After completing this module you will:
Explain an
overview of the basic aspects of Cyber security
Explain how
Cyber security safeguards various sectors in the industry
Identify the
various elements of Cyber security
Context: An Overview of Cyber Security:
With internet
bandwidth becoming cheaper and the usage of connected, smart gadgets increasing
exponentially, protecting ourselves online and keeping all data safe and secure
has become a priority. We are relying heavily on data, connected systems and
online ecosystems to live our daily lives. It has become ubiquitous, and we
cannot imagine living without connectivity and gadgets. Security threats like
denial of service, hacking into systems, data theft, identity theft are
something that we all have to safeguard against.
Cyber security
is important because it protects all categories of data from theft and damage.
This includes sensitive data, personally identifiable information (PII),
protected health information (PHI), personal information, intellectual
property, data, and governmental and industry information systems.
This part helps
us to understand what Cyber security means, and how it can be implemented.
Key Concepts
What is Cyber security?
Cyber security
is the application of technologies, processes and controls to protect systems,
networks, programs, devices and data from cyber attacks.
It aims to
reduce the risk of cyber attacks and protect against the unauthorised
exploitation of systems, networks and technologies.
Steps to Cyber security
Critical
infrastructure security:
Critical
infrastructure security consists of the cyber-physical systems that modern
societies rely on.
Common examples
of critical infrastructure:
Electricity
grid
Water
purification
Traffic lights
Shopping
centers
Hospitals
Having the
infrastructure of an electricity grid on the internet makes it vulnerable to
cyber-attacks.
Organizations
with responsibility for any critical infrastructures should perform due
diligence to understand the vulnerabilities and protect their business against
them. The security and resilience of this critical
infrastructure is vital to our society’s safety and well-being.
Organizations
that are not responsible for critical infrastructure, but still rely on it for
a portion of their business, should develop a contingency plan by evaluating
how an attack on critical infrastructure they depend on might affect them.
Application security:
You should
choose application security as one of the several must-have security measures
adopted to protect your systems. Application security uses software and
hardware methods to tackle external threats that can arise in the development
stage of an application.
Applications are much more accessible over networks, causing the
adoption of security measures during the development phase to be an imperative
phase of the project.
Types of application security:
Antivirus
programs
Firewalls
Encryption
programs
These help to
ensure that unauthorized access is prevented. Companies can also detect
sensitive data assets and protect them through specific application security
processes attached to these data sets.
Network security:
As cyber
security is concerned with outside threats, network security guards against
unauthorized intrusion of your internal networks due to malicious intent.
Network
security ensures that internal networks are secure by protecting the
infrastructure and inhibiting access to it.
To help better
manage network security monitoring, security teams are now using machine
learning to flag abnormal traffic and alert to threats in real time. Network
administrators continue to implement policies and procedures to prevent
unauthorized access, modification and exploitation of the network.
Common examples of network security
implementation:
Extra logins
New passwords
Application
security
Antivirus programs on antispyware software o
encryption
firewalls
Monitored internet access
Cloud security:
Improved cyber
security is one of the main reasons why the cloud is taking over.
Cloud security
is a software-based security tool that protects and monitors the data in your
cloud resources. Cloud providers are constantly creating and implementing new
security tools to help enterprise users better secure their data.
Cloud computing
security is similar to traditional on-premise data centers, only without the
time and costs of maintaining huge data facilities, and the risk of security
breaches is minimal.
5 Internet of things (IoT) security
1.
IoT refers to a wide variety of critical
and non-critical cyber physical systems, like appliances, sensors, televisions,
wifi routers, printers, and security cameras.
2.
According to Bain & Company’s prediction…
3.
The combined markets of IoT will grow
to about $520 billion in 2021;
4.
More than double the $235 billion
spent in 2017.
5.
IoT devices are frequently sent in a
vulnerable state and offer little to no security patching. This poses unique
security challenges for all users.
5 Essential elements of Cyber Security
Effective cyber
security risk management must include the following five elements.
