Introduction
Cyber Security, Computer Security, or Information Technology Security is the protection of computer systems (hardware [1],
operating system [2], and peripheral device [3]) and networks from information disclosure, theft, or damage to them or electronic data, as well as from the disruption that is a denial-of-service attack (DoS attack) [4], or misdirection of the services they provide.[5]
The current general status of cybersecurity
Worldwide governments and organizations experience geometrical increases in cybersecurity incidents. The most rampant threat is the risk of confidential information being accessed and potentially misused by an external and adverse party, that is, data breaches. [6] One core challenge in responding to data breaches is that data can be taken from several jurisdictions, then channeled spirally to other jurisdictions. The cross-border nature of incidents can make investigating this kind of breach, identifying various obligations concerning the data breach and options for dealing with the data breach, a very rippling and almost impossible process. The reason is that speed is often a critical factor in manifesting an effective response. [7]
Steps to Improve Defence Against Cyber Attacks Before They Occur
Conflict online breeds unexpected consequences, so it is eminent to ensure defenses are ultra-potent. For instance,
Ukraine was hit by cyberattacks before Russia launched its invasion. DDoS attacks and wiper malware were among the cyber threats targeted at the Ukrainian Government’s Ministries, banks, media, and other services.
Russia is accused of being the perpetrator that took down Ukrainian power grids in December 2015, and the widespread and disruptive NotPetya malware attack of June 2017.
Though NotPetya was designed to target organizations in the Ukrainian financial, energy, and government sectors, the impact quickly spread to organizations around the world. [8]
NCSC CEO Lindy Cameron declared that "Cyberattacks do not respect geographic boundaries and do have extreme international consequences – whether or not they are intentionally perpetrated. The NCSC implored organizations to arise and secure their networks from Cyberattacks. [9]
Core Steps to Improve Defence
1. Apply patches and security updates
Patches are software and operating system (OS) updates that address security vulnerabilities within a program or product. Software vendors may choose to release updates to fix performance bugs and provide enhanced security features. The best practices for software updates are: Enable automatic software updates whenever possible, to ensure they are installed promptly; Refrain from unsupported EOL software; Always visit vendor sites directly rather than clicking on advertisements or email links; Avoid software updates while using untrusted networks. New vulnerabilities perpetually emerge, yet, the best defense against attackers exploiting patched vulnerabilities is to update software to protect computers, phones, and other digital devices. [10]
2. Use strong passwords
This is the main barrier keeping most online accounts from being hacked. Weaknesses in account credentials can be a cybercriminal’s dream, but their success is the victims’ nightmare. It is paramount to take steps to avoid password hacking. Parameters for a strong password are: length — +10 characters and the characters must be varied so that lowercase, uppercase, symbols, and numbers could be accommodated by a password; it must propel puzzles that sequences must be avoided; it must be capable of cognitive retainment [11]
3. Use multi-factor authentication
Multi-factor Authentication (MFA) is an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application, online account, or a VPN. MFA is a core component of a strong identity and access management (IAM) policy. [12] Some worry that multifactor authentication poses an inconvenience, but generally it is used the first time to sign into an app or device, or after changing your password. After, the primary factor, usually a password will be needed. [13]
4. Teach phishing awareness
Not long ago, phishing was primarily aimed at the consumer market, and malware was considered the biggest threat to businesses. Today, it is an apex social attack on businesses, responsible for more than 75% of security breaches. [14] However, no cybersecurity solution assures 100% protection from attacks, yet phishing awareness training is eminent to understand parameters for protection from phishing attacks such as Subject lines and text are often threatening or enticing; Attacks are becoming more targeted and personal; Phishing emails are getting more sophisticated; Links are not always what they seem and can be hidden in attachments; Hackers use real brand images and logos. [15]
5. Use antivirus software and ensure that it works
Antivirus software and firewalls are data security utilities installed in devices to protect from viruses, spyware, malware, rootkits, Trojans, phishing attacks, spam attacks, and other online cyber threats [16] that can destroy data, slow down or crash devices, or allow spammers to send emails through accounts. Antivirus protection scans files and incoming email for viruses and then deletes anything malicious. [17]
6. Know and back up your network
Research by Sophos found that half of the organizations were attacked by ransomware in 2019 and almost 75% of cases, the attackers were able to encrypt data. Most organizations did retrieve their data, but twice as many did so from backup than by paying the ransom, and the cost to them was less than half what it was to those who paid up. [18] The key to avoiding ransomware demands is robust and well-tested backups, ensuring good clean backups are made regularly, and that they are thorough and comprehensive, quite possibly “air-gapped” [19] too. It also means backup policies and practices should be regularly reviewed and tested.
