Every day, we hear how important cybersecurity is or how important it is to “increase your security posture.” But as technology changes and encompasses more of our lives and businesses, the scope of what cybersecurity is grows, and the actual meaning starts to become ambiguous.
Cybersecurity for most businesses in the early 2000s was straightforward. Most of a company’s data sat on physical servers in their office or in file cabinets and was protected by a modest firewall, some antivirus software, a basic spam filter, etc. As long as you patched your systems regularly, most businesses were in a reasonable place.
In 2022 we live in a different world. Cybersecurity has become a complex, cross-
functional segment of a business, not just something that the information technology department has to deal with.
So what exactly is cybersecurity in 2022?
The size and complexity of a cybersecurity program will change based on the organization, but all of them will have the same fundamental goals that are collectively known as the CIA Triad.
>> Confidentiality: Making sure only those who are authorized to access information can do so.
>> Integrity: Ensuring data has not been tampered with and can be trusted as authentic and reliable.
>> Availability: Ensuring systems are running and data is available when needed.
To accomplish these goals, modern cybersecurity programs now include:
“Blue teams” that are responsible for:
>> Vulnerability and patch management programs to ensure all software and hardware is kept up to date in order to remove known flaws that would allow an
attacker to circumvent
security settings.
>> Security operations centers that keep eyes on all digital assets around the clock and investigate anything that looks suspicious.
>> Incident response teams to scope, contain, eradicate and recover from breaches.
“Red teams” that are responsible for:
>> Penetration testing, where specially trained security experts do their best to break into their own company’s network to look for flaws the blue team may have missed.
>> Attacker emulation programs, which simulate the tactics and techniques attackers commonly use, to test monitoring defenses.
>> Phishing tests to try
to trick employees into clicking on malicious links in emails.
>> Social engineering to try to exploit the human element of a business’
security strategy.
In addition to blue and red teams, compliance and governance teams ensure that data is handled in a manner that is in alignment with federal and state laws like the General Data Protection Regulation and the Health Insurance Portability and Accountability Act, or HIPAA, as well as industry-specific requirements like the Payment Card Industry Data Security Standard.
With the rapid adoption of cloud-based technology and infrastructure, these teams are now responsible for the security of more information that’s stored in more places and needs to be readily available. They are also faced with highly sophisticated attackers that range from lone hacktivists looking to get their message out to the world, often via defacing websites or other digital assets, as well as
organized crime segments using things like ransomware for financial gain, to state-affiliated actors looking for information or even to inflict damage on physical infrastructure. Sometimes there’s a mix of the three.
The challenges of 2022 are significantly greater than even just 10 years ago and only seem to be getting more complex. While not all businesses need all of the items mentioned above, all businesses need some form of cybersecurity today, and it is vitally important that they begin to address these challenges.
———
Jordan Silva is senior manager of service delivery at
Hawaiian Telcom. Reach him at jordan.silva@hawaiiantel.com.
