fnC - 101 Series - For The Novice - What is Cybersecurity?

fnC - 101 Series - For The Novice - What is Cybersecurity?

Publish Date : 14-01-2024
Tags : Cybersecurity for noobs ,what is cybersecurity ,basics of cybersecurity ,
Author : Open-CISO

What is Cybersecurity?

“Cyber security is an art or process of protecting systems, networks, programs, organizational data and personal information from digital attacks, to ensure Confidentiality, Integrity & Availability at its best.” However, implementing cyber security measures has become more complex because hackers are getting intelligent and innovative by using new tools and technology for vulnerability scanning very effectively.

Is Cybersecurity a global concern?

There has been lots of talk on the current state of Cybersecurity across the globe. With increasing numbers of cyber threats and attacks, the lack of skilled professionals, especially cyber intelligence, has been a significant concern. From the government to banking sectors, enterprises are trying hard to secure and protect their data, identity, and other resources on the internet from bad actors. These sectors invest millions in their IT infrastructure to defend the sudden unprecedented and unexpected cyber-attacks.

The IRTC statistics say that the total number of reported breaches for 2021 has gone past the whole data breach instances reported in 2020. The security data breach increased by 26% in Q2 2021 and 17% in Q3 2021. Riskin’s 2021 evil internet minute suggests that cybercrime costs organizations a whopping $1.79 million per minute. The E-commerce and health sectors are most targeted.

The five laws of Cybersecurity by Nick Espinosa

If you’re a cybersecurity enthusiast, you must be familiar with the name Nick Espinosa. Nick is the official member of Forbes Technology Council, spokesperson for Covid-19 Cyber Threat Coalition, TEDx Public Speaker, CIO, and the list continues.

According to him, these are The Five Laws of Cybersecurity that apply globally.

  • If there’s a vulnerability, it will be exploited, with no exceptions
  • Everything is vulnerable in some ways
  • Humans even trust when they should not
  • With innovation comes that opportunity for exploitation
  • When in doubt, see law number

Need for Cybersecurity: Cybersecurity is no more a concern only for IT professionals. In today’s connected world, the number of devices and internet users is increasing rapidly. This is why “cybersecurity” has become one of the most critical and common challenges globally. Everybody has the right to privacy, whether online or offline. Everybody needs system, network, and data security from individuals to giant corporations. The lack of cybersecurity skills and professionals in a country can also have its national security at stake in the way. To protect our online privacy, personal data, and information, we all need Cybersecurity in one way or another. According to a report by Cybercrime Magzine, there would be 3.5 million cybersecurity jobs by 2021, which is quite comprehensive than the last few years or decades.

Types of Cyber Attacks

Ransomware: Ransom is described as extorting money from people/ organizations for freeing something or someone who was kept captive until consideration is paid for that captivity. In terms of Cybersecurity, Ransomware is a type of malicious software specially designed to attack PCs and programs by blocking access privileges and encrypting the user’s data, files, and folders until a ransom amount is paid to the attacker. Even after paying the Ranransomt’s not guaranteed that you will get back your files; the hacker may demand more or never release your resources. According to the FOX Business Report, ransomware payment took a rise of 82% to a record $570,000 in Q2 2021 from $312,000 in 2020.

DDOS Attacks: As the name suggests, a denial of service attacks the smoothly running system services, and resources suddenly stop working and respond when this attack is launched on a target computer. All an attacker needs to do is, overwhelm a system or resource with a massive number of requests so that other recommendations made by legitimate users could not be processed or responded to by that system currently. Attackers use this method of attack to cause harm to the system and to stop the system from running temporarily. When the same attack is launched from too many other affected or hostile systems known as botnets are called Distributed Denial of Service Attacks.

Malware: Malware is malicious software specifically designed to get unauthorized access or damage a computer system’s files and contents. It is also responsible for making computer systems behave inadequately and may reduce the performance and function parameters. Malware has a huge family and a rich set of siblings; some are computer viruses, worms, Trojan horses, spyware, adware, scareware, rogue software, and Ransomware.