An Effective
Framework – A framework must be adopted, adjusted, and fine-tuned to an
organization’s particular circumstances and the type of data being protected.
Executives need to establish proper governance that applies to all of the
organization’s resources – its people, processes, and technology. Choosing and
implementing an appropriate framework is an essential first step to building a
cyber security risk management program.
End-to-End
Scope – A cyber security program must be comprehensive in order to be
successful – that is, address all data in the organization that needs to be
protected. To be effective, a cyber security program must keep all of the
critical elements of the organization that need to be protected in its scope.
Thorough Risk
Assessment and Threat Modeling – Identifying the risks and the likelihood of an
array of threats and the damage they could do is a critical step to prioritize
cyber security threats. In prioritizing, the cyber security team should
consider the organization’s data from an outside perspective, in other words
identify which data is likely to be valuable from a hacker’s point of view.
This perspective will help the team develop an effective cyber security
strategy to help prevent likely attacks.
Proactive
Incident Response Planning – Acknowledging that any system’s security might be
breached eventually, many organizations have adopted incident response plans.
Taking a proactive approach to incident response planning means testing the
plan, identifying how to improve its effectiveness, making those improvements,
and ensuring that personnel are trained and prepared to react to a security
breach and limit its damage.
Dedicated Cyber
security Resources – The last, but not least, critical element is personnel who
are dedicated to managing the organization’s cyber security. In order to
establish an effective cyber security risk management program, it is essential
that the roles and responsibilities for the governance of the chosen framework be
clearly defined.
Threats to Cyber Security
Password
Managers : The need to keep private digital information protected is
highlighted by the prevalence of growing cyber attacks. Password managers are
being used to keep track of and generate secure passwords. The user has to only
remember one password, that of the password manager.
Password managers like Lastpass, Dashlane, Sticky Password and KeepassX can be used.
Virtual Private
Network (VPN): A VPN connection establishes a secure connection between you and
the internet. Via the VPN, all your data traffic is routed through an encrypted
virtual tunnel. This disguises your IP address when you use the internet,
making its location invisible to everyone. You can still access all online
services using the VPN.
VPNs offer the
best protection available when it comes to your online security. Therefore, you
should leave your VPN on at all times to protect from data leaks and
cyberattacks.
Blockchain Technology : Blockchain technology, a decentralized distributed ledger of transactions, offers the next level of cyber security.
A cyber attack
is when an individual or an organization deliberately and maliciously attempts
to breach the information system of another individual or organization. While
there is usually an economic goal, some recent attacks show destruction of data
as a goal.
Malicious
actors often look for ransom, or other kinds of economic gain, but attacks can
be perpetrated with an array of motives, including political activism purposes.
1. Malware
The term
“malware” encompasses various types of attacks including spyware, viruses, and
worms. Malware uses a vulnerability to breach a network when a user clicks a
“planted” dangerous link or email attachment, which is used to install
malicious software inside the system.
Malware and
malicious files inside a computer system can:
Deny access to
the critical components of the network
Obtain
information by retrieving data from the hard drive
Disrupt the
system or even rendering it inoperable
Malware is so
common that there is a large variety of modus operandi. The most common types
being:
Viruses—these
infect applications attaching themselves to the initialization sequence. The
virus replicates itself, infecting other code in the computer system. Viruses
can also attach themselves to executable code or associate themselves with a
file by creating a virus file with the same name but with an .exe extension,
thus creating a decoy which carries the virus.
Trojans—a
program hiding inside a useful program with malicious purposes. Unlike viruses,
a trojan doesn’t replicate itself and it is commonly used to establish a
backdoor to be exploited by attackers.
Worms—unlike
viruses, they don’t attack the host, being self-contained programs that
propagate across networks and computers.
Worms are often
installed through email attachments, sending a copy of themselves to every
contact in the infected computer email list. They are commonly used to overload
an email server and achieve a denial-of-service attack.
Ransomware—a
type of malware that denies access to the victim data, threatening to publish
or delete it unless a ransom is paid. Advanced ransomware uses cryptoviral
extortion, encrypting the victim’s data so that it is impossible to decrypt
without the decryption key.
Spyware—a type
of program installed to collect information about users, their systems or
browsing habits, sending the data to a remote user. The attacker can then use
the information for blackmailing purposes or download and install other
malicious programs from the web.
Phishing
Phishing
attacks are extremely common and involve sending mass amounts of fraudulent
emails to unsuspecting users, disguised as coming from a reliable source. The
fraudulent emails often have the appearance of being legit, but link the
recipient to a malicious file or script designed to grant attackers access to
your device to control it or gather recon, install malicious scripts/files, or
to extract data such as user information, financial info, and more.
Phishing
attacks can also take place via social networks and other online communities,
via direct messages from other users with a hidden intent. Phishers often
leverage social engineering and other public information sources to collect
info about your work, interests, and activities—giving attackers an edge in
convincing you they’re not who they say.
There are several different types of phishing
attacks, including:
Spear Phishing—targeted attacks directed at specific companies
and/or individuals.
Whaling—attacks
targeting senior executives and stakeholders within an organization.
Pharming—leverages
DNS cache poisoning to capture user credentials through a fake login landing
page.
Phishing
attacks can also take place via phone call (voice phishing) and via text
message (SMS phishing).
3. Man-in-the-Middle (MitM) Attacks
Occurs when an
attacker intercepts a two-party transaction, inserting themselves in the
middle. From there, cyber attackers can steal and manipulate data by
interrupting traffic.
This type of
attack usually exploits security vulnerabilities in a network, such as an
unsecured public WiFi, to insert themselves between a visitor’s device and the
network. The problem with this kind of attack is that it is very difficult to
detect, as the victim thinks the information is going to a legitimate
destination. Phishing or malware attacks are often leveraged to carry out a
MitM attack.
4. Denial-of-Service (DOS) Attack
DOS attacks
work by flooding systems, servers, and/or networks with traffic to overload
resources and bandwidth. This result is rendering the system unable to process
and fulfill legitimate requests. In addition to denial-of-service (DoS)
attacks, there are also distributed denial-of-service (DDoS) attacks.
DoS attacks
saturate a system’s resources with the goal of impeding response to service
requests. On the other hand, a DDoS attack is launched from several infected
host machines with the goal of achieving service denial and taking a system
offline, thus paving the way for another attack to enter the
network/environment.
The most common
types of DoS and DDoS attacks are the TCP SYN flood attack, teardrop attack,
smurf attack, ping-of-death attack, and botnets.
5. SQL Injections
This occurs
when an attacker inserts malicious code into a server using server query
language (SQL) forcing the server to deliver protected information. This type
of attack usually involves submitting malicious code into an unprotected website
comment or search box. Secure coding practices such as using prepared
statements with parameterized queries is an effective way to prevent SQL
injections.
When a SQL
command uses a parameter instead of inserting the values directly, it can allow
the backend to run malicious queries.
Moreover, the
SQL interpreter uses the parameter only as data, without executing it as a
code. Learn more about how secure coding practices can prevent SQL injection here.
6. Zero-day Exploit
A Zero-day
Exploit refers to exploiting a network vulnerability when it is new and
recently announced — before a patch is released and/or implemented. Zero-day
attackers jump at the disclosed vulnerability in the small window of time where
no solution/preventative measures exist. Thus, preventing zero-day attacks
requires constant monitoring, proactive detection, and agile threat management
practices.
7. Password Attack
Passwords are
the most widespread method of authenticating access to a secure information
system, making them an attractive target for cyber attackers. By accessing a
person’s password, an attacker can gain entry to confidential or critical data
and systems, including the ability to manipulate and control said data/systems.
Password
attackers use a myriad of methods to identify an individual password, including
using social engineering, gaining access to a password database, testing the
network connection to obtain unencrypted passwords, or simply by guessing.
The last method
mentioned is executed in a systematic manner known as a “brute-force attack.” A
brute-force attack employs a program to try all the possible variants and
combinations of information to guess the password.
