Open in app

Sign in

Write

Sign in

GIF of secure computer being attacked

Key Points of Cyber Security

Hugh Gallagher
5 min readOct 30, 2019

--

Information is important in this day and age. Data drives the world around us. How should we go about protecting it? What about the devices we store that data on? There are a number of methods out there, old and new, that provide us with the protection we seek.

Firewall

Image of a burning wall between a virus and a computer

A firewall is one of the oldest, and most basic forms of security for network facing devices. This does not make it any less important. When it comes to cyber security your firewall should be your first line of defence.

A firewall is designed to analyse incoming and outgoing network traffic (generally with more of a focus on incoming), to detect and block any malicious activity. The rules it follows to determine whether something is malicious or not can be set and modified by the user, or administrator in the case of a multi-user computer. It acts like the bouncer on the door to your computer.

While they are far from infallible, firewalls are amazing for stopping a wide array of less sophisticated cyber attacks. Unfortunately cyber criminals are pretty intelligent individuals. As a result of this they’ve become quite adept at creating attacks that firewalls interpret as ordinary network traffic. Resulting in no action from the firewall, and the attack getting through this first line of defence. Think someone showing the bouncer a convincing fake ID.

So what comes next?

Antivirus

Image of a virus being injected to symbolise antivirus

Antivirus software has a range of duties to attend to. If something manages to make its way past the firewall it’s up to the antivirus to find it internally. Depending on how sophisticated your software is the next step could be alerting you to the threat, quarantining it so it can cause no (further) damage, or ideally, removing the threat entirely.

With so many avenues of entry nowadays to a computer, most antivirus software will scan not only files stored on the computer, but also those attached to emails, the content of the emails themselves, and removable media such as USB drives. From there it may advise you not to interact with the medium, or perform its ordinary duties and remove the offending article.

Encryption

Image depicting encryption with a confused virus

So the virus gets through your firewall, and evades the antivirus. What next? One option you can take is this section’s title — Encryption. Depending on how far down the security rabbit-hole you decide to go, this could be one of your last lines of defence.

If the virus is designed to invade, and destroy or corrupt your data, encryption probably won’t do you much good. You’ll need something more severe at that stage, likely a whole system recovery. But if corruption is not the aim, and your encryption is good enough, it can mitigate the effects of a lot of viruses (and other forms of attack such as malware).

At its core encryption seeks to take human readable text, and covert it into something that looks like utter nonsense. It takes place in most internet services we use, for the purpose of security and protecting our data. It ensures that anyone intercepting your internet activity must go to great lengths to figure out what you’re doing.

One particular use of encryption takes place on databases when data is resting. To understand what this is, think of your messages on Facebook when you’re not online. They stay on the database, resting. This is called encryption at rest. I’ve linked you there to an article I wrote, but if you’re not big into maths I’d suggest just reading the first few sections of it.

Staff Training

Image of a presentation being given to employees on best practises

Now I’ll contradict myself here. I’ve said already that a firewall should be the first line of defence against cyber attacks. But your true first line of defence should be training your staff on the importance of being alert and aware when online.

It can sound like very basic things, but just because advice is basic does not mean it is unimportant:

  • Your staff should know not to use strange and unknown USB devices — they could infect the computer and spread throughout the business.
  • If your network has particularly sensitive information on it they should know to only use business computers on it.
  • They should know to never give out password information to third parties; on the phone, through email, or any other form.
  • Most importantly, they should be taught how to recognise suspicious links and emails.

What’s Next?

Infographic with facts about AI in cyber security

Well continuing to practice everything I’ve mentioned so far. Of course there are always new innovations, new developments that can aid in, and improve, security. A prime example is how Artificial Intelligence is being introduced, and intertwined into security for faster and better detection, which allows for a much more rapid response time.

It also fills the gap, to an extent, of experienced cyber-security workers. Taking the mundane tasks from them, allowing for a focus on more pressing matters.

If you’d like to read about the implementation of AI in more detail check out this article by my colleague Grace Byers. She’s delved into what it can do, and looks at a few of the products out in the wild making use of this technology today!

Questions or comments? Find me over on LinkedIn at https://www.linkedin.com/in/hugh-gallagher/

* All views are my own and not that of Oracle *

Cybersecurity
Technology
Computer Science
Security
Internet

--

--

Hugh Gallagher

Written by Hugh Gallagher

76 Followers

Writing on what interests me

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams