Running head: CYBERSECURITY 1

Cybersecurity

Name

Institution Affiliation
CYBERSECURITY 2

Cyber Security

The word "cyber" means related to a computer or computer network. Cybersecurity,

information technology security (IT), or computer security are the techniques or the processes

of providing protection to computers, programs, data, and networks from attacks or other

forms of unauthorized access, that are aiming to cause damages, theft, or exploitation.

Cybersecurity ensuring integrity, availability, and confidentiality of information (Gratian et

al., 2018). Cybersecurity is often confused with information security, although some terms

are related to computer systems. Cybersecurity focuses on protecting the computer system

from unauthorized access or being otherwise damaged or made inaccessible, on the other

hand, information security is a broader category that looks to protect all information access,

whether in hard copy or digital form. The main objective of cybersecurity is to control and

reduce risk and protect information technology assets from malicious attackers. Information

security is designed to ensure the availability, integrity, and confidentiality of data.

The major areas covered in cybersecurity are

 Disaster recovery

 Information Security

 Application security

 Network security

Information security protects data and information against unauthorized access in

order to prevent theft and protect privacy. Key techniques are:

i. Cryptography

ii. Identification, authorization, and authentication of the user

Disaster recovery planning is a mechanism that involves developing strategies,

performing risk assessment, setting priorities for recovery in the event of a disaster. For
CYBERSECURITY 3

businesses to resume normal business operations as quickly as possible after a disaster, they

should have a clear disaster recovery plan.

Application security incorporates measures or countermeasures that are applied during

the life cycle of growth and development to protect applications from a threat that may occur

from defects in the development, maintenance, or design of the application. Some of the

common techniques used for application security are

i. Auditing and logging

ii. Input parameter validation

iii. Session management, exception management, and parameter manipulation

iv. User/Role Authentication and authorization

Network security involves activities that protect the network's reliability, usability,

safety, and integrity. Effective network security targets a variety of threats and prevents them

from entering the network or spreading it (Li, 2018). Network security elements include:

i. Firewall, to block unauthorized access to the network

ii. Anti-virus and anti-spyware

iii. To identify fast-spreading threats, such as zero-hour attacks, zero-day, Intrusion

prevention systems (IPS),

iv. Virtual Private Networks (VPNs) to provide secure remote access.

The field of cybersecurity is increasingly becoming important due to its increased

dependency on computer systems, internet, and wireless network standards, such as WI-FI

and Bluetooth, and the growth of smart devices, including televisions, smartphones and the

various devices that make up the internet.

Why is it Important to have cybersecurity?

Cybersecurity is one of the most critical challenges facing modern businesses.

Without some sort of wireless network, it is virtually impossible to do business today. It is

CYBERSECURITY 4

through technology that attaches computers and enables people to interact with each other.

Unfortunately, it also allows intruders to identify and steal files they're not supposed to

access. The world is dependent more than ever on technology. As a result, the production of

digital data has expanded. Companies and governments now store much of that information

on computers and relay it to other computers through networks (Alnasser, Sun & Jiang,

2019). Devices and their underlying structures have flaws that compromise an organization's

safety and objectives once abused.

Cybersecurity is also crucial in collecting, processing, and storing unprecedented

amounts of data on computers and other devices by government, military, corporate,

financial, and medical organizations. A significant portion of that data may be sensitive and

confidential information, be it intellectual property, financial data, personal information, or

other data forms for which unauthorized access or disclosure may have negative

consequences. Organizations exchange sensitive data in the course of business through

networks and other tools, and cybersecurity defines the discipline dedicated to protecting that

information and the technologies used to process or store it. As the frequency and complexity

of cyber-attacks increase, companies and organizations need to take steps to protect their

confidential business and personal data, particularly those tasked with protecting information

related to national security, health, or financial records (Hasanov, Iskandarov & Sadiyev,

2019). Since early since March 2013, top intelligence officials in the nation have cautioned

that cyber-attacks and electronic surveillance are the biggest threat to national security,

overshadowing even terrorism.

A breach of data can have a range of devastating effects on any company. It can

unravel the credibility of a brand by losing confidence in the customer and partner. Loss of

sensitive data, such as source files or intellectual property, may cost the competitive

advantage of a company. Therefore, due to non-compliance with data protection regulations,

CYBERSECURITY 5

a data breach could affect corporate revenues. An average data breach is estimated to cost

$3.6 million to an affected company (Van 2017). With high-profile data breaches making

headlines for media, a strong cybersecurity approach is essential for organizations to adopt

and implement.

Common types of cybersecurity

Cyber Security safeguards the security of computer-connected networks, equipment,

code, and data from cyber-attacks. Hackers can access your computer system and misuse

your personal information, customer information, business intelligence, and much more

without a security plan in place. Almost everything now depends on the computer and the

internet – communication, entertainment, medicine, transportation, shopping, banking, etc.

With such high technology dependence, neglecting the possibility of cybercrime in your

company is extremely risky and potentially harmful to business, employees, and customers.

Some of the different types of cybersecurity that can help build a solid foundation for a strong

security strategy are:

(i) Cloud security - Cloud protection is a security mechanism focused on code that

protects the information in cloud assets and tracks them. Cloud providers are continually

developing and implementing new security tools to help business users protect their data

better. Cloud computing data protection is similar to traditional on-site data centers only

without the time and cost of maintaining huge data facilities, and there is minimal risk of

security breaches.

(ii) Application security - Applications security is much more available across

networks, making it an essential aspect of the project to implement security measures during

the development phase. It helps to ensure that unauthorized access is avoided. Organizations

can also identify and secure sensitive data resources by specific processes of application
CYBERSECURITY 6

security added to these data sets. Types of application securities are encryption programs,

firewalls, and antivirus programs.

