Back to Basics: Fundamentals of CyberSecurity

Simple yet effective commentary.
Periodically we all need reminders about the fundamentals of what's important-- about cybersecurity, about business and customer satisfaction, and about life lived to its full potential.
And as sophisticated as our modern world may be, it's often the most basic things that fall into our blind spots -- things we take for granted or discount due to automation.
Post by Marillyn Hewson on LinkedIn
Emphasis in red added by me.
Brian Wood, VP Marketing

Lessons Learned from the Cyber Security Front Lines

As a global security and aerospace company, Lockheed Martin is a target for a wide range of cyber attacks. And we’re not alone. Firms across several industries, including finance, energy, infrastructure, healthcare, and telecommunications, are facing the same threats. No matter what business you’re in, cyber threats are a real and growing concern.
We’ve seen both the number of attacks – and the sophistication of the attackers – rise substantially. In fact, our analysis of cyber security data shows that the number of the most dangerous attacks, known as the “Advanced Persistent Threat,” rose 20 percent from 2011 to 2012 – and that’s just on our networks. Your company may be seeing threats rise at an even faster rate.
As October marks the 10th anniversary of National Cyber Security Awareness Month, I’d like to share a few of the lessons we’ve learned, and how they might help your company stay ahead of rapidly changing cyber threats.

  • Talented individuals are your greatest asset. Technology alone isn’t enough to defend against the skilled, well-resourced individuals and groups who make up today’s cyber threat. It takes talented cyber analysts who can think like your adversaries and develop sophisticated counter measures. For example, at Lockheed Martin’s global network of Security Intelligence Centers, our teams collect data on attempted intrusions on our network every day and then use that data to identify trends, build profiles of adversaries and predict what might be coming next. We’ve found that it’s important for companies to invest in recruiting, training and developing a cyber workforce. That means creating a viable career path for cyber professionals, and providing them with the tools and training they need to stay at the top of their game.
  • Sound intelligence is your best defense. The intelligence gleaned from analyzing attacks is a cyber-defender’s most effective tool. Every company’s cyber strategy should be built on a foundation of analysis and network insights. We use an internally-developed framework called Intelligence Driven Defense to help us identify trends, evolve our tactics and predict when and how the next attack might surface. We’re also using that information to help the government agencies, utilities and corporations we support build smarter defense strategies and tools.
  • Security should accelerate – not hamper – your business operations. It’s easy to view security measures as obstacles to business operations. After all, no one wants yet another password to remember. Our experience is that well-designed, threat-driven security processes and systems can enable the business rather than impede it. There’s always a balance to be struck. One of the greatest things we’ve learned defending our network is that it’s important to take a holistic view of all of your operations, so you can determine how to make smart trade-offs that keep both security and flexibility in perspective. For example, your company may find it necessary to block certain websites or online services. While blocking access may prove inconvenient in the short term, the extra security it adds can bolster network performance over the long term by keeping potential attackers at bay.
  • The first line of defense is you. The vast majority of attacks companies face can be stopped cold by educated individuals making sound cyber decisions. As an employee, it’s important to recognize that at any given moment there is somebody out there looking for an Achilles’ heel to infiltrate your company’s network. Don’t let that vulnerability be you. Following tips like those from the National Cyber Security Alliance can help you put cyber security awareness at the center of everything you do.

These are the lessons we’ve learned after more than a decade on the front lines of cyber security. I’m interested to hear your perspectives on advancing cyber security capabilities in your organization.