Phishing: Yes, you’re thinking the right way; it’s pretty similar to the term and practice we use in the real world to catch fish by offering them food and making them fall into our planned trap. Phishing is something like that; you receive an e-mail with an attachment or hyperlinks, actually a trap or fraudulent mail that will seem legitimate from a trusted source like your loved ones or from the bank in which you might have an account. Asking for urgent requests, changing your password, providing sensitive data and personal information, and hence used to gain access to victims’ private info, resulting in data theft and financial losses.

SQL Injection: An SQL Injection attack is executed as a typical SQL query to the database via the input data from the client to the server. An attacker can launch a SQL Injection attack by simply submitting a malicious code into a vulnerable website search box.

Zero-Day Attack: The Zero-Day Attack targets the unknown vulnerability in the system and networks about the user or developer has no idea at all. Suppose you downloaded a Cisco application or software and started to run it on your system; unfortunately, there’s an unknown vulnerability about which you or Cisco doesn’t know of or haven’t discovered yet, but somehow a bad actor has already discovered that bug or vulnerability. Before Cisco could release a patch file or an update for that unknown vulnerability, the bad actor takes advantage of that time gap and attacks your system. Therefore, a zero-day flaw is considered an essential aspect or component when designing an application to be secure and efficient.

Man-in-the-Middle Attack: This attack works when a bad actor inserts some data or themselves in between a two-way communication or transaction. Suppose Peter wants to connect to Bob and sends a message. However, before the message arrives at Bob, a bad actor intercepts the request, modifies the message body, and then sends it to Bob. This way, Bob wouldn’t know that the message has been altered and would trust that the message has arrived from a legitimate source, Peter. At the other end, when Bob sends some message to Peter, again, the bad actor can modify the contents of that message before sending it to Peter. This way, both Peter and Bob trust each other by not knowing there’s a man in the middle watching and altering the content and data in transit.

Impact Post a Cyber Attack

As of now, we know about the basic types of cyber-attacks and their effects. So what’s after the attack? How does an organization deal with the damages or losses? How does it affect the company, its employees, and its long-term reputation? A data breach or an attack puts tremendous pressure on an organization regarding losses, adapting better security measures, and being up to date with the latest cyber-crime defense technology. The attack can cause massive data loss, including the employees’ info, ongoing and future projects, internal policy details, asset details, and financial transaction details. Apart from the economic and monetary damages, an attack can also question the organization’s reputation. Clients and its partners may not trust the institution anymore and continue the business or contract. Below are the highlights of a few areas where the impact of a cyberattack is adverse.

  • Personal Identity and Data Theft
  • Financial Loss
  • Economic Loss
  • Loss of long-term reputation in the market
  • Regulatory Compliance Fine

Cause of a Cyber Attack: According to a report from Hacker News, human error was the #1 cyber threat to businesses in 2021. Another report from EC-Council states that 88% of global cyber threats and attacks are caused by human error or behavior. Most cyber-attacks occur because of the negligence of management protocols, regardless of basic security measures, and lack of knowledge regarding how to be anonymous and surf the internet safely.

CEOs and high-level executives tend to spend millions on IT infrastructure security. Still, they would deny if asked for organizing or paying for even basic cybersecurity training for the non-IT staff or employees of the company. Even the IT professionals only seem to be concerned about the weakest links and vulnerabilities in their system and network defenses, rather than taking a hard look at non-IT professionals in the company and providing them with the basic cybersecurity training and knowledge. Shreds of evidence show many cyber-attacks estimated to be costed in millions could have been avoided with better employees training and management protocols and policies implementation by the companies at early stages. Employee negligence, malicious behavior, lack of cybersecurity compliance accounts for two-thirds of global data breaches, cybersecurity threats, and attacks. These pretty much causes cyber attacks.

Hence, below are some of the most known causes of cyber threats and attacks.

  • Human error or behavior, lack of basic cybersecurity knowledge
  • Use of old and vulnerable systems, software, and technologies
  • Companies are not willing to invest in IT infrastructure security
  • Lack of regulatory and compliance standards
  • Lack of implementation of IT act and policies
  • Poor employee-management protocols
  • Lack of participation in information exchange programs
  • Very little or no contact with Cybersecurity research teams and organizations
  • Lack of basic cybersecurity training and knowledge to non-IT professionals in an organization
  • Lack of cyber awareness
  • Not up to date with current technology

How to find if you’re under a Cyber Attack?

