Cyber Security

Digitization has taken over everything now-a-days and everything is going online. No doubt, technology has given us a lot of benefits and made our lives way better than the past. In this modern world, where I can literally shop online, sitting at my sofa, selecting things of my choice from a number of options available without roaming from store to store in malls, pay with a single click without the need to stand in long queues, get my stuff delivered at home without the need to go outside. What else would anyone ask for ? But, everything comes with pros and cons. All these benefits come with hidden dangers which some of us are aware of, but rest have no idea.

Cyber Security is a very well-known word and anyone (whether or not he/she is related to the technical field) has surely heard of this term in his/her life. We all have been the victims of Cyber Crime at least once in our lives, knowingly or unknowingly. Hacking is very common now-a-days. When we hear of the word hacking, the first thing that come to our minds is Social networking sites’ account hacking or leakage of financial details. But the term is very broad and has various expected as well as unexpected consequences.

Definition of CYBER SECURITY

Cyber security consists of various technologies, processes and controls that are designed specifically to protect systems, networks and data from various cyber attacks.

Before going through Cyber Security, let us know what various Cyber threats are :

Attacks on confidentiality : It is the most common type of Cyber threat. Stealing, or rather copying, a someone’s personal information is how many cyber attacks initiates, including various criminal attacks like credit card fraud, identity theft. At national/state level, confidentiality attack is made by acquiring confidential information for political, military, or economic gain.

Attacks on integrity : Integrity attacks seek to corrupt, damage, or destroy information or systems, and the people who rely on them. Integrity attacks can be subtle. Related crimes can range from script kiddies to nation-state attackers.

Attacks on availability : Preventing a target from accessing their data is the most frequently seen cyber attacks now-a-days. Ransomware, for example, encrypts a target’s data and demands a ransom to decrypt it.

These attacks may be carried out by various means. Some of them are as follows :

Social engineering : Attackers won’t ever hack a computer if they can hack a human instead. Socially engineered malware, often used to deliver ransomware, is the most common method of attack. An end-user is tricked into running a Trojan horse program, usually from a website they trust and visit frequently. User education is the best countermeasure against this attack.

Phishing attacks : Sometimes the best way to get someone’s password is to fool them into revealing it. This accounts for the definite success of phishing. Even smart users, well-trained in security, can fall for phishing attack. That’s why the best remedy is two-factor authentication (2FA) — a stolen password is worthless to an attacker without a second factor, such as hardware security token, or soft token authentication app on the user’s phone.

Social media threats : Catfishing isn’t just for the dating scene. Believable sock puppet accounts can worm their way even through your LinkedIn network. If someone who knows 100 of your professional contacts strikes up a conversation about your work, are you going to think it strange ? So, attack through social media links is a very easy method to get someone in confidence and hence is the most common one.

As I said earlier, the scope of cyber security is very broad. Any good cyber security strategy should take all the core areas into account. Now, we will talk about some of those:

Critical infrastructure : It comprises of the cyber-physical systems that society relies on, including the electricity grid, water purification, traffic lights and hospitals. The solution for organizations responsible for critical infrastructure is to perform due diligence to understand the vulnerabilities and protect against them. Everyone should first know how an attack on critical infrastructure they depend on, might affect them and then develop a contingency plan.

Network security : Network security guards against unauthorized intrusion as well as malicious insiders. Ensuring network security often requires trade-offs. For example, access controls such as extra logins might be necessary, no doubt, it slow down productivity but is really helpful in protecting against various attacks.

Cloud security : The latest technological move into the cloud creates new security challenges. For example, 2017 has seen almost weekly data breaches from poorly configured cloud instances. Cloud providers are creating new security tools to help users secure their data, but the bottom line remains the same. Moving to the cloud is not a panacea for performing due diligence when it comes to cyber security.

Application security : Application security, especially web application security, has become the weakest technical point of attack. It begins with secure coding practices, and should be augmented by penetration testing.

Internet of things (IoT) security : IoT refers to a wide variety of critical and non-critical cyber physical systems, like appliances, sensors, printers and security cameras. IoT devices frequently ship in an insecure state and usually offer less to no security patching, posing threats to not only their users, but also to others on the internet. This poses unique security challenges for both home users and society.

Cyber attacks can hence cause considerable financial and reputational damage to even the strongest organization. If you suffer a cyber attack, you stand to lose assets, reputation and business, and potentially face regulatory fines and litigation — as well as the costs of remediation. SO, it is very important to be aware of all the cyber threats and be careful with your data - be it personal or professional.