7. Being mindful of third-party access to network and supply chains
Third-party suppliers have been identified as the biggest cyber threat to supply chain security, with research [20] revealing that two in every three attacks focus on the supplier. Such attacks on a single supplier can result in exponential harm, compromising an entire network of providers, and leading to downtime in systems, monetary loss, and repetitional damage. While many organizations may be aware of such incidents, more action must be taken— due diligence to truly understand which software and hardware the third-party uses, where any potential vulnerabilities might lie, and what steps are being taken to secure their systems from cyber-attack. [21]Juhan Lepassaar, EU Agency for Cybersecurity Executive Director said: “Due to the cascading effect of supply chain attacks, threat actors can cause widespread damage affecting businesses and their customers all at once. With good practices and coordinated actions at the EU level, Member States will be able to reach a similar level of capabilities raising the common level of cybersecurity in the EU.” [22]
8. Have an incident response plan
A Cybersecurity Incident Response Plan is a document that gives IT and cybersecurity professionals instructions on how to respond to serious security incidents, eg. data breaches, data leaks, ransomware attacks, or loss of sensitive information. According to the National Institute of Standards and Technology (NIST), there are four phases to most effective incident response plans: Preparation; detection, and analysis; containment, eradication, and recovery; and post-incident activity. However, incident response procedures need to evolve when changes happen, including Complying with new applicable regulations, such as the General Data Protection Regulation, (GDPR) [23].
9. Brief the wider organization about cyber threats
In today’s computerized world, new risks emerge hourly. Connecting to the Internet opens the possibility of a hacker targeting organizations as Cyber Crime becomes lucrative with cyber risk focused on organizations and governments globally. Monetary and reputational risks are high if organizations do not have an appropriate cybersecurity plan. This is achieved through an efficient Cybersecurity Governance that focuses on Protection from Malicious Software and External Attack; Hardware Maintenance Plans; People and Documentation; Policies and Procedures; System, Email, and Internet Use Policies; Remote Access Policies; and Insurance [24]
Conclusion
Perpetuity and space have become the mantra of today’s enterprise workforce, and so are Cyber threats and attacks. [25] Every person and organization with something to secure and a business to preserve must be vigilant, and resilient with practice. Beyond the nine giant steps, constant assessment of how effectively these steps are taken to approach the vision is paramount. Despite the challenges, improving cybersecurity does not have to be a grueling journey, the generation of up-to-date leagues of heroes combating challenges that face organizations and individuals as they embrace the cloud, mobile, social, and analytics technologies are effectively engineered from strategy to implementation to eliminate or reduce them by assisting Porte risk victims. [26]
References
1. PC hardware: a beginner's guide. Osborne/McGraw-Hill. 26 April 2001. pp. 21. ISBN 9780072129908
2. Stallings (2005). Operating Systems, Internals, and Design Principles. Pearson: Prentice Hall. p. 6.
3. Laplante, Philip A. (2000). Dictionary of Computer Science, Engineering and Technology. CRC Press. p. 366. ISBN 0-8493-2691-5. Archived from the original on September 3, 2016. Retrieved November 9, 2022.
4. CISA Cybersecurity & Infrastructure Security Agency (November 4, 2009) “Understanding Denial-of-Service Attacks” Security Tip (ST04-015) https://www.cisa.gov/uscert/ncas/tips/ST04-015 Accessed November 9, 2022.
5. Schatz, Daniel; Bashroush, Rabih; Wall, Julie (2017). "Towards a More Representative Definition of Cyber Security". Journal of Digital Forensics, Security and Law. 12 (2). ISSN 1558-7215.
