Before the internet, applications, and data were stored in private data centers and access was very tightly controlled. Only people within an office premise could get access to the data from company-issued devices (desktops, laptops, dumb terminals). Access to office premises and data centers was controlled via access cards, keys, security guards, etc. Communications between organizations were via private lines and the controls were similar across organizations.
We have to remember is that at all times our goal is to protect the information, it is derived from data, and data is stored in data centers. Computers are stored in data centers, which in turn store the data. This data is transported via different layers of the network, within the data center, across the data centers, and to end-user systems.
The term cybersecurity is being used a lot and it indeed is being misused most times. Ever wondered how the term cybersecurity is related to information security?
What has changed?
Fast forward to the current landscape. It can be thought of as moving your organizational applications from a gated community to a non-gated community.
The physical boundaries of the data access layer have been pushed beyond the physical organizational boundary to the internet. Applications and Data are no longer in private data centers, they have moved to the cloud managed by third parties like AWS, Azure, Google Cloud, Rackspace, etc. or are operating in hybrid environments.
Properties on the internet are accessible by anyone from anywhere. Even the support staff are managing the internet properties via the internet. As a result, the attack surface has increased exponentially, requiring complex solutions to mitigate the associated risks. This is where cybersecurity comes into focus.
Although the security controls within the data center have not changed much the security controls to protect the data access layer exposed to the internet are constantly changing and so is the threat landscape..
The inherent risks can be placed in two buckets:
- Web server configuration issues/vulnerabilities
- Web application programming issues/vulnerabilities
- Firewall configuration issues/vulnerabilities
- Router configuration issues/vulnerabilities
- IDS/IPS configuration issues/vulnerabilities
- Application firewall configuration issues/vulnerabilities
- Security Incident detection & response issues
The devices a user uses on a regular basis
- Handheld device OS configuration issues/vulnerabilities
- Handheld device application configuration issues/vulnerabilities
- The above two points can be extended to laptop, and desktop configuration issues/vulnerabilities
- Users own password management methodology, if this is weak, no state-of-the-art technology can prevent the aftermath.
- Users’ awareness of how to navigate the internet, and ability to distinguish good from the bad.
In a nutshell, cybersecurity is one component of the overall Information Security Program and it cannot exist on its own.