EMPOWER YOUR EMPLOYEES with THE RIGHT SKILLS!
PREFACE
Remember Airport Security?
The risk of cybersecurity threats certainly isn’t new, but in recent times it has become an increasingly prominent issue. Cyberattacks have had massive impacts on the societal, political, and economic world in recent times.
Do you recall traveling to the airport to pick up someone prior to 9/11? I remember walking up to the aircraft door when picking up and dropping off my friends. Even though I was not the traveler sometimes, I was allowed to proceed to the boarding gate until the flight was ready to depart. There were no security lines at any stage before boarding the flight.
Now, after 9/11, the number of security inspections and screenings at airports have dramatically increased. You must arrive at the airport at least two hours before your flight is scheduled to depart, go through a tough security screening, remove your shoes, belt, computers, and whatnot from your baggage, and walk through a metal detector. There are several security cameras monitoring your every movement.
Have you ever found yourself in a situation where you were carrying something that wasn't allowed in your carry-on luggage? You probably had to toss the item away or return it to the check-in counter at the airport to check it in.
Similarly, when we first started designing internet applications, we didn't have to worry about writing security-related code, installing anti-malware, creating secure infrastructure, etc. But then, there were some huge cyberattacks and data breaches that transformed the entire digital world.
Recent Events
In recent years, there have been several cyber-attacks and data breaches. Here are some recent examples:
- In January 2023, T-Mobile, a telecommunications company, discovered a major data breach, involving 37 million customers' names, birth dates, and phone numbers. The hacker gained unauthorized access to T-Mobile servers in the testing environment before moving on to other IT production servers containing customer data.
- In April 2022, Oil India Limited (OIL), the second-largest oil and gas company of India, had all the computers locked out after a ransomware attack. The group behind the cyber attack sought $7.5 million in Bitcoin to restore access.
- In March 2022, Ukrtelecom, Ukraine's largest telecommunications company, was hit by a powerful cyberattack. It was described as the most severe cyberattack of the war between Russia and Ukraine to date, and it caused a nationwide internet outage.
- In May 2021, Colonial Pipeline, the largest gas pipeline in the United States, was hit by a ransomware attack. The pipeline was shut down, resulting in gasoline shortages across the East Coast. The hackers got away with a ransom of about $4.2 million.
- In late 2020, SolarWinds, a third-party software supplier, was breached by hackers, who were able to attach malicious software to SolarWinds software updates. This allowed the hackers to actively monitor the internal operations of over 200 organizations worldwide, including many US government agencies.
Why Security and Compliance are important?
According to the world’s leading Cybersecurity researcher, Cybersecurity Ventures, Global cybercrime costs will grow by 15% each year over the next five years, it will reach $10.5 trillion USD per year.
To combat the attacks, US President Joe Biden has taken a number of steps. In May 2021, he signed an Executive Order to improve the nation’s cybersecurity and protect federal government networks. In March 2022, he issued a warning to the American business leaders of Russian cyberattacks, telling them to strengthen their companies’ cyber defenses immediately. Leaders of other nations are also prioritizing cybersecurity as a central part of their national security initiatives.
To ensure that businesses use processes and procedures to secure their assets, various laws and regulations have been enacted. Fines are imposed if these are not followed. Regulations include GDPR (Global Data Protection Regulation), a law enacted in the European Union (EU) to protect its citizens' personal data, HIPAA (Health Insurance Portability and Accountability Act), which protects patients' sensitive data, and several other regulations. Companies and their employees must abide by all applicable laws, regulations, standards, and ethical practices in their organization, industry, and country. This is known as compliance.
To comply with regulations and secure assets, businesses are focusing on strengthening their security teams. As a result, there is a significant shortage of highly sought-after cybersecurity professionals. The number of unfilled cybersecurity jobs increased globally by 350% over an eight-year period, from one million in 2013 to 3.5 million in 2021, according to Cybersecurity Ventures. Cybersecurity has become everyone's responsibility, whether they are cybersecurity professionals or not to keep the organization safe.
Security
In simple terms, Security means the measures taken to be safe or protected. In our daily lives, we do a variety of things to keep ourselves safe and protected. For example: when we leave the house, we lock our doors. We do that to safeguard our critical assets which include electronic devices, gadgets, and critical documents.
In this case, the lock is only one layer of security. But why is it just one layer?
Locking the door simply isn’t enough to prevent theft. What about the windows and the back doors? They, too, must be closed properly, locked, and secured. Devices like monitoring cameras, alarm systems, sensors, and others serve as additional layers in preventing theft. In a nutshell, when we take these preventative measures, we are securing the assets and information in our house and, hence, implementing security.
Similarly, your project will utilize various physical resources, i.e., work computers, servers, server rooms, critical documents, etc. Your projects may use some software tools and may create software resources i.e., applications, and programs. These software applications will exchange sensitive information over the company intranet and the internet.
How do you protect your company’s assets and information?
You put in technologies, processes, and policies, as well as engage professionals, to protect your company's sensitive data and other assets.
Therefore, security is defined as implementing technologies, processes, and practices to protect your assets and information from unauthorized access and use.
Privacy
Privacy is keeping your personal, critical information to yourself or to the people you earnestly trust.
When we host parties, we welcome guests into our home. We give them access to the living hall, kitchen, restrooms, and other common areas. However, we don’t allow them any access to sensitive information such as your social-security-number (SSN), credit card, and bank account information. This information is our private information. This information belongs to only us and must be protected at all costs.
Let’s talk about social media. You may share your life events, pictures, and videos with friends on Facebook, Instagram, Twitter, etc. However, do you disclose your private or sensitive information in your social media posts? We're sure you don't, and you certainly would not want social media sites to do so without your consent, either. In fact, you would not want any business you deal with, whether it's your bank, doctor's office, or mortgage company, to disclose your private information without your permission.
Everyone should be able to share some information while keeping some privacy. It is your right to have control over how your personal information is collected and used.
Privacy is defined as safeguarding your personal and sensitive information from unauthorized access and sharing it only with the people you earnestly trust.
Finally, let’s look at privacy from a corporate perspective. Information like customer data, competitive information, and intellectual property is confidential and must not be shared with outsiders. This information needs to be protected.
AUTHORS
Niharika Srivastav
Niharika Srivastav
Niharika Srivastav
Author, Speaker, Board Member, Security and Compliance Advisor
Sanjay Saxena
Niharika Srivastav
Niharika Srivastav
Radio Host, Cybersecurity Advisor, Harvard Alum, Sports Executive