Meaning, need and importance of cyber security explained.
Cyber Security is the act of protecting all infrastructure holding our confidential data, and other internet connected systems like hardware, services and software.
Its the process and practices we implement to protect networks, computers, applications and data from attacks.
The concept of cyber security is based on the C-I-A triad. C-I-A stand for Confidentiality, Integrity and Availability.
You might come across words like ‘digital security’ and ‘computer security’ on the internet but the most common and appropriate word is Cyber security.
In simple terms, Cyber Security can be understood as a layer of defense against potential cyber attacks.
Need of cyber security
Cyber security has become way more important today than ever before due to the evolution of technology and advancing skills of hackers. The new decade has more reasons for business to employ advanced cyber security services as the threats for business in 2020 are gonna be more sophisticated.
How would you feel if an unknown/unauthorized person sneaks into your house and steal all your things or observes your activities? Or even worse, breaks your lock or dig up a secret tunnel into your house.
It is clearly a violation of your privacy and losing your important assets. This is exactly same when it comes to data and digital devices, systems and networks.
There is an extensive use of technology. Our data- including financial and personal- is normally saved on our digital devices (phone and laptops) which stand at a risk of stolen or misused by hackers. This arises the need of securing our data and preventing data breaches.
Importance of cyber security
Businesses and individuals around the world benefit hugely from technology. In fact, machines are going to replace humans in mainstream jobs in business.
Data is an important business asset. It plays an important role in big business decisions and more. Hackers target business data for monetary gain because businesses have the capacity to pay to get their data back. Ransomware attacks is an example of cyber attacks involving encryption of data by hackers making it useless for business itself.
Read about importance of cyber security for business in detail.
Threat Actors in cyber crime
Who compromises system / commits cyber crime ?
Threat actors are the individuals or organizations who have the skills of breaking into system or device of other individuals and organizations. They are generally called cyber criminals because their intention is to harm others with their skills.
These threat actors are generally classified as-
- State-sponsored actors/ government
- Hacktivists (also include script kiddies)
These threat actors are enticed by different motives- monetary gains, revenge, eavesdropping or showing dissent.
Read this blog for details about threat actors and their motives.
Protecting our surroundings
The protection to following 3 things are the priority
- Network Infrastructure
In Facility, like card enabled unlocking door and lift. What if some intruder who doesn’t have card to unlock door. This behavior must be reported and also there should be some alternatives to allow someone who is the part of organisation but somehow he/she forgot to carry the card.
In Network, the physical equipment like router, switches etc must be up to date and also using global standards and protocols of communication. Configuration of servers and network must be done properly.
In Yourself, we need to keep what do we want to share or not. Also we need to prevent leaking of PII (Personal Identifiable Information) like password, pin, phone number, email, full name and etc. This could be done by installing firewalls and maintaining anonymity in front of strangers.
One of the most frequently and common attack is shoulder surfing in which any one standing behind us have access to all the information displayed on our screen
It is the act of psychological manipulation of people into performing actions or divulging confidential information. In this hacker pretends to be someone the victim can trust upon.
Some ways of Social Engineering
- Phishing: It is an attempt to obtain sensitive information such as usernames, passwords and credit card details fraudulently by disguising as a trustworthy entity in an electronic communication
- Pretexting: it is a form of social engineering in which an individual lies to obtain privileged data. A pretext is a false motive
- Baiting, annoying someone and extract information from them
- Quid Pro Quo, if you do something for me, i ll do something for you
Defend against Malicious Website
- Rogue websites are used to collect information, spread malicious application and intercept information
- Browser Hijaking
- Sites inundated with ‘Buy Now’ offers and pop ups, indicate trouble
- Often free downloads installs spywares and other trojan in your pc
- Sites that say “Scan you pc against virus” should always be treated with suspicion
- Poorly built site with poor design and spelling mistakes
How to protect your business from cyber threats
- Don’t use files from peer to peer computers
- Avoid suspicious websites
- Don’t ignore security warnings
- Use HTTPS secured connection only
- Consult a good cyber security professional and employ best cybersecurity services