Creating cyber security strategies is among the most important requirements of our digital age. We now live in a world where almost every type of device is connected to the internet. For this reason, we need to continue our lives by giving more importance to cyber security. If you are the owner or employee of a company that contains sensitive data such as financial information, we can say that the consequences in the event of a security breach will not be very encouraging. For example, according to Ponemon Institute’s 2017 Cost of Data Breaches study, the average cost of a single data breach was calculated as $3.62 million (1). Therefore, given the increases in security breach costs and the negative impacts of cyber attacks, organizations must create more robust cyber security plans.
Cyber Security Strategies and Policies
First of all, it is necessary to be aware that there may be security vulnerabilities in physical security devices in IP-based technologies. It is possible to minimize these vulnerabilities by taking a few precautions. The first of these measures is to ensure that all devices comply with company policy. For this, it is necessary to develop a written security policy.
So what should be the features of this policy?
Cyber Security policies must comply with the Personal Data Protection Act, ISO27001, and PCI. It must also be supported by other industry and government regulations. Physical security devices must be compliant with standard risk management tools and practices such as NIST. When creating a cybersecurity strategy for your organization, the five factors listed below are important. In this context, it is possible to ensure physical security and the security of other owned devices with this strategy.
Patching and Update
For cyber security to be sustainable, patches and updates of devices must be made on time and continuously. These updates help close a known and exposed vulnerability. Every delayed update will cause your computer or other devices to become vulnerable to attack. But often, when an update comes to your computer, it is closed without reading the notification and it is not clear who is responsible for keeping the computers updated. Therefore, when creating a strategy, you need to clearly state the distribution of tasks and roles. Holding a specific department or person in your organization responsible for updates will protect you against attacks and attacks that may occur.
Vulnerability Management
Depending on the size of your IT department, hundreds of thousands or millions of networked devices are likely to be routinely scanned. As the number of your devices increases, the size of the scan you need to do also increases. For example, the UK recently passed “secure by default” legislation requiring manufacturers to connect their devices over HTTPS. Devices used can often show a red flag in IT scans with self-signed certificates. In order to prevent these problems, the necessity and security of certificates should be explained to the IT department. It is important to have these certificates. Another issue is that manufacturers often use other manufacturers’ codes in network services such as OPEN SSL and the Apache Web server.
Organizations must understand that when they purchase a product, they are tied to the product sellers as well as the manufacturer. Vulnerabilities detected by IT scans should be reported immediately. But sometimes devices can’t be updated quickly because they have to work with vendors to develop and test the patch. This indicates that the IT department should take short-term measures until a patch is available. At this point, one of the measures that can be taken may be to limit traffic.
Equipment Replacement
Equipment replacement involves the potential problems of device replacement and obsolescence. For example, 7 to 10 years of use for an analog camera was an expectation in line with previous norms. However, this outdated technology includes several add-ons that are not currently supported by the manufacturer. Lacking current cybersecurity patches and updates, outdated technology becomes vulnerable to attack. This creates a disadvantage that replacing constantly used technological devices can be cost-intensive. However, renewing all systems at once is a time-consuming and labor-intensive process. Therefore, as a solution to the old equipment problem, one-fifth of the system must be regularly and continuously renewed every year. Upgrading to newer, more effective, and up-to-date technology is the best way to protect your data.
Importance of Documentation
Many manufacturers produce guidance to help security professionals secure devices against cyber threats. These created guides provide a basic configuration for dealing with the ever-evolving threat landscape. After creating this guide, what needs to be done is to match the guide you have created with a cyber security policy. That’s why a solid, written cybersecurity policy, physical security equipment, and systems are a requirement to provide the level of protection your organization requires.
Supply Chain Security
In terms of cyber security, it is necessary to know the source of the products and the security measures of the sellers. Because even a small security vulnerability can become a big risk. Device manufacturers have developed methods to keep the supply chain safe from attack. One of them, the Trusted Platform Module, has steps such as signed firmware and secure boot. It is possible to provide strong security by choosing a combination of these features.
These five factors will be an effective solution to preventing physical security devices from being used as entry points. Therefore, these key elements, the number of devices connected to the network, are important when developing a cybersecurity strategy. In addition, it is critical to create a holistic policy, taking into account the types. By determining the data you want to protect and the importance of this data, you can start planning preventive measures by calculating the possible damage.
Resource:
1) Sfax Secure Fax, “The average cost of a Data Breach in 2017 is $3.62 million”, Erişim: https://www.scrypt.com/blog/average-cost-data-breach-2017-3-62-million/