Protecting your company and products from cyberattacks requires more than just virus protection and firewalls. Our cybersecurity specialist for Tekla software, Jarkko Leminen, presents five security measures to follow.
People often think that cybersecurity boils down to virus protection and other tools. They think that all you have to do is install anti-virus software and you're safe. But this is not the case. Effective cybersecurity is much more holistic. It's everyone's responsibility: employees, suppliers, partners and all the other players in the data chain.
The world of cybersecurity is full of standards, frameworks and guides to follow, including SOC, ISO 27001 and the one we'll be looking at in this article: NIST. This well-known framework from the US National Institute of Standards and Technology (NIST) details five main areas of security: Identify, Protect, Detect, Respond and Recover.
Identify
First, you need to know what your assets are and what you're trying to protect. Is it data, software or hardware? You also need to carry out some kind of threat modeling to identify and compare the different risks associated with an asset. If a threat actor can compromise confidentiality, integrity or availability, you've found a risk and can calculate the risk score.
You can also work with cybersecurity companies who have a good understanding of the current global threat landscape. They can provide another view of your cybersecurity profile, and use penetration testing to identify potential vulnerabilities in your assets.
Protect
Once you've identified your assets and the risks associated with them, the next step is to think about how you're going to protect them. Do you need to install software? Or do you need physical security, such as locks on doors so that no-one can gain easy access to the asset? Protection can also include processes, guidelines and/or training. The question to ask is: How can you protect the entire product lifecycle, from the software supplier or open-source component to the product destined for your customer? Threats to the supply chain of open-source components are currently a hot topic in cybersecurity, as vulnerabilities in open-source software can cause problems to spread worldwide. For this reason, threat actors are putting considerable effort into open-source software.
Detect
The next step is to monitor to detect whether anyone is accessing your assets, and to identify any new vulnerabilities or risks associated with them. You must have the tools or means to detect if your system is under attack. Patch Tuesday" is an unofficial term used to designate the regular publication of security patches by major software manufacturers and others. Installing these updates is a good way of securing your system. Updates help protect systems against automated exploits used by "script kiddies" and other threat actors.
Reply
A cybersecurity attack is inevitable at some point. When it happens, you need to be able to react. That's why it's essential to have access to centralized server audit and system logs. These and forensic tools are needed to discover how the threat actor got in, to identify who he is, and to investigate what he has actually done in your environment.
Companies should also be practicing simulation exercises on what to do when a security incident is detected. It's too late to start inventing this while there's a case in progress! You need to regularly practice your response processes.
For example, if you're dealing with personal information that has been compromised in the course of a crime, you need to know who is responsible for internal and external communication. Public communication is often an area in which companies fail, as it can reveal that they are unable to understand the extent of a breach. This is the case when a company constantly publishes new information about a security problem, explaining each time that the situation was in fact worse than originally thought.
Companies shouldn't try to explain things away - it's necessary to be clear and honest about what happened. The way you communicate affects your credibility and the trust people place in you in the long term.
Recovery
The final step is to recover your assets and ensure that the systems are up and running again, so that your business can continue to operate. Planning and practice are important in this recovery phase. To limit the consequences of a breach, you need not only to keep backups, but also to test them regularly to make sure they work and can be restored. If you never test your backups and they're rotten, it's as if you had no backups at all. Another important aspect of recovery is learning from your mistakes, which means implementing the right actions to be better prepared for the next cybersecurity attack.
For more details on privacy and security in Tekla products, please visit the Tekla Trust Center and discover the Tekla product security white papers.
