Cyber Security

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 17

1. What is Cyber Security?

Cybersecurity, also known as computer security or IT security, refers to the practice of


protecting computer systems, networks, and data from digital attacks, unauthorized access,
and damage or disruption. It involves implementing measures, technologies, and protocols to
prevent, detect, and respond to cyber threats, such as malware, hacking, phishing, and data
breaches.

The goal of cybersecurity is to ensure the confidentiality, integrity, and availability of


information and systems, safeguarding them from potential harm and ensuring the privacy
and trust of users. It encompasses various aspects, including network security, application
security, endpoint security, data security, and cloud security, and requires a combination of
technical, organizational, and human factors to effectively mitigate risks and maintain a
secure digital environment.

Cyber security refers to every aspect of protecting an organization and its employees and
assets against cyber threats. As cyber-attacks become more common and sophisticated and
corporate networks grow more complex, a variety of cyber security solutions are required to
mitigate corporate cyber risk. It is a mistake to believe that you are of no interest to cyber
attackers. Everyone who is connected to the internet needs cyber security. This is because
most cyber attackers are automated and aim to exploit common vulnerabilities rather than
specific websites or organizations.

Using cryptographic Algorithms for text encryption, keylogger programs, facial


Authentication system for the web, scanner for security, system for user Authentication and
system for image steganography are
some examples of projects that can be
made for cyber security.
2. Types of Cyber attacks
There are many varieties of cyber-attacks that happen in the world today. If we know the
varies types of cyber-attacks, it becomes easier for us to protect our networks and systems
against them. Here, we’ll closely examine the top ten cyber-attacks that can affect and
individual, or a large business, depending on the scale. Below mention are the 10 cyber-
attacks.
1. Malware Attack
2. Phishing Attack
3. Password Attack
4. Man- in-the – middle Attack.
5. SQL injection Attack
6. Denial-of-service Attack
7. Insider threat
8. Crypto jacking
9. Zero-Day Exploit
10. Watering Hole Attack

1. Malware Attack
This is one of the most common types of cyber-attacks. “Malware” refers to malicious
software viruses including worms, spyware, ransom ware, adware, and Trojan horse.
The trojan virus disguises itself as legitimate software. Ransomware blocks access to the
network's key components, whereas Spyware is software that steals all your confidential data
without your knowledge. Adware is software that displays advertising content such as
banners on a user’s screen.
Malware breaches a network through a vulnerability. When the user clicks a dangerous link,
it downloads an email attachment or when an infected pen drive is used.
Let’s now look at how we can prevent a malware attack:
Use antivirus software. It can protect your computer against malware. Avast Antivirus,
Norton Antivirus, and McAfee Antivirus are a few of the popular antivirus software.
Use firewalls. Firewalls filter the traffic that may enter your device. Windows and Mac OS X
have their default built-in firewalls, named Windows Firewall and Mac Firewall.
Stay alert and avoid clicking on suspicious links.
Update your OS and browsers regularly.

2. Phishing Attack
Phishing attacks are one of the most prominent widespread types of cyberattacks. It is a type
of social engineering attack wherein an attacker impersonates to be a trusted contact and
sends the victim fake mails.
Unaware of this, the victim opens the mail and clicks on the malicious link or opens the
mail's attachment. By doing so, attackers gain access to confidential information and account
credentials. They can also install malware through a phishing attack.
Phishing attacks can be prevented by following the below-mentioned steps:
Scrutinize the emails you receive. Most phishing emails have significant errors like spelling
mistakes and format changes from that of legitimate sources.
Make use of an anti-phishing toolbar.
Update your passwords regularly.
3. Password Attack
It is a form of attack wherein a hacker cracks your password with various programs and
password cracking tools like Air crack, Cain, Abel, John the Ripper, Hash cat, etc. There are
different types of password attacks like brute force attacks, dictionary attacks, and keylogger
attacks.
Listed below are a few ways to prevent password attacks:
Use strong alphanumeric passwords with special characters.
Abstain from using the same password for multiple websites or accounts.
Update your passwords; this will limit your exposure to a password attack.
Do not have any password hints in the open.

