IT security is a set of cybersecurity strategies that prevents unauthorized access to organizational assets such as computers, networks and data, as defined by cisco.com. It maintains the integrity and confidentiality of sensitive information, blocking the access of sophisticated hackers, added Cisco.
As a footnote, IT security shouldn’t be confused with cybersecurity. While they share common goals of protecting people, devices and data, both fields have specialized roles and responsibilities. As per zdnet.com, information technology uses computer networks, hardware and software to store and share digital information. While cybersecurity focuses more narrowly on protecting computer systems, digital devices and data from unauthorized access.
IT focuses on the systems that store and transmit digital information. Cybersecurity, in contrast, focuses on protecting electronic information stored within those systems, added zdnet.com.
Now, the question is – are your accounts secured? What are the indications that they are compromised? And what should be done if that’s the case?
IS YOUR SYSTEM COMPROMISED?
If you are noticing something unusual about your system’s behavior, your system may be under attack and can potentially be compromised. Here are the common signs, as per security.tennessee.edu:
- Exceptionally slow network activity or any unusual network traffic.
- A system alarm or similar indication from an intrusion detection tool
- Suspicious entries in system or network accounting
- Accounting discrepancies
- Unsuccessful logon attempts
- New user accounts of unknown origin
- Unusual log entries such as network connections to unfamiliar machines or services, login failures
- New files of unknown origin and function
- Unexplained changes or attempt to change file sizes, check sums, date/time stamps, especially those related to system binaries or configuration files
- Unexplained addition, deletion, or modification of data
- Denial of service activity or inability of one or more users to login to an account; including admin/root logins to the console
- System crashes
- Poor system performance
- Unauthorized operation of a program or the addition of a sniffer application to capture network traffic or usernames/passwords
- Port Scanning
- Unusual usage times
- An indicated last time of usage of a account that does not correspond to the actual last time of usage for that account
- Unusual usage patterns
If you notice any of the above indications, you should do something, ASAP! Here are the immediate actions you need to do, as per the advice of it.cornell.edu:
- For compromises involving known removable agents, such as a specific virus, remediation using automated tools and/or published instructions may be sufficient.
- For compromises involving multiple or unknown agents, the only way to ensure the system is properly cleaned is to wipe the hard drive of the system and reinstall its operating system, software and user data (from backups).
- All passwords on the affected system should be changed. The assumption should always be made that any passwords used on a compromised system were themselves compromised.
- Attempt to verify that the system has been cleaned by requesting a check from the IT security office.
Are your accounts secured? When in doubt, double check it! And do something when it’s not.
Sources:
https://www.cisco.com/c/en/us/products/security/what-is-it-security.html
https://www.zdnet.com/education/computers-tech/difference-between-it-security-cybersecurity/
https://security.tennessee.edu/how-to-tell-if-systems-is-compromised/
https://it.cornell.edu/security-essentials-it-professionals/recover-system-compromise