Cybersecurity is the process of managing online data in a safe and secure environment. See the top challenges & solutions for businesses of all sizes.
TechnologyAdvice is able to offer our services for free because some vendors may pay us for web traffic or other sales opportunities. Our mission is to help technology buyers make better purchasing decisions, so we provide you with information for all vendors — even those that don’t pay us.
Last Updated: January 2, 2024 Published Date: May 17, 2023Table of contents
Cyber criminals can attack a business in many ways, and what you think is protected by cybersecurity tools may not be as protected as you think. From a macro view, the entire business needs to be protected overall by firewalls and intrusion detection and prevention systems, and from a micro perspective, endpoint detection and responses (EDR) and antivirus software.
The best way to ensure a business is fully protected is to conduct a cybersecurity assessment by following an established standard like the National Institute of Standards and Technology (NIST) cybersecurity framework.
The NIST framework addresses five pillars:
The framework covers three main categories. The first category is the five pillars, the five high-level functions. The two other main areas are the categories with 23 items and subcategories with 108 items. Other cybersecurity standards included in the NIST framework are ISO 27001, COBIT, NIST SP 800-53, and many different cybersecurity standards. Using the NIST framework comprehensively addresses every aspect of cybersecurity that ensures your business is fully protected.
Every cybersecurity threat can do damage if it’s successful, but the threats in this section are the most prevalent cybersecurity threats that are successful by cyber criminals.
Phishing attacks are widespread because of social engineering practices cyber criminals use to target business employees. These cyber-attacks account for $12 billion in business losses. Phishing attack emails have a link in an email that users click on and are taken to a cyber criminal’s controlled website that delivers malware or intercepts a user’s credentials.
There are several ways to combat phishing attacks. First, a comprehensive security awareness training plan for all employees is required annually for re-training. Curiosity is a topic that must be addressed during the training sessions as it’s the reason many employees click on a link from an unknown user.
An email security gate (SEG) is installed in line with the public internet that connects to a business’s email server and checks emails for malicious content. Suspicious emails are denied from reaching the company email server. In addition, multi-factor authentication (MFA) plays an essential role in mitigating the risk of phishing by being an extra layer in the authentication process because the cyber criminal will not be able to access your account without the second piece of information used in the MFA process.