6. Maryville University (2022) Understanding Global Cybersecurity
https://online.maryville.edu/blog/understanding-global-cyber-security Accessed November 9, 2022
7. Baker McKenzie (2022) “Cyber Security Around the World” Global Compliance News https://www.globalcompliancenews.com/cyber-security/cyber-security-around-the-world/# Accessed November 9, 2022
8. UNITED STATES OF AMERICA V. YURIY SERGEYEVICH ANDRIENKO, & ORS (2020) CriminalNo. 20-316 UNITED STATES DISTRICT COURT WESTERN DISTRICT OF PENNSYLVANIA
https://www.justice.gov/opa/press-release/file/1328521/download Accessed November 9, 2022
9. NSAC- National Society of Accountants for Cooperatives (April 7, 2022) “Want to Boost Your Cybersecurity? Here Are 10 Steps to Improve Your Defenses Now” https://nsacoop.org/articles/want-boost-cybersecurity-10-steps-improve-defenses-now Accessed 9 November 2022
10. CISA Cybersecurity & Infrastructure Security Agency “Understanding Patches and Software Updates” Boston University Information Services & Technology— Tech Web https://www.bu.edu/tech/support/information-security/security-for-everyone/understanding-patches-and-software-updates/ Accessed November 9, 2022
11 AO Kaspersky Lab (2022) “Tips for Generating Strong and Unique Passwords” https://www.kaspersky.com/resource-center/threats/how-to-create-a-strong-password Accessed November 9, 2022
12. One Login (2022) “What is Multi-Factor Authentication (MFA)?” —One Identity https://www.onelogin.com/learn/what-is-mfa Accessed November 9, 2022
13. Microsoft (2022) What is: Multifactor Authentication? https://support.microsoft.com/en-us/topic/what-is-multifactor-authentication-e5e39437-121c-be60-d123-eda06bddf661 Accessed November 9, 2022
14. Verizon (2022) “2022 Data Breach Investigations Report” https://www.verizon.com/business/resources/reports/dbir/ Accessed November 9, 2022
15. Adrien Gendre (October 14, 2021) “Phishing Awareness Training: 8 Things Your Employees Should Understand” Vade Secure
https://www.vadesecure.com/en/blog/phishing-awareness-training-8-things-employees-understand?hs_amp=true Accessed November 9, 2022
16. Harshit Gupta (February 16, 2022) “11 Advantages of Using an Antivirus Software – Importance of Online Security” Google Cloud Geekflare https://geekflare.com/advantages-using-antivirus/ Accessed November 9, 2022
17. AO Kaspersky (2022) “How to get rid of a computer virus”
https://usa.kaspersky.com/resource-center/threats/how-to-get-rid-of-a-computer-virus Accessed November 9, 2022
18. Vanson Bourne (May 2020) “The State of Ransomware 2020 — Results of an independent study of 5,000 IT managers across 26 countries” Sophos https://www.sophos.com/en-us/medialibrary/Gated-Assets/white-papers/sophos-the-state-of-ransomware-2020-wp.pdf Accessed November 9, 2022
19. George Crump (07 May 2020) “Add tape backup in 2020 to boost a data protection strategy” Storage Tech Target https://www.techtarget.com/searchdatabackup/opinion/Add-tape-backup-in-2020-to-boost-a-data-protection-strategy?_gl=1*1oqysff*_ga*YW1wLTNRUGFUU1N6ZU1RUjh3cWlEcEJPRXc Accessed November 9, 2022
20. ENISA European Union Agency for Cybersecurity (July 29, 2021) “Understanding the increase in Supply Chain Security Attacks” https://www.enisa.europa.eu/news/enisa-news/understanding-the-increase-in-supply-chain-security-attacks Accessed November 9, 2022
21. SC Media UK (2019) “How to isolate third-party supply chain risks” Haymarket Media, Inc. https://insight.scmagazineuk.com/how-to-isolate-third-party-risks-in-the-supply-chain Accessed November 9, 2022
22. ENISA European Union Agency for Cybersecurity (July 29, 2021) “Understanding the increase in Supply Chain Security Attacks” https://www.enisa.europa.eu/news/enisa-news/understanding-the-increase-in-supply-chain-security-attacks
23. INGCONG ZHAO “Organized, Efficient, Secure. Maintain GDPR Compliance the Right Way” Hyperproof https://hyperproof.io/gdpr/ Accessed November 9, 2022
24. STEVE CURSILLO, JR., CHRISTOPHER ARNOLD (NOVEMBER 4, 2019) “PREPARING FUTURE-READY PROFESSIONALS: Cybersecurity Is Critical for all Organizations – Large and Small” IFAC International Federation of Accountants
https://www.ifac.org/knowledge-gateway/preparing-future-ready-professionals/discussion/cybersecurity-critical-all-organizations-large-and-small
25. Scott Koegler (Apr 17, 2017) “5 easy ways to improve your cybersecurity” AT&T Business https://www.business.att.com/learn/tech-advice/5-easy-ways-to-improve-your-cybersecurity.html
26. Nick Galletto; Mark Fernandes; et al “Five essential steps
to improve cybersecurity: Trekking toward a more secure, vigilant, and resilient organization” Deloitte https://www2.deloitte.com/content/dam/Deloitte/ca/Documents/risk/ca-en-risk-cyber-5-steps.pdf