Introduction
It can be rightfully said that today's generation lives on the internet and we general users are almost ignorant as to how those random bits of ones and zeros reach securely to our computer.
It's not magic. It's work and sweat that makes sure that your packets reach to you unsniffed. In today's post we will learn about how cyber security makes this all possible.
Now before we begin, let me brief you all about the topics that we're going to cover today. So basically we're going to ask three questions that are important to cyber security.
Firstly we're going to see why cybersecurity is needed. Next we're going to see what exactly is cybersecurity and in the end I'm going to show you all through a scenario how cybersecurity can save a whole organization from organized cyber crime.
Why cybersecurity is important
So let's get started. As I just said we are living in a digital era whether its booking a hotel room, ordering some dinner or even booking a cab we are constantly using the internet and inherently constantly generating data. This data is generally stored on the cloud which is basically a huge data server or data center that you can access online. Also we use an array of devices to access this data.
For an attacker, it's a golden age, with so many access points, public IP addresses and constant traffic and tons of data to exploit, black hat hackers are having one hell of a time exploiting vulnerabilities and creating malicious softwares. For the same reason above that cyber attacks are evolving day by day hackers are becoming smarter and more creative with their malware and how they bypass virus scans and firewalls still baffle many people.
Cyber attacks
Let's go through some of the most common types of cyber attacks now. Let's go through them briefly.
General Malware
So first on the list we have general malware Malware is an all-encompassing term for a variety of cyber threats including Trojans viruses and bombs. Malware is simply defined as code with malicious indent that typically steals data or destroys something on the computer.
Phishing
Next on the list, we have phishing, often posing as a request for data from a trusted third party. Phishing attacks are sent via email and ask users to click on a link and enter their personal data. Pishing emails have gotten much more sophisticated in recent years, making it difficult for some people to discern a legitimate request for information from a false one. Pishing emails often fall into the same category as spam, but are more harmful than just a simple ad.
Password Attack
Next on the list. We have password attacks a password attack is exactly what it sounds like, a third party trying to gain access to your system by cracking a user's password.
DDOS
Next up is DDOS which stands for distributed denial of service. A dose attack focuses on disrupting the service of a network, an attacker sent high volumes of data or traffic through the network that is making a lot of connection requests until the network becomes overloaded and can no longer function.
Man in the middle attacks
Next up we have man-in-the-middle attacks, is an attack by impersonating the endpoint in an online information exchange, that is the connection from your smartphone to a website. The MITM attacks can obtain information from the end users and entity he or she is communicating with, for example, if you're banking online the man in the middle would communicate with you by impersonating your bank and communicate with the bank by impersonating you. The man in the middle would then receive all the information transferred between both parties which could include sensitive data such as bank accounts and personal information.
Drive by downloads
Next up we have drive-by downloads, through malware on a legitimate website, a program is downloaded to a user system just by visiting the site, it doesn't require any type of action by the user to download it actually.
Mal-advertising
Next up we have mal-advertising, which is a way to compromise your computer with malicious code that is downloaded to your system when you click on an affected ad.
Rogue software
Lastly we have rogue softwares, which are basically malwares that are masquerading as legitimate and necessary security software that will keep your system safe.
The Need for Cybersecurity
So as you guys can see now the internet sure isn't a safe place, as you might think it is, this didn't only applies for us as individuals but also large organizations.
There have been multiple cyber breaches in the past that has compromised the privacy and confidentiality of our data. If we head over to the site called information is beautiful, we can see all the major cyber breaches that have been committed. So as you guys can see even big companies like eBay, AOL, Evernote, Adobe have actually gone through major cyber breaches even though they have a lot of security measures taken to protect the data that they contain. So it's not only that small individuals are targeted by hackers and other people but even bigger organizations are constantly being targeted by these guys.
After looking at all sorts of cyber attacks possible, the breaches of the past and the sheer amount of data available we must be thinking that there must be some sort of mechanism and protocol to actually protect us from all these sorts of cyber attacks, and indeed there is a way, and this is called cybersecurity.
In a computing context security comprises of cybersecurity and physical security, both are used by enterprises to protect against unauthorized access to data centers and other computerized systems. Information security, which is designed to maintain the confidentiality integrity and availability of data is a subset of cybersecurity.
The use of cybersecurity can help prevent against cyber attacks, data breaches, identity theft and can aid in risk management. So when an organization has a strong sense of network security and an effective incident response plan, it is better to be able to prevent and mitigate these attacks, for example, end user protection, defense information and guards against loss of theft while also scanning computers for malicious code.
CIA Triad
When talking about cyber security there are three main activities that we are trying to protect ourselves against, and they are:
- Unauthorized modification
- Unauthorized deletion
- Unauthorized access.
