Cyber Security is the set of processes designed to protect the computer, computer networks and the data from unauthorized access, vulnerabilities and attacks such as hacking, phishing, spamming, IoT Malware, spoofing, etc. The security solutions for these threats include IDS(Intrusion Detection System), IPS(Intrusion Prevention System), firewall, etc.
Cyber security can also be called as the set of techniques built to safeguard sensitive data like health data, business data, financial data, personal data from unauthorized access, vulnerabilities or attack and thus preserve the integrity, reliability, and consistency of the data.
Cyber Security came into the picture after the evolution of the virus back in the 1970’s when researcher Bob Thomas created a program ‘creeper.’ This is the same program which was considered a so-called “virus” a few years later. Cyber security is very crucial for infrastructure, data and application security.
Why cyber security?
As the businesses are growing, the data variety and complexity is also increasing. The industry is making use of the data warehouses, cloud and other methods to accommodate those vast amounts of data.
Nevertheless, a little carelessness towards these vast data sets can cause considerable losses to the industry.
Besides, there are so many important personal data which if goes into the bad hands can cause severe damage to individuals and companies.
Think of your SSN, bank accounts, email passwords, credit card information and other PHI (Protected Health Information).
Can you imagine the consequences of losing this information? Isn’t it frightening?
Cryptojacking, supply chain attacks, and mobile malware are the trends for 2018 as per the Internet Security Threat Report.
Sadly, more than 90% of the Companies are still not equipped with the kind of security mechanisms needed to be on par with the cyber attacks happening in the Industry.
Basic Classification of Cyber Security
Cyber security covers the following areas
It aims to protect the data that flows through the interconnected networks from any interception, modification or damage with the help of a good anti-virus, IDS.
Steps were taken to protect the application from threats like performing time-to-time audits, penetration testing and with the help of tools to ensure system security.
The cloud provides security services like DDoS protection, vulnerability scan, backup, and disaster recovery, log management using SIEM but unfortunately, the attackers have adapted their tools to the cloud platform and are better at using it.
IoT is an emerging technology but very prone to attacks as the security is not yet strongly built into it.
Moreover, it is not that difficult for the hackers to crack the default password or with the help of a malware break into the network and exploit the company’s intellectual property or customer data.
Vulnerability vs. threat vs. risk
A lot of times we use vulnerability, threat, and risk interchangeably. But there is a subtle difference. Let’s understand this.
A vulnerability is a gap or weakness in the system that can be exploited by a threat maliciously or accidentally to violate integrity.
E.g., inadequate security plan policy, inadequate emergency plan, missing audit, no preventive maintenance program, etc.
Threats are the expression that denotes the possibility of intentional or unintentional damage by attacking the CIA. Example- data theft, terrorism, virus, worms, penetration in OS.
It is the probability that a particular threat will exploit a particular vulnerability. Example- inadequate system logging, lack of encryption, lack of management, outdated OS.
Risk= Vulnerability x Threat (vulnerability is exposed to threat)
Control- Countermeasure to control that risk.
How can vulnerability be treated?
A vulnerability can be reduced by identifying the weaknesses and applying proactive measures to deal with threats/attacks.
Proactive measures like sing Indicators of Attack(IoA) which is an endpoint detection solution wherein the unusual behavioral patterns in data are studied to understand the criminal’s intent in the initial phase itself and thus block them even before their goal is achieved.
It is helpful in the cases of ransomware and zero-day attacks. Also by increasing the level of preparedness, i.e., well-trained emergency teams, plan and exercises like vulnerability assessment testing can the chances of risks be reduced.
Some of the well known cyber threats
Most of the time, identifying the threats is not that easy. Let’s talk about some of the typical well known cyber threats.
Before knowing the threats, let’s understand the three main pillars on which cyber security stands. Those are confidentiality, integrity, and availability (CIA).
Confidentiality means no unauthorized user should be able to access the data.
This is done to prevent the data from falling into unwanted hands. Integrity involves the transfer of the data from source to receiver without any modification.
Availability means data should be made available to the intended user 24 x 7.
Every act committed to breaking into a computer or computer network will be considered hacking. It does not matter if the hack has taken place successfully, even an attempt to do so will be equally considered a crime.
It is a computer program which will initially appear useful but is quite harmful. The Trojan program comes in two parts- client and server.
