Reader Comments

Top 5 Factors to Consider in Your Cybersecurity Strategy

by Leonel Vieira (2020-01-16)


Top 5 factors to be part of your Cybersecurity strategy
If the world of the internet has brought about immense benefits for mankind in terms of facilitating business, commerce and myriad other things, it also has spawned concerns about cybersecurity as well.
In fact, the online environment is beset with a host of malware, viruses, trojans, and ransomware that are let loose on vulnerable websites. And even if you come up with robust cybersecurity measures like installing firewalls, antivirus software, and encryption among others, the hackers or cyber criminals find out newer ways of penetrating a network or device by using phishing, malware, viruses, trojans etc.

The staggering statistics concerning cybercrime involves a figure of $1.5 trillion (source: Web of Profit) as proceeds of crime in 2018. Cybersecurity: Everyone's responsibility Cybercrime has indeed become one of the biggest threats to entities, governments, and individuals.
It has ruined corporations and individuals by defrauding them of confidential data, money, IP or trade secrets. The spectre of cybercrime has grown in its intensity and sweep thanks to the proliferation of newer technologies. These include the Internet of Things (IoT,) Artificial Intelligence, Cloud Computing, Big Data and Predictive Analysis among others.

The modus operandi of cyber criminals in exploiting a system or network to steal data and information has meant cybersecurity has not remained the domain of the IT department or a dedicated cybersecurity team alone. In fact, it has become the responsibility of each and every stakeholder who uses or has access to a computer system or network.
The imperative of conducting security testing With so much at stake for individuals and organizations, preventing cybercrime has become a priority area. This involves carrying out security testing of all the assets, be it the legacy systems, cloud systems, applications, databases or networks.

A proper Risk and Compliance mechanism should be drawn by sensitizing each and every stakeholder of an organization. This is important, for with networked and distributed computers underpinning the IT infrastructure in most organizations, a single vulnerability or weakness can cause havoc.
The cyber-criminal has to find only one vulnerable area or a compromised/careless individual to bring an organization down to its knees. Also, with global cybersecurity protocols and regulations (IEC 27001 and 27002, BS7779 and PCI etc) being part of the IT security architecture, an organization has to comply with the same or risk censure, penalties or litigation. The security testing strategy should be comprehensive in its reach and involve all aspects of an organization. Let us discuss the five factors that ought to be considered while building a security testing strategy.

Five factors to strengthen cybersecurity measures #1 Take a backup: Even if this aspect is not directly connected to the setting up of cybersecurity measures in your organization, it can act as a safety net. In other words, 랜섬웨어 치료 should the system or network in your organization suffers a cyber-attack, a robust backup mechanism (on-site and off-site) can help you return to work quickly.

So, before you carry out security testing, make sure to take the backup of all the critical data. #2 Implement DevSecOps: Instead of implementing cybersecurity measures as an afterthought, make it a part of the application development process. Thus, while developing and deploying an application in the Agile and DevOps ecosystem, application security testing should be made part of the SDLC.

This way, should a vulnerability or glitch gets detected during the development cum testing phase, it can be plugged immediately. #3 Periodic security assessment: Cybersecurity threats are evolving and spreading with each passing day. This has necessitated the conduct of periodic security assessments like penetrating testing, vulnerability assessment, perimeter edge assessment, and security gap assessment among others.

The software security testing should not be a one-time affair but a continuous process (read periodically or as and when needed.) #4 Real time detection: Notwithstanding the presence of anti-virus software, firewalls and VPNs, a software security testing framework should employ real time detection of cyber threats.
These include implementing deep learning modules and heuristic algorithms to identify deviant behaviours of processes by comparing them to normal ones. #5 Communication: Every stakeholder in the organization should be made aware of the potential risks of ignoring the red flags around cybersecurity.

This involves instilling a cultural change in the organization as a part of risk management. There should be a free flow of communication across hierarchies and departments as far as strengthening cybersecurity measures is concerned. Conclusion With cybercrime rearing its head every now and then, organizations and individuals have no other way but to remain vigilant at all times.

And establishing an application security testing methodology will go a long way in generating trust and confidence in the IT architecture besides mitigating any cybersecurity risks. Michael works for Cigniti Technologies, Global Leaders in Independent Software Testing and Quality Engineering Services and the world's first Independent Software Testing Services Company to be appraised at CMMI-SVC v1.3, Maturity Level 5, and is also ISO 9001:2015