According to research, it usually takes six months or more for an organization to find out if there’s a data breach. Sometimes data breaches go unnoticed, and the organization never knows about it because of a lack of System & Network Security. But there are some basic measures by following which we can find out whether our online security has been compromised or there’s an active attack currently taking place. So please keep in mind the following points and guidelines when in doubt.

Sudden Spike in traffic

Your website or ecosystem suddenly gets colossal traffic and can’t maintain or accept new requests. As a result, the service may go down temporarily again and again. This happens because hackers intentionally exhaust the site with many fake traffic and requests.

Malicious system or Program Behavior

Sometimes you might notice the program and files working smoothly earlier, would start to act strange, and won’t work as functions normally. For example, you might not be able to run some programs, access some files, or open an application. In this case, you need to understand that a malware or virus attack might be causing this malicious behavior.

Change in Admin Privileges or Access Rights

If you notice or experience changes in access privilege rights for user accounts, files, and folders that you or your colleagues hadn’t done, it is also a sign of an attack, and your system may have been compromised. You might get locked out of your account as well and couldn’t get access to it until the attacker leaves the system.

What to do when under a Cyber Attack?

Somehow you discover that you’re under an active cyber-attack or data breach. Unfortunately, hackers have gained access to it. What’s then? What steps to take further? Would your first response be to call the police, your system admin, or consult a cybersecurity professional? Below I will be telling you a few most important steps to take when under a cyber-attack. First, inform your network, system, or security admin.

No,

The first step isn’t to consult the cybersecurity professional or inform the cyber-crime department. Instead, the first thing you should do is inform your System Admin because he is the person who knows the importance of the data and info which is currently at risk. Your system admin knows well about the overall system and network topology. He might have kept a backup of data/files, which you’re fearing losing. Your IT or System administrators might also possess skills to defend against the current ongoing data breach.

Inform your NOC/SOC team

Suppose you have a running Network Operations Center or a Security Operations Center. In that case, they must already be aware of the data breach and must respond immediately to defend against the attack. But still, it’s best to inform and consult them to find out the severity and complexity of the data breach, what possibly you could be losing, is there any way of recovery, or the breach was just a warning for future threats and attacks. Sometimes the security team intentionally attacks and penetrates your system and network to find the known-unknown vulnerabilities and to do risk analysis regardless of your knowledge, which might seem like an actual data breach. So it’s magnificent to engage your NOC/SOC team if you feel like you are under cyber-attack.

Consult with a cybersecurity Expert/Professional

When the above two steps don’t work, you must consult and engage a Cybersecurity Analyst as the next step. You should brief him with all the possible details and ask him to get started accordingly. A Cybersecurity analyst can protect your IT infrastructure from an attack, find the root cause of the attack and make sure these types of data breaches don’t occur anymore in the future.

Register the case in the National Cybercrime Bureau

There must be a Cyber-Crime Investigation Bureau in your country or state. Contact them and register your case to find out more about the attack. Whether it was a state-sponsored attack, a group of black hat hackers trying for financial gains, or just a bunch of early script-kiddies learning to penetrate the IT ecosystem, there should also be a Cybersecurity Research Institute that may be operating privately or under the governance of national authorities. Inform them about the recent attack on your organization to study the data breach and alert other organizations about the same.

Conclusion

The world is changing, and so does technology. Every day hundreds of thousands of devices and users are joining the internet. Unfortunately, with rising innovation in technology comes excellent risks and threats to online privacy and data security. The choice is yours whether you want to get trained and educated in fundamental cyber trends and can stand for yourself in this rapidly changing technological era. With innovation comes responsibility. As we get attached more to electronic devices and the internet, cybercriminals and attackers become intelligent and innovative. There’s no guarantee that an attack or a data breach could be avoided or stopped, but at least we can do out bit.

Top Cybersecurity infographics to look for.

Keeper’s five tips to keep your enterprise and remote workforce secure

Sonicwall cyber threat report (Ransomware) 2021 mid-year

Cybercrime magazine; Illustrations of the past, present, and future threats we face

Understand Cybersecurity - Sooner-The-Better