4. Man-in-the-Middle Attack
A Man-in-the-Middle Attack (MITM) is also known as an eavesdropping attack. In this
attack, an attacker comes in between a two-party communication, i.e., the attacker hijacks the
session between a client and host. By doing so, hackers steal and manipulate data.
As seen below, the client-server communication has been cut off, and instead, the
communication line goes through the hacker.
MITM attacks can be prevented by following the below-mentioned steps:
Be mindful of the security of the website you are using. Use encryption on your devices.
Refrain from using public Wi-Fi networks.
5. SQL Injection Attack
A Structured Query Language (SQL) injection attack occurs on a database-driven website
when the hacker manipulates a standard SQL query. It is carried by injecting a malicious
code into a vulnerable website search box, thereby making the server reveal crucial
information.
This results in the attacker being able to view, edit, and delete tables in the databases.
Attackers can also get administrative rights through this.
To prevent a SQL injection attack:
Use an Intrusion detection system, as they design it to detect unauthorized access to a
network.
Carry out a validation of the user-supplied data. With a validation process, it keeps the user
input in check.

6. Denial-of-Service Attack
A Denial-of-Service Attack is a significant threat to companies. Here, attackers target
systems, servers, or networks and flood them with traffic to exhaust their resources and
bandwidth.
When this happens, catering to the incoming requests becomes overwhelming for the servers,
resulting in the website it hosts either shut down or slow down. This leaves the legitimate
service requests unattended.
It is also known as a DDoS (Distributed Denial-of-Service) attack when attackers use
multiple compromised systems to launch this attack.
Let’s now look at how to prevent a DDoS attack:
Run a traffic analysis to identify malicious traffic.
Understand the warning signs like network slowdown, intermittent website shutdowns, etc.
At such times, the organization must take the necessary steps without delay.
Formulate an incident response plan, have a checklist and make sure your team and data
center can handle a DDoS attack.
Outsource DDoS prevention to cloud-based service providers.

7. Insider Threat
As the name suggests, an insider threat does not involve a third party but an insider. In such a
case, it could be an individual from within the organization who knows everything about the
organization. Insider threats have the potential to cause tremendous damages.
Insider threats are rampant in small businesses, as the staff there hold access to multiple
accounts with data. Reasons for this form of an attack are many, it can be greed, malice, or
even carelessness. Insider threats are hard to predict and hence tricky.
To prevent the insider threat attack:
Organizations should have a good culture of security awareness.
Companies must limit the IT resources staff can have access to depending on their job roles.
Organizations must train employees to spot insider threats. This will help employees
understand when a hacker has manipulated or is attempting to misuse the organization's data.

8. Crypto jacking
The term Crypto jacking is closely related to cryptocurrency. Crypto jacking takes place
when attackers access someone else’s computer for mining cryptocurrency.
The access is gained by infecting a website or manipulating the victim to click on a malicious
link. They also use online ads with JavaScript code for this. Victims are unaware of this as
the Crypto mining code works in the background; a delay in the execution is the only.
they might witness.
Crypto jacking can be prevented by following the below-mentioned steps:
Update your software and all the security apps as crypto jacking can infect the most
unprotected systems.
Have crypto jacking awareness training for the employees; this will help them detect crypto
jacking threats.
Install an ad blocker as ads are a primary source of crypto jacking scripts. Also have
extensions like Miner Block, which is used to identify and block crypto mining scripts.

9. Zero-Day Exploit
A Zero-Day Exploit happens after the announcement of a network vulnerability; there is no
solution for the vulnerability in most cases. Hence the vendor notifies the vulnerability so that
the users are aware; however, this news also reaches the attackers.
Depending on the vulnerability, the vendor or the developer could take any amount of time to
fix the issue. Meanwhile, the attackers target the disclosed vulnerability. They make sure to
exploit the vulnerability even before a patch or solution is implemented for it.
Zero-day exploits can be prevented by:
Organizations should have well-communicated patch management processes. Use
management solutions to automate the procedures. Thus, it avoids delays in deployment.
Have an incident response plan to help you deal with a cyberattack. Keep a strategy focusing
on zero-day attacks. By doing so, the damage can be reduced or completely avoided.
10. Watering Hole Attack
The victim here is a particular group of an organization, region, etc. In such an attack, the
attacker targets websites which are frequently used by the targeted group. Websites are
identified either by closely monitoring the group or by guessing.
After this, the attackers infect these websites with malware, which infects the victims'
systems. The malware in such an attack targets the user's personal information. Here, it is
also possible for the hacker to take remote access to the infected computer.
Let's now see how we can prevent the watering hole attack:
Update your software and reduce the risk of an attacker exploiting vulnerabilities. Make sure
to check for security patches regularly.
Use your network security tools to spot watering hole attacks. Intrusion prevention systems
(IPS) work well when it comes to detecting such suspicious activities.
To prevent a watering hole attack, it is advised to conceal your online activities. For this, use
a VPN and also make use of your browser’s private browsing feature. A VPN delivers a
secure connection to another network over the Internet. It acts as a shield for your browsing
activity. NordVPN is a good example of a VPN.
3. Network Security

