What is Cybersecurity?

The connected electronic information network has become an integral part of our
daily lives. All types of organizations such as medical, financial and educational
institutions use this network to function effectively. They use the network to collect,
process, store and share large amounts of digital information. As more digital
information is collected and shared, protecting this information becomes even more
important to our national security and economic stability.

Cybersecurity is the constant effort to protect these network systems and all data
from unauthorized use or damage. On a personal level, you must protect your
identity, your data, and your computing devices. At the corporate level, it is
everyone's responsibility to protect the organization's reputation, data, and
customers. At the state level, national security, and the safety and well-being of
citizens, are at stake.

Cybersecurity is the practice of defending computers and servers, mobile devices,

electronic systems, networks, and data from malicious attacks. And it is also known
as information technology security or electronic information security.

Knowing this concept we can go a little deeper into the topic and talk about the
attackers and how they are divided according to their activities.

First of all, we must know what attackers are, these are defined as people or
groups that try to take advantage of vulnerabilities for personal or financial gain.
Attackers are interested in everything from credit cards to product designs and
anything else of value. Some types of cyber attackers are known as:

 Amateurs – Sometimes called “Script Kiddies.” These are generally low- or

no-skilled attackers who often use existing tools or instructions found on the
Internet to carry out attacks. Some of them are just curious, while others try
to demonstrate their skills and cause damage. They can use basic tools, but
the results can still be devastating.
 Hackers – This group of attackers break into computers or networks to gain
access. Depending on the intent of the intrusion, these attackers are
classified as White, Gray, or Black Hat.
o White Hat attackers: enter networks or computer systems to discover
weaknesses in order to improve the security of these systems. These
intrusions are carried out with prior permission and the results are
reported to the owner.
o Black Hat Attackers: Exploit vulnerabilities for illegal personal,
financial, or political gain.
o The Gray Hat attackers: They are somewhere between the black and
white hat attackers. Gray Hat attackers can find a vulnerability in a
 system. It is possible for gray hat hackers to report the vulnerability to
system owners if that action coincides with their agenda.
 Organized hackers : These hackers include cybercriminal organizations,
hacktivists, terrorists, and state-sponsored hackers. Cybercriminals are
generally groups of professional criminals focused on control, power and
wealth. Criminals are very sophisticated and organized, and may even
provide cybercrime as a service to other criminals. Hacktivists make political
statements to raise awareness about issues that are important to them.
State-sponsored attackers gather intelligence or cause damage on behalf of
their government.

Data that can be compromised

Any information about you can be considered your data. This personal information
may uniquely identify you as an individual. This data includes the images and
messages you exchange with your family and friends online. Other information,
such as your name, social security number, date and place of birth, or your
mother's last name, is known to you and is used to identify you. Information such
as medical, educational, financial, and employment information may also be used
to identify you online.

 Medical record : This contains sensitive information about patients, which

can be used to clone identities.
 Educational history : Information about your grades and test scores, your
attendance, courses taken, awards and degrees acquired, as well as any
disciplinary reports, is all.
 Financial and employment history This may include information about
your income and expenses. Tax history may include pay stubs, credit card
statements, your credit score, and other banking information. Your
employment information may include your previous employment and
performance.

computing devices
Your computing devices don't just store your data. Now these devices have
become the portal to your data and generate information about you.

Unless you have selected to receive paper statements for all of your accounts, you
use your computing devices to access the data. If you want a digital copy of your
latest credit card statement, use your computing devices to access the credit card
issuer's website. If you want to pay your credit card bill online, you access your
bank's website to transfer the funds with your computing devices. In addition to
allowing you to access your information, computing devices can also generate
information about you.

With all this information about you available online, your personal data has become
profitable for hackers.

Recommendations to protect your devices

Your computing devices store your data and are the portal to your online life. The
following is a short list of steps to follow to protect your computing devices from
intrusions:

 Keep the firewall on: Whether it is a software firewall or a hardware firewall

on a router, the firewall must be activated and updated to prevent hackers
from accessing your personal or business data.

 Use antivirus and antispyware: Malicious software such as viruses, trojans,

worms, ransomware, and spyware install on computing devices without your
permission to gain access to your computer and its data. Viruses can destroy
your data, slow down your computer, or take over your computer. One way
viruses can take over your computer is by allowing spammers to send emails
from your account. Spyware may monitor your online activities, collect your
personal information, or send unwanted pop-up ads to your web browser while
you are online. A good rule of thumb is to only download software from trusted
websites to avoid getting spyware in the first place. Antivirus software is
designed to scan your computer and incoming email for viruses and remove
them. Sometimes antivirus software also includes antispyware. Keep your
software up to date to protect your computer from recent malicious software.