Confidentiality
So first on the list we have confidentiality, confidentiality is roughly equivalent to privacy, measures undertaken to ensure confidentiality are designed to prevent sensitive information from reaching the wrong people while making sure that the right people can in fact get it. Access must be restricted to those authorized to view the data in question, it is common as well, for data to be categorized according to the amount and type of damage that could be done, should it fall into unintended hands, more or less stringent measures can then be implemented across to those categories.
Sometimes, safeguarding data confidentiality may involve special training for those privy to such documents, such training would typically include security risks that could threaten this information. Training can help familiarize authorized people with risk factors and how to guard against them, for the aspects of training can include strong password and password related best practices and information about social engineering methods to prevent them from bending data handling rules with good intention and potentially disastrous results.
Integrity
Next on the list we have integrity, integrity involves maintaining the consistency, accuracy and trustworthiness of data over its entire lifecycle. Data must not be changed in transit and steps must be taken to ensure that data cannot be altered by unauthorized people. For example in a breach of confidentiality, these measures include file permissions and user access controls. Version control may be used to prevent erroneous changes or accidental deletion by authorized users becoming a problem. In addition, some means must be in place to detect any changes in data that might occur as a result of non-human caused events such as, electromagnetic pulses or silver crash some data might include checksums , even cryptographic checksums for a verification of integrity backup or redundancies must be available to restore the affected data to its correct state.
Availability
Last but not least is availability, availability is best ensured by rigorous maintaining of all hardware, performing hardware repairs immediately when needed and maintaining a correctly functional operating system environment that is free of software conflicts. It's also important to keep current with all necessary system upgrades, providing adequate communication bandwidth and preventing the occurrences of bottlenecks are equally important. Redundancy, failover and even high availability clusters can mitigate serious consequences when hardware issues do occur. Fast and as adaptive disaster recovery is essential for the worst case scenarios that capacity is reliant on the existence of a comprehensive disaster recovery plan.
Safeguards against data loss or interruption in connection must include unpredictable events such as natural disasters and fire. To prevent data loss from such occurrences a backup copy must be stored in a geographically isolated location perhaps even in a fireproof water safe place. Extra security equipments or software such as firewalls and proxy servers can guard us against downtimes and unreachable data due to malicious actions such as denial of service attacks and network intrusions.
How to protect yourself from cyber attacks
So now that we have seen what we are actually trying to implement when trying to protect ourselves on the internet we should also know the ways that we actually protect ourselves when we are attacked by cyber organizations.
The first step to actually mitigate any type of cyber attack is to identify the malware or the cyber threat that is being currently going on in your organization.
Next we have to actually analyze and evaluate all the affected parties and the file systems that have been compromised and in the end we have to patch the whole treatment so that our organization can come back to its original running state without any cyber breaches.
So how is it exactly done? This is mostly done by actually calculating three factors.
- The first factor is vulnerability
- The second factor is threat and
- The third is risk.
Vulnerability
So let me tell you about the three of them a little bit. So first on the list of actual calculation is we have vulnerability. So a vulnerability refers to a known weakness of an asset that can be exploited by one or more attackers. In other words it is a known issue that allows an attack to be successful.
For example when a team member resigns and you forget to disable their access to external accounts, change logins or remove their names from the company credit cards, this leaves your business open to both unintentional and intentional threats.
However most vulnerabilities are exploited by automated attackers and not a human typing on the other side of the network.
Next, testing for vulnerabilities is critical to ensuring the continued security of your systems by identifying weak points and developing a strategy to respond quickly.
How to determine your security vulnerabilities?
Here are some questions that you ask when determining your security vulnerabilities. So you have questions like is your data backed up and stored in a secure offsite location? Is your data stored in the cloud? If yes, how exactly is it being protected from cloud vulnerabilities? What kind of security do you have to determine who can access, modify or delete information from within your organization?
Next like you could ask questions like what kind of antivirus protection is in use? What are the current license? Are the license current? And is it running as often as needed? Also do you have a data recovery plan in the event of vulnerability being exploited?
So these are the normal questions that one asks when actually checking their vulnerability.
Threat
Next up is threat. A threat refers to a new or newly discovered incident with potential to do harm to a system or your overall organization.
There are three main types of threat, natural threats like floods or tornadoes, unintentional threats such as employee mistakenly accessing the wrong information and intentional threat. There are many examples of intentional threats including spyware, malware, adware companies or the actions of disgruntled employees. In addition, worms and viruses are categorized as threats because they could potentially cause harm to your organization through exposure to an automated attack as opposed to one perpetrated by human beings. Although these threats are generally outside of one's control and difficult to identify in advance, it is essential to take appropriate measures to assess threats regularly.
How to assess your security threats?