Network security is the protection of the underlying networking infrastructure from


unauthorized access, misuse, or theft. It involves creating a secure infrastructure for devices,
applications, users, and applications to work in a secure manner.
Network security is a critical aspect of cybersecurity that focuses on protecting computer
networks and their infrastructure from unauthorized access, misuse, and attacks. It involves
implementing measures and protocols to secure network devices, systems, and data, ensuring
the confidentiality, integrity, and availability of network resources.
Network security aims to prevent unauthorized access to networks by implementing various
security mechanisms, such as firewalls, intrusion detection and prevention systems (IDPS),
virtual private networks (VPNs), and access control mechanisms. These measures help in
filtering and monitoring network traffic, identifying and blocking malicious activities, and
ensuring that only authorized users can access the network.
Additionally, network security involves securing network devices, such as routers, switches,
and wireless access points, by configuring them with strong passwords, disabling
unnecessary services, and regularly updating their firmware to patch vulnerabilities. It also
includes implementing secure network protocols, such as Secure Sockets Layer (SSL) and
Transport Layer Security (TLS), to encrypt data transmission and protect it from interception
and tampering.
Furthermore, network security encompasses network segmentation, which involves dividing
a network into smaller subnetworks to limit the impact of a potential breach and prevent
lateral movement of attackers. It also includes implementing network monitoring and logging
mechanisms to detect and respond to security incidents promptly.
Overall, network security plays a crucial role in maintaining the integrity and availability of
computer networks, protecting sensitive data, and ensuring the smooth operation of digital
systems. It is an essential component of cybersecurity, as it forms the foundation for securing
other aspects, such as application security, endpoint security, and data security.
4. Endpoint Security
Endpoint security is the process of protecting devices like workstations, servers, and other
devices (that can accept a security client) from malicious threats and cyberattacks. Endpoint
security software enables businesses to protect devices that employees use for work purposes
or servers that are either on a network or in the cloud from cyber threats.

The modern business landscape is seeing an increasing volume of cybersecurity threats from
increasingly sophisticated cyber criminals. Hackers launch a cyberattack every 39 seconds,
with a daily total of 2,244 attacks. Endpoints are one of the most common targets, given the
sheer number of them in use to connect to networks. According to Strategy Analytics
insight, there were already 22 billion connected devices in 2018, which is predicted to rise to
38.6 billion devices by 2025 and 50 billion devices by 2030. As a result, Verizon’s threat
report found that up to 30% of data breaches involved malware being installed on endpoints.

Every endpoint that connects to the corporate network is a vulnerability, providing a potential
entry point for cyber criminals. Therefore, every device an employee uses to connect to any
business system or resource carries the risk of becoming the chosen route for hacking into an
organization. These devices can be exploited by malware that could leak or steal sensitive
data from the business.

In the face of this, it is imperative for businesses to deploy solutions that can analyze, detect,
then block and contain cyber-attacks as they happen. Organizations also need to collaborate
with one another and utilize technologies that provide their IT and security teams with
visibility into advanced threats, enabling them to quickly detect security risks for swift
remediation of potential issues.
5. Security policies and procedures

Cybersecurity policies and procedures are documents that define the objectives, guidelines,
standards, methods, and safeguards a company follows to protect its data and comply
with regulations
An organization may implement various cyber security policies. Some of the most common
ones include the following:
 IT Security Policy: An organization’s IT security policy defines the rules and
procedures for protecting the organization against cyber threats. Some of the aspects
of an IT security policy include acceptable use of corporate assets, incident response
plans, business continuity strategies, and the organization’s plan for achieving and
maintaining regulatory compliance.
 Email Security Policy: An email security policy defines the acceptable use of
corporate email systems to help protect the organization against spam, phishing, and
malware (such as ransomware) and to prevent misuse of corporate email. This type of
policy may include general rules for how corporate email can and should be used, as
well as specific guidance on how to handle suspicious links and email attachments.
 BYOD Policy: A BYOD policy defines rules for personal devices that are used for
work. These policies commonly define security requirements for these devices, such
as the use of an endpoint security solution, strong passwords, and a virtual private
network (VPN) when connecting to corporate networks and IT assets via an untrusted
network.
Documented procedures are one of the most overlooked requirements in cybersecurity
compliance, but procedures are also a minimum expectation that an auditor is going to look
for. For anyone who has written procedures, the answer for why companies routinely fail to
maintain procedures is clear - it can take considerable time and effort to properly document
processes. Part of that is tied to a lack of best practices around what good procedures look
like - every organization tends to do something different, based on internal staff preferences
or auditor pressure. This leads to a lack of standardization across departments and business
functions, which can be an issue when trying to maintain "what right looks like" if a
benchmark does not exist.
One of the most important things to keep in mind with procedures is that the "ownership" is
different than that of policies and standards:
Policies, standards, and controls are designed to be centrally managed at the corporate level
(e.g., governance, risk & compliance team, CISO, etc.)
Controls are assigned to stakeholders, based on applicable statutory, regulatory and
contractual obligations.
Procedures are by their very nature de-centralized, where control implementation at the
control level is defined to explain how the control is addressed.
Given this approach to how documentation is structured, based on "ownership" of the
documentation components:
Policies, standards, and controls are expected to be published for anyone within the
organization to have access to, since it applies organization wide. This may be centrally
managed by a GRC/IRM platform or published as a PDF on a file share, since they are
relatively static with infrequent changes.
Procedures are "living documents" that require frequent updates based on changes to
technologies and staffing. Procedures are often documented in "team share" repositories, such
as a wiki, SharePoint page, workflow management tool, etc.

