The various topics learned in this course were quite insightful. Deception technology, as I have learned, gives an upper hand in cyber security to an organization. With the help of deception technology, corporations can be able to detect, in quick time, security risks and attempts by hackers to leak data, so the organization can terminate an ongoing cyber attack before it’s too late. An IT firm can adopt the deception technology for early detection of attacks. The firm's management can decide to lay a minefield of striking decoy systems within the organization's networks, to trip up hackers. Such decoy systems will serve as a warning for any attack that bypasses perimeter security control. I have also learned that separation is a smart technique to minimize cyber threats. It helps an organization reduce its attack surface. Attack surface, in this case, refers to the total sum of an organization’s resources which are prone to exploitation by attackers (Loukaka & Rahman, 2017).
If working for a security firm, I would propose that they segment, or rather separate their network into various sub-networks which are isolated from each other. This way, if an attacker hacks the firm's network system which has been separated into several sub-networks, it will take time for the attacker to break out from one network and move onto that resource in which they have interest. Diversity is another commendable approach to improving cyber security. Organizations should strive to combine diverse skills as this can greatly help in dealing with the multi-faceted challenges of cyber security. I feel that organizations should also target women to fill up cyber security roles. Cybersecurity jobs have for the longest time been dubbed as a “males’ niche” One skill set cannot cover the whole spectrum of cybersecurity. With a diverse workforce, an organization can enjoy the benefits of creative ideas. Creativity is vital in responding to cyber threats. IT firms should seek to create diverse security teams. They should implement practices that will make cyber security roles more appealing to women and bridge the security skills gap. Commonality involves embracing technologies which are globally known as effective in rooting out cyber attacks. I think that there are basic technologies, meaning they should be used daily by organizations to improve cyber security. Antivirus software is an example of a basic cyber security tool that every IT firm must have for their computers. Antivirus software such as McAfee Endpoint Security offers protection against malware infections. I have also learned of defense in-depth strategy as a layered approach to cyber security. A defense in-depth strategy reveals that it is easier for an attacker to break through a single barrier but it is not easy to do so in a multi-layered defense system (Conteh et al., 2016). An IT firm can develop a customized Defense in-depth strategy that will protect its IT environment and critical data. The multiple layers of security will offer protection against network attacks, operating system attacks, data exposure, and vulnerability exploitations.
An IT firm can, therefore, adopt a series of different defenses and use them all together. For example, using intrusion detection systems, firewalls, data encryption, malware scanners, and even auditing solutions to improve their security profile. I believe that with such a layer of defense mechanisms, the firm will no longer depend on a single security solution, hence making their cyber security more effective. I have also been able to understand how powerful discretion is as a tool for combating cyber security. Discretion about cyber security refers to being careful when releasing information to protect any sensitive data from getting into the wrong hands. IT Firms should educate their employees on what the results would be if they do not make use of discretion. They should conduct security awareness training to enlighten their employees on good practices when exploring the internet using work machines. I find the Collection of data as an important task within cyber security. It allows the identification of potential vulnerabilities in a network. To track attackers, IT firms can gather information from the networks that have been targeted mostly by the attacker, and use that information to build that individual’s patterns of attack as well as determine the existence of potential threat vectors (Collins, 2016).
References
- Collins, A. (Ed.). (2016). Contemporary security studies. Oxford University Press.
- Conteh, N. Y., & Schmick, P. J. (2016). Cyber security: risks, vulnerabilities, and countermeasures to prevent social engineering attacks. International Journal of Advanced Computer Research, 6(23), 31.
- Loukaka, A., & Rahman, S. (2017). Discovering new cyber protection approaches from a security professional perspective. International Journal of Computer Networks & Communications (IJCNC) Vol, 9.