Another common
method is the dictionary attack, when the attacker uses a list of common
passwords to attempt to gain access to a user’s computer and network. Account
lockout best practices and two-factor authentication are very useful at
preventing a password attack. Account lockout features can freeze the account
out after a number of invalid password attempts and two-factor authentication
adds an additional layer of security, requiring the user logging in to enter a
secondary code only available on their 2FA device(s).
8. Cross-site Scripting
A cross-site
scripting attack sends malicious scripts into content from reliable websites.
The malicious code joins the dynamic content that is sent to the victim’s
browser.
Usually, this
malicious code consists of Javascript code executed by the victim’s browser,
but can include Flash, HTML and XSS.
Rootkits
Rootkits are
installed inside legitimate software, where they can gain remote control and
administration-level access over a system. The attacker then uses the rootkit
to steal passwords, keys, credentials, and retrieve critical data.
Since rootkits
hide in legitimate software, once you allow the program to make changes in your
OS, the rootkit installs itself in the system (host, computer, server, etc.)
and remains dormant until the attacker activates it or it’s triggered through a
persistence mechanism. Rootkits are commonly spread through email attachments
and downloads from insecure websites.
Internet of Things (IoT) Attacks
While internet
connectivity across almost every imaginable device creates convenience and ease
for individuals, it also presents a growing—almost unlimited—number of access
points for attackers to exploit and wreak havoc. The interconnectedness of
things makes it possible for attackers to breach an entry point and use it as a
gate to exploit other devices in the network.
IoT attacks are
becoming more popular due to the rapid growth of IoT devices and (in general)
low priority given to embedded security in these devices and their operating
systems. In one IoT attack case, a Vegas casino was attacked and the hacker
gained entry via an internet-connected thermometer inside one of the casino’s
fishtanks.
Best practices
to help prevent an IoT attack include updating the OS and keeping a strong
password for every IoT device on your network, and changing passwords often.
Train employees
in cyber security principles
Install, use and
regularly update antivirus and anti-spyware software on every computer
Use a firewall
for Internet connection
Download and
install software for operating systems and applications as they become
available
Make backup
copies of important business data and information
Control
physical access to your computers and network components
Secure the
Wi-Fi network
Require individual user accounts for each employee
Limit employee
access to data and information, and limit authority to install software
Regularly
change passwords
Preventing Cyber Attacks on your Company:
1. Identify the Threats
Basic threats
like unauthorized access to your computer should be tackled immediately before
you suffer any loss of information. Most companies contain very sensitive information
which, if leaked, could be ruinous for the company. Hackers are always looking
for opportunities to invade privacy and steal data that’s of crucial
importance. Identify and deal with potential threats
to your business before they cause harm.
2. Beware of Cybercrimes
Always be wary
of cybercriminals, work like you expect an attack. This will allow you to
ensure that your corporation is covered at all times with the necessary
strategies and plans. Always keep records of which information is attractive
for criminals and which is not. In addition to this, develop multiple
strategies with proper risk assessments on a regular basis to ensure effective
solutions should the need arise.
3.
Keep an Eye on Employees
Employees are
one of the key elements of the company because they have insights of the
business and are privy to the operations. Keep employees motivated and
discourage them from leaking out crucial information, try to make them more loyal
to the company.
In addition to
this, keep a backup of all the messages that are exchanged between employees.
Check on how they use passwords and keep these passwords safe from unauthorized
personnel. You can use a Password Manager for generating and managing the
passwords of your company.
4. Use Two-Factor Authentication
You can
minimize the risk of getting hacked by using a two-factor authentication for
your company. Encourage all employees to use two-factor authentication as it
increases security by adding an additional step for accessing accounts. In this
particular system, you have to enter a password plus you have to enter a code
which is sent to your smartphone, something that only you have access to. This
double authentication allows you to protect your data and discourages hackers
from attacking.
5. Conduct Audits on a Regular Basis
When your
company starts to grow, you eventually reach a point where you cannot
compromise the security of your data and have to minimize the risk of getting
hacked. For this specific purpose, you can have an audit performed by cyber
security consultants who are experts at protecting your data. In addition to
this, you can hire a full-time security officer who will be responsible for
handling all security-related problems and ensure the safety of your business.
6. Ensure a Strong Sign-Off Policy
In order to
keep your company safe and secure from online threats, you need to develop and
implement a strong sign-off policy for all employees. This sign-off policy
should ensure that the employees return laptops and mobile devices before they
leave the premises. In addition to this, the email address that you use must be
encrypted so information doesn’t leak and data remains confidential.
7. Protect the Important Data
Always protect
the most sensitive information of your company. Data which is vulnerable and
can be targeted by hackers should be protected first. Keep a check on how this
crucial data storage is being accessed by staff and make sure that it cannot be
accessed by anyone without authorization. Double check the procedures that you
use to lock the data to ensure that it is safe and out of reach from intruders.
8. Carry out Risk Assessments
Conduct cyber
security risk assessments on a regular basis in order to mitigate the risks.
There should be a separate department in your company that is dedicated to
minimizing the risk of data loss. Risk Management is one of the key factors
that contribute towards the growth of your company as it keeps the business
safe from getting exposed to competitors who are always looking for insights.
You can also hire a professional like a Cybercrime Consultant or Risk
Mitigation Specialist, these are experts at protecting your company against threats
and are known for producing positive results for your business.
9. Insure Your Company Against Cybercrime
There are many
companies that offer insurance policies against cybercrimes and attackers. This
can prove to be a good investment for your company as it covers all the risks
and threats that arise because of hackers and viruses. Moreover, by covering
your company for cybercrime, you will also have an idea about the damages that
you can suffer and have an estimate of the level of the risk that your company
is involved in.
10.
Have In-Depth Knowledge About Risk Factors
Get knowledge
about the risks involved in your business, the better security measures you
will be able to take for your company. Plan systematic audits for your company
in order to keep your company clean from all sorts of viruses and build a
detailed overview of the rules and regulations that all employees have to
follow to ensure the safety of the business. After compiling the results of the
audits, develop and implement security strategies accordingly in order to
reduce the risks that you have identified
Lab Session
Exercises to assess understanding of the
concepts
You have CCTV
cameras installed in your home. You are able to remotely monitor the CCTV
footage on your mobile from anywhere. Do you think your CCTV footage can be
intercepted and viewed by hackers?
You use your
mobile to pay for services online through internet banking or using debit card.
You do not have any antivirus program installed on your mobile. Do you think it
is possible for hackers to get access to your password/CVV without you sharing
the info?
Practical Assignments using common tools
Find out which
are the most popular free antivirus apps and VPN apps available for your
mobile. Compare any two of each.
Install any
free antivirus app on your mobile and note the features of the app.
Install any
free VPN app on your mobile, and visit your favourite (regularly visited)
websites. Note down any difference in the experience before and after
installing the VPN app.
Note: The
trainer is instructed to encourage the students to work in groups of 02-03 and
discuss the above exercises before submitting the same
Frequently Asked Questions
What is Cyber
Security?
Cyber security
refers to the specialization of computer network security that consists of
technologies, policies, and procedures that protect networked computer systems
from unauthorized use or harm.
Why do we need Cyber Security?
The increasing
reliance of our information-age economies and governments on cyber
(computer-based) infrastructure makes them progressively more vulnerable to
cyber attacks on our computer systems, networks, and data.
In their most
disruptive form, cyber attacks target the enterprise, government, military, or
other infrastructural assets of a nation or its citizens.
Both the volume
and sophistication of cyber threats (cyber warfare, cyber terrorism, cyber
espionage and malicious hacking) are increasing, and pose potent threats to our
enterprise, government, military, or other infrastructural assets.
What is a Cyber
Attack?
An offensive
action by a malicious actor that is intended to undermine the functions of
networked computers and their related resources, including unauthorized access,
unapproved changes, and malicious destruction. Examples of cyber attacks
include Distributed Denial of Service (DDoS) and Man-in-the-Middle (MITM) attacks.