6. Cyber Security Data protection and privacy


Cybersecurity focuses on specific technical implementations needed to protect your systems
and networks. Compared to data protection that centers on information stored within a
system, cybersecurity has a stronger focus on protecting a system itself. Data protection is a
set of procedures aimed at safeguarding personal data stored within a system. Data protection
addresses data management, availability, unauthorized access prevention and application
regulations like Health Insurance Portability and Accountability Act (HIPAA) or General
Data Protection Regulation (GDPR). Unlike cybersecurity, which is a job for IT
professionals, data protection requires effort from all employees dealing with sensitive data.
A recent hack affected the U.S. Department of Veterans Affairs and put the personal
information of approximately 46,000 veterans at risk. Cybercriminals tried to divert payments
from the department by using social engineering techniques and exploiting authentication
protocols. Unfortunately, personal data, including Social Security numbers, may have been
compromised, according to the recent news.

As this case shows, personal data and system protocols can be damaged in the same event.
Incidents like this one are worthy of being analyzed not from two different views, but from a
combined perspective that includes data protection and cybersecurity.
Because data breaches affect various aspects of an organization’s life cycle, the response
should be multilateral. In other words, both cybersecurity and data protection specialists
should combine their skills to prevent data breaches.
Digital risk is a business-driven model that proactively considers the business risks associated
with digitized data across business processes, including cyber security and data privacy,
along with other considerations such as regulation, automation and ethics.
Think about how you secure your own home. Do you one day focus on locking all of the
doors, but happily leave the windows and open? And on another day, would you ignore
setting the alarm, because you are too busy focusing on securing access from the garden? Of
course, not – all these risks need to be considered together, or your protection measures will
quickly fail.
It’s a similar story when assessing a company’s digital risk profile – focusing on each of the
threats separately is no longer effective, and instead they must be proactively integrated and
managed together. It’s only when a business takes a holistic approach like this that real
progress can be made.
Indeed, this integrated best practice is embedded in the regulation. The General Data
Protection Act (GDPR) states that, in order to be compliant, companies should implement
‘data protection by design and default’ measures.[ii] The Information Commissioner’s Office
explains that this means companies must “integrate or ‘bake in’ data protection into…
business practices, from the design stage, right through the lifecycle”.[iii] It would be very
difficult indeed to ‘bake in’ such privacy measures across the business without a single,
integrated function.
So, it is critical for businesses to get to grips effectively and efficiently with digital risk. Yet
they are struggling because data privacy and cyber security are often managed by different
teams. Typically, the Chief Privacy Officer (CPO) takes responsibility for the data privacy;
while the Chief Information Security Officer (CISO) for cybersecurity.

7. Cyber Security Identity and Access


Identity and access management (IAM) is a cybersecurity discipline focused on managing
user identities and access permissions on a computer network. While IAM policies,
processes, and technologies can differ between companies, the goal of any IAM initiative is
to ensure that the right users and devices can access the right resources for the right reasons at
the right time.
IAM solutions typically involve the use of various authentication methods, such as
passwords, biometric, or multi-factor authentication to verify the identity of users. Access
control, such as role-based access control (RBAC) or attribute – based access control
(ABAC), are then used to determine what resources each user can access and what actions
they can perform.
IAM can help streamline access control in complex, multi-cloud environments. Today,
corporate networks connect to on-premises, remote, and cloud-based (SaaS) apps and data
sources. A wide range of users need access to these resources for various purposes, including
human users (employees, customers, contractors) and non-human users (bots, IoT devices,
automated workloads, APIs).
IAM systems allow companies to assign a single digital identity and set access privileges for
each user. That way, only authorized users can handle company resources, and they can only
use those resources in ways the company permits.

