When it comes to security breaches, “most companies are approaching the problem as not if, but when,” said Jayme Lara, CISSP, MS, IS, an adjunct faculty member in Villanova University’s Certificate in Cybersecurity program.

Lara said it’s vital for businesses to have an effective incident response plan in place. The incident response plan is a process designed to stop the unwanted action, mitigate its impact and begin the process of recovery, according to Robert Arakelian, Assistant Professor of the Practice for Accounting & Information Systems at Villanova.

Arakelian discussed the topics of incident response and disaster recovery in the Essentials of Cybersecurity course, a requirement of the Certificate in Cybersecurity program.  

Putting the Incident Response Plan in Place

In cybersecurity terms, an incident is “an attack against an information asset that threatens confidentiality, integrity or the availability of information resources,” said Arakelian.

“An incident response plan works to ensure that a breach is resolved as quickly as possible and with the minimal effect to an organization,” Lara added. “Historically, it is a formal step-by-step process, identifying roles and responsibilities of teams across the organization.”

The first phase of an incident response plan is preparation. The plan must be organized so its instructions can be quickly and easily implemented. It must be protected and stored as sensitive information but accessible for those who need it.

The plan needs to be in place and have been thoroughly tested before any suspicious activity occurs. “An untested plan is not useful,” Arakelian said. He called periodic updates and walkthroughs “critical.”

The second phase is identification or detection of a possible breach. This most commonly occurs, Arakelian said, when technical support is requested from the help desk. Cybersecurity professionals look for signs that the incident is hostile. Indications of a possible attack include the presence of unfamiliar files and unusual system crashes.

The presence of new accounts indicates the attack probably should be classified as an incident, while the use of dormant accounts and changes to logs tells trained observers that they conclusively have an incident on their hands.

Cybersecurity professionals must be aware of any possible signs of meddling. The earlier an attack is detected, the sooner the organization can begin battling it.

The third phase of an incident response plan is containment, which involves efforts to prevent more damage from occurring. This phase includes actions that must occur quickly in order to address the issue: alerting key personnel, assigning tasks and documenting the incident. Team members first must re-secure the system and search for and repair any vulnerabilities, as one of these may have been exploited for the breach.

Documentation is essential and cannot be treated as an afterthought. A cybersecurity incident exposes not only the organization’s vital information but also that of its clients and customers. The organization must be able to show that it did everything it could to contain the damage caused by the incident.

Incident Recovery Tips

Once tasks are assigned, the fourth phase, eradication, can begin. Team members should be searching for and removing data affected by the incident. Search engines must be contacted so that bogus information posted during the incident is not archived. They also must ensure that any personal information posted during the incident is removed.

The final two phases of an incident response plan are recovery and lessons learned. Arakelian recommended the following steps for the incident recovery process:

• Identify and resolve vulnerabilities
• Address and replace failed safeguards
• Evaluate and upgrade monitoring capabilities
• Restore data from backups
• Restore necessary systems, processes and services
• Continuously monitor the system
• Restore the organization’s confidence
• Conduct “after-action” review

Studying the operation’s system logs, intrusion detection logs, configuration logs and documents, incident response documentation and systems, and data storage assessment results ideally reveals where and how the system was breached.

Disaster Management Roles

If the damage of an attack or incident can’t be contained, it can become a disaster. According to Arakelian, an incident becomes a disaster when the organization cannot mitigate the impact of the incident while it is occurring, or if the damage or destruction is so severe that the organization cannot recover quickly.

The crisis management team goes into action here. This team’s duties include:

• Managing the event from an enterprise perspective
• Supporting personnel and families during the crisis
• Determining the impact on normal business operations
• Informing customers, suppliers, partners, regulatory agencies, industry organizations and the media about the breach and the organization’s efforts to deal with it.

Being up front with those whose information may have been compromised is essential. Being the victim of a successful cyberattack does little good for an organization’s reputation. A lack of openness about the incident can cause even more damage.

For example, retailer Target suffered a holiday-season data breach in 2013 that affected tens or millions of its customers. The company chose not to announce the breach to the public, Lara said. A blogger broke the news.

“Target should have been the first to announce it, as part of its incident response plan,” Lara said. “The company took a huge hit to its reputation. Knowing the proper incident response is huge.”

Prevention and Recovery

Prevention is job one for an organization’s cybersecurity teams. “Companies need to practice defense-in-depth with multiple advanced technological solutions including encryption, intrusion detection, log management, vulnerability scanning, firewalls and more, in addition to trained cybersecurity professionals experienced in tool usage and implementation,” Lara said.

Even so, organizations need to recognize the likelihood of an attack and have a plan in place to deal with these intrusions, whether large or small.

Verizon’s 2019 Data Breach Investigations Report stated that 43% of data breaches involved small business victims. “No organization is too large or too small to fall victim to a data breach,” according to the report. “Having a sound understanding of the threats you and your peer organizations face, how they have evolved over time, and which tactics are most likely to be utilized can prepare you to manage these risks more effectively and efficiently.”

According to the 2019 “Cost of a Data Breach Report,” by IBM and the Ponemon Institute, the loss of just one consumer record costs a company $150. On average, more than 25,000 records are lost in a data breach. That equates to roughly $3.9 million, on average, being lost as a result of one breach.

