Simple Cybersecurity Intro

Introduction to Cybersecurity

 

Businesses of today have migrated to all in on digital - relying on smart phones, laptops, networks, programs, and data to operate. Gone are the analog days where businesses use papers, faxes, and even telephones to operate.  Using just a laptop or smart phone, customers from the other side of the planet can be ordering products and services from you 24/7 without a human slowing down the  experience and transaction. But that same ease of use for the customer far away is the same mechanism that hackers can use to 1) shutdown your business by disrupting your IT 2) steal your company's intellectual property information 3) steal your customer information 4) lock your business out of its data and ask for a ransom to unlock it 5) plant bots that run secretly and quiet to launch more attacks to steal and disrupt.   Cybersecurity is the practice of protecting all of the above systems : smart phones, laptops, networks, programs, and data - from digital attacks. Here is a diagram of a business IT system.

 

 

In order for a business to protect its IT from cyberattacks, here are some basic protections to take.

 

1) Identify all attempts to use and login into your IT system : people, machines, and now with AI - AI Agents. Following the IdAAA framework, your cybersecurity system must 1) Identify the user - who are you?! 2) Authenticate the user - prove who you are with what you know, what you have, what your are 3) Authorize the user - once identified and authenticated, look up the permissions. You don't want an engineer accessing HR or Financial systems 4)  Accounting - log and track all interactions

 

2) Endpoint : this is the ENTRY POINT into your critical IT systems : the programs, the network, the data. Early days of antivirus were passive and one dimensional. Today's attack sophistication means that your endpoint protection needs to keep up with new and complex attack vectors. EDR (Endpoint Detect and Response) and XDR (Extended Detect and Response) are the bare minimum of today.  

 

3) Network security : Old generation IDS (Intrusion Detection System) and IPS (Intrusion Prevention Systems)  were static and not ready for today's AI and Quantum Compute attacks on network. Start at the very least with Next Gen Firewall (NGFW)

 

4) Server : These are hardware that runs everything in IT. Server hardening, including secure boot, patch management, continuous monitoring, strict access controls (don't share root password!), redundancy

5) Application : This is the direct interface to your customers and hackers. Secure your apps with passwordless & MFA. Leverage OpenID Connect & OAuth 2.0 instead of building your own login system, modern apps use established protocols to outsource authentication to trusted identity providers. Define and implment fine-Grained Authorization: Moving beyond simple "User" or "Admin" roles to Attribute-Based Access Control (ABAC), where access is granted based on time, location, and the specific sensitivity of the data.

6) Storage: This is where your data ultimately lies, and hence a target for ransomware. Make sure your business performs backup, snapshoting, fine grain partition, encryption of data at rest, access anomaly detection.

7) Database : Programs rely on database to provide searchable, indexed, reliable curated data. Authorization by programs, users, and now AI agents is critical to keep business safe (confidential, with integrity). Like storage, need to backup, snapshoting, fine grain partition, encryption of data at rest, access anomaly detection.