Cyber Hygiene, A Great Foundation For Cyber Security

Power of ubiquitous computing has significantly ascended today; a networked computer can do far more than an isolated computer because the power, features & benefits remained on the network.

As a downside of the proliferation of ubiquitous computing, there have been growing scene, trends & activities of cyber threats and similarly related vulnerabilities by attracting the attention of cybercriminals on a new and potential playground of hacktivist which has soared tension of many influential leaders, corporate, professionals, experts, and white hatters.

Ranging from cell phones to server machines there are numerous digital devices connected on the network and all that they carry and compute your personal, professional and commercial data has a certain level of cyber threats unless used carefully and maintained proper cyber hygiene.

Digital revolution has tremendously affected our personal and social lives. Consumer’s expectation for the Internet of things (IoT) enabled devices has shown geometric increments in connecting digital devices in cyberspace. Automation, flexibility in management, accessibility, security, integration and many other benefits have motivated the trends of this evolution of digitization.

A study performed by IHS Inc. London in 2015 has shown that 8.1 billion of digital devices were connected on the internet whereas the entire world’s population was about 7.4 billion, while only about 42.4% of world’s population was using the internet. Increased adoption in machine-to-machine connection, cloud computing, internet-based real-time streaming, and many other cyber-based activities have contributed to meteoric growth of internet traffic.

Therefore, we can predict the density and floods of traffic of digital device that may prevail in the future and imagine those possible scenarios may eventually occur in the world of cyberspace and cybersecurity.  Therefore, securing cyberspace is an evolving topic and first demand of every present day’s users involving portable devices to larger mainframe computers.

The Challenges

Attacker penetrates your device broadly for two motives, either to harm you or to harm others using your resources. They hack your device and resources to re-distribute Trojans, attack or malicious codes to other targets through multiple compromised distributed devices, maybe for a Distributed Denial of Service (DDoS) attacks by maintaining long-term access in your device to generate Advance Persistent DoS (APDoS). Thus, the primary argument of maintaining cyber hygiene is to protect your data, equipment and wealth as well as to prohibit hacker/criminal to use your resources to achieve their convicted goals.

 What is the need?

To mitigate such cyber implications by strengthening your security posture & getting survive on upraising cyber vulnerabilities in future, it is highly required to promote and spread awareness about good Cyber Hygiene, which is a part of public education for the radical change on conventional security thoughts and tactics.

Several customizable frameworks, guidelines and online assistance are available on the internet about designing and implementing good Cyber Hygiene, which helps to escalate your personal and organizational position on continually changing the landscape of the cyber threats.

 Cyber Hygiene

Wikipedia defines Cyber Hygiene as the establishment and maintenance of an individual’s online safety. It is the online analog of personal hygiene and encapsulates the daily routines, random checks and general behaviors required to maintain a user’s online “health” (security). This would typically include (but is not limited to) using a firewall, updating virus definitions, running security scans, selecting and maintaining passwords (and other entry systems), updating software, backing-up data and securing personal data.

Center for Internet Security (CIS), the US Government defines cyber hygiene as making sure we are protecting and maintaining systems and devices appropriately and using best practices of cybersecurity.

Cyber Hygiene is about training ourselves to think proactively about our cybersecurity—as we do with our daily personal hygiene—to resist cyber threats and online security issues. [i]

How our devices are compromised?

Most digital devices today are internet capable. They have designed to be connected and accessible from the internet. The Internet has become an integral part of business, economy, national and international government. This capacity of our digital devices and the emergence of the internet not only inherits benefits, but it also increases the possibility of various security threats.  Some of the typical lousy internet habits are significant security cases breaches including;

  1. Visiting un-trusted websites and links (Clicking on whatever appears)
  2. Poor understanding or skipping of warnings.
  3. I am getting victimized from false advertisement & schemes on the web.
  4. Using unsecured or Public WiFi access while using sensitive
    information.

Device & application configuration flaws

Large numbers of electronic hardware, sophisticated devices and more number of applications increase complexity in good Cyber Hygiene management. Some scenarios are:

  1. Operating devices in default configuration mode having no optimized or strict
    security.
  2. Badly controlled/un-controlled/monitored data traffic in organization.
  3. None or outdated software updates and patches.
  4. No effective antivirus/ IPS /IDS/Firewall system implied.
  5. Un-secured /less restrictive software, users, access and installation policies for
    internet browser, internet games, and applications.
  6. Using a trial or pirated software for processing sensible information and jail
    broken mobile phones.
  7. No adaption of security best practices, i.e., for VPN, encryption, secure password, device locking and data backup, cache, cookies and temporary files clearance, etc
  8. Easy and un-secured installation/update policy for plug-in, games, and other malicious software, etc.