As stated in the IBM report, the type of business determines the lifecycle of a data breach. The average time to identify and contain a data breach is 279 days and a breach lifecycle under 120 days costs approximately $1.2 million.

The consequences of a data breach involve more than monetary loss. A decrease in organizational reputation can be even more damaging as businesses work to counteract financial losses.

Impactful Data Breaches

Most people today have either been a victim of a data breach or know someone who has had their personal data compromised. The same goes for businesses.

In 2018, there were 1,244 data breaches in the U.S. with over 446.5 million records exposed, according to the 2018 End-of-Year Data Breach report by the Identity Theft Resource Center. More than 550 data breaches affected businesses alone, with more than 415 million records exposed.

5 Noteworthy Data Breaches

According to a July 2019 report by CNBC, the five largest data breaches on record to date include the following:

1. The Yahoo breach in 2013 remains the largest breach on record, with three billion accounts affected. A second breach in 2014 affected another 500 million accounts.
2. First American Financial Corp. was hacked in 2019, resulting in 885 million records being exposed. Poor security measures were identified as the primary cause of the attack.
3. Facebook was also breached in 2019, with 540 million accounts affected. Poor security was identified as a cause for the cybersecurity attack.
4. Marriott International was hacked in 2018, leaving 500 million documents exposed.
5. Friend Finder Networks was attacked in 2016 and 412.2 million records were affected. Poor system security and hacking were determined as the main causes for the data breach.

Learn to Prepare for a Data Breach

“As it relates to preparing for a data breach, the importance of an Incident Response Plan cannot be stressed enough,” said Jayme Lara, CISSP, MS IS, an adjunct faculty member in Villanova University’s Certificate in Cybersecurity program. “Most companies are approaching the problem as not if, but when,” she said.

Lara, who teaches Villanova’s Mastering Cybersecurity/Security+ course, said data breaches are a hot issue that organizations need to be aware of and prepared for. One of the reasons the University recently revamped its program was to keep up with the latest trends in cybersecurity, data breaches and cloud computing, according to Lara.

“We touch on data breaches in Essentials of Cybersecurity, then dive deeper into the subject in the Mastering Cybersecurity/Security+ course,” she said.

“We discuss the steps needed to learn the technical aspects of containing the data breach, determining root cause, becoming operational again, and of course, lessons learned. We will also cover information channels including determining when to let the public know their data has been stolen,” she continued.

Those channels include what type of data was leaked and what the corporation’s legal requirements are in reporting the breach.

“At a high level, your Incident Response Plan is going to deal with all of that – assessing legal risk, compliance requirements, auditing your systems and crisis communication,” Lara said.

An Incident Response Plan is a documented method of approaching and managing incidents or breaches. It is used to identify, respond to, limit and counteract security incidents and breaches as they occur.

“An Incident Response Plan works to ensure that a breach is resolved as quickly as possible and with the minimal effect to an organization,” Lara said. “Historically, it is a formal step-by-step process, identifying roles and responsibilities of teams across the organization.”

When the Target holiday data breach occurred in 2013 and tens of millions of the retail giant’s customers’ data was impacted, the company did not announce the breach to the public, Lara said. Instead, a cyber blogger broke the news.

“Target should have been the first to announce it, as part of its Incident Response Plan,” Lara said. “The company took a huge hit to its reputation. Knowing the proper incident response is huge.”

In addition to the reputational hit, Target also had to pay $18.5 million in a multistate settlement. The agreement set new standards for companies that processed payment cards and kept confidential information on customers.

What to do When a Data Breach Occurs

The Federal Trade Commission offers a guide for businesses to follow in the case of a data breach.

“Whether hackers took personal information from your corporate server, an insider stole customer information, or information was inadvertently exposed on your company’s website, you are probably wondering what to do next,” the FTC article states.

Safeguard Your Operations

• Secure your systems quickly and fix vulnerabilities that may have allowed for the breach. Take steps to ensure it won’t happen again.
• Gather a team of experts to conduct a comprehensive breach response. This may include forensics, legal, information technology, human resources and communications departments.
• Consider hiring an outside investigator to determine scope and source of the breach.
• Consult with your legal counsel. Consider hiring an outside counsel that specializes in privacy and data security.
• Secure the physical area and allow forensics experts to examine all affected equipment before shutting it down.

Remove Affected Information

• If the data breach involved any personal information posted on your website, remove it immediately. Contact search engines to ensure they don’t archive the information posted in error.
• Search for your organization’s exposed data to make sure it has not been saved on someone else’s website.
• Interview all people who discovered the breach and document your findings.
• Do not destroy evidence.Allow forensics experts access to any evidence involved in a breach.

Identify and Fix Vulnerabilities

• Determine if you need to change service provider access and work with forensics experts to analyze whether your network segmentation should change.
• Determine if encryption was working when the breach occurred.
• Have a comprehensive plan to communicate with employees, customers, investors, business partners and stakeholders.

The FTC also recommends notifying all the appropriate parties, including law enforcement and affected parties. Most states have legislation requiring notification of security breaches.

