At its core, the discipline of cybersecurity is the effort to safeguard three characteristics of your business data:
Confidentiality | Integrity | Availability
“Confidentiality” simply refers to our confidence that those who should have access to data are allowed that access, and those who should not have access, are not. Maintaining data ‘integrity’ is the process of guarding the trustworthiness of data over its life cycle. And the concept of ensuring data “availability” is the endeavor to keep your business data available for use – the inability to get at your data for an extended period can be as damaging as its destruction. In fact, according to statistics from the NARA, 93% of companies that lost their data center for 10 days or more due to a disaster filed for bankruptcy within one year of the disaster.
Stepping from this high level theory into more concrete concepts, we come to the working security model; that is, the systems necessary to ensure confidentiality, integrity, and availability. Both in cybersecurity, and in functional security solutions of every kind, there are three overarching domains of activity to concern ourselves with:
Protection | Detection | Response
Every effort to safeguard the confidentiality, integrity, and availability of business data can be placed into one of these three categories. Resources dedicated to the “protection” of data range from firewall and endpoint protection software, to written policies, and developing users’ security awareness. But since security is effectively an arms race, we can expect that systems designed to protect data will at some point be compromised, and thus it is critical to be able to “detect” when an attack is active in our environments. The latest FBI data shows that the average time from the genesis of a breach to its detection for most organizations is months of time. As a result, within the security industry an increased emphasis is being placed on understanding normal versus anomalous behavior in an IT environment. Finally, our ability to respond – quickly and effectively – is often the last line of defense. Response systems range from automated software-based action, to full disaster recovery plan initiation, to invoking cyberinsurance policies.
The last step in our march from theory to practice is a look at the controls involved in the working security model: What do we use to protect against, identify, and respond to threats? A final trio:
People | Process | Technology
There is a tendency in many organizations to approach cybersecurity purely from a technical perspective – the, “let’s buy a decent firewall and antivirus, and that’s as good as anyone can do” approach. However, confining security risk mitigation efforts to this approach actually exposes adherents to the majority of attacks. According to the 2018 Cisco Cybersecurity Report, a mere 26% of all cybersecurity attacks can be addressed with technology alone. The other 74% require some combination of people and policies/process to address.
Security is a discipline. It requires constant operational refinement, adjusting to account for the latest threats and changes, and a culture of adept users, who own the importance of security, and are willing to help. And since “Cyber-crime is the greatest threat to every company in the world” (Ginni Rometty, President/CEO, IBM), there couldn’t be a more urgent discipline to attend to.
The KR Group has introduced their new, nature-approved approach to security: KR Hive. Hive exists to help your organization continuously achieve improvement in your overall security position. Through our finely tuned technical, policy, and user-aptitude evaluation process, Hive consultants will assess and distill the weak points in your ability to identify, protect against, and respond to threats; and guide your organization along an understandable and manageable path to better security. Contact us to begin your Hive engagement.