To enhance cybersecurity, organizations often implement additional measures like privileged


access management (PAM), which restricts access to critical systems and data to only
authorized individuals. They may also employ identity and access governance (IAG)
solutions to ensure compliance with regulations and internal policies. Overall, effective IAM
strategies are essential for safeguarding digital assets, preventing data breaches, and
mitigating the risks associated with cyber threats.

8. Cyber Security Management


Cybersecurity management is an area of information technology that organizations and
businesses use to protect and secure sensitive information from cybercriminals or any
unwanted guests. Here is one simple definition of Cybersecurity Management. This may
include protecting the company’s information systems and computer networks from cyber-
attacks, cyber threats, intrusions, malware, and other types of data breaches.

Cybercriminals are always looking to find new ways to exploit vulnerabilities in computer
systems. And, unfortunately, they are becoming more sophisticated in how they approach
cyber-attacks. These cybercriminals are also growing in number. Some may also cause havoc
to an individual’s personal computer infrastructure. However, organizations and companies
are now reassessing strategic planning against these types of attacks. Both businesses and
organizations are now coming up with better ways to prevent more damage by hiring cyber
security managers or professionals who understand the importance of keeping information
secure and safe from these cybercriminals.
9. Security Awareness and training
Cybersecurity awareness training is the approach organizations use to help their staff develop
awareness and understanding of best practices to always ensure a secure perimeter within the
organization. Cybersecurity awareness training usually includes formally educating the team
on various cyber threats, the ways to recognize them, and the steps to take to mitigate those
threats. Typically, cyber awareness is a long-term strategy and part of a more extensive
security program.
While cybersecurity awareness training obviously starts in the IT department, it is important
to realize that every member of the organization should take part in training to ensure that the
whole company is on the same page.
Did you know that up to 82% of cybersecurity breaches are due to human error and that on
average the cost of a data breach stands at $4.35M globally? You can use the most
sophisticated and up-to-date tech to mitigate cyber threats, but if your staff does not possess
the savvy and awareness to identify and counter a potential threat, the tech won’t help. After
all, numbers don’t lie.

A cybersecurity course brings numerous far-reaching benefits to any organization willing to


carry it out. The benefits include introducing essential cybersecurity knowledge for the whole
staff, improved overall awareness, threat reduction, prevention of possible downtime, savings
on hefty regulatory fines in cases of cyber incidents, greater customer confidence, and in
some instances, even greater revenue.
10. Emerging trade in Cyber Security

The emerging trade in cybersecurity is a fascinating and important field. With the increasing
reliance on technology and the rise of cyber threats, there is a growing demand for
cybersecurity professionals and solutions. This trade encompasses various aspects, including
threat detection and prevention, incident response, vulnerability assessment, and security
consulting. As technology continues to advance, so do the tactics and techniques used by
cybercriminals, making it crucial for the cybersecurity trade to continuously evolve and
adapt. It is an exciting time to be involved in this field, as there are plenty of opportunities for
innovation and collaboration to ensure a safer digital future.

11. Conclusion

In conclusion, the introduction to cybersecurity provides a foundation for understanding the


importance of protecting digital systems and data. It covers various types of cyber-attacks,
including malware, phishing, and ransomware, highlighting the need for robust network
security measures. Endpoint security is crucial in safeguarding individual devices and
preventing unauthorized access. Security policies and procedures establish guidelines for
maintaining a secure environment, while data protection and privacy measures ensure the
confidentiality and integrity of sensitive information. Identify and Access Management
(IAM) helps control user access and privileges, minimizing the risk of unauthorized entry.
Security awareness and training programs educate individuals on best practices and help
create a culture of cybersecurity. Finally, emerging trends in cybersecurity, such as artificial
intelligence and machine learning, cloud security, and the Internet of Things (IoT) pose new
challenges and opportunities for the industry. Overall, a comprehensive understanding of
these topics is essential in combating cyber threats and protecting our digital world.
References

Anon, n.d. What Is Network Security?. [Online]


Available at: https://www.cisco.com/c/en/us/products/security/what-is-network-
security.html
[Accessed 12 10 2023].
Anon, n.d. What is Cyber Security? Definition and Best Practices. [Online]
Available at: https://www.itgovernance.co.uk/what-is-cybersecurity
[Accessed 15 10 2023].

You might also like