With our acquisition of NetDef last year, Novosco now has an additional team of security experts in house. Cloud security is of vital importance so in our blogs over the coming months we’ll start looking at security in more detail and what it means for your business.
If you’re planning to be at Cloud Expo Europe next month, you can catch Dave Beesley discussing these issues – more details here
Recently there have been some very public and serious security breaches, putting cybersecurity on the front pages. Cybercrime is big news for organisations of all shapes and sizes in every sector, so every manager and board member has reason to want to understand how their organisation is protected. However, it can seem like a labyrinth of complex jargon and technical terminology to those not already initiated into the world of network infrastructure and IT. So, we've put together a quick guide on what you need to know.
The 3 basic principles of keeping data safe are:
- Confidentiality – ensuring data is only accessed by those who are authorised to do so.
- Integrity – ensuring that data can’t be inappropriately tampered with.
- Availability – ensuring that systems work so that data is available at the right times.
Data can be in one of two states:
- At rest – stored on a device, such as a phone, a laptop or a tape in the data centre; or
- In motion - called from a web page or sent by email, for example.
Importantly, it’s not just product or technologies that secure your data – security requires robust policies and processes as well. User education can be every bit as crucial as any of the technologies you put in place.
Security terminology explained
An unauthorised person or system being able to see or access your data.
Through a data breach, your data can be downloaded or exported from your systems to the unsecure outside world, from there it can be used for malicious purposes such as extortion or reputational damage.
Distributed Denial of Service (DDoS) attacks flood a website with rogue traffic by hijacking a number of hosts and pointing them all at a target website. This usually takes the victim website offline, meaning that it can’t be reached by legitimate traffic.
An internet capable user device that hackers target for an attack – the usual route in for a cyberattack, for example PCs, tablets, phones etc.
Malicious software, also known as a virus, which can be used for a variety of wrong-doing including destroying data, gathering data, spying on systems or displaying rogue advertising.
An attempt to obtain financial or other confidential information, typically by sending an email that looks as if it is from a legitimate organization, but contains a link to a fake website that replicates the real one and captures the sign in data.
Malware which encrypts data, holding the victim to ransom but not providing the keys to unencrypt the data until a ransom (often in untraceable digital currency BitCoin) is paid.
Often used during website hacks, malicious SQL code statements are inserted into a form field of a vulnerable application with the intent on stealing or tampering with data within the database.
An application that looks benign but actually delivers a malicious payload, for example an application that pretends to be an antivirus application, or a software update or similar, but actually infects the host device with malware instead.
The amount of time between an IT vendor becoming aware of a vulnerability in their software, the vendor releasing a patch, and vulnerable systems actually being patched.
A form of phishing attack where senior executives are targeted with emails or rogue web links in an attempt to steal sensitive data such as usernames and passwords or to set off a chain of events to directly obtain cash.
Zero Day Attack:
A zero day vulnerability is a bug in the software that is unknown to the vendor, which means that there currently no way to fix the problem. In a Zero Day Attack, the hacker exploits this vulnerability before the vendor has the opportunity to fix it.