Demystifying Security: Part I

Demystifying Security: Part I

Many people find Cyber Security intimidating. Hundreds of acronyms are being thrown around as if it were its own language. Partners, VARs and clients are overwhelmed when it comes to securing environments. According to a report by Sophos, IT managers face a shortage of key staff, a growing number of attempts, and weaknesses or gaps even when protections are in place.

I’m here to tell you that security doesn’t have to be mysterious–or scary. It’s easy to understand once you boil the acronyms down to English. Let’s take a look at some general Cyber Security terms and what they really mean.

Malware: “The Bad Guy”
Viruses, ransomware and spyware

What does it mean?

Malware is a piece of software that has landed on your laptop or desktop in some form or fashion. You may have clicked on something you shouldn’t have clicked on, or maybe put a USB stick in your machine–but somehow your device got infected.

Ransomware is a common form of malware, where the bad guys want you to pay to bring back your data.

Phishing or Spear Phishing:
A social engineering attack

What does it mean?

Phishing attacks or spear phishing attacks are methods of infiltrating an organization that has been targeted.
For example, you might get an email from somewhere in Nigeria. They say they’re willing to give you a million dollars–all you have to do is help out by giving them your bank account and social security numbers.

Spear phishing is more targeted towards that individual company or a specific person. Spear phishers can use platforms like LinkedIn to identify targets and send well-crafted emails directed towards you or someone in your organization.

A malicious application or unpatched vulnerability

What does it mean?

An exploit is simply something within your system that has been exploited. Generally what we see here is some type of vulnerability that has been identified within your operating system.

Distributed Denial-of-Service (DDoS):
Multiple machines (BOTS) attacking one device or network

What does it mean?

These days, we’ve all heard a lot about DDoS, or distributed denial of service, attacks. Imagine that you bought an army and their only job is to send messages to a particular server. The server is trying to respond back, but even before it can, another message is coming in. The volume of traffic overwhelms the server and it’s taken offline.

Barrier between trusted and untrusted networks

What does it mean?

Firewalls separate internet traffic from internal traffic. The firewall is not necessarily separating the good guys from the bad guys, but it does not allow all traffic to come into that environment. Firewalls stop some of the traffic that you don’t want to see (and sometimes, some of the traffic you do want to see).

If you have an opportunity, take a look at your firewall logs from home. You’ll be surprised how often it is hit–a constant barrage of attacks from anywhere around the world.

Virtual Private Network (VPN):
Encrypted tunnel over the internet

What does it mean?

VPN solutions are a tunnel established between end points. For example, your device connects through the internet to the other devices you’re trying to connect to. The VPN is an encrypted tunnel. Organizations, hackers, the government, and even core personnel can’t see what is being transmitted or received because the data is encrypted as it goes through that tunnel.

Email Security Gateway Protection:
Defend from phishing, spam, malware and known bad email addresses

What does it mean?

Email is run through a filter, which is a very good method of stopping malware from entering into your network. If it looks like it might be bad, or if the address is on a particular list, it will be filtered out.

Email protection is very important because we see a lot of malware penetrating networks via emails.

End User Education:
The problem is between the keyboard and chair

What does it mean?

Users have become our firewalls. By properly educating users, we could eliminate many of the problems that we face today. What are the most common challenges? Passwords that can be easily guessed, default passwords, and emails coming in with links that aren’t being questioned.

All users are responsible for security awareness. By deploying security awareness training, your customers can create safer environments and make it harder for the bad guys to get in.

Stay tuned for Part II, where I’ll discuss Cyber Security assessments and what they mean to you and your customers.

Want to learn more about the right questions to ask your customers to open Cyber Security opportunities? Watch the on-demand “Demystifying Security” video in MyIntelisys, available exclusively to Intelisys Sales Partners.