Cyber Security

SUBTITLE
 Introduction
• Since the 1970s, computer usage starts to grow and reaches
every aspect commercially and personally.
• Despite their handiness, computers are also prone to several
threats.
• IBM and other early computer companies have already
provided security software products since the seventies.
• As the computer and digital media development, the threats
also get developed.
• To counteract them, people nowadays are creating protection
called Cyber Security.
• The term refers to a protection system for computers and
networks from theft, damage, disruption, illegal changing, or
information disclosure taken from the electronic data,
software, or hardware.

• The definition might seem simple, but in reality, the varied

and enhanced technologies like smartphones, websites,
televisions, Internet of Things (IoT) require a complicated
cyber security system.


 Cyber Security’s elements
• Based on the function and media, cyber security system covers
these types of security:
 Data security:
In every single network, hardware, and software, there must be data provided
by the owners, clients, or even the third party. Data security protects by giving
limited access only to the authorized ones to prevent any data theft.
 Application security:
This type of security should be developed from the design stage of the
program. Continuous updates of the apps should include the security system,
so new threats could be detected early.
 Mobile security:
Mobiles including tablets and cell phones are also prone to threats that could
come from wire/devices like USB and wireless like Bluetooth and the internet.
 Network security:
By connecting people, networks have a bigger possibility of getting intrusion
and attacks. The admin/host is also a part of the security system.
(Continued)
 Endpoint security:
Users and entry points (users’ devices) are most likely to get
malicious threats from a virus such as Malware. The form of security
could be anti-virus software, but the best one is the education for users
to carefully plug in USBs, responding to suspicious links and more.
 Cloud security:
Cloud is a digital data storage that enables users to store and
download data. Although the storage companies also run their cyber
security system, the users also need to be careful in managing their
cloud account there have been many data thefts due to reckless Cloud
account usage.
 Database and Infrastructure security:
Not only the digital software but the hardware could also be stolen.
The security system should cover digitally and physically.
 Business continuity and disaster recovery:
Unexpected incidents might cause data loss. The owners should
design a system to recover the loss or at least to back up the data.
Another way is designing Business Continuity which is a plan to run the
business with some missing resources/data.
 Why is Cyber Security important?
• As mentioned before, cyber threats could bring any damages to the
data, hardware/software, and reputation. Further problems such as
data abuse and data leaking are likely to happen. On the contrary,
all types of data including intellectual property, non-public personal
information (NPI), and non-public corporate information are
sensitive information that must be protected.
• There have been creative ways of stealing sensitive information
and simple protections like anti-virus app is not enough to prevent
the threats. Hence governments in several countries participate in
making regulations related to cyber security. An example is General
Data Protection Regulation (GDPR) in European Union. Many other
countries are also taking legal stances regarding cyber matters.
• Unfortunately, some cases of data leaking also come from the
governmental body. Hence, the stakeholders and individuals need
to be wise in managing the data. Especially the institutions, the
cyber security system must be designed carefully to prevent any
threats including data leaking intentionally or unintentionally.
 CYBER THREATS
• Digital threats are categorized into three
types that are cybercrime, cyber-attack,
and cyber-terrorism. Cybercrime is
organized by a person or a group
targeting financial profit or disruption.
Cyber-attack is mostly driven by political
motives and cyber terrorism is mostly
done in massive act to cause certain fear.
To make those threats happen,
cybercriminals usually use these
methods. Some of these threats are
given in the next slide.
 Cyber Threats Methods
• Phishing: the most frequent threat might be phishing. It is an illegal act to steal
one’s private data by sending them a link that redirects to fake sites or forms
requiring users’ personal information.
• Malware: acronym of Malicious Software, Malware enables attackers or hackers to
have access to the installed device.
• SQL Injection: it stands for Structured Query Language. Just like its name, SQL is a
code injected into an entry field that exploits the security vulnerability.
• Backdoor: similar to the name, the backdoor is a technique to access a program by
passing the ‘main’ normal authentication. It is usually inserted by program
developers or hackers, and it is hard to detect.
• Denial-of-service attack: this attack employs ‘denial’ by the system by submitting
the wrong password or overloading a network/machine’s capabilities to make the
service unavailable. Another example is zombie computers.
• Direct-access attack: contrary to a denial-of-service attack, the direct-access attack
is done by installing keyloggers, worms, a wireless mic, or covert listening devices
to make operating system modifications for direct access to the original one.
• Spoofing: it is a masquerade act that comes from data falsification. Examples
include biometric spoofing, IP address spoofing, and email spoofing.
 Tips on building your Cyber Security
After knowing all possible threats, now is the best time to build your
cyber security system. To start, here are a few tips that you can follow.
• Avoid any suspicious emails, chats, texts, or links from unknown senders.
Especially if they ask you to input your particular data.
• Regularly update pins or passwords with unique and strong ones. This
could block access to the hackers that are currently logging into your
account.
• Never use public and unsecured Wi-Fi. People could break into your device
using a wireless connection.
• Have a secure backup.
• Use cyber security technologies such as Identity and Access Management
(IAM), Security information and event management (SIEM), and data
security platform.
• Educate and check the staff to minimize the insider threat.
• Try Third-Party Risk Management (TRPM).
• Employ IT professionals that could detect any possible threats or protect
from any hackers’ attacks.
(Continued)
• Choose cyber security strategy at least choose some software protection like anti-virus
or others.
• Use multi-factor authentication as it is harder to get broken down.
• Do not recklessly log in to various devices.
• Prepare for the worst by making secondary plans in case there is data/resource loss.
Thank You!