IT security is a set of cybersecurity strategies that prevent unauthorized access to organizational assets such as computers, networks, and data. It maintains the integrity and confidentiality of sensitive information, blocking the access of sophisticated hackers. Vulnerabilities in web applications and networks Cybercriminals are constantly identifying new vulnerabilities in systems, networks or applications to exploit. These activities are conducted via automated attacks and can affect anyone, anywhere. There are now more mobile devices than people on the planet and most people get most of their information through a mobile device. Because humankind’s mobile prowess is only likely to increase, IT security professionals need to take mobile devices, mobile threats, and mobile security seriously.
An unauthorized user gaining physical access to a computer is most likely able to directly copy data from it. They may also compromise security by making operating system modifications, installing software worms, keyloggers, covert listening devices or using wireless mice. Even when the system is protected by standard security measures, these may be able to be bypassed by booting another operating system or tool from a CD-ROM or other bootable media. Disk encryption and Trusted Platform Module are designed to prevent these attacks.
In 2013 and 2014, a Russian/Ukrainian hacking ring known as “Rescator” broke into Target Corporation computers in 2013, stealing roughly 40 million credit cards, and then Home Depot computers in 2014, stealing between 53 and 56 million credit card numbers. Warnings were delivered at both corporations, but ignored; physical security breaches using self-checkout machines are believed to have played a large role. “The malware utilized is absolutely unsophisticated and uninteresting,” says Jim Walter, director of threat intelligence operations at security technology company McAfee – meaning that the heists could have easily been stopped by existing antivirus software had administrators responded to the warnings. The size of the thefts has resulted in major attention from state and Federal United States authorities and the investigation is ongoing.
Almost every computer has common basic defenses, which good IT pros consider and apply. These are the “standards” of computer security. They include: Patch Management End-User Training Firewalls Antivirus Secure Configurations Encryption/Cryptography Authentication Intrusion Detection Logging Understanding and using the basic common IT security defenses is a must for every IT security professional. But don’t stop at simply knowing about them. Know, too, what they are good at stopping and what they fail to do. With application security, applications are specifically coded at the time of their creation to be as secure as possible, to help ensure they are not vulnerable to attacks. This added layer of security involves evaluating the code of an app and identifying the vulnerabilities that may exist within the software.
For more information, you can download the latest whitepapers on Cybersecurity.