 Manage your operating system and browser: Hackers are always trying to
exploit vulnerabilities in your operating systems and web browsers. To protect
your computer and data, set the security settings on your computer or browser
to medium or high. Update your computer's operating system, including web
browsers, and periodically download and install software patches and security
updates from vendors.
  Protect all your devices: Your computing devices, whether PCs, laptops,
tablets or smartphones, should be password protected to prevent
unauthorized access. Stored information must be encrypted, especially in the
case of sensitive or confidential data. On mobile devices, store only
information necessary in case of theft or loss when you are away from home.
If any of your devices are compromised, criminals can access all your data
through your cloud storage service provider, such as iCloud or Google Drive.

They want your money

If it has anything of value, criminals want it.

Your online credentials are valuable. These credentials give thieves access to your
accounts. You may think that purchased frequent flyer miles are worthless to
cybercriminals, but you'll need to reconsider this statement. After approximately
10,000 American Airlines and United accounts were hacked, cybercriminals were
booking free flights and upgrades with these stolen credentials. Although frequent
flyer kilometers were returned to customers by airlines, this demonstrates the value
of login credentials. A criminal could also take advantage of your relationships.
They can access your online accounts and reputation to trick you into transferring
money to your friends or family. The criminal may send messages stating that your
family or friends need you to transfer money to them so they can return from
abroad after losing their wallets.

Criminals are very imaginative when trying to trick you into giving them money.
They don't just steal your money; They can also steal your identity and ruin your
life
They want their identity

In addition to stealing your money for short-term monetary gain, criminals want to
make long-term gains by stealing your identity.

As medical costs rise, medical identity theft also increases. Identity thieves can
steal your health insurance and use your health benefits for themselves, and these
medical procedures are now in your medical records.

Annual tax filing procedures may vary from country to country; However,
cybercriminals see this as an opportunity. For example, people in the United States
need to file their taxes by April 15 of each year. The Internal Revenue Service
(IRS) does not flag tax returns against employer information until July. An identity
thief can generate a false tax return and collect the refund. Legitimate users will
notice when their refunds are rejected by the IRS. With the stolen identity, they can
also open credit card accounts and rack up debts in your name. This will cause
damage to your credit rating and make it more difficult for you to obtain loans.

Personal credentials can also allow access to corporate and government data.

Organization Data Types

Traditional data

Corporate data includes personnel information, intellectual properties and financial

data. Personnel information includes application materials, payroll, offer letter,
employee agreements, and any information used to make employment decisions.
Intellectual property, such as patents, trademarks, and new product plans, allows a
company to gain an economic advantage over its competitors. This intellectual
property may be considered a trade secret; Losing this information can be
disastrous for the future of the company. Financial data such as a company's
income statements, balance sheets, and cash flow statements provide information
about the health of the company.

Internet of things and big data

With the rise of the Internet of Things (IoT), there is much more data to manage
and secure. The IoT is a large network of physical objects, such as sensors and
equipment, that extends beyond the traditional computer network. All of these
connections, plus the fact that we have expanded storage capacity and services
through the cloud and virtualization, lead to exponential data growth. This data has
created a new area of interest in technology and business called “big data.” With
the speed, volume and variety of data generated by IoT and daily business
operations, the confidentiality, integrity and availability of this data are vital to the
survival of the organization.

Confidentiality, integrity and availability

Confidentiality, integrity and availability, known as the CID triad (Figure 1), is a
guide to an organization's IT security. Confidentiality ensures data privacy by
restricting access with authentication encryption. Integrity ensures that information
is accurate and reliable. Availability ensures that information is available to
authorized people.

Confidentiality

Another term for confidentiality would be privacy. Company policies should restrict
access to information to authorized personnel and ensure that only authorized
people will see this data. Data can be divided into sections based on the level of
security or sensitivity of the information. For example, a Java developer should not
have access to the personal information of all employees. Additionally, employees
should be trained to understand best practices for safeguarding sensitive data to
protect themselves and the company from attacks. Methods to ensure
confidentiality include encryption of data, username and password, two-factor
authentication, and minimizing exposure of sensitive information.

Integrity

Integrity is accuracy, consistency, and reliability of data throughout its lifecycle. The
data must remain unchanged during transfer and must not be modified by
unauthorized entities. File permissions and user access control can prevent
unauthorized access. Version control can be used to prevent accidental changes
by authorized users. Backups must be available to restore corrupted data, and the
hash checksum can be used to verify data integrity during transfer.