What are the
differences among the terms cyber attack, cyber threat & cyber risk?
The terms cyber attack, cyber threat, and cyber risk are interrelated as follows. A
cyber attack is an offensive action, whereas a cyber threat is the possibility
that a particular attack may occur, and the cyber risk associated with the
subject threat estimates the probability of potential losses that may result.
For example, a
Distributed Denial of Service (DDoS) cyber attack by a botnet is a cyber threat
for many enterprises with online retail websites, where the associated cyber
risk is a function of lost revenues due to website downtime and the probability
that a DDoS cyber attack will occur
What is malware?
Malware is an
umbrella term derived from "malicious software", and refers to any
software that is intrusive (unauthorized access), disruptive, or destructive to
computer systems and networks. Malware may take many forms (executable code,
data files) and includes, but is not limited to, computer viruses, worms,
trojan horses (trojans), bots (botnets), spyware (system monitors, adware,
tracking cookies), rogueware (scareware, ransomware), and other malicious
programs. The majority of active malware threats are usually worms or trojans
rather than viruses
What is cyber hygiene?
Cyber is a
colloquial term that refers to best practices and other activities that
computer system administrators and users can undertake to improve their cyber
security while engaging in common online activities, such as web browsing,
emailing, texting, etc
What is cyberspace?
Cyberspace is
the virtual environment that consists of computer systems and networks, where
all computers communicate via networks and all networks are connected. The term
originated in science fiction during the 1980s and became popular during the
1990s. More recently computer vendors are attempting to brand cyberspace as the
"Internet of Things" (IoT).
What is a firewall?
A firewall is a
network security system that monitors incoming and outgoing network message
traffic and prevents the transmission of malicious messages based on an
updatable rule set. In effect, a firewall establishes a barrier between a
trusted, secure internal network and external networks (e.g., the Internet)
that are assumed to be untrustworthy and non-secure. Firewalls can be
implemented as software that runs on general-purpose hardware (e.g., an open
source firewall on a Windows PC or Mac OS X computer) or a dedicated hardware
device (appliance).
How does a firewall work?
Firewalls
function as a filter between a trusted, secure internal network and external
networks (e.g., the Internet) that are assumed to be untrustworthy and
non-secure. The firewall filter may be flexibly programmed to control what
information packets are allowed and blocked.
What is anti-virus software?
Anti-virus
software, also known as, anti-malware software, is computer software used to
scan files to identify and eliminate malicious software (malware). Although
anti-virus software was originally developed to detect and remove computer
viruses (hence its name), it has been broadened in scope to detect other malware,
such as worms, Trojan horses, adware, spyware, ransom-ware, etc.
How does anti-virus software work?
Anti-virus
software typically uses two different techniques to identify and eliminate
malware:
Virus
dictionary approach: The anti-virus software scans a file while referring to a
dictionary of known virus signatures that have been previously identified. If a
code segment in the file matches any virus signature in the virus dictionary,
then the anti-virus software performs one or more of the following operations:
deletes the file; quarantines the file so that it is unable to spread; or
attempts to repair the file by removing the virus from the file.
Suspicious behavior
approach: The anti-virus software monitors the behavior of all programs,
flagging suspicious behavior, such as one executing program attempting to write
date to another executable program. The user is alerted to all suspicious behavior,
and is queried regarding how the suspicious behavior should be handled.
What is a
Unified Threat Management (UTM) system and how does it work?
A Unified
Threat Management (UTM) provides multiple security services in a single device
or service on a network. UTM security services can include, but are not limited
to:
Scanning
incoming date using Deep Packet Inspection (DPI) to secures the network from
viruses and other malware;
Filtering
website URLs to prevent access to malicious websites;
Ensuring
operating systems, applications, and Anti-Virus software are updated automatically
with the latest patches and security updates
What is the
relation between cyber security and cryptography?
Cyber security
defenses are typically based on strong authentication and encryption
techniques(cryptography
techniques), cryptography is a key enabling technology for cyber security. In
other words, cryptography helps to implement cyber security.
No comments:
Post a Comment