If the victim unknowingly runs the server on the computer, then the attacker can use the client to connect to the server and start using the Trojan. TCP/IP protocol is used for such communications.
This kind of program can replicate itself and spread to other programs thus affecting them. The worms are programs that multiply like viruses and spread from one computer to other.
Email spoofing is a unique kind of cyber attack. In this case, an email appears to have been originated from one source when it originates from some other source. This is a kind of identity theft.
Email Spamming- Sending the same message via mail to thousands of users.
Email Bombing- Sending the same message to the same IP address again and again.
Flooding the computer devices with an exceptional number of requests more than it can handle which ultimately results in the crashing of the website thus denying access of service to the authorized users.
Social Engineering Attack where the attacker tricks the victims into revealing all his sensitive personal details like username, password, atm card details thus benefitting the attacker financially.
Mishing & Vishing
Phishing is done using mobile phone technology. Vishing is phishing information from somebody over a phone call (v-voice) using VoIP protocol.
VoIP Spam- Proliferation of unwanted, automatically dialed and prerecorded phone calls using VoIP.
When the Bluetooth is ON, it becomes effortless for the attackers to hack using tools like the blue scanner, blue bugger, blue snuff.
Hackers gain illegal access to the victim’s computer, encrypts the files and demands payment in return for the files back. The most significant attack was the WannaCry attack in 2017.
Drones are very valuable for business and government agencies nowadays. They are very vulnerable to attacks.
Maldrone is a malware created to hack the drones using internet for stealing the information stored in the machine.
The US military is currently working on hacker-proof drones so that it can shield itself from potential attacks.
Internet of Things is a growing technology, and it enables multiple household devices to be connected for easy communication.
The communication takes place with the aid of the internet and is password protected. But the hackers can quickly identify a vulnerability and break into the network using a malware ultimately causing a kind of DDoS attack.
Criminals secure similar URLs and website like that of the legitimate sites which look normal and genuine to the end users.
Once the user enters into this fake website, he may enter his private credentials thinking it legitimate and thus revealing it to the hackers.
Let’s review some of the preventive measures now.
It is a device or software application that monitors a network or system for malicious activity or policy violations. It can be classified into NIDS (Network Intrusion Detection System) and HIDS (Host Intrusion Detection System).
A system that monitors OS files is an example of HIDS, while a system that analyzes incoming network traffic is an example of NIDS.
An IDS can be connected in 3 ways (a) using a hub or switch spanning port (b) using network tap (c) connected inline.
It is a network threat prevention technology that examines network traffic flows to detect and prevent vulnerability exploits. It sits directly behind the firewall and monitors the dangerous content.
Unlike IDS which is a passive system that scans traffic and reports back on threats, the IPS is placed inline between the source and destination that actively analyzes and takes automated actions on all traffic flows that enters the network.
It acts as a barrier to the traffic passing in all directions. It operates as a filter at the level of IP or higher protocol layer.
The external firewall placed in the middle of the internet and web server is to block the untrusted external users or ransomware or viruses.
The internal firewall is to prevent the external user from accessing the internal network. The firewall also monitors traffic and can also generate alerts if it detects some suspicious patterns.
Log Management using SIEM
It deals with managing large volumes of computer-generated logs( system logs, application logs, event logs, etc.). It involves log collection, centralized aggregation, long time retention and log analysis using machine learning in SIEM.
Manual analysis is generally not possible these days because of the enormous datasets, and so SIEM is quite handy in that sense.
SIEM allows collecting only the security relevant logs and analyzing them in real time unlike traditional log management and finally produces an incident management report.
Cyber security is the protection of network-connected systems, including data, software, and hardware, etc. from cyber attacks or from unauthorized access. We should not only inculcate strong end-user awareness, but also organizations should follow security compliances like FISMA, HIPAA, SOX, PCI DSS to be secure as much as possible.
Data should be kept in encrypted form, and we should always have antivirus in place. Besides auditing, proper monitoring of audit logs is also necessary to identify suspicious patterns of potential malicious attacks.
Security has become like an arms race and attackers are coming up with new vulnerabilities every day. With the help of machine learning, attackers are quickly able to come out with newer mechanisms to break into and so even the organizations need to prepare themselves continuously to deal with such atrocious cybercrime.