“If you quickly notify individuals that their personal information has been compromised, they can take steps to reduce the chance that their information will be misused,” according to the FTC article.

How Companies Respond to a Data Breach

Prevention is key when it comes to data breaches, Lara said. “Companies need to practice defense-in-depth with multiple advanced technological solutions including encryption, intrusion detection, log management, vulnerability scanning, firewalls and more, in addition to trained cyber professionals experienced in tool usage and implementation. Having basic security policies like an Incident Response Plan in place prior to a breach is essential.”

Preparation is Essential

“Most companies expect to be breached or believe they already have been breached,” Lara said. “There are estimates that these crimes will cost [companies] about six trillion dollars by 2021 with small and medium businesses the most likely victims.”

That is why it is so important for cybersecurity professionals to know how to spot attacks, Lara said, and know what to do before, during and after a data breach occurs. 

According to Verizon’s 2019 Data Breach Investigations Report, 43% of data breaches involved small business victims.  

“No organization is too large or too small to fall victim to a data breach,” the report states. “Having a sound understanding of the threats you and your peer organizations face, how they have evolved over time, and which tactics are most likely to be utilized can prepare you to manage these risks more effectively and efficiently.”

Villanova’s Cybersecurity program teaches students about the need for increased cybersecurity measures to protect infrastructure and corporate data, and what techniques and technology could help protect organizations from a data breach.

According to Lara, Villanova’s Essentials of Cybersecurity and Mastering Cybersecurity/Security+ courses walk students through the usage and purpose of several advanced cyber tools necessary to prevent a data breach. Additionally, students will dive into components of an Incident Response Plan and the challenges and opportunities that come with containing and responding to a data breach.

A lot has changed in a short time.

“The cloud came on as a way to help companies share resources – IT and cyber resources – at a fraction of the cost of having to hire a full-time IT person to refresh and maintain infrastructure,” said Jayme Lara, CISSP, MS IS, a Villanova University adjunct professor who teaches the Mastering Cybersecurity/Security+ course.

“Cloud computing has taken the place of a larger IT team and what are called data centers, which are rooms with a bunch of servers in them that are costly to maintain,” Lara said.

Today, most businesses have or are investigating a relationship with cloud computing, she continued.

Cloud Computing Impact

Cloud computing has been discussed as a disruptive technology revolutionizing multiple industries including project management. The Project Management Institute’s in-depth Pulse of the Profession® report titled, “Next Practices: Maximizing the Benefits of Disruptive Technologies on Projects,” lists cloud solutions as the number one disruptive technology by total impact. According to report respondents, 84% of “innovators” said the cloud is providing their organization with a competitive advantage.

Cloud computing was also ranked as the number two hard skill companies will need in 2020, according to LinkedIn. Hard skills include technical abilities and specialized knowledge, and involve an individual’s ability to complete a task.

Cloud Computing Job Outlook

Use of the cloud allows for greater levels of collaboration and information access, which provides more focus on projects and customer issues. That may also mean more jobs for professionals with the proper training in cloud computing and other cybersecurity specialty areas.

Employment in computer and information technology, which includes cloud computing, is expected to grow by 12% between 2018 and 2028, much faster than the average for all occupations according to the U.S. Bureau of Labor Statistics (BLS).*

According to the BLS, approximately 546,200 new computer and information technology jobs are projected in the next decade due to a greater demand on cloud computing, information security and the gathering and storing of big data. Additionally, the BLS reported that the median annual wage for computer and information technology jobs was $86,320 in May 2018.

Common Uses of Cloud Computing

According to IBM, cloud computing has been credited with increasing competitiveness through cost savings, greater flexibility and optimizing resources.

The company offers a list of seven of the most common uses for cloud computing.

1. Infrastructure as a Service and Platform as a Service: Using an existing infrastructure saves money, according to IBM. With cloud computing, companies have a ready-to-use platform from which to deploy new applications.
2. Private Cloud and Hybrid Cloud: Organizations can use a private cloud to assess applications. A hybrid cloud can expand during periods of limited peak usage. Both are pay-as-you-go.
3. Testing and Development: The cloud offers readily available environments that combine automated provisioning of physical and virtualized resources.
4. Big Data Storage: Cloud computing gives organizations the ability to tap into huge quantities of both unstructured and structured data to extract business value, such as consumer shopping patterns.
5. Storage Space: Organizations can use the cloud to store data and retrieve it at any time, from anywhere.
6. Recovering from Disaster: Using the cloud for storage negates the need for using traditional disaster recovery sites.
7. Backing Up Data: The cloud allows companies to dispatch data to and from any location with no security, availability or capacity issues.

Cloud computing makes sense for businesses because data centers and server rooms are expensive and difficult to maintain, Lara said. “Plus, finding and keeping talent to perform those activities is always challenging.”

Lara believes the storing and sharing of information is the top use of cloud computing.

“Cloud computing uses economies of scale to make IT services cost effective,” she said. “While companies share servers, cloud technology has a lot of current and evolving security controls to keep data segregated. Sharing IT and cyber resources reduces cost and lessens the attack surface.

“Storing big data is also a hot topic today,” Lara added. “If you have a website that needs 24/7 availability – think global companies constantly taking orders and shipping out goods – that is where cloud computing excels.”

Advance Your Knowledge of Cloud Computing

The growth of cloud computing knowledge and skills is one of the factors in Villanova’s decision to revamp its Cybersecurity Certificate program.

The program equips IT professionals, those who aspire to transition into IT security or those who need to meet government requirements with techniques for assessing risks and safeguarding corporate data.

In addition, the program teaches students how to plan for unanticipated challenges and offers practical skills that can be used to protect an organization against security threats.

Information on cloud computing is taught in the required Essentials of Cybersecurity and Mastering Cybersecurity/Security+ courses, Lara said.

The courses utilize a combination of engaging live class sessions by subject matter experts such as Lara as well as interactive assignments and exercises to help students master the material and prepare for industry certification.

______________________________________________________________________________

*Bureau of Labor Statistics, U.S. Department of Labor, Occupational Outlook Handbook, Computer and Technology Occupations, on the internet at https://www.bls.gov/ooh/computer-and-information-technology/home.htm (visited Sept. 13, 2019).

National long-term projections may not reflect local and/or short-term economic or job conditions, and do not guarantee actual job growth. Information provided is not intended to represent a complete list of hiring companies or job titles, and program options do not guarantee career or salary outcomes. Students should conduct independent research for specific employment information.

Pulse of the Profession is a registered trademark of the Project Management Institute, Inc.

As technology continues to soar to new heights, so, too, does the emphasis for educating professionals on how to plan for and combat cyberattacks. The desire to strengthen the cybersecurity workforce through evidence-based education is one of the factors in Villanova University’s decision to revamp its 100% online Cybersecurity Certificate program.

Villanova adjunct faculty member Jayme Lara, CISSP, MS IS, is overseeing the program developments, and said she is constantly updating her own education to keep up with the improvements in cybersecurity.

“I stay interested in cybersecurity because of the broad range of topics involved and the ever-changing landscape,” Lara said. “I enjoy the problem-solving aspect and the constant learning that is involved.”

Growing up, Lara said she used to watch her brother “circumvent the security controls my mom would put on our home computer, which fascinated me.” She said that circumvention is what whetted her appetite for a cybersecurity career. That, and the fact that cybersecurity technology is constantly evolving.

In addition to keeping course curriculum up to date, Lara, who works for Lockheed Martin in the information security office, said she always does a section in the beginning of her courses involving the latest cyber news.

Lara said her broad range of responsibilities at Lockheed Martin help her stay current on a wide range of cyber topics that she can share with her students.

“I give students websites to visit that I check daily to keep up with the latest technology. I’m also a fan of Wired magazine to keep up with IT and cyber trends.”

“I teach because it is important to give back to the cyber community and help train the next generation of cyber defenders,” she said.

Cybersecurity and Cloud Computing

Much of the Villanova program update also involves the cloud, Lara said.

“The revamp was to update the courses to reflect the current landscape of cybersecurity, for example, the use of the cloud, which is booming,” she said. “There is a huge need for cyber professionals who have cloud experience.”

Cloud computing involves using a network of remote computer servers hosted on the internet where paying customers can store, manage and process data. It replaces the need for each individual company to pay for its own servers and engineers to service them.

When the Villanova courses were first developed, the cloud was just introduced and people weren’t sure what do to with it, Lara said. “Now, every corporation is using it or investigating how to use it.”

The cloud has a lot of security to keep data protected including state-of-the-art cyber tools, Lara said. “Some cloud providers have developed machine learning algorithms to detect hackers to make sure your data is protected. At the core of cybersecurity, you are trying to protect the data. That is typically the crown jewel.”

Projected Growth of Cybersecurity Jobs

It is crucial that cybersecurity engineers become at least somewhat familiar with the cloud, Lara said.

Some 3.5 million jobs in cybersecurity are expected to go unfilled globally by 2021, according to the Cybersecurity Jobs Report by Cybersecurity Ventures.

“The cybersecurity jobs forecasts have been unable to keep pace with the dramatic rise in cybercrime, which is predicted to cost the world $6 trillion annually by 2021, up from $3 trillion in 2015,” the report states.

“Every IT position is also a cybersecurity position now,” the report notes. “Every IT worker, every technology worker, needs to be involved with protecting and defending apps, data, devices, infrastructure and people.”

According to the U.S. Bureau of Labor Statistics (BLS), roles such as information security analyst are projected to be in high demand to help organizations safeguard computer networks and critical information. According to the BLS, information security analyst jobs are projected to increase by 32% through 2028*.

Additionally, the BLS reports that job employment of information security analysts is expected to increase 55% in computer systems design and related services through 2028 because of the increased “adoption of cloud services by small and medium-sized businesses and a rise in cybersecurity threats.”

Prepare for Certification

Villanova’s Cybersecurity Certificate program can also help students prepare for professional certification through CompTIA Security+.

The CompTIA Security+ exam is a global certification that incorporates best practices in hands-on trouble-shooting and practical security problem-solving skills. Earning the certification shows that candidates have the baseline skills needed to perform core security functions.

“Villanova’s revamped Cybersecurity courses prepare students for content they would see on the certification exam,” Lara said.

Who Should Seek Cybersecurity Education?