The checksum is used to verify the integrity of files, or strings of characters, after
they have been transferred from one device to another over your local network or
the Internet. Checksums are calculated with hash functions. Some of the common
checksums are MD5, SHA-1, SHA-256, and SHA-512. A hash function uses a
mathematical algorithm to transform data into a fixed-length value that represents
the data, as shown in Figure 2. The hash value is only there for comparison. From
the hash value, the original data cannot be recovered directly. For example, if you
forgot your password, your password cannot be recovered from the hash value.
The password must be reset.

After downloading a file, you can verify its integrity by comparing the source's hash
values with the one you generated with any hash calculator. By comparing hash
values, you can ensure that the file has not been altered or damaged during the
transfer.

Availability

Maintaining equipment, performing hardware repairs, keeping operating systems

and software up-to-date, and creating backups ensures network and data
availability to authorized users. Plans must be in place to recover quickly from
natural or man-made disasters. Security equipment or software, such as firewalls,
protects you from downtime due to attacks such as denial of service (DoS). Denial
of service occurs when an attacker attempts to exhaust resources such that
services are unavailable to users.

Internal and external threats

Internal security threats

Attacks can originate within an organization or outside it, as shown in the figure. An
internal user, such as an employee or contracted partner, may accidentally or
intentionally:

 Mishandling sensitive data

 Threaten the operations of internal servers or network infrastructure devices

 Facilitate external attacks by connecting infected USB media to the corporate

computer system

 Accidentally inviting malware to your network with malicious emails or web

pages

Internal threats also have the potential to cause greater damage than external
threats, because internal users have direct access to the building and its
infrastructure devices. Employees also have knowledge of the corporate network,
its resources and its sensitive data, as well as different user levels or administrative
privileges.

External security threats

External threats from amateurs or expert attackers can attack vulnerabilities in the
network or computing devices, or use social engineering to gain access.
The consequences of a security breach

Protecting organizations against any possible cyberattack is not feasible, for some
reasons. The expertise required to set up and maintain your secure network can be
expensive. Attackers will always continue to find new ways to target networks.
Over time, an advanced and targeted cyberattack will succeed. The priority then
will be how quickly your security team can respond to the attack to minimize data
loss, downtime and lost revenue.

You now know that anything posted online can live online forever, even if you
managed to delete all copies in your possession. If your servers were attacked,
sensitive staff information could become public. A hacker (or hacking group) can
vandalize the company's website by posting false information and ruining the
reputation of the company that took years to create. Hackers can also take down a
company's website and cause it to lose revenue. If the website is left inactive for
longer periods of time, the company may appear unreliable and possibly lose
credibility. If the company's website or network has had a security breach, this
could lead to the leak of confidential documents, the disclosure of trade secrets,
and the theft of intellectual property. The loss of all this information can impede the
growth and expansion of the company.

The monetary cost of an attack is much greater than simply replacing lost or stolen
devices, investing in existing security, and strengthening the physical security of
the building. The company will be responsible for contacting all customers affected
by the breach and may need to prepare for legal proceedings. With all this
confusion, employees may choose to leave the company. The company may need
to focus less on growth and more on repairing its reputation.

What is impact reduction?

While most successful businesses today are aware of common security issues and
put great effort into preventing them, no set of security practices is 100% efficient.
Since a security breach is likely to occur if the prize is large, companies and
organizations must also be prepared to contain the damage.

It is important to understand that the impact of the security breach is not only
related to the technical aspect, stolen data, damaged databases or damage to
intellectual property; The damage also extends to the company's reputation.
Responding to a data breach is a very dynamic process.

Below are some important steps a company should take when it identifies a
security breach, according to many security experts:
  Communicate the problem. Internally inform employees of the problem and
call them to action. Externally inform customers through direct communication
and official announcements. Communication creates transparency, which is
crucial for this type of situation.

 Be honest and responsible in case the company is at fault.

 Provide details. Explain why the situation occurred and what was affected. The
company is also expected to cover the costs of identity theft protection
services for affected customers.

 Understand what caused and facilitated the security breach. If necessary, hire
computer forensic experts to investigate and find out the details.

 Apply learnings from computer forensics investigation to ensure that similar

security breaches do not occur in the future.

 Ensure all systems are clean, no backdoors have been installed, and nothing
else is compromised. Attackers will often try leaving a backdoor to facilitate
future breaches. Make sure this doesn't happen.

 Train employees, partners and customers on how to prevent future breaches.

Security breach example 2

High-tech children's toy maker Vtech suffered a security breach in its database in
November 2015. This security breach could affect millions of customers around the
world, including children. The data breach exposed sensitive information, including
customer names, email addresses, passwords, images, and chat logs.

