In this digitized world, Information Security has become an integral part of each and every organization. The Internet has become an indispensable part of life. A whole lot of Information about everything is available on the internet, which includes sensitive data like Personally Identifiable Information, Intellectual property, Payment Card Industry data etc. And it’s obvious that sensitive data are needed to be protected. An organization needs to classify its data according to its importance, decide the data that needs to be protected.
Every day new attacks are happening and are being reported, which can lead to information disclosure to illegitimate users. Now, if we look at the frequency of attacks happening day to day, they are found to be more sophisticated and target oriented. For example, the attack in 2014 on an e-retailer exposed 145 million users’ personal information like Date of birth, address, and their encrypted passwords. Due to this, the e-retailer had to ask its customers to change their passwords with immediate effect. Similarly, in 2011, the network of a global gaming company was hacked. This led to the stealing of personal information of 77 million users and as a result, the users were deprived of accessing the gaming services. Such an incident resulted in a financial loss as well as erosion of brand value. It took the gaming company 23 days to restore normalcy in its systems.
Prevention is always better than cure. Hence, companies need to have a better understanding of what are the critical assets and information that needs to be protected. They need to segregate sensitive data, plan secured networks, and robust architecture. All these steps need to be taken because the recent cyber-attack trends are specific, goal oriented and have the potential to cause insurmountable damages.
The big question is – Who are going to stop such cyber-attacks? Who is going to guide the organizations on safeguarding their online assets in an environment of burgeoning cyber-attacks? The answer is – Information Security Analysts.
Yes, they are the ones, who need to have a better understanding of the companies’ infrastructure and need to keep themselves abreast of the new technologies. Information security analysts have been around for a long time, but because of increase in cyber crime over the last decade, they have become more popular than before. The realization is that finding weaknesses and deficiencies in systems and addressing them proactively is less expensive than dealing with the fallout that comes after the hack. The aftermaths of the hacks on the E-retailer and the gaming company (mentioned earlier) justify this fact very well. Hence, the work of Information security analyst becomes vital in these cases; they need to provide a workaround or a solution in order to fix these flaws. To provide the solutions, they need to possess a paramount knowledge about the domain on which they are working on. Hence IT security has a lot to do and lot to keep up with. Also, they need to have a similar mindset as that of a hacker and the zeal to stay two steps ahead of the hackers.
Cyber security is a subject of national importance in the United States, which in itself signifies the importance of Information security. Awareness about Information security should spread across the organizations so that every company knows the importance of Information Security and how they can incorporate it in their system. The scope of Information security is not only limited to particular areas like Network, Web Applications etc but also, it is very much applicable to the new arena like Internet of Things.
So there are a lot many things to explore as a cyber security analyst. On a parallel track, the unethical hackers are a toeing day in and day out to discover and exploit new vulnerabilities to cause insurmountable damage. It is now the onus on the security analysts to put up their efforts to nullify and prevent the cyber-attacks. Moreover, the security analysts need to pull up their socks soon before the hackers pull down our systems.
Authored By - Vikash Patnaik
TCS Enterprise Security and Risk Management
Rate this article: