Security is never a 100% game. However, the security dilemma is that hackers only have to get it right once while the security team has to get it right every time. The Six Principles of Cyber Security are best practices that guide IT and management through the process of being one-step ahead of the threat in today’s world.
Security beyond Firewall
Network security used to be achieved by scanning network traffic on various OSI layers. Classic firewalls scan up to OSI layer 4 and from there, web application fi rewalls take over and scan up to application layer (OSI Layer 7). The introduction of new technology enabled the evolution of new, intelligent bots that show “humanistic” behaviour.
Additionally, good bots like Google crawlers, are approaching websites to increase your company’s value in the internet. Instead of looking for suspicious data new systems have learned to look for suspicious patterns of traffic to identify and protect against fraud.
Through machine learning and day-to-day engineering, these new solutions allow blocking of bad bots while passing through good bots. These solutions extend network security beyond pure traffic scanning into pattern recognition.
Advanced Access Management
If you still use a username and password to access your systems you should seriously consider moving to an advanced access management solution. In today’s world, a combination of username and password is no longer secure enough. Instead, so-called multi-factor–authentication (MFA) is the way forward. The principle is to use at least two independent authentication methods, e.g. username and password, plus a second authentication method such as a PIN, TAN, SMS, or simply an app on your smartphone. The second aspect of an advanced access management is to log any access to your systems. There are several systems in the market that perform logging, analysis and alerting all in one solution. Sophisticated solutions again use machine learning and pattern recognition to detect unusual behavior and automatically send out alerts.
With an advanced access management solution, you will know at any time who enters your IT and you will have the keys under constant control.
Enhanced Application Security
In addition to security measures on the network, most systems are secured with an antivirus solution. In days of cyber-attacks this is also no longer enough. Enhanced application security consists of two additional measures:
1) security driven release management, where applications, related patches, and service packs are updated for security reasons and not for new functionality and;
2) pattern recognition in the application that allows for automatic detection of suspicious behavior. Most of these systems come with a machine learning code.
Trusted Attack Simulation
One of the most important cyber security principles is to identify security holes before hackers do. Trusted Attack Simulation, simulates attacks from outside and inside your IT, and gives you a report that identifies potential security holes in your IT.
Internal attack simulation is as important as external attack simulation. Only if you assume a hacker can sit inside your management network you will introduce the correct measures. You are on the right track if you are able to give a hacker access to your internal network and still feel safe.
Today you have to assume that your data can be stolen, both when it is in transit, or directly from your servers and storage, where the data is at rest. The data encryption principle addresses two stages of encryption:
1) Encryption in Transit (EIT) and
2) Encryption At Rest (EAR).
Only after data is encrypted at both stages, EIT and EAR, data is secure and it is much harder to derive information from it if stolen any.
Compliance Business Framework
Last, but not least, any company that uses IT be it from internal sources, a cloud, or any third party provider, needs to develop its Compliance Business Framework (CBM) for security. Here you articulate your security policies, principles and guidelines for the entire company.
Mostly the CBM is linked to other compliance policies such as ISO9001, ISO27001 and so forth. However, the CBM policy should be developed around your specifi c security need and it is the responsibility of the Security Officer to maintain and ensure it is correctly implemented and maintained.