Lara estimated that 80% of her students come from the IT world, but that the revamped program applies to other backgrounds as well.

“My students are typically working professionals looking for a career change or looking to get a cyber certificate required by their job,” she said. “Having a different perspective rather than coming from an IT background is really gaining momentum in the industry, as those security professionals approach problems and identify how to solve them differently.”

Villanova’s Cybersecurity Certificate is ideal for IT professionals, those who aspire to transition into IT security, or those who need to meet government requirements. Students will learn cybersecurity concepts, methods and practices, as well as proven techniques for assessing risks and safeguarding corporate data.

The three-course certificate program includes two required courses: Essentials of Cybersecurity and Mastering Cybersecurity/Security+ and one elective.

Elective options include: Essentials of Business Analysis, Essentials of Business Intelligence, Essentials of Business Process Management and Essentials of Project Management.

______________________________________________________________________________

*Bureau of Labor Statistics, U.S. Department of Labor, Occupational Outlook Handbook, Information Security Analysts, on the internet at https://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm (visited September 04, 2019).

National long-term projections may not reflect local and/or short-term economic or job conditions, and do not guarantee actual job growth. Information provided is not intended to represent a complete list of hiring companies or job titles, and program options do not guarantee career or salary outcomes. Students should conduct independent research for specific employment information.

As organizations move to store databases online, an awareness of the risks inherent in cloud computing can help network security teams better prepare for intrusion attempts and minimize the damage of successful breaches. This article highlights some of the threats to cloud database systems and explains how security risks can be reduced.

Possible Threat Types

Cloud database systems are subject to many of the same threats that affect cloud technology. Because of the nature of large amounts of potentially sensitive information being stored in databases, however, the impacts can be quite severe if unchecked. While not a comprehensive list, these threats give a sense of the types of dangers facing network administrators as companies adopt large-scale cloud database storage systems.

Data breaches – Data breaches are perhaps the most common threat to cloud databases as reported in the media. In a data breach, hackers gain access to sensitive information stored in the cloud, such as customer credit card numbers or mailing addresses, and use it for personal gain. As more information is stored online in a centralized location, data breaches become potentially more severe, affecting millions of customers or employees at one time.

Account hijacking – In a hijacking attempt, intruders try to gain access to a user’s account by phishing or using holes in software security systems to discover passwords. When a user’s account login information is taken, intruders usually then change the password to lock users out of their accounts. At this point, any files or other information stored in the user’s cloud can be freely accessed, potentially including database information that provides data on many users at once.

APIs – An Application Programming Interface (API) is the technical means through which a user communicates with a cloud system, governing what permissions he or she has to attach third-party applications to the system. While cloud storage companies and other Internet entities have made great advances in developing secure APIs, such as OAuth, there is always the possibility that an intruder will find vulnerabilities to gain access to administrator API areas.

Data loss – When an intruder gains access to sensitive information, one possible outcome is for the intruder to delete the information in order to inconvenience its owner. If users do not keep up-to-date backups of files, it is possible that these files could be permanently lost if tampered with. When all files are stored in a single cloud-based server, deletion can trickle down to all user devices causing files to be lost everywhere simultaneously.

Cloud servers as malware platforms – The synchronizing services provided by cloud computing are undeniably useful for keeping database files up-to-date across devices and platforms. However, what happens if an attacker decides to use this same syncing mechanism to distribute viruses to all user devices simultaneously? If attackers are able to harness the power of cloud servers to spread malware across a network, the potential for damage is far greater than if attackers were only able to affect a small, locally stored organization network.

Reducing Risk

The risks to cloud databases may be somewhat sobering, yet understanding them can help users reduce potential damage. These general steps offer system administrators some guidance on how to approach cloud database security to safeguard the network from intrusion scenarios.

Understand your network – It is important for administrators to have a solid understanding of where and how sensitive information is stored on the network. Each of the various types of network data, including log files and data embedded in documents, should be classified and labelled. Access permissions should be reviewed and understood so that administrators can ensure that each file type can only be accessed by the proper individuals.

Secure network data – Building on the previous idea of access permissions, this next step involves identifying how much data each particular type of user will be permitted to see. Full access should only be given to the individual data owner, with sensitive areas classified for all other user types. Data encryption and masking techniques are used to protect user data from unintended access, including allowing partial viewing in some cases (such as seeing only a select few digits of an account number online, for example).

Monitor the network – Effective network security teams are proactive and search system security policies and logs frequently for exceptions that may indicate misuse of information. Security audits should be pursued on a semi-annual basis to take a more systematic, structured look at how information is being used and what defensive policies are in place. Often the best defense against intrusion is an understanding of what network vulnerabilities you have and how intruders might exploit these vulnerabilities for personal gain.

Utilize security intelligence technologies – Security Intelligence and Event Management (SIEM) technologies are designed to facilitate active network monitoring and identify areas of weakness in defense systems. These technologies provide constant analysis of system performance and can be used to identify potential breaches in real-time. While these technologies should not be used as a replacement for individual monitoring, SIEM can be used to supplement manual searches and provide a more comprehensive look at network status.

