Keeping your company and products safe from cyber-attacks requires more than just virus protection and firewalls. Our Cyber Security Specialist for Tekla software, Jarkko Leminen, takes a look at five security steps to follow.
People often think of cybersecurity in terms of just virus protection and some other tools. The perception is that you can get some anti-virus software in place and that’s it – now you have cybersecurity. But this is not how it works. Effective cybersecurity is much more holistic. It’s also everyone’s responsibility: employees, vendors, partners, and any others in the data chain.
The cybersecurity world is full of standards, frameworks and guides to follow, including SOC, ISO 27001, and the one we’ll look at for the purposes of this article: NIST. This well-known framework from the US National Institute of Standards and Technology (NIST) details five main areas of security: Identify, Protect, Detect, Respond and Recover.
You first need to know your assets and what you’re trying to protect. Is it data, is it software, or is it hardware? You also need to do some kind of threat modeling to identify and compare different risks for an asset. If a threat actor can compromise confidentiality, integrity or availability, then you have found a risk and you can calculate the risk score.
You can also work with cybersecurity companies that have a good understanding of the current threat landscape in the world. They can provide an alternative view of your cybersecurity profile, as well as use penetration testing to identify possible vulnerabilities in your assets.
Once you’ve identified your assets and any associated risks, the next step is to think about how you protect these assets. Is it software that you need to install? Or do you need physical security such as locks on the doors so that nobody can easily access the asset? Protection can also include processes, guidelines, and/or training.
The question to consider is this: How can you protect the whole product life cycle, all the way from the software vendor or open-source component to the product for your customer? Supply-chain threats in open-source components are currently a hot topic in cybersecurity, as vulnerabilities in open-source software can cause issues to spread all over the world. This is why threat actors put significant effort into open-source.
The next step is to monitor so that you can detect if somebody gets access to your assets, and so you can spot any new vulnerabilities or risks in those assets. You need to have tools or ways to detect if your system is under attack.
‘Patch Tuesday’ is an unofficial term used to reference the regular release of product security fixes by big software manufacturers and others. Installing these updates is a good way to keep your system secure. Updates help to protect systems against automated exploits that so-called ‘script kiddies’ and other threat actors use.
A cybersecurity attack is inevitable at some point. When it does happen, you need to be able to respond. This means having the capability to investigate what happened, so it’s essential to have access to centralized audit and system logs from the servers. These and forensic tools are needed in order to find out how the threat actor came in, to identify who they are, and to investigate what they really did in your environment.
Companies should also practice so-called tabletop exercises on what to do when a security incident is detected. It’s too late to start inventing this while a case is ongoing! You should regularly practice your response processes.
For example, if you are handling personal information that was compromised in a breach, then you need to know who is handling internal and external communication. This includes defining the responsibility for who should contact the regulator for legal disclosure purposes.
Public communication is often where companies fail, as it may reveal that they are not on top of understanding the extent of a breach. You see this when a company keeps coming out with new information about a security issue, each time explaining how it was actually worse than they originally thought.
Companies should not try to explain things away – it’s necessary to be clear and honest about what happened. How you communicate affects your credibility and the longer-term trust that people have in you.
The last step is about recovering your assets and ensuring systems work again so that your business can continue. Planning and practicing are important in this recovery phase.
The way to mitigate a breach is not only to keep backups but also to regularly test those backups to make sure they work and can be restored. If you never test your backups and they’re rotten, then it’s as good as not having backups at all.
Another important part of recovery is to learn from your mistakes, which means implementing the correct actions so that you are better prepared for when the next cybersecurity attack comes.