Above and beyond problem resolution: The important distinction of Cybersecurity
The concept of security is deceptively simple. ‘Reduce possible threats, contain and eliminate current known threats, correct gaps in security.’ The mentality is not a bad one. Caution over what you know is a threat is the beginning point, then expands to what might be a problem, and be sure you are ready to prevent the same thing from happening again. Often in the case of physical threats, layers of defense are used. Another door or wall preventing unscrupulous individuals from taking what they have no right to.
For IT, this involves adding in antivirus software, firewalls, and other similar programs specifically designed to stop malicious programs. Spyware, malware, viruses, and anything that alters the system in any undesirable way are sought out and removed before the threat becomes critical. When a threat is detected, the same sort of approach is used. Usually, this involves isolating an infected machine and dealing with it individually. An administrator or security analyst will work with the infected system to determine how it was infected. That information is used to update a firewall or anti-virus program and detect or stop further infections in the future. The threat is neutralized or deleted outright, and then the issue is considered closed. The threat is gone, the system is connected, and business returns to normal.
A great deal further
Cybersecurity is not IT security or data protection. Unlike most forms of theft, cybersecurity cannot rely upon more layers of protection. Walls and defenses each have their own weaknesses. In terms of software, those are back doors and exploits that can be taken advantage of by those seeking to bypass a system’s security. Instead of adding layers of defense, it adds more points of entry, effectively reversing the process. Other areas of security also deal with individuals or bands far more often than cybersecurity. Instead of an individual or small group as with most other areas of defense, a cybersecurity expert will admit that they must assume vast numbers of assailants. Problems are not isolated attacks or weaknesses. When a system is compromised, you do not have a single machine infected- the entire network is assumed to be affected. In such cases, experts cannot simply wipe a single terminal clean and reload.
In most cases, security is looking to defend from the broadest terms on a simple ideology. In those terms, recovery is simple. Patch the hole, prevent that exploit from working in the future by recognizing the problem or programs designed to use it. Cybersecurity experts agree to a far more paranoid mindset. Each attack is assumed to be part of a larger, more organized group testing how vulnerable a system is. Experts here admit to large groups of individuals that work just as hard as those defending systems with the express purpose of undermining or bypassing the defenses of systems. As cliché as it sounds, a criminal group of individuals dedicated to stealing everything they can. A group just as capable and skilled as those trying to stop them. Consider the analogy of the police force: most see a bank robbery and find the criminals. Cybersecurity experts would be those at the station wondering just how many were involved in the planning of the heist, and how many are still out there learning where those caught went wrong.
Cybersecurity is similar to most forms of security including IT except for the concept of scope. IT security would focus on the point of breach, and concentrate on how to fix that particular instance. By contrast, cybersecurity experts try to see a far broader picture of the situation. Yes, they do handle the immediate concern of a system issue, but other aspects are considered as well. Questions arise such as considering why was a particular form of attack used? Are any other discrepancies showing up in the system, no matter how minor? Why would our particular organization, business, or system be targeted? Like a detective in a good story, the incident gets attention, but the reasoning behind the motive and method are also thought about as well. Such is part of why cybersecurity can be so awkward to teach. These sorts of tendencies are not easily taught in a classroom. Professional development courses are poor environments to teach experts to ask these sorts of questions.
Cybersecurity is an extension of IT security. Understanding how to navigate, build, and operate various systems is key. However, you need to go further. The myopic view of just the incident will not be enough when considering the cyber aspect of an attack or breach. Experts here are far slower to close a problem ticket, and assume the incident resolved. Looking beyond the point of trouble can show other clues to what is going on. For instance, if one system is known to have been attacked, another system might begin to act oddly. This could be a side effect, or could have been the goal to begin with. Inside the system, breaching one point can easily provide access to other programs or areas of the system. This willingness to go beyond the initial resolution and investigate is what separates a cybersecurity expert from IT security.