(iii) Network security - As cybersecurity is concerned with external threats, network

security guards against the unauthorized intrusion of your internal networks attributable to

malicious intent. Network security maintains that by securing and inhibiting access to the

infrastructure, internal networks are secure. Security teams are now using machine learning to

flag abnormal traffic and alert to threats in real-time to help better manage network security

monitoring. Network administrators are beginning to enforce policies and procedures to

prevent unauthorized network access, alteration, and use. Examples of network security are;

new passwords, extra logins, and application security.

(iv) Internet of things (IoT) security - IoT applies to a wide range of critical and non-

critical physical, cyber networks, including computers, sensors, televisions, wifi routers,

printers, and security cameras. The core technology of the IoT industry is the IoT data center,

analytics, consumer devices, networks, legacy embedded systems, and connectors. IoT

devices are often sent in a vulnerable condition and provide little or no safety patching. For

all applications, it poses special security challenges.

(v) Data Loss Prevention (DLP) – Protects information by focusing on the

monitoring, location, classification of data in motion, in use, and at rest.

Benefits of managing cybersecurity

The benefits of implementing cybersecurity initiatives include;

 Results to improve information security

 Provides protection of end-users and their personally identifiable information

 Provides protection to networks and data from any unauthorized access

 Avails a faster recovery times in the event of a breach

 Helps improve confidence in an organization

CYBERSECURITY 7

 It causes an improvement in company credentials with the correct security controls in

place.

Limitations of cybersecurity

Some of the disadvantages and limitations to cybersecurity are

 Makes the system slower after their installations

 Could be costly for the average user

 Incorrect configurations to firewall may at times block a user from performing certain

actions to the entire internet, until when the firewall is configured correctly

 Firewalls can be difficult to configure correctly

 We need to keep updating to the new software in order to keep the security up to date.

Cybersecurity Challenges

Hackers, data loss, confidentiality, risk management, and changing cybersecurity

approaches are constantly challenging cybersecurity. There is currently nothing to indicate

that cyberattacks are going to decline. In addition, with more entry points for attacks, there is

a need for more approaches to secure digital assets to protect networks and phones. One of

cybersecurity's most troublesome aspects is the ever-evolving existence of security risks.

With the emergence of new technology and the use of existing technologies in new or

different ways, new methods of attack are also being created. It can be difficult for companies

to keep up with these continuing developments and advancements in threats and upgrading

procedures to defend against data thefts (Karlsson, 2016). This also includes making sure that

all cybersecurity components are changed continuously and reviewed to protect against

possible vulnerabilities. With smaller organizations, this can be particularly challenging. In

fact, there is much possible information today that a company can obtain on individuals who

engage in one of its programs.

CYBERSECURITY 8

With more data being gathered, another concern is the likelihood of a cybercriminal

seeking to steal PII. An enterprise that stores PII in the cloud, for instance, can suffer a

ransomware attack and should do what it can to avoid a data breach. Cybersecurity should

also tackle end-user training, as employees on their work computer, laptop, or smartphone

can accidentally carry a virus to a workplace. The workforce shortage is another major

challenge for cybersecurity. When business data growth becomes more relevant, there is a

growing need for more cybersecurity personnel with the right skills required to evaluate,

manage, and respond to incidents. Worldwide, there are projected to be 2 million unfilled

cybersecurity jobs. Cybersecurity Ventures has predicted that up to 3.5 million unfulfilled

cybersecurity jobs will be in place by 2021.

Types of cybersecurity threats

There are various forms of cyber threats such as malicious applications, malware

exploit kits, and phishing. Typically, these types of cybersecurity attacks attempt to reach,

erase, and alter the user's sensitive data. There is, therefore, a great need for active

cybersecurity methodology to be introduced in the network. Cybersecurity is an important

issue to be discussed (Housen-Couriel, 2016). An effective cybersecurity approach has

various layers of protection across the network, programs, and computers, or data that one

wants to keep safe, as in the current scenario, everyone benefits from advanced cyber defense

programs. There are different types of cybersecurity threats as discussed below;

(i) Malware

It is a software program designed to gain unauthorized access to harm the system.

Ransomware can be ransomware or just malware to access or destroy the files of the client.

Various malware types can and cannot duplicate themselves. And some malware needs host

computing while the other styles do not require host computing. For a long time, malware has

been around and continues to plague computers to this day. Malware is a catch-all word for
CYBERSECURITY 9

any computer or computer system damage software. In 1999, the first widely distributed

malware, known as the Melissa Virus, was unleashed. Eighteen years later, malware

continues to be a dangerous weapon used by cybercriminals to gather information, commit

fraud, or simply cause mayhem. Some of the common malware are viruses, trojans, worms,

ransomware, and spyware.

(ii) Phishing

Phishing attacks are incredibly common, and they involve sending massive amounts

of fraudulent emails to unsuspecting users, disguised as coming from a reliable source.

Fraudulent emails often appear to be legitimate, but link the recipient to a malicious file or

script designed to allow attackers to access your device to control or recover it, install

malicious scripts/files, or extract data such as user information, financial information, and

more. Phishing attacks can also take place with hidden intent through social networks and

other online communities, through direct messages from other users (Schneidewind, 2011).

Phishers also use social engineering and other sources of public information to gather

information about your job, preferences, and activities — giving an advantage to attackers to

persuade you they're not who they claim. Many forms of phishing attacks exist, including;

pharming, spear phishing, and whaling.

(iii) Ransomware

It is a kind of malicious software programmed