Keeping Your Data Safe

It is easy to let the risks of cloud computing overshadow its benefits, but we should be careful not let them do so. As with any technology, the security risks can be reduced with proper education and an effective response methodology. By maintaining a strong, proactive familiarity with network activity, administrators can significantly increase incident response time and keep the vast majority of cloud data safe. The growth of security intelligence technologies like SIEM can only help in this process, as long as they supplement, but not replace, personal attention and surveillance.

Yet like any security process, firewalls can be more effective or less effective depending on settings and human error. To ensure that your firewalls are functioning at an optimal level, occasional firewall audits can offer network administrators the chance to analyze and optimize settings. This article highlights the steps to carrying out a general firewall audit.

Steps for Preparation

Gather information – The first step is to try to get a detailed account of relevant information, including the network hardware and software your organization uses and that interact in some way with firewall policies. While seemingly obvious, some network administrators overlook all of the connections in favor of a quick look at the firewall software itself. Without a sense of how everything interacts, it becomes harder to find the weakest link and shore up security accordingly. Previous audits can be an excellent resource here, as well, which can serve as a reminder that adequately storing information for future audits is just as important as the information itself.

Review the review process – In general, a successful firewall audit is carried out with a sense of structure and purpose. Unfortunately, some administrators tend to look at the audit in a loose, unplanned fashion, which can greatly increase the possibility that an important detail may be overlooked. To avoid this, apply change management procedures to the review process. Examine the role of managers and determine whether tasks are documented and reported in an efficient, appropriate manner. Clarify the overall purpose of the change, and create a timeframe and anticipate problems. By approaching the process in a more systematic way, the audit can proceed more smoothly and produce results that are more constructive.

Start to look at the technical details – Reviewing security starts with carefully looking at which employees have access to security settings and hardware and which, crucially, should not have access. This includes both the firewall’s software settings and the physical access to the network hardware rooms. Also, be sure to update software with the latest patches and ensure that the hardware is fully functioning.

Optimize firewall rules and settings – Over time, the rules for incoming and outgoing connections can become somewhat unwieldy, particularly as software programs are updated or changed. Check and clean up these rules to find whether old, outdated programs that are no longer used are still included in legacy rule sets. Check for duplicate rules or overlapping rules that can be consolidated to ease readability. Make sure that all rules are clearly named and use a consistent, understandable format.

Go deeper and assess rule risk – Take a closer look at the rules that remain after the cleanup in the previous step. How effective are they? Do any rules go beyond their intention and open ports to potential security breaches? This tends to be seen in rules that are overly general, either allowing excessive traffic through unintended pathways or accidentally being applicable for all programs, rather than a specific few.

Make your systems audit-ready – Instead of treating audits as an annual process, take the opportunity to ensure that systems are at an appropriate security level at all times. Automate the process as much as possible to avoid something slipping through the cracks. Check documentation procedures to make sure that all administrators know exactly where the system stands. It is far better to be audit-ready all the time than to have a perfect audit once a year, only to then let your guard down once the audit is completed.

The End Goal

While not a comprehensive list, these steps should serve to provide a sense of how one prepares for a full firewall audit. By getting highly familiar with network details and maintaining a strong security infrastructure, you stand to not only pass your audit, but also keep the system and its data safe at all points throughout the year.

In cybersecurity, detecting and mitigating security breaches is one of the primary purposes of a network firewall. In many cases, firewalls are able to prevent breaches from occurring in the first place. If security is compromised, however, firewalls help alert network administrators who can then take appropriate action.

What should you do in the event of a security breach?

Security breaches sound severe, and in some cases they are. In many cases, though, this severity is the result of a slow, unstructured response. These steps are a rough sequence on how to respond to security breaches so that their impacts can be fully understood and important data kept as safe as possible.

Evaluate impact – Begin by asking a couple questions, such as: What was the purpose of the breach? What information were intruders after and, crucially, did they manage to access and download secure information? If so, what are the immediate repercussions for the business?

Rebuild security parameters – Take a moment to change existing passwords and server access codes. The key here is to try to minimize the risk of immediate further damage and isolate the system while repairs are underway. It is better to shut down the system entirely for repair than to leave it running and risk additional damage through the defense openings.

Start to investigate causes – There is always a weakest point in system security. Despite preventative efforts by IT personnel, it only takes one employee to execute a suspicious program from an email or website.

Find out if the breach was intentional – While the breach may have been caused by an accidental file download, it could also have been caused by an employee who collaborated with the intruders. The search does not have to devolve into a witch-hunt, but administrators should keep an eye on employees to gather any ill motives.

Reinforce weak areas – Security breaches are an opportunity to learn what is not working in system security. Take a moment to assess how intruders gained access and institute greater defenses to prevent future attacks.

Educate employees – It cannot be overstated how important it is that employees understand system security and why they should not open any suspicious programs from an email. Typically, the more employees know, the lower the risk of someone slipping up and inadvertently bringing the system down.

Work with the authorities – This is generally only an issue for major breaches in large companies, but if the intrusion is significant, organizations like the Department of Homeland Security should be informed. Most major law enforcement organizations now have dedicated cyber-crime divisions that specialize in providing support for hacking victims.

Check any legal implications – Having data stolen might not just affect your company. If a partner or customer data was stolen, this may present legal issues. In such cases, contact the legal department immediately so that they can take appropriate action.

