same problem, it points towards an underlying problem and is classified as a security incident. So, we can say that it is an umbrella term that includes a wide variety of security events where each security incident is a security event, but all security events are not necessarily security incidents.
Security Breach
A security breach happens when a security incident- an attacker gets past your security systems and gains access to your devices, network, or data. The definition varies depending on the regulations governing your industry and the governing laws. A company ideally refers to the applicable laws and regulations when defining a security breach in their policy document.
Data Breach
When an unauthorized individual or entity views, transmits, corrupts, or steals sensitive, protected, or confidential data is termed as data breach. It may be an intentional or unintentional incident that results in the disclosure, compromise, or leak of confidential data. Most recent ones that made headlines are the Equifax data breach and the Facebook and Cambridge Analytica data scandal.
Here's an analogy for novices like me, it’s like leaving your door open (Security Event), someone enters your house (Security Incident) and walks away with your laptop (Security Breach) and if that someone is able to use the data from the laptop would result in a data breach.
Cyberattack
Hacking is probably what we think when we hear about cyberattacks, but cyberattacks are of a wide variety right from installing spyware on a computer to encrypting devices, to denial of access to file servers, etc. We can define it as an attack initiated from one or more computers against another computer or network. The goal is usually to disable devices, gain access to or steal data, or use the breached devices as a launching pad for further attacks. Its mostly financially motivated and launched in the form of malware, phishing, ransomware etc.
Now a cyberattack is usually a threat but can and often does cause a security or data breach by leveraging vulnerabilities. They are continuously evolving and becoming increasingly sophisticated and dangerous.
Why we need to understand threats, vulnerabilities, cyberattacks… it’s for the IT…
As a business owner, you may not be required to understand the nitty gritty but should be able to foresee, understand and accept a warning sign, imagine receiving a phishing email with a malicious link. If the link is not clicked, there’s nothing to worry about and business goes on as usual. However, if the link is clicked, it could download and install malware, which could leak sensitive data, harming the reputation of the organization.
Now here’s where a clear or basic understanding of the threats faced by your business lets you to decide what you need to protect, as well as how to protect. Similarly, not all threats are applicable say your business is located in a region where there is no history of floods or hurricanes, one can disregard those threats and prepare more for those based on their business model and operations.
It may seem trivial but accurately documenting the threats allows you to budget effectively for security systems that are actually required instead of wasting resources on threats that may not be relevant to your business at all especially when you have a complex matrix of technologies, applications, and business processes moving together.
Vulnerabilities have been found in all major operating systems such as Windows, macOS, and Linux. The National Vulnerability Database (NVD) shares publicly known vulnerabilities and catalogued in the Common Vulnerabilities and Exposures (CVE) List to make it easier to track and share data across individual vulnerability capabilities.
There’s no escaping them, once you look at your own weaknesses together with the possible threats, only then will you be able to decide how to allocate resources to defend against attacks. Vulnerabilities can be identified by performing IT Security Audits and using the audit report, to check where your weaknesses exist and decide which security practices to implement.
How does it help…
With a better understanding of certain aspects of IT Security, you would be able to create a robust IT policy document that clearly defines the purpose, scope, and components. It equips you to deal better with security concerns. As a business your ability to handle security incidents is also critical for compliance and certifications. Therefore, a clear understanding of these terms is critical for not only your IT Infrastructure but for your business operations, as well. Until next blog! Think about it.
Note: I did wonder about ‘Logic Bomb’ so Oxford to the rescue and it defines it as a set of instructions secretly incorporated into a program so that if a particular condition is satisfied, they will be carried out, usually with harmful effects. Something new we learn every day.
コメント