3 pillars of cybersecurity
- Pillar 1
People
- Pillar 2
Process
- Pillar 3
Technology
Imagine an email has landed in your inbox.
The subject says "Claim your tax refund immidiately." The mail prompts you to open an link.
If you choose to ignore the message by noticing a red flag, congratulations, you've won the war against cybercrime.
But, if you choose to open the attachment, you have been lured by an attacker via a phishing mail for them to break into your company's network.
In cases like this, it is the people who hold the power to either make, or break the security of their cyberspaces. All it takes is a click, or avoiding one.
82% of breaches involve the human element.[1]
Some of the most common cyberthreats operating along these lines include insider threats and social engineering attacks.
98% of cyberattacks that happened in 2022 involve social engineering in some way.[2] Meanwhile, 2021 witnessed a 47% rise in the frequency of insider threat incidents over two years.[3]
Attacks of such nature can be prevented by implementing stringent IT security policies in combination with technologies that monitor the digital behavior of your users.
[1]: Verizon | [2]: Proofpoint | [3]: Proofpoint
When it comes to the human element, the actions that lead to cyberattacks can be:
-
Intentional:
Disgruntled employees, spies, third-party vendors, and malicious insiders working within the organization who bypass security checks.
-
Unintentional:
Negligent employees who are not properly trained in the best practices that constitute secure digital activity.
Sometimes, employees parting from an organization can either be an intentional or unintentional accomplice to data breaches. These employees tend to collect sensitive information before leaving their company, which could harm the security posture of an organization.
While navigating through the digital world, it is important to apply safe practices that help you in deciding:
- what to do
- what not to do
In the case of the email phishing attack, disaster can be avoided if users are sensitized to find tiny errors in the content of the message, like the word immidiately being misspelled in the mail's subject line.
Another tip: Before opening the mail, ensure the domain name found in the sender's e-mail address is genuine.
Having the right processes and guidelines in place helps users implement safe cyber practices.
To regularize processes relating to data privacy and cybersecurity, nations across the world have established data protection laws. Companies failing to comply with the laws will be subjected to heavy penalties.
For instance, companies failing to comply with the European Union's General Data Protection Regulation (GDPR) could pay fines of up to €20 million.
137 out of 194 countries have cyber regulations.[4]
However, awareness regarding cyber laws is still a cause of major concern. A survey revealed that 67% of internet users in the US are unaware of their country's privacy laws.[5]
[4]: United Nations Conference on Trade and Development [5]: LocaljobsIO
At an organizational level, having appropriate processes in place provides a clear roadmap and directions for security teams and other employees on what steps must be taken in the wake of an unprecedented security event.
Governance, risk management, and compliance (GRC) is a unified concept that delves into the processes that support an organization's security health. The three components that constitute GRC include:
-
Governance
The internal IT policies that govern an organization.
-
Risk management
The protocols and measures put in place to gauge and mitigate the pain points of the company.
-
Compliance
The systems put in place to ensure that an organization complies with IT standards.
Users can be educated on the best practices of cybersecurity, but they are not destined to work every time. Threats can enter into your network in more ways than one.
In such situations, technology provides an external (virtual) aid in automating and enforcing measures that can prevent a potential attack with minimal human intervention.
By using technologies which are capable of filtering unwanted external traffic from entering into the network, such as secure web gateways or firewalls, phishing mails can be prevented from reaching the inbox.
The global cybersecurity market is expected to grow to $300 billion by 2024.[6]
Since the advent of the pandemic-induced remote work and cloud migration, companies are embracing hybrid security architectures capable of securing cloud-based assets as well as those within office premises.
At present, Zero Trust is the most preferred hybrid security architecture amongst organizations. With over 76% of companies in the process of adopting it,[7] Zero Trust has gained widespread popularity due to its 'never trust, always verify' strategy and emphasis on continuous monitoring of the network.
From 2021-2025, global cybersecurity spending is expected to exceed $1.75 trillion,[8] which indicates the rise in cybersecurity's significance in a post-pandemic world.
[6]: Global Market Insights. [7]: Microsoft [8]: Cybersecurity Ventures
With the pandemic pushing organizations to adopt remote work, the lack of physical network boundaries has given rise to user identities becoming the new perimeter surrounding an organization.
In cybersecurity, identity refers to the constituents of an individual's user profile, including username, passwords, biometric credentials, geographical information, etc.
With people bringing in an element of uncertainty, it has become important for cybersecurity solutions to be context-aware. For instance, users cannot be authenticated based on passwords alone. Unique pointers such as geolocation data or IP addresses must also be considered before granting access to your network.