Brief on Cyber Security
Types of Cyber Security:
Preventing data and code in business-critical software (both in use and in development) from being stolen or hijacked, such as with penetration testing and encryption.
Companies are keen on getting the levels of their application security high, as most successful breaches target vulnerabilities at the application level. Application security is the process of developing, adding, and testing security features within applications, all through their life-cycle – that would prevent security vulnerabilities. While most work around application security happens at the development stages of the application, the practice also includes rigorous testing prior to the deployment of the application.
Protecting physical and digital data from unauthorized access and manipulation, both on-site and through remote systems.
Information security is the umbrella term that refers to processes and techniques to protect sensitive data and information from unauthorized access – in physical and/or electronic form. Working hand-in-hand with Application security and Network security, Information security is summed by the CIA triad – Confidentiality (data is available only to the right people), Integrity (data shared can be trusted) and Availability (data is available when required).
Industrial and IoT Security
IoT security is the technology segment focused on safeguarding connected devices and networks in the internet of things (IoT). A number of high-profile incidents where a common IoT device was used to infiltrate and attack the larger network has drawn attention to the need for IoT security. Systems like connected sensors inside printers, CCTV cameras that let you stream content over the Internet. Security is becoming a priority in industrial IT and Operational Technology (OT) as connectivity to external networks grow and attacks on Operational Technology increase. Many companies are still not aware of the threats that cyberattacks pose to their OT assets. the segregated worlds of Information Technology and Operational Technology rapidly converge, organizations are facing critical questions about their security investments in regard to Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems.
Securing internal networks against unauthorized access, with tools like remote access management and two-factor authentication (2FA).
Network security is the set of rules and configurations designed to protect the confidentiality, integrity, and accessibility of your computer networks and data. Including both hardware and software technologies, network security prevents cyberattacks from entering and spreading through your network. Secure access service edge, or SASE (pronounced “sassy”), is an emerging cybersecurity concept that Gartner described in the August 2019 report The Future of Network Security in the Cloud. SASE is the convergence of wide area networking, or WAN, and network security services like CASB, FWaaS Firewall as a Service and Zero Trust, into a single, cloud-delivered service model.
Ensuring that the structures and facilities you rely on, such as electrical grids and data centres, are access-controlled and guarded against physical harm or disruption.
Infrastructure security is the security provided to protect critical infrastructure – such as that of electrical grids, water systems, hospitals, bridges, transport hubs, and power plants. It ensures all these critical infrastructures are access-controlled and guarded against physical harm or disruption.
Includes the processes and decisions for handling and protecting data assets.
Operational security is a risk management process that prevents sensitive data from getting into the wrong hands. Operational security encourages the team to put themselves into the shoes of a cybercriminal and discover potential threats and vulnerabilities in their organization’s processes. Looking from a third-party’s perspective, they will be able to better implement or build solutions that thwart those cyberattacks attempts.
Cyber Security Awareness Training
Teaching employees and customers best practices for recognizing and avoiding cyberthreats, such as malware and phishing attacks.
The biggest risk to an organization’s information security effort is the inaction of employees. Employees need to be empowered with knowledge on how they can help secure the company’s data from cybercriminals. This can be done by training employees of the best practices they need to follow, and how they can help identify and report common security threats like malware and phishing attacks. Customers also need to be educated on how they can keep their secure to not expose themselves and the company to cyberattacks.
Examples of Cyberthreats
There are many types of cyberthreats — malicious acts that threaten to damage or steal data, or to otherwise disrupt workloads and services. No matter the type or the origin, cyberthreats are a serious hazard to business health and operations. Some of the more common variations include:
Different types of cyber-attacks
Hacking, Ransomware, Phishing, Spoofing, Malware, Spamming”
Cybersecurity threat is a threat of malicious attack to gain access to a network, steal confidential information, corrupt data, or disrupt organization services. Cyber threats are real, and anyone can be a target to cyberattacks.
Few of the different type of cyberattacks include –
Malware – Malware is catch-all term for all software intentionally designed to cause damage to a computer, server, or computer network. Most common of malwares include viruses, worms, trojan horses, spyware, and scareware.
Phishing – Phishing is a cybercrime, where an attacker sends a fraudulent (‘spoofed’) message to trick the victim into revealing sensitive information to the attacker. Most often, criminals impersonate legitimate organizations via email, telephone, advertisements and get the victim’s sensitive information, which they can later use for their own gains.
Ransomware – Ransomware is a type of malware, that encrypts the victim’s file. The attacker then threatens to perpetually block access or publish the victim’s data, unless a ransom is paid.
The main two ways of protection against malware is through
Protective tools – like a good antivirus provides a layer of protection for your computer or network.
Personal vigilance – employees in your organization need to be made aware of emails, that look like legitimate emails, but can contain links that download malware. By not clicking on these, but informing the relevant teams, employees can play a huge role in securing their organization data
Ransomware and phishing protection
Ransomware being part of malwares and given most of the spread of malware happens through emails, personal vigilance will be key to reducing the threat of ransomware attacks. A good spam email filter along with protective tools used for malware should also help things.
Distributed denial of service (DDoS) attacks
Distributed denial of service (DDoS) attacks can happen to anyone. First and foremost, an organization should develop a robust defense strategy, to minimize the impact on the business. Leveraging the cloud, understanding the warning signs, and building a secure network architecture go a long way in not causing huge financial losses to the business.
SQL injection (SQLI)
SQL injection (SQLI) is a code-injection technique used to attack data-driven applications. Malicious SQL statements are inserted into the entry field, which can then attack the databases that processes these entries. Unlike other attacks, an SQL injection attack is easily avoidable, by instructing developers to not accept such inputs that can cause the databases /infrastructure to get affected.
Man-in-the-middle attack protection (MITM)
Man-in-the-middle attack protection (MITM) attack is a cybercrime where an attacker intercepts communication between two parties, either to eavesdrop (steal login credentials), or to modify information between the two parties (sabotage communications or corrupt data). An MITM can be avoided by strong WEP/WAP encryption on access points, creating VPNs, forcing HTTPS, and implement zero-trust authentication methods across the organization.