Going Beyond IT Security to Cybersecurity
Does your MSP offer IT security, or does it truly provide cybersecurity services?
Often seen as a difference without distinction, one cybersecurity expert argues that the approaches to security need to be looked upon as separate concepts.
In a new article for Network World, Lior Div, a former Israeli cyber-intelligence officer and founder of the security firm Cybereason, defines IT security as the practice of setting up a layered defense to prevent an attack, while cybersecurity is concerned with what happens after infiltration has occurred.
“Step one is thinking like a detective and asking questions about the incident, like why was this attack vector used, are there any strange activities…occurring elsewhere in my IT environment, and why would attackers target our organization,” he wrote.
“It’s this big picture thinking that separates cybersecurity from IT security,” Div continued. “And it’s big picture thinking that will help companies detect and stop adversaries after they make their way into an organization.”
He offered the example of a malware attack that is discovered on a single computer.
Under an IT security model, the priority revolves around quick resolution of the ticket.
“An IT administrator or maybe a junior security analyst removes the machine from the network and perhaps re-images it,” Div wrote.
“Maybe there’s an investigation into how the computer was infected and a misconfigured firewall is identified as the culprit,” he added. “So, the firewall configuration is changed, the threat is neutralized, the problem is solved, and a ticket is closed.”
A true cybersecurity response, however, should involve a more thorough forensic review.
“The team looking into the incident wouldn’t assume the malware infection is limited to one computer…(and) they wouldn’t be so quick to wipe the machine clean,” Div wrote. “They may let the malware run for a bit to see where it phones home and how it acts.”
While IT security might have been adequate in a physical security realm, the growing complexity of cyberattacks increasingly requires a holistic approach, he argued.
“If you close a ticket without asking how an incident or incidents are linked…or where else attackers could have gained a foothold, you’re not doing your job,” Div wrote.
Send tips and news to MSPmentorNews@Penton.com.