Toy tablets had become a new target for hackers. Customers had shared photos
and used chat functions on the toy tablets. The information was not properly
secured, and the company's website did not support secure communication with
SSL. Although the security breach did not expose any credit card information or
personally identifiable data, the company was suspended from the stock exchange
due to concerns about the immensity of the attack.

Vtech did not properly protect customer information and it was exposed during the
security breach. Although the company informed its customers that their
passwords had been encrypted, it was still possible for hackers to crack them. The
passwords in the database were encrypted using the MD5 hash function, but the
security questions and answers were stored in clear text. Unfortunately, the MD5
hash function has known vulnerabilities. Hackers can determine original passwords
by comparing millions of previously calculated hash values.

With the information exposed in this data breach, cybercriminals were able to use it
to create email accounts, apply for credit, and commit crimes before children were
old enough to go to school. As for the parents of these children, cybercriminals
were able to take over online accounts because many people reuse passwords
across various websites and accounts.

The security breach not only affected the privacy of customers, but also ruined the
company's reputation, as indicated by the company when its presence on the stock
exchange was suspended.

For parents, it is a wake-up call to be more careful about their children's privacy
online and request better security for children's products. As for manufacturers of
network-connected products, they must be more aggressive in protecting customer
data and privacy now and in the future, as the cyberattack landscape evolves.

Security vulnerabilities

Security vulnerabilities are any type of defect in software or hardware. After gaining
knowledge about a vulnerability, malicious users attempt to exploit it. An attack is
the term used to describe a program written to exploit a known vulnerability. The
act of exploiting a vulnerability is known as an attack. The goal of the attack is to
access a system, the data it hosts, or specific resources.

Software vulnerabilities

Software vulnerabilities are typically introduced by bugs in the operating system or

application code; Despite all the efforts made by companies to find and fix
vulnerabilities, it is common for new vulnerabilities to emerge.

Hardware vulnerabilities

Hardware vulnerabilities often arise through hardware design flaws.

Hardware vulnerabilities are specific to device models and are generally not
targeted by random compromise attempts. While hardware vulnerabilities are more
common in highly targeted attacks, traditional malware protection and physical
security are sufficient to protect the average user.

Classification of software security vulnerabilities

Most software security vulnerabilities fall into one of the following categories:

Buffer Overflow: This vulnerability occurs when data is written beyond the limits of
a buffer. Buffers are areas of memory allocated to an application. By changing data
beyond the boundaries of a buffer, the application accesses memory allocated to
other processes. This can lead to a system crash, data compromise, or escalation
of privileges.

Unvalidated input: Programs often work with data entry. This data entering the
program may contain malicious content designed to cause the program to behave
in unwanted ways. Consider a program that receives an image for processing. A
malicious user could create an image file with invalid image dimensions.
Maliciously created dimensions could force the program to allocate buffers of
incorrect and unexpected sizes.

Race Conditions: This vulnerability occurs when the outcome of an event

depends on ordered or timed results. A race condition becomes a source of
vulnerability when the required ordered or timed events do not occur in the correct
order or at the proper time.

Weaknesses in security practices: Sensitive systems and data can be protected

with techniques such as authentication, authorization, and encryption. Developers
should not attempt to create their own security algorithms because they are likely
to introduce vulnerabilities. It is strongly recommended that developers use already
created, approved and verified security libraries.

Access control issues: Access control is the process of controlling who does
what, from managing physical access to computers to determining who has access
to a resource, such as a file, and what they can do with it. , how to read or modify
it. Many security vulnerabilities are generated by the incorrect use of access
controls.

Almost all access controls and security practices can be bypassed if the attacker
has physical access to the targeted computers. For example, no matter whether
you have set permissions on a file, the operating system cannot prevent someone
from bypassing the operating system and reading the data directly from the disk.
To protect the equipment and the data contained therein, physical access must be
restricted and encryption techniques must be used to protect the data from theft or
damage.
What is cyber warfare?

Cyberspace has become another important dimension of warfare, where nations

can have conflicts without the clashes of traditional troops and machines. This
allows countries with minimal military presence to be as strong as other nations in
cyberspace. Cyberwarfare is an Internet-based conflict that involves the
penetration of other countries' computer systems and networks. These attackers
have the resources and knowledge to launch massive Internet-based attacks
against other countries to cause damage or to disrupt services, such as shutting
down the entire power grid.

One example of a state-sponsored attack involved Stuxnet malware designed to

damage Iran's nuclear enrichment plant. The Stuxnet malware did not take control
of specific computers to steal information. It was designed to damage physical
equipment controlled by computers. It used programmed modular coding to
perform a specific task in the malware. It used stolen digital certificates to make the
attack appear legitimate to the system. Click Play to watch a video about Stuxnet.