Here are some ways to do so. Ensure that your team members are staying informed of current trends in cybersecurity so they can quickly identify new threats. They should subscribe to blogs like Wired and podcasts like the TechGenics, Extreme IT that covers these issues as well as join professional associations so they can benefit from breaking news feeds, conferences and webinars. You should also perform regular threat assessment to determine the best approaches to protecting a system against a specific threat along with assessing different types of threat.
In addition, penetration testing involves modeling real-world threats in order to discover vulnerabilities.
Risk
Next on the list we have risk. So risk refers to the potential for loss or damage when a threat exploits a vulnerability. Examples of risks include financial losses as a result of business disruption, loss of privacy, reputational damage, legal implications and can even include loss of life. Risk can also be defined as follows (Risk = Threat × Vulnerability) which is basically threat multiplied by the vulnerability.
How to reduce your security risks
You can reduce the potential for risk by creating and implementing a risk management plan and here are the key aspects to consider when developing your risk management strategy.
Firstly, we need to assess risk and determine needs. When it comes to designing and implementing a risk assessment framework, it is critical to prioritize the most important breaches that need to be addressed. Although frequency may differ in each organization, this level of assessment must be done on a recurring basis. Next we also have to include a total stakeholder perspective.
Stakeholders include the business owners as well as employees, customers and even vendors. All of these players have the potential to negatively impact the organization but at the same time they can be assets in helping to mitigate risk. So as we can see, risk management is the key to cyber security.
Scenario on how cybersecurity can save a whole organization from organized cyber crime
Now let us go through a scenario to actually understand how cybersecurity actually defends an organization against very manipulative cyber crimes. Cybercrime as we all know is a global problem that's been dominating the new cycle. It poses a threat to individual security and an even bigger threat to large international companies, banks and governments. Today's organized cybercrime far outshadows lone hackers of the past and now large organized crime rings function like startups and often imply highly trained developers who are constantly innovating new online attacks.
Most companies have preventative security softwares to stop these types of attacks but no matter how secure we are cybercrime is going to happen.
So meet Bob, chief security officer for a company that makes a mobile app to help customers track and manage their finances. Security is a top priority. So Bob's company has an activity response platform in place that automates the entire cybersecurity process. The ARP software integrates all the security and IT software needed to keep a large company like Bob's secured into a single dashboard and acts as a hub for the people processes and technology needed to respond to and contain cyber tasks.
Let's see how this platform works in the case of a security breach.
While Bob is out on a business trip, irregular activity occurs on his account as a user behavior analytics engine that monitors account activity, recognizes suspicious behavior involving late night logins and unusual amounts of data being downloaded. This piece of software is the first signal that something is wrong. An alert is sent to the next piece of software in the chain, which is the security information and event management system. Now the ARP can orchestrate a chain of events that ultimately prevents the company from encountering a serious security disaster. The ARP connects to a user directory software that Bob's company uses which immediately recognizes the user accounts belong to an executive who is out on a business trip and then proceeds to lock his account. The ARP identifies the address as a suspected malware server. As each piece of security software runs, the findings are recorded in the ARP's incident which is already busy creating a set of instructions called a playbook for a security analyst to follow. The analyst then locks Bob's accounts and changes his passwords. This time the software has determined the attempted attack came from a well-known cybercrime organization using stolen credentials.
Bob's credentials were stolen when the hacker found a vulnerability in his company's firewall software and used it to upload a malware infected file. Now that we know how the attack happened, the analyst uses the ARP and identifies and patches all the things. The ARP uses information from endpoint tool to determine which machines need to be patched, recommends how to patch them and then allows the analyst to push the patches to all the computers and mobile devices instantly.
Meanwhile, Bob has to alert the legal departments of the breach and the ARP instantly notifies the correct person of the situation and the status of the incident after the attack is contained and Bob's account is secured. The analyst then communicates which data may have been stolen or compromised during the incident. He identifies which geographies, jurisdictions and regulatory agencies cover the users and information affected by the attack. Then the ARP creates a series of tasks so the organization can notify the affected parties and follow all relevant compliances and liability procedures. In the past, a security breach to this large would have required Bob's company to involve several agencies and third parties to solve the problem, a process that could have taken months or longer.
But in a matter of hours, the incident response platform organized all of the people processes and technology to identify and contain the problem, find the source of the attack, fix the vulnerability and notify all affected parties and in the future, Bob and his team will be able to turn to cognitive security tools. These tools will read and learn from tens of thousands of trusted publication blogs and other sources of information.
This knowledge will uncover new insights and patterns, anticipate and isolate and minimize attacks as they happen and immediately recommend actions for security professionals to take keeping data safe and companies like Bob's out of the headlines.
Okay, guys, I hope you all learned something about cybersecurity today and why it is so essential in today's world. That's it from me. Goodbye.
Print this post
.png "Instagram")
0 Comments