You know you need the help of a professional cybersecurity expert — you just don’t know what it is they do, exactly.
Understanding what cybersecurity professionals do to keep your data safe gives you greater confidence in your investments, and it can help you evaluate your spending. Knowing about the threats these professionals protect you from also helps understand current events, which are increasingly being shaped by cybersecurity concerns.
But first, a brief history lesson
In 1994, the Russian computer hacker Vladimir Levin and several associates successfully transferred $10.7 million from corporate accounts held at Citi Corp., Inc. (the bank now called Citigroup) into their personal accounts.
Investigators eventually tracked Levin down and, four years later, the US District Court for the Southern District of New York sentenced him to three years in prison. In the end, the bank recovered all but about $400,000 of the stolen money.
This incident is often credited as the dawn of professional cybersecurity: after the hack, Citigroup restructured its IT system and hired the world’s first Chief Information Security Officer (CISO), Stephen Katz.
Modern cybersecurity
What cybersecurity professionals do on a day-to-day basis often varies depending on the industry they work in, the regulatory framework that industry operates in, and the size of the particular company they work for. However, there are certain commonalities.
CISOs at large enterprises usually supervise groups of security pros employed by the company while small- and medium-sized businesses (SMBs) are more likely to outsource their security to a managed services provider (MSP) like Quicktech. These are not hard and fast rules though, and plenty of places use some combination of the two.
Below are several different roles professionals may fall into.
Security operations
Your system relies on a series of monitors that are constantly taking the pulse of things like firewalls, databases, and other IT infrastructure elements. But those monitors need human monitoring to be of any use, and that needs to be done so by a professional who knows how to read them and know what warning signs to look out for.
Security operations specialists provide real-time threat analysis, largely based on watching and reading these monitors. They are the first responders if something goes wrong, prioritizing actions, diving into the immediate threat, and alerting and delegating follow-up tasks.
Risk assessment and cyber intelligence
These often higher-level professionals are like researchers and consultants, often looking into the future for a company to anticipate what sorts of attacks may be just over the horizon, or analyzing potential purchases or business IT decisions that could hurt network security or introduce risk.
At the government level, these are the folks who tell Canadian Security Intelligence Service (CSIS) officials that foreign actors have or are planning to infiltrate Canadian voting or defence systems.
Data loss and fraud prevention
Remember when Edward Snowden floated thousands of documents revealing the details of American surveillance activities to international journalists? One hopes the CSIS employs better data loss and fraud prevention specialists than their American counterparts, but these are the guys that prevent such a scenario.
Theft of intellectual property and the outflow of sensitive information are a few of the things these experts monitor, looking for large amounts of data flows that indicate the copy, collection, and outmigration of sensitive information.
Security architects
These are the folks that build your security system’s spine. They decide where, why, and how to place and use firewalls and encryption keys, among other things. To evaluate their decisions they may employ penetration testers to try to infiltrate the system in simulated attacks. They may also decide how and where to segment or silo your network to help prevent the rapid spread of malware.
Identity and access control
This team controls who has access to each part of your IT system, usually assigning or managing the usernames and passwords of everyone on your team. The same goes for shutting down and eliminating user accounts and access permissions when needed, such as in the event of an employee termination. It is not uncommon that small mistakes in this department lead to disgruntled employees leaving massive headaches in their wake.
Of course, everyone plays a part in keeping your company secure. But certain tasks need to be delegated to professionals with advanced tools and skills. The field has exploded since Katz started out at Citigroup, with CISOs even utilizing teams of specialists to keep up with everywhere the field has gone. Quicktech is here to help, so give us a call.