Guide: Finding Your Way to Cybersecurity and Compliance
In the following article, Infopulse experts will cover the latest security trends, offering you insights and advice from our practices on ensuring protection and compliance with the newest regulations – in a simple way.
Cybersecurity trends and forecasts.
The reasoning for increased measures is clear if we take a closer look at the latest security trends. In the era of interconnectivity, companies in all industries are at risk.
- As of today, almost 700,000,000 known malicious programs are registered, according to AV-TEST, with more than 400,000 new malware signatures registered every day.
- By 2021, the costs of cybercrime damage may exceed $6 trillion, according to CyberSecurity Ventures Report.
- Targeted attacks put data of billions of end-users at risk. The cases of attacks on JP Morgan Chase, Morgan Stanley, Anthem, eBay, Yahoo, Home Depot inflicted major reputational damage and resulted in billions in monetary damage. The latest Equifax case, one of the largest credit bureaus in the US, affected personal data of 143 million US customers, which is roughly 1/3 of total US population. With recent cases of cyberattacks on the parliaments of Germany and the UK, the governments are also at risk.
- Spray-damage incidents are even more vicious. This year’s WannaCry malware crippled large businesses and governmental structures across Europe, including Maersk, Merck, LG, Deutsche Post, Evraz, Rosneft, Mondelez, and many others.
- With tons of IoT and personal devices around us, we already need to expand our thinking from keeping private data safe to keeping people safe. A critical vulnerability of a life-sustaining pacemaker (a small wireless device, implanted in the upper chest to correct heart rhythms) affected 465,000 patients in the US, who could possibly become subjects of a potential attack on device’s functionality. Miraculously, the threat was uncovered before anything happened.
As the cybercrime industry is huge and the number of incidents is growing, companies can’t be 100% safe from security threats. What can and should be done is minimizing risks and, consequently, damage, by taking security seriously.
Understanding cybersecurity – real-world analogies
Cybersecurity requires a full-scale strategy and investments. The latter is always a bottleneck, as, despite all trends, companies find it hard to justify their expenses on cybersecurity. Ideally, for the better understanding of the importance of cybersecurity, the companies should refer to GDPR or ISO 27001 and its expansions ISO 27002 and IT Grundschutz – the silent advocates, protecting businesses and their investments.
We’ll make this task even more simple for you by comparing major cybersecurity aspects to real-life analogies.
- IT Security can be compared to health. It’s always better to prevent a disease than to cure Similarly, it is always better to prevent security incidents, than to respond to them.
- Audits are a preliminary diagnosis. Any treatment should start from assessment and diagnostics. That’s why we recommend conducting independent audits before starting any security projects.
- Penetration testing is similar to vaccination. With vaccination, you inject weakened viruses and bacteria in your body, creating immunity to diseases. Pentesting works in a similar way – security experts imitate actions of criminals, to make your business immune to real attacks.
- Infrastructure protection is a healthy environment. Just like the water we drink, the air that we breathe, the food that we eat – influence our health, the safety and productivity of business processes depend on the health of the working environment, the safety of network settings and supporting systems, and the reliability of vendors and employees.
- Secure software development lifecycle is a healthy way of life. You need your system to be secure and healthy from the very start. It’s better to mitigate core conditions of risks not only before the “birth” of software but before its “conception”.
- Antivirus systems are the police. If police worked like modern anti-virus systems, they’d need to compare photos and fingerprints of the criminals with their databases… not taking into account that criminals can undergo plastic surgery or change fingerprints. Each day, world “welcomes” new criminals/malware, which will be absent from the “police” database for quite some time.
- IT security can also be compared to road safety. Sometimes we do not understand certain road signs or limitations, but follow them, as we understand the danger on the road. The same is relevant for We should comply with the rules, even if we don’t always understand their meaning. Of course, IT security is not as mature as road safety. Thus, besides laws and regulations, we need to refer to the best practices.
While we could go on with this list forever, we tried to illustrate only some of the core security aspects with rather straightforward examples. If you have anything to add, please feel free to share your own thoughts in the comments below.
Now, let’s talk about another big challenge you’ll need to face – finding the right approach to security.
Modern approaches to cybersecurity
Most companies, Infopulse works with, tend to utilize one of the two dominant approaches: reactive and proactive.
- The reactive approach is a reaction to an incident, which happened in the past. This approach is invaluable when it comes to fixing old vulnerabilities, patching exploits, and removing conditions that led to the However, if you deal with past oversights only, you won’t be ready for the new problems in the future. The reactive approach provides a fragmented short-term effect and is never a strategy, helping to solve security problems erratically.
- Another common approach is called proactive, which is basically a long-term strategy, helping businesses establish complex security processes and management. This approach provides a holistic understanding of security issues and a rational justification of your investments, including investments in the reactive controls. However, it requires significantly more time and resources.
Both approaches have their own strong and weak sides. This is why at Infopulse we introduced proactive defense-in-depth – our own vision of effective cybersecurity measures, based on proactive approach with elements of a reactive approach. If compared to real-world analogies, security threats are water, while security vulnerabilities are the holes and slits in the house. Just like water flowing through the widest hole, threats penetrate the weakest spots. To protect your house, you should not rely on the roof only. You’ll need to make rainwater drainage, and detect all threats in time, protecting the house walls, windows, basement as well.
To sum it up, you can invest resources in security endlessly. This is why you need to approach cybersecurity in a smart way, combining the most effective techniques from both reactive and proactive approaches.
How to protect business from threats?
Based on our practices at Infopulse, we offer a short list of ideas for building a strong cybersecurity strategy:
- Don’t rely on old security methods. Constantly adapt your strategy to be able to withstand today’s and tomorrow’s challenges.
- Adopt DevSecOps. Integrate application security with DevOps methodology. With DevOps, you can achieve really good results at application development and secure your software by adopting application security self-testing, self-diagnosing, and self-protection technologies.
- Start preparing for the IoT Era. Lots of insecure IoT devices are already here – a burning issue, completely overlooked by many.
- Passwords and tokens may soon become things of past, due to recognition technologies. New means of authentication will offer continuous trust with good user experience.
We hope that you’ve found our small blog post useful in your cybersecurity endeavors.
If you have any questions or comments, please feel free to contact us.