Cyber Security: The Second Prong in the Three-Pronged Approach to Security

Cyber security helps agency employees – from frontline personnel to IT professionals – detect and counter intrusions that make it past your first line of defense. You might be thinking of things like access control, firewalls, patching, and encryption. Of course, those tactics of cyber-hygiene are important, but it’s only a small part of cyber security.

More broadly, cyber security relies on an awareness of the most common attack patterns of hackers so you can prepare for the next generation of cyberattacks. That includes the ability to confront attacks that come through IoT devices, botnets, social engineering, and other new threats.

But even as threats advance, cyber security is really about getting the basics right. There are four key areas to focus on:

●     Access Control and Audit Logging: Locks and keys are thousands of years old. Despite their obvious imperfections, we still use them. The same goes for things such as access managers, firewalls and anti-virus protections. Like locks and keys, they are an imperfect method of “access control” that can be circumvented. But without them, we are just opening the door to greater – and faster – data loss, from less competent malicious actors.

●     Passwords: Brute force attempts to break passwords may not be the hottest thing in the hacker’s arsenal today, but you can bet that—along with phishing—it can be a prime way for hackers to get the required credentials to steal data. Stopping repeat attempts and requiring multiple authentication factors are proven methods that deliver quick results.

●     Addressing Known Vulnerabilities: Regular patch deployment is not going to halt the backdoor vulnerability that was just discovered 15 minutes ago, but it can help stop upwards of 80 percent of the attack attempts enterprises experience on any given day.

●     Training: Anyone can be tricked by a phishing attempt. But effective awareness and training not only reduces the number of people that fall victim to phishing attacks. It also builds up institutional knowledge that may be more effective in detecting phishing attacks than almost any technology.

In today’s world, you need a comprehensive security plan that eliminates point procurements, organization silos, and uses advanced technology in an integrated fashion.  With the complexity and unique challenges present today, it is critical to have partner like Alliance that is knowledgeable and industry-savvy in your camp.  Let Alliance Technology Group’s experienced physical, cyber and network security experts offer advice before you make a technology investment.   

For more information about Alliance and how we can help your agency to fortify your cyber security, contact