 Human Factor and organizational policy [II]

  1. No adequate organization policies/Monitoring and awareness generation for cyber, internet and computer-based business activities (i.e., web policy, user and password policy, email, sensitive information, risk- assessment policies and so on)

2. Lack of awareness about Hoaxes, Scams, and Internet Myths, Social Engineering and suspicious activities to end users.

3. Unnecessary disclosure of user’s or organizational information on the internet and
on the web.

4. Negligence of errors and prevalence of mentality of “to err is human, to
prevent is divine” in system users.

 Good Cyber Hygiene PRACTICES

There is no silver bullet for perfect security and adequate Cyber Hygiene[iii]. More acquit-able cyber hygiene practices come along with technical correctness and sufficient awareness (professional, social & sequential) about maintaining your device, network & your cyber territory to eliminate the possibility of cyber attacks.

The sorts of good Cyber Hygiene practice depends on various factors, like types of cyber users, i.e., personal or corporate, kind of information relied on and computed by your machines, size of the organization & its structure, etc.

Good Cyber Hygiene” is in the enterprise; good cyber hygiene would be ensuring that individual data points, devices, and your networks are protected against vulnerabilities while also ensuring that all systems are maintained, if not future-proofed, by using cybersecurity best practices – and the latest technologies.

Good cyber hygiene would also mean that security and monitoring are controlled exclusively from a centrally managed point, pushed out to external terminals, and not reliant upon individuals to update their systems.[iv]

CSO Online defines some basic implementation for maintaining good cyber hygiene as follows:

  1. Know what is in your network: the First step is to identify the type of your service, system, devices, software, recognizing their co-relation and functional dependencies. Just keep in mind that What you can’t see is what you can’t protect, So to Know your Network is fundamental and essential.
  2. Remove what should not be in your network: start fine-tuning by removing/
    closing un-necessary services, applications & ports.
  3. Scan & Patch: Use appropriate tools and methods to identify your assets, your places, ports, services that might be compromised. Think, and go for patching and repairing it. Note down everything in a concise way.
  4. Continuously look for vulnerability: There need to be an active monitoring and reporting system for everything happening in your network premises. This gives you time and opportunities to manage it.
  5. Use secure configuration: The most critical aspect of your protection is abstraction and avoidance. To achieve this, you need great knowledge that utilizes your tools and technology to be stricter. Secure configuration guidelines can be obtained from relevant vendors and professionals.
  6. Continuously Look for and Control Change: Defense is a crucial and continuous process because attackers are always looking for your hitches and being updated about your activities. Good Cyber Hygiene practice follows five stages of activities for continual monitoring [v] and improvement.
  7. Count
  8. Configure
  9. Control
  10. Patch
  11. Repeat

Continuous monitoring measures your tools, techniques, and performance thus provides you with a clear vision of your state, then explores options for decision making by uncovering probable attack surface, suspicious activities, internal & external security lacking in configuration and service hardening, etc. so that you can optimize defense measure, review compliance & guidelines to decide further.

  1. Equip Your Employees and IT Team with the Right Tools: Studies have discovered that 95% of all security incidents involve human errors[vi]. Many of these are successful security attacks from external attackers who prey on human weakness to lure insiders within organizations to unwittingly provide them with access to sensitive information[vii]. Human factor plays a crucial role to become our system compromised. Attacker unveils lagging in our security and exploits that target.

Exploiting human-interest for extracting confidential information has been increasing in the present hacking trend.

About 95 percent of advanced and targeted attacks have performed by spear-phishing with emails containing malware that user downloads them believing to be from a legitimate source and are beneficial. Therefore, training and awareness to their employees about such scams and social engineering tactics is essential.

 Conclusion

Maintaining Cyber Hygiene is similar to maintaining personal hygiene for preventing possible sickness and disease. Good cyber health is achieved with great integration of people, process and technology. Every common factors & issue are required to access after that analyzed to guard & mitigate the security needs.

On this continually changing threat’s landscape, the significant challenges are to protect your IP-based device and organization from the numerous sorts of threats and attacks by choosing the right product, policy, and people. Cyber Hygiene is a fundamental and collaborative approach that is developed and maintained by similar efforts of all stakeholders and system operators.

In this largely interconnected world, it is tedious to determine where, when and how the threats come from, but we can strengthen our team, tools, and policy to identify and detect vulnerabilities, protect our resources, respond and recover from such threats effectively. As we know “prevention is better than cure,” a good Cyber Hygiene plays the first remedy to keep your device, data, and organization confident and safe.

[i] http://community.norton.com

[ii]http://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/data-breaches-and-the-human-factor-are-employees-the-best-defense-or-the-weakest-links

[iii] http://fortune.com/2016/05/20/no-cure-for-cyber security-threats/

[iv]http://www.csoonline.com/article/2891689/security0/practice-makes-perfect-making-cyber-hygiene-part-of-your-security-program.html

[v]http://www.tenable.com/blog/implement-good-cyber-hygiene-with-continuous-network-monitoring

[vi]  2014 Cyber Security Intelligence Index by IBM.

[vii]https://securityintelligence.com/the-role-of-human-error-in-successful-security-attacks/

Author: Jeewan Rimal