Answer:
Suppose I am Chief information officer of a business firm which provide accounting related services to leading companies and brands. Obviously the data that my organization has excess of is prone to various cyber threats and because even a slight misuse of data will cause huge loss of clients, it is huge responsibility to secure every bit of data from any kind of cyber threat.
Majorly two type of security threats are there :-
External threat:-When threat is caused due to an external factor which is outside organization it is called external threat.
Criminal syndicates:- These are group of malicious professional attackers .They carefully chosen targets from which they expect good returns.
State-sponsored actors:-Their main goal is accessing the database of organization and an access to organizations.
Hacktivists:- Generally they carry out a malicious cyber activity to promote either a political agenda, religious belief or a social ideology. There has come many cases where these hackers shuts down websites, either for fun or for some political purpose time to time.
2. Internal threat:-Threats which comes from employees, ex-employees and third parties. It is very easy for someone from inside the organization to steal the data and misuse it.
Some of the methods by which we can make sure that the data of organization is secured are:-
Adopt for Penetration testing tool:- Penetration testing tools check the vulnerabilities or weak areas in the software systems.We can also install IDS (Intrusion Detection System) which will alert us if there is suspicious activity on the network. Further we would have to keep an eye on all the database access activity and usage patterns in real time to ensure that no data leakage is taking place, or there is unauthorized SQL.
Calculate risk scores:- Risk scores calculates the vulnerabilities and gives the extent of severity in the form of a numerical score. This will gives the company a bigger picture of data vulnerability.Security companies like Lucideus provide this service of risk score calculation.
A trained Workforce-Employees in the company would have to trained to recognize common cyber threats .Small mistakes that we all do like opening emails from mysterious senders should not be done. There is need of promoting a security conscious work culture. Further if ex employees leave the company on bad terms ,it may happen that they would misuse the data out of anger.So to make sure that this doesn't happen provide only a limited access to employees so that once they leave their privileges to access data of the organization is denied.
Encrypt Data:-Encryption is a process where data is converted to scrambled code before transmitting it by using special mathematical algorithms. Further decoding of that data can be done only when an authorized user accesses it. This will make sure that data is secured and is accessed only by right users.In current scenario, encryption is one of the most popular and effective data security methods used by organizations.
Cloud-based architectures:- It may sound bizarre but Cloud-based architectures are more disaster-tolerant to protect data.Clouds uses encryption to transmit the data and it is encrypted also when it is idle on the cloud servers.
Explanation: