CyberSecurity is a subset of the Information Security realm. Before internet, applications and data were stored in private data centers and access to it was very tightly controlled. Only people within an office premise could get access to the data from company issued devices (desktops, laptops, dumb terminals). Access to office premises and data centers was controlled via access cards, keys, security guards, etc. Communications between organizations was via private lines and the controls were similar across organizations.
Fast forward to the internet era. It can be thought of as moving your organization from a gated community to a non-gated community.
The physical boundaries of the data access layer have been pushed beyond the physical office premises using internet as the transport. Applications and Data are no longer in private data centers, they have moved to the cloud managed by third parties like AWS, Azure, Google Cloud, Rackspace, etc.
Properties on the internet are accessible by anyone from anywhere. Even the support staff are managing the internet properties via the internet. As a result the number of threat vectors have increased exponentially. In my opinion this is where cyber security comes in.
Although the security controls within the data center have not changed much but the security controls to protect the data access layer exposed to the internet is constantly changing and so is the the threat landscape.
The inherent risks can be placed in two buckets:
- Internet Property Environment:
- Web server configuration issues/vulnerabilities
- Web application programming issues/vulnerabilities
- Firewall configuration issues/vulnerabilities
- Router configuration issues/vulnerabilities
- IDS/IPS configuration issues/vulnerabilities
- Application firewall configuration issues/vulnerabilities
- Security Incident detection & response issues
- End user environment, the environment the use uses to access the Internet property:
- Handheld device OS configuration issues/vulnerabilities
- Handheld device application configuration issues/vulnerabilities
- Above two points can be extended to laptop, and desktop configuration issues/vulnerabilities
- Users own password management methodology, if this is weak, no state of the art technology can prevent the aftermath.
- Users awareness of how to navigate the internet, and ability to distinguish good from the bad.
In a nutshell every Information Security team should have a dedicated cyber security team to stay on top of the above two risks.