Security
Definition
Security in the context of information technology typically refers to the practice of protecting digital information and systems from unauthorized access, theft, damage, and disruption.
It encompasses a range of technologies, processes, and policies designed to secure networks, devices, applications, and data.
Types of Threats
In order to be effective it requires a layered approach that addresses both internal and external threats. Here are some examples of those threats:
- Malware: malicious software designed to harm or gain unauthorized access to a system.
- Phishing: fraudulent attempts to obtain sensitive information such as usernames, passwords, and credit card details.
- Denial of Service (DoS) attacks: attempts to overwhelm a system or network with traffic, rendering it inaccessible.
- Ransomware: a type of malware that encrypts files and demands payment to restore access.
- Social engineering: the use of deception to trick users into divulging sensitive information or performing actions that may harm their system or network.
- Advanced Persistent Threats (APTs): long-term, targeted attacks on a specific system or network by a skilled attacker.
- Insider threats: threats posed by employees or contractors with authorized access to a system or network who may intentionally or unintentionally cause harm or damage.
Traditional IT Security solutions include firewalls, intrusion detection and prevention systems, antivirus software, and encryption. Other security measures include access controls, security awareness training, and incident response planning.
Mitigation and prevention
Naturally, IT Security professionals play a critical role in managing and implementing security measures as well as responding to security incidents. They must stay up to date on the latest threats and vulnerabilities and regularly assess and test security systems to ensure they are effective.
Equally though, organizations must also consider the human factor in their security stance, including the risk of social engineering attacks and the importance of employee training and awareness.
Finally, strong cybersecurity policies and posture can help organizations reduce the risk of cyber attacks, protect sensitive data, and maintain regulatory compliance. This requires continual monitoring and adaptation to changing threats and technologies.
Signal says there’s “no evidence” of device-hijacking flaw
Signal refutes claims that its app is vulnerable to a zero-day attack
iPhone attacks: should you be using Lockdown Mode?
A new wave of iPhone spyware attacks have been launched. Should you be using the iPhone Lockdown Mode to boost your security?
Will anyone trust the UK to regulate AI?
The UK is keen to lead the world on AI regulation – but does it have international support?
Uniting Diverse Brands Under A Single Identity Management Solution
Read this case study on why DCC chose Okta to maximise the potential of its merger and acquisition campaigns.
Okta for Mergers and Acquisitions White Paper
Read the Okta for M&A whitepaper now to explore the key challenges businesses face during mergers and acquisitions.
Increasing Agility for Mergers and Acquisitions
Read the Increasing Agility for Mergers and Acquisitions solution brief by Okta to explore the common barriers that slow down M&A success.
How AI is helping IT managers do their jobs better right now
AI adds danger to IT managers' lives, but it can also help them through better insights, enhanced security and implementing Zero Trust policies. James Morris explains how.
How to secure your business online
There's a one in two chance that your business is an easy target for hackers. Simon Edwards, founder of one of the world's leading testing labs, explains the practical measures companies can take to tighten security.
Australian Banks increase scam protection as complaints rise
Westpac has announced a slew of measures to protect its customers against the growing menace of scams, including a four-hour payment delay
Confessions of an IT Manager: why I say “no” when you ask me for something new
If you've ever wondered why IT departments never approve the purchase you're asking for, our (mostly) friendly IT manager has the answer. But you may not like it.
Internet Explorer ripped out of Windows 10
Attempts to open Internet Explorer in Windows 10 will end in Edge, warns Microsoft
Cyberattacks: why small businesses should be worried
What can you learn from a small business owner who was almost made bankrupt by a cyberattack? We speak to them and the security experts to find out.
What is confidential computing?
Attackers target data when it’s at rest and in transit, but they also really want data being processed. Confidential computing is your guard.
What is endpoint security?
Endpoints are any devices that connect to your network - and a common target for hackers. Which is where endpoint security comes in.
Why Identity & Access Management (IAM) must be your primary security layer
A layered approach to cybersecurity is not just best practice: it’s essential. But as threats evolve, which should be your primary layer for defending against attackers?
US Treasury warns that improper use of computing may put financial firms at risk
The US Department of Treasury (USDT) has issued a warning to financial institutions that they are putting themselves at risk by using cloud-based services with undue care.
Is Windows’ built-in Defender Antivirus good enough for business?
Smaller businesses can probably get away with the free version of Defender built into Windows, but there are many caveats.
CIO Essential Guidance
The CISO security threat landscape. The cybersecurity professionals who contributed to the fourth edition of our Global Security Insights Report are in a very different…
How to solve 7 critical security problems with ETM
As the use of SSL/TLS encrypted communications grows, so does risk due to hidden threats. To minimise risk, businesses deploy next-gen firewalls, intrusion prevention systems,…
7 Best Practices for Data Security in Office 365 and Beyond
Data Security in a Complex, Hybrid World We are in the midst of a global shift from purely on-premises information technology infrastructure to hybrid environments.…