Cybersecurity is now a trending word, technology, and a domain in the Information sector. With every individual's activity going online ranging from social collaboration to financial payments over the internet, there is a great scope for an alarming increase in risks that compliment them. Digitalization of information also has a great downside of being compromised upon. Let us now try to understand what cybersecurity is, and why is there a need for such a thing to exist in the first place.
Cyber Security is the art of protecting the integrity of your network, programs, products, and your data from being attacked, damaged or allow any sort of unauthorized access. There are a certain set of techniques that get to the work of achieving all the above-mentioned criterion. The core functionality as defined by these techniques is to ascertain that the information and data are protected from any major cyber threats. Cyber Security comes in as an extension and also accentuates the idea of General Data Protection Regulation (GDPR) and the National Institute of Security Technology (NIST) Cybersecurity framework.
Now with this understanding of Cybersecurity, let us go through what are the risks that an individual or an organization can go through if enough attention is not provided. There is a wide range of attacks that affect your data which is available online. To counter these attacks, vulnerabilities, and other variants, there is an increasing number of individuals getting deployed into organizations with definitive skill sets. Let us go through the subsequent sections of this article to get some better understanding of the same.
What Exactly Is Cyber Security?
Cyber Security or Security under the Information Technology sector is a field within IT that involves protection of Computer systems and also the prevention of unauthorized use of digital data or change in access to electronic data. Cyber Security also deals with the subjects of software protection, hardware protection, network protection and all the deal that relates to these areas. Cyber Security is also referred to as the security that’s been offered to protect your online resources through a different and unique set of online services.
Since there is a heavy dependency on Computers in this modern day to store and transmit confidential information related to people, customers, employees, and professionals, it becomes even more critical to safeguarding the information that crosses the domains. Cyber Security thus becomes a critical function that needs all the attention of an organization as it needs to ensure many other businesses that rely on them. This also has to protect the Computer systems from being stolen or damaged as well. Cyber Security thus helps in securing data from thefts such as data theft or even data misuse, safeguards all your systems from any malware or viruses.
Why Is Cyber Security important?
The digital age has all our private information made public and also the vulnerable side of the business is that these details might get compromised if the organizations that we trust do not pay attention to any of the cyber-attacks. Recent incidents as like the Flickr accounts that got compromised or the earlier incident of LinkedIn accounts getting compromised are the greatest examples of why Cyber Security is so important for any business – to be very precise. News stories related to data theft, ID theft, and data breaches also make the rounds, which affects the routine lives of millions of customers.
Having said that, organizations are now taking further steps on improving their security strategies, and also they are ensuring this for their own good. If they are not able to do this, then they would go out of business when there are so many competitors looking for that ideal chance to step over some organization to rebrand the whole business for themselves. Alongside the preventive measures that are taken by the organizations, we as individuals should also note down some points from this news and make sure that we do understand the risks that are involved in putting our data online. Now that the point is pretty much clear that Cyber Security is very much important for any organization to prevail doing business, let us now take a quick look into further details as well.
And just so that it is clear, Cyber Security isn’t just about businesses and the Government but it also includes us in some manner or the other – direct or indirect. Your devices contain most of the vulnerable data on themselves which the hackers would always be willing to take a look at. Those details can be your email list, your address, your friends’ addresses, names, birthdates and many more. Just in case that a potential hacker gains control over your email and contact details, then all he has to do is just send an email from your account to all your contact list with an email subject “Hey So and So, Please click here!!!”. The others would still think that it is a genuine email that has been received from a contact that they know and they would click it and from then on, all the illegal things happen on their banking accounts, emails, etc. With this, we need to have a social responsibility on what is being shared and to who is it getting shared with actually.
What is a Cyber-attack?
A cyber-attack can be defined as a deliberate exploitation of computer systems, technology-dependent enterprises, hardware, or software or network. These attacks would use some sort of malicious code introduced into the target system to alter, destroy, or gain unauthorized access to data that is not supposed to be seen by someone else. Such an act can destroy the data that is available and will be considered data theft or ID theft. A cyber-attack is also coined as Computer Network Attack and goes by the acronym CNA.
[Related Blog: Cyber Security Attacks]
Cyber-attacks may include the consequences that are listed down, all at once or only a few out of these – but nonetheless, it’s an offensive crime that has been attempted to:
- Identity theft, fraud or an extortion
- Malware, phishing, pharming, Trojans, Spyware, spoofing, and spamming.
- Stolen software
- Stolen hardware like stolen hard disks, mobile devices, and laptops.
- Denial of Service (DoS) or Distributed Denial of Service (DDoS)
- Access breach
- Password sniffing
- System infiltration
- Website defacement
- Private and/or Public web browser exploits
- Intellectual Property (IP) theft, unauthorized access
Types of Cyber Attacks
The following is a partial short list of attacks:
|Passive||Computer and Network Surveillance||
Subscribe to our youtube channel to get new updates..!
Passive cyber-attacks generally use non-disruptive methods, just so that the hacker doesn’t want to draw much of an attention towards this. The sole purpose to do a passive cyber-attack is to gain unauthorized access to data without being detected.
Following are various kinds of passive cyber-attacks or threats that an individual or a group of individuals can perform to disrupt the whole system altogether.
Computer and network surveillance:
Computer and Network surveillance is generally referred to as monitoring of all the computer activity and also on the data that gets stored on the hard-drive, or even on the data that gets transferred to other destination (e.g. the Internet). This activity of monitoring will always be done covertly and there’s absolutely nothing that can’t be monitored right now – It can be done by your ISP (Internet Service Provider), your network teams that work in tandem with other areas of business in your organizations, hackers etc.
Vast amounts of surveillance happen over the networked assets and are carried out involving monitoring the data and traffic on the Internet. There are various ways by which the data that gets transferred from one source to other destination in the form of packets be intercepted for good. Let us now go through each and individual technique to understand the concept and also on a side note, what could be done to not to fall prey in the hands of those malicious hackers.
- Wiretapping: Wiretapping or telephone tapping is the process of intercepting an individual’s telephone conversations and also his internet conversations by a covert means. The passive way of wiretapping monitors over these various kinds of conversations or even records the traffic for further usage.
- Fiber tapping: Fiber tapping, on the other hand, the usage of network tap method which enables an individual to extract signals from optical fibers without even breaking the condition. Tapping of an optical fiber is the method by which signals from the core of the optical fiber is being transmitted to another destination (fiber or a detector).
- Port Scan: A port scan is a series of messages that are sent by an individual with intentions to exploit the weaknesses of your system. It is one of the common methods to crack through a system and to check where to probe for weaknesses. Based on the response that is received from these series of messages, it is known to the hacker whether a port is already being used to provoke for more weaknesses.
A host is where the attack gets targeted for and has no specific meaning to it than what it actually sounds like, as there are some ways by which an individual can hack into your systems.
- Keystroke logging: Keystroke logging or generally referred to as keylogging or even the keyboard capturing is the process of watching over / monitoring your keyboard activity without being identified. Doing so the host is never aware that is being watched over.
- Screen scraping: The process of screen scraping can be defined as the process of collecting screen display data from an application and then translating it to a totally different application which can display the scraped data.
- Backdoor: A backdoor is a way by which the system’s security mechanisms are bypassed without being watched over to access the computer, and also the data that comes along with it. Backdoor Trojans or Shells do take the necessary advantage of vulnerable components in the web applications as such.
Active cyber-attacks generally are offensive, blatant and brute force attacks that victim of these attacks get aware of instantly. As by nature, active cyber-threats are more disruptive for your organization’s business and also highly malicious. Hackers who get involved in active cyber-attacks are least bothered about getting noted as the required damage would’ve already happened by the time the attack is identified or the hacker himself / herself is identified.
Following are the examples of various kinds of active cyber-threats that an individual or a group of individuals can perform to disrupt the whole system altogether.
A Denial of Service (DoS) attack is an attempt made by perpetrators to make a machine or network resource available to its intended users by temporarily or indefinitely disrupting their services of a host that is connected over the Internet. In layman terms, it is the technique by which the services of an organization are shutdown making it impossible to access for its intended users.
In the context of network security, a Spoofing attack is a scenario where an individual or a program tries impersonates as a totally different individual by falsifying data only to gain illegal, illegitimate access to the data owned by that individual. These kinds of attacks are generally done over networks to spread malware further to gain access over confidential information or data.
Following are the network related attacks that we will be discussing in further detail:
- Man-in-the-middle: A Man in the Middle (mitm) attack is generally an attack where the perpetrator gets in the middle of a communication between two parties to eavesdrop or impersonate. Here the attacker secretly and covertly relays and also possibly alters the communication that’s happening between two parties who tend to believe that they are communicating with each other directly.
- Man-in-the-browser: A Man in the Browser (mitb) is a form of the above discussed technique (a man in the middle technique) where the perpetrator is a proxy Trojan horse which infects a specific web browser, further taking advantage of the vulnerabilities in the browser security to modify the transactions in the middle or insert newer set of transactions gaining control over it.
- ARP poisoning: Address Resolution Protocol (ARP) poisoning is a form of cyber-attack in which a perpetrator modifies the MAC (Media Access Control) address and further attacks an Ethernet LAN by modifying the target computer’s ARP cache with a forged request. This is done by sending ARP messages into a local network.
- Ping flood: Ping flood, also rather called ICMP flood is another kind of Denial-of-Service (DoS) attack in which the perpetrator takes down the host’s computer by overwhelming it with “echo request” (ping) packets. This causes the target to be inaccessible for normal traffic anymore.
- Ping of death: Ping of death or generally referred to with an acronym PoD attack is also another kind of Denial-of-Service (DoS) attack where a perpetrator attempts to crash or destabilize or freeze the targeted computer or service by transmitting malformed or oversized packets using a simple ping command.
- Smurf attack: The Smurf attack is a Distributed Denial-of-Service (DDoS) attack in which the perpetrator attempts to send ICMP (Internet Control Message Protocol) packets with the host’s spoofed IP address are broadcasted over the computer network using just an IP broadcast address.
Following are the attacks that can be seen over a particular host, let us see much in detail in the following sections:
- Buffer overflow: In the information security realm, a Buffer overrun or a Buffer overflow is an anomaly where a program attempts to write data to a buffer which overruns the original boundary of the buffer and thus writes over to the adjacent memory locations.
- Heap overflow: A Heap overrun or a Heap overflow is again an anomaly like the Buffer overflow which happens in the heap data area. A heap overflow can be exploited in a very different manner in comparison to those on the stack-based overflows. On the heap area, memory is dynamically allocated by the application or services in the run-time which generally contains the program data.
- Stack Overflow: A stack overflow or stack overrun is an anomaly that occurs when a program attempts to write to a memory address on the program’s call stack outside of the intended data structure, which is usually a fixed length buffer.
- Format string attack: Format string attacks are used to exploit the system weaknesses to crash a program or to run a set of malicious code on a given peculiar system. Such attacks are executed when the application doesn’t validate the submitted input properly.
In conventional terms, an attack uses weapons like bombs or fire. If the same concept is applied in the realm of Information Security or Network Security, a syntactic attack uses viruses, worms or Trojans to disrupt or damage your organization’s services and systems.
Though there is a different classification made available under this category, the result is the same. Introducing any of the following into the Host’s system will execute tons of malicious code to make sure that the sensitive details are all grabbed and also eats on the Host’s resources for doing all the operations that are required to gain illegal access to these details.
- Trojan horses
Hence, we have discussed the cyber attacks in very high-level terms and this should provide us with enough insights on how to handle these in your own organizations.
Types of Cyber Security:
As we have discussed in the earlier sections of this article, Cybersecurity refers to the Science of protection of devices, processes, infrastructure (software, hardware) of an organization from any kinds of cyber-attacks, data theft, identity theft or unauthorized access etc. With the advent of newer technologies and also increasing interdependency of organizational systems and networks, there is always a need to have an effective management and strategy to define the security mechanisms for an organization. Hence it is predicted to grow by leaps and bounds in the future years to come to cater to the needs of all the organizations that try to plant themselves in this digitalization world.
Cybersecurity is an umbrella under which many other systems encompasses for their levels of security. Let us now take a look at each and every one of them and also try to get some introduction into those areas as well:
This denotes to the security that an organization has to apply for maintaining the safety of their own data. This ensures that the data is protected against any data theft attacks, unauthorized accesses, or any data breaches.
Network security talks in specific about the monitoring and prevention any unauthorized access to data that an organization owns for its businesses. Both hardware and software technologies could be put to use to achieve a safe network environment for an organization – usage of reliable and usable Antivirus, Antispyware software etc.
Application security constitutes the safety measures and also counter-measures to tackle any kinds of threats and vulnerabilities for an organization. These are taken care from the beginning of the application development itself and few of these get appended at the end to understand better approaches to plug and play some of the latest technologies.
What is a Cyber Threat?
The possibility of a malicious attempt that has been made to damage or disrupt an existing computer system or a network of systems is called as a Cyber threat. The examples of cyber threats include an attempt to access files, and steal or infiltrate data. By definition, a threat can be treated as an opportunity or as a possibility. A CyberSecurity threat might be identified by the damage that has already been done (from the data that has been stolen) or the Tactics, Techniques, and Procedures (TTP) that have been deployed.
Types of Cyber Threats:
Now, with this understanding, let us discuss in detail about these Cyber threats:
Attacks on Confidentiality:
A network can be called secure if and only if the three basic security concepts namely integrity, confidentiality and availability are ensured. With more advanced tools being available, number of security incidents are also on the rise. With these tools, it also makes it difficult to identify these threats any earlier until there is considerable damage being done to your brand or organization.
Eavesdropping (Message Interception) is an example of attacks on confidentiality where access to information is gained in unauthorized manner with the help of packet sniffers and wiretappers. Files and programs are copied from the target computer system illicitly.
Attacks on Integrity:
Tampering is an example of attacks on integrity where the message flow is stopped, delayed and the message is also modified optionally. The attacker might want to release these messages later on as well. This attack can be carried over via unauthorized assumption of other’s identity. Once such access is gained, the objects are either generated or distributed under this gained identity access.
[Related Blog: Cyber Security Threats and Prevention Methods]
Attacks on Availability:
The organization’s hardware is targeted in such attacks where the hardware is destroyed (by cutting down the fiber) or destroying the software. Software might also be attempted to modify in subtle ways via alias commands as well. Corrupt packets of data might be transmitted from gained access in the transit. These kinds of attacks gain access to lot of confidential information, can abuse the network usage or the computing resources etc.
Social Engineering is defined as the range of cyber attacks achieved using human interactions. These attacks are used via psychological manipulation of users into making vulnerable security mistakes by giving away sensitive information. Social engineering attacks can happen in more than one steps and might have to be planned way ahead in time.
Phishing attacks can be explained as those email or text messages that you would receive creating a sense of urgency, fear or even curiosity in the minds of the victims. These email or text messages would contain malicious links probing them to leak their rather sensitive information.
With more and more companies going towards BYOD concepts (Bring Your Own Devices) to workplace, organizations are more likely to prone to cyber threats where these devices be outdated or contain unpatched softwares. Such devices when attacked and join the organization’s network, the organization on the whole falls prey to these kinds of cyber threats.
Social media threats:
Social media isn’t all about promoting your brand or organization’s name to the general public but also is a cyber risk of losing all your organization’s data to hackers who always look out for opportunities. One of the best examples to quote here is that one of your employees don’t abide to your organization’s security policies and posts a good amount of information, pictures online on social media. The hackers take this as an opportunity to publish false Facebook posts with malicious links to gain access into the Organization’s network to further steal, manipulate or alter sensitive information.
Advanced persistent threats:
Advanced Persistent Threats (APT) are performed by experienced, skilled cyber criminals who gain access into your Organization’s infrastructure using all the known loopholes gain what’s required and also may evade detection for years together. There can be other techniques used as like the Social engineering or Phishing attacks to plant a malware to compromise your Organization’s network but may not breach until the individual is confident that it is not detected. These malwares probe for the required network access with Command and Control (CnC) servers to gain further instructions and / or malicious code.
Cyber Security Strategy Template:
According to most of the Industry experts, each Organization should be having a CyberSecurity Strategy to fight against any unfortunate cyber attacks way before hand and those are explained below. But to understand the core, those are CyberSpace design, CyberSpace Density and finally Market regulation and safety.
In this section, we would discuss the need and also the requirement of such a template for the organization. Is your organization already prepared to face any such unforeseen attacks and how prepared are we to face such an attack is what can be understood right away. Having this handy provides the organization a level of confidence on its existence, if they are breached later point in time (there is every possibility that they’ll be able to cope up from it).
By having such a strategy and a template defining what should be accessed by who and to what time is that access be available for them, makes it very easy to understand the critical data that is held by an organization. It also allows the individuals responsible in the organization know who may and can access it. It also allows them to analyze the risks from all points of view, like the cyber risk, physical risk, and finally a combined brand risk associated with the breach of any of this information, assets, etc.
Governance, Policies and Processes:
Generally, there are security advisors defined in every organization who would lean towards all such activities, but there are several organizations that promote each individual taking their own part of responsibility in getting things done. But, you must have a clear picture of who owns these responsibilities, who overlooks on all the security practices, security methodologies, etc. There are some tests that can be run to check the policies, tools, firewalls are able to withhold any such unforeseen activities.
External participation and Internal collaboration:
There can be competitors within your lines of business, but, when it comes to security, each and every organization within your line of business should be aligned to a certain set of rules and regulations. Instead of competing with our rivals on these cybersecurity methodologies, there is always a scope to collaborate with them to gain better understanding and also gain mutual trust amongst each others so as to keep themselves in business much longer than what they could for themselves all alone.
Each organization should apply a sense of urgency in getting this done for themselves. This will not only safeguard an organization but also imbibes a better understanding amongst all the employees within it. It is better that such a culture be cultivated amongst the employees of the organization, so as to keep them in business for longer time. This also ensures that things are done in the best possible manner to safeguard themselves and also the organization.
In this article, we have gone through the details about cybersecurity and also the various kinds of attacks that could possibly be employed to break down the services of a given organization. Though there are some many ways to bring down your systems or services, there is enough number of countermeasures that someone can employ to skillfully fight against these attacks. We have classified these attacks as per the order, preference, damage extent, and considering various other features. Hope these details are all that you were looking for in this article.
Having gone through these details, we would expect that you make the right choice for implementing an effective security strategy for your own organization. You can refer most of the details here and based on the line of business that you belong, you could define a custom security strategy to handle these attacks.