Review logs – System backups can offer information not only on the point of intrusion, but also on the state of the network before the breach. This may reveal information on what lapses contributed to the breach in the first place.

Review the state of the IT department as a whole – While the breach may have been caused deliberately or by human error, it may also have been caused by a tired, understaffed department. Breaches are an opportune time to work with managers to ensure that the IT department has the resources it needs to do its job effectively.

Improving Breach Detection

Companies can only respond to a breach if they detect it in a timely manner. Surprisingly, recent surveys suggest that organizations can take more than 200 days to detect a breach. This is an amazing and frustrating figure, and represents a clear need to improve detection methods.

Deal with excess data – It can be very easy to become overwhelmed when facing the tremendous amounts of data delivered by modern network systems. Unfortunately, this can lead to the tendency to either ignore much of the data or prioritize poorly. One way to improve breach detection is by turning on only those alerts that signify true threats, while turning off less essential alerts.

Look closely at remaining data – Thinking critically about firewall systems and actively searching for possible openings is another way to help improve detection speed. Security breaches do not occur randomly. They often occur at the weakest defense points in a security system. Network administrators should examine defense data to try to anticipate where an attack would most likely occur. Being proactive can help drastically improve response times when a breach occurs.

Learn your network – An effective security team should know the network better than the hackers who target it. It may be easy for network administrators to take their systems for granted, waiting to learn where important files are stored until the moment they are compromised. By this point, it is too late. As with the previous step, effective response times come from anticipation. By taking a strong interest in system structure and data storage before a breach occurs, companies are able to respond more quickly when attacked.

Be independent – One of the main reasons why response time can be slow is that many departments only hear about security breaches from third parties. There is a running theme in this section: The key to improving response time is to take the initiative. Do not wait for the security software developers to publish information on new threats, or for monthly summary reports to show questionable activity.

Take an interest in the world of cybersecurity. Learn about hacking attempts at other organizations and study attack trends. Examine firewall data rather than sending it off to external organizations. Share the information with other cybersecurity teams. It is through these actions that companies stand to recognize a breach in a timely manner and respond before sensitive data can be lost.

Analyzing Breach Detections

While being personally proactive is a sound strategy for approaching network security, the job can be made easier by utilizing analytics software to provide real-time analysis and advanced vulnerability detection.

When systems experience a data breach, it can be difficult to get a sense of the scale of the breach and its impact on sensitive data. This difficulty can be compounded by the fact that data breaches sometimes occur in several places of a network simultaneously, particularly if several teams of attackers coordinate to breach a network together. In such an event, it is important to determine how security response teams can get an accurate assessment of the impact and prioritize different response actions.

Security Information and Event Management (SIEM) technologies are a relatively new addition to the network security field and work to help alleviate the burden placed on network administrators. SIEM technologies help provide a constant stream of analytics of network status in real-time, offering the ability to immediately see the effects of security breaches, identify areas of particular vulnerability and prioritize response toward the area with the greatest potential impact.

User Behavior Analytics (UBA) technologies are another recent addition to the field. Rather than providing a blanket review of network health and determining where breaches are most likely to do damage, UBA systems analyze a user’s interaction with the system. First, UBA provides information on suspicious user activity. Second, it allows quick identification of accounts that may have had their login credentials stolen so that they might be locked town to prevent data theft or server intrusion. Together, SIEM and UBA technologies offer network administrators useful information to supplement their own system analysis.

Analytics technologies are still somewhat new additions to cybersecurity, yet they appear to hold much promise, particularly in examining the large sections of data that might tire administrators and increase the possibility of human error. That said, they are not yet at the point where they can be relied on to the exclusion of effort from the human side of a network security team. It is still important to be vigilant and use personal knowledge and experience to discover and respond to suspicious activity.

How to Limit the Damage

Security breaches can represent significant challenges for your organization, but with planning and foresight, the actual damage they do can be minimized. Proper breach detection is built around a strong knowledge of system details and a proactive mindset. To assist in detection, analytics tools can be used to keep a near-constant eye on system data and possible intrusion attempts. Ultimately, however, the most important component of breach detection and response system is often the network administrator, who, with proper care and an eye for detail, can help lessen the severity of intrusion impacts considerably.

Without proper security, sensitive information belonging to you and your customers may be vulnerable to theft by cyber criminals, who can use it for illicit purposes. Customers rely on businesses to safeguard their information. If they fail, small companies may have a tough time regaining trust, which can hurt sales and profitability.