The purpose of cyber warfare

The primary purpose of cyber warfare is to gain advantages over adversaries,

whether they are nations or competitors.

A country can constantly invade another country's infrastructure, steal defense

secrets, and gather information on technology to close gaps in its industrial and
military sectors. In addition to industrial and military espionage, cyber warfare can
damage other countries' infrastructure and cost lives in targeted nations. For
example, an attack may affect the power grid of a major city. Traffic may be
disrupted. The exchange of goods and services stops. Patients cannot get
necessary care in emergency situations. Internet access may also be interrupted.
By affecting the power grid, the attack can affect the daily lives of ordinary citizens.

Additionally, compromised sensitive data can give attackers the ability to blackmail
personnel within the government. The information may allow an attacker to
impersonate an authorized user to access sensitive information or the computer.

If the government cannot defend itself from cyber attacks, citizens may lose
confidence in the government's ability to protect them. Cyberwarfare can
destabilize a nation, disrupt commerce, and affect citizens' faith in their
government without physically invading the target country.

Legal issues in cybersecurity

Cybersecurity professionals must have the same skills as hackers, especially Black
Hat hackers, to offer protection against attacks. One difference between a hacker
and a cybersecurity professional is that the cybersecurity professional must work
within legal boundaries.

Personal legal matters

You don't even have to be an employee to be subject to cybersecurity laws. In your

private life, you may have the opportunity and skills to hack into another person's
computer or network. There's an old saying, "Just because you can doesn't mean
you should." Please note this. Most hackers leave footprints, whether they know it
or not, and these footprints can be traced back to the hacker.

Cybersecurity professionals develop many skills that can be used for good or evil.
Those who use their skills within the legal system, to protect infrastructure,
networks and privacy are always in high demand.

Corporate legal matters

Most countries have some cybersecurity laws. They may be related to critical
infrastructure, networks, and corporate and individual privacy. Companies must
comply with these laws.

In some cases, if you violate cybersecurity laws while doing your job, the company
may be punished and you could lose your job. In other cases, you could be
prosecuted, fined and possibly convicted.

Generally, if you are in doubt about whether an action or behavior may be illegal,
assume that it is illegal and do not do it. Your company may have a legal
department or someone from the Human Resources department who can answer
your question before you do something illegal.

International law and cybersecurity

The area of cybersecurity law is much newer than cybersecurity itself. As

mentioned above, most countries have some laws, and there will be more laws to
come.
Ethical issues in cybersecurity

In addition to working within the confines of the law, cybersecurity professionals

must also demonstrate ethical behavior.

Personal ethical issues

A person can act unethically and not be subject to legal process, fines, or
imprisonment. This is because the action may not have been technically illegal. But
that doesn't mean the behavior is acceptable. Ethical behavior is very easy to
verify. It is impossible to list all the different unethical behaviors that someone with
cybersecurity skills can exhibit. Below we present just two. Ask yourself the
following questions:

 Would I like to find out that someone hacked my computer and altered the
images on my social networking sites?

 Would I like to know that an IT technician I trusted to repair my network

disclosed to colleagues my personal information, which he obtained while
working on my network?

If you answer 'no' to any of these questions, then don't do those things to others.

Corporate ethical issues

Ethics represents the codes of behavior that are sometimes enforced by laws.
There are many areas in cybersecurity that are not covered by laws. This means
that doing something that is technically legal may still be unethical. Because many
areas of cybersecurity are not (or not yet) covered by law, many professional IT
organizations have created codes of ethics for those in the sector.

Present

IoT (Internet of Things) devices pose an even greater risk than other electronic
devices. While desktop computers, laptops, and mobile devices receive frequent
software updates, most IoT devices still have their original firmware. If
vulnerabilities are found in the firmware, the IoT device is likely to remain
vulnerable. To make the problem worse, IoT devices are designed to connect to
the provider's servers (call home) and request Internet access. To access the
Internet, most IoT device manufacturers rely on the customer's local network. The
result is that IoT devices are very prone to being compromised and, when
compromised, allow access to the customer's local network and its data. The best
way to protect yourself from this situation is to have IoT devices with an isolated
network shared only with other IoT devices.

Conclusions

Nowadays, cybersecurity is an increasingly important issue in technology, for large,

medium, and small companies, as well as for the users who consume it. Basically,
without cybersecurity, no company should function since with the slightest error the
information of the company and its clients will be compromised. In short, computer
security seeks to mitigate the risk of an attack as much as possible, since no
system is 100% secure; Because just as perimeter security systems advance and
improve, so do the techniques and ways of carrying out a computer attack.