DEV Community

Cover image for 3 lessons I learned as a Cybersecurity Analyst
Patrick Dunn
Patrick Dunn

Posted on

3 lessons I learned as a Cybersecurity Analyst

3 lessons I learned as a Cybersecurity Analyst
As a cybersecurity analyst, my job is challenging. Day-to-day, my role is to protect the company's cloud by analyzing our security standards, generate recommendations, and actively defend against threats.

Attackers are innovative and daring, plus, the industry is continually changing. The increase in remote workers and usage of cloud networks, cloud computing, and cloud services drastically altered the scope and strategy of security plans and protocols.

My finger needs to be on the pulse of all the latest threats, not just from hackers, but also from possible weaknesses in apps and endpoints that can be exploited if we're not careful.

While I could probably fill a whole book with useful information and tips I've learned on the job, I want to talk about three of the most important lessons that any organization and cybersecurity analyst needs to be aware of.

1. No system is hack-proof

The question isn't if your network will be hacked. It's when your system will be hacked, and how quickly and effectively your cybersecurity team can react and remediate the attack.

There's just no such thing as a system that's so secure; hackers won't find a way to breach it. According to a Clark School study at Maryland University, there's a hacking attack every 39 seconds, and since COVID-19, the F.B.I. reported a 300% increase in the number of reported cybercrimes.

A cybercrime report by Herjavec Group estimates that by 2021, every 11 seconds, a business will fall victim to a ransomware attack.

So, it's important as a cybersecurity analyst never to fall into the trap of contentment and think you've covered all the possible access points as hackers never stop creating new plans and tools. Always be on the lookout for new I.T. trends and keeping up to date with the latest industry news.

Some of the most essential safety tips for prevention and mitigation still aren't used by organizations, such as multi-factor authentication, encrypting all data, creating backups, and educating employees on security best practices.

2. Human error is an overlooked factor

Even if you have the most technically secure system with all the latest defense point solutions, it can all be undone by a single user making a mistake.

I would even go so far as to argue that human error is the biggest cybersecurity threat you'll face. When looking at major breaches reported in the news over the last ten years, many of them were due to some kind of human error. Whether it's a bug in the software, falling for social hacking, downloading a malicious file, or simply forgetting their laptop on the train.

Considering how much technology has advanced in the last few years, it's easy to understand why humans are often the Achilles heel of your cybersecurity infrastructure.

With the huge increase in connectivity and smart devices, A.K.A., the Internet of Things (IoT) means users can connect to the cloud from nearly any device.

But hackers haven't been sitting idly by. They've been busy improving their own attack methods and creating new tools to try to breach systems.

There's no shortage of news stories featuring regular-looking apps that have turned out to be spying on the user or hiding malware code, which can infect an entire network. Public WIFI has also been used to steal data or implant malicious code.

Implement the SASE Framework Model

SASE is a new breed: Implementing this unified, cloud-based networking and security model helps IT implement a user-centric access policy much like Zero Trust, but users are also consuming other security and networking ideas at the same time, all within a single product. SASE helps improve security, but it also incorporates networking ideas like SD-WAN (for visibility over resources), and security layers such as MFA, SSO, and VPN tunneling.

SASE is still emerging as a solution for enterprise level companies, and if reducing tool sprawl and centralizing their networking and security is your cup of tea, it’s vital to explore it now:

-Remove the outdated perimeter-based network idea of site-centric, to a more user-centric mindset
-Implement the Zero Trust Security approach for consistent and secure network access and policy enforcement
-Incorporate auditing, monitoring, and visibility while reducing help-desk support and hardware spending
-Layer a variety of security products atop all cloud and local on-premises resources from one place

3. Penetration Testing is invaluable

Simulating the process a hacker would use to attack your network, devices, apps, data, etc. is one of the most valuable activities you can direct your effort towards. By actively searching for exploitable vulnerabilities, you can identify weak security, such as user policies that need to be strengthened or data leaks, which can be patched.

It's important to also note your own ability to identify and respond to security incidents, including your ability to prioritize multiple alerts at once and identify false positives.

You can even test your staff awareness on best security practices and compliance.

Without sounding too much like a broken clock, employees and staff often lack the required knowledge to identify cyber threats. Social hacking like phishing emails and tailgating is still wildly successful because hackers can farm information from social media sites like Facebook and LinkedIn to appear legitimate.

Penetration testing is always going to be a worthwhile investment of your time as it will help to make your network more secure and help you educate staff on best security practices.

Top comments (0)