With digital transformation, both the public and private sectors have become increasingly dependent on computerized information systems to carry out operations and to process, maintain, and report essential information. Public and private organizations rely on computer systems to transmit sensitive and proprietary information, develop and maintain intellectual capital, conduct operations, process business transactions, transfer funds, and deliver services. In addition, the Internet has grown increasingly important to business and consumers, serving as a medium for hundreds of billions of dollars of commerce each year, as well as developing into an extended information and communications infrastructure supporting vital services such as power distribution, health care, law enforcement, and national defense. Many CIOs are unaware of how vulnerable their networks are and how aggressively they are being targeted. The purpose of this web page is to provide you with information about cybercrime and how it happens.
A. What data do you have that others may want?
A data breach is an incident where private and sensitive financial or personal identifiable information (PII) has been compromised by unauthorized access. Organizations must identify their most valuable assets and devote the proper resources and security posture to protect them. What would be most detrimental if taken from your system?
B. Where is the critical data located?
As part of your risk assessment, you must inventory your network, both physically and logically (flow of data) before an incident occurs and keep pace with any internal and external environmental changes. Identifying critical assets and understanding your complete security posture across your entire IT ecosystem will help to prevent or mitigate future attacks against your security system. Understanding where the endpoint systems are located and how data flows through them is critical.
C. What will happen if someone takes your data?
Will the exposure to your company have financial, competitive, reputational, or regulatory implications? Although the country suffers from breach fatigue, the loss of business and damage to your name brand or reputation can be enormous. Companies can also suffer from investigation expenses, fines, penalties, regulator fees as well as civil litigation.
D. Where are you getting your threat intelligence to protect your data?In order to properly assess your cyber-security posture, your company must learn as much as it can about the possible risk, threats and vulnerabilities that currently threaten your business. Awareness of the latest trends in cybercrime and how they can affect your business’s computer network is extremely important. Analytics (the making of structured or unstructured data meaningful) from cyber threat intelligence sources is crucial to understanding the current cyber threat environment and protecting your system. The discipline of cyber threat intelligence focuses on providing actionable information on adversaries, their tactics and techniques in ways your businesses can understand.
E. What are you doing to protect your data?
This is where you begin the discussion on securing your enterprise. This is also where the resources spent on the investment of hardware and software is often debated. The key to any secure environment is to regulate the traffic that enters and exits a network, to understand which traffic entering your network is “good” and which is malicious. Access controls are used to filter the information coming in and out of your network. Systems that comply with your set of rules have access and get authenticated. The ones that don’t are denied access or not authenticated. This is where you can plan for the correlation and automation of logs and other controls like firewalls, intrusion prevention/detection systems (IDS/IPS), data loss prevention (DLP) systems EPP, EDR, SIEM, MSSP, SWG CASB and the management of your software development life cycle (SDLC). Monitoring and controlling access into networks is the most difficult and by far the most challenging aspect of cybersecurity today.
LISTCRIME is a non-profit website. We simply want to help internet users and businesses to not become ictims of cybercrime. Our goal is to be a one-stop-shop for reliable, up-to-date information about online safety, to give home users and businesses the advice they need to use the Internet safely.