Cybersecurity Not Limited to Big Companies

The U.S. government recommends that all companies pay attention to cybersecurity. Here are seven tips to help you get started:

• Assess risk – Identify and categorize the types of information your company owns and manages.
• Develop a cybersecurity policy – A formal policy, based on the results of the risk assessment, can help establish a more secure environment. Include vulnerability reduction, procedures for security events and rules for handling company and customer information, along with penalties for policy violations.
• Leverage anti-virus software – Anti-virus software should be installed and frequently updated on computers and devices throughout the company. Set up automatic scanning to be performed at different times and at least once per day.
• Secure wireless systems – In general, wired-equivalent privacy (WEP) is not adequate for secure wireless encryption. Consider choosing Wi-Fi Protected Access 2 (WPA-2) with Advanced Encryption Standard (AES) to keep data safe, as it’s transmitted from computers to wireless access points.
• Encrypt data – Encryption is another way to scramble code when transmitting data. It can help lower risk of a cybersecurity breach by making sensitive data, like credit card numbers, more difficult for thieves to use. Encryption is bundled in many operating systems – PCs often have BitLocker, while Macs use FileVault. Be sure to research available options that suit your business needs.
• Back up data – Employee errors, system crashes and viruses or malware can destroy data, but you can help cut your losses with a strong back-up policy, using either external hard drives or cloud-based services. Some businesses might need to back up data only once or twice a week, while financial firms and others with more sensitive information should plan on daily backups.
• Secure your database – The majority of data breaches typically involve databases. A database’s vulnerability rises when it contains sensitive information. Businesses can help keep data secure by carefully choosing what information to store. If it’s rarely used, remove it from the database.

Now that your systems are set up and secured, it’s time to involve your employees.

How to Implement Employee Cybersecurity Practices

Practicing cybersecurity should be everyone’s responsibility, not just business leaders. Here are some tips to get employees onboard and help promote a more secure data environment.

• Train employees – Employees should be made aware of and trained on new security practices. Teach them how to create strong passwords, which can help limit the chances of a data breach. In addition, it’s often recommended employees change passwords regularly. Managers should also emphasize the importance of closely safeguarding company information, customer information and mobile devices, and inform employees of penalties for violating company security policies.
• Follow credit card professional practices – Be sure that employees are aware of bank and credit card processor rules and obligations when processing customer credit card numbers. It may be beneficial to isolate payment systems on a more secure platform to help limit breaches. Additionally, don’t use the same computer for both payment processing and Internet work.
• Limit employee access – Determine what data employees need to perform their jobs, and limit access to those areas. It’s typically recommended that only IT personnel install software on company computers. Employees should not be allowed to install software without permission, nor should every employee have access to all data systems.

Don’t Ignore the Importance of Cybersecurity

Small businesses tend to overlook how important it is to keep their information – and that of their customers – protected from cyber thieves. Regardless of whether your business is large or small, make cybersecurity part of your daily operations, so you won’t have to worry about a breach that can cause irreparable harm.

As unsuspecting online shoppers freely supply their personal information, attackers can steal it for their own gain. They might sell consumer information, such as buying history and credit card numbers. Or, they might use that information to make their own purchases. Shoppers are at risk each time they hit the “checkout” button, so it’s important to know how to protect yourself when shopping online.

How Online Shoppers are Targeted

Attackers generally use one of three methods to target online shoppers:

• Accessing vulnerable computers – Computers that are not protected from viruses or malware are typically more vulnerable to access by cyber criminals.
• “Phishing” for information – Attackers can set up fraudulent websites or send fake emails that appear to be legitimate, but are simply channels for collecting personal and financial information from unsuspecting recipients. They often use charitable organizations as a cover, especially after natural disasters or during the holiday season.
• Intercepting non-secure transactions – Vendors that do not use encryption for web transactions can leave consumer information vulnerable to interception.

Cyber criminals are becoming more adept at stealing information, but consumers can avoid becoming their victims.

7 Tips for Secure Online Shopping

Fortunately, it’s easy to protect yourself when shopping online. Start by following these simple tips:

• Safeguard your computer – To prevent attackers from stealing information on your computer, install anti-virus software, a firewall and anti-spyware software, and keep them updated. In addition, update your computer’s applications and software when prompted to do so. Updates often include repairs for known vulnerabilities. It may be beneficial to change your preferences to “automatically update” so you won’t have to worry.
• Shop only on reputable sites – It’s important to make sure you are dealing with a reputable company. Review website certificates for encryption, and record phone numbers and addresses in case of a problem. Beware of merchants with just PO boxes and no street address.
• Look out for phony emails – Be suspicious of emails requesting your personal information, and avoid clicking on web links in messages from senders you don’t recognize. In addition, don’t send sensitive information or credit card numbers through email.
• Be sure your transaction is encrypted – Sites that encrypt information have URLs that begin with “https” and include a padlock icon. A closed padlock indicates that encryption is used to transfer information, so it’s safe to proceed. If either the “https” or the icon is missing, don’t provide sensitive information.
• Check the vendor’s privacy policy – A website’s privacy policy details how your information will be used and distributed. As a consumer, it’s important to understand the privacy settings, and if you don’t agree with them, don’t proceed.
• Be choosy when providing information – Legitimate online retailers don’t ask for your social security number or date of birth. Provide the least possible amount of information necessary to get your transaction processed.
• Use a credit card and check your statements – If fraud occurs on a credit card transaction, your liability is often limited, but debit cards don’t offer such protection. In addition, when you use a debit card, money is drawn directly from your bank account, so fraudulent charges can cause immediate harm. Be sure to check your online credit card statement often for unauthorized activity.

Be Smart When Shopping Online

Technology has made it easy to shop online for everything from clothing to cars – but it can also leave you susceptible to fraud. Make it harder for cyber criminals to steal your personal information by staying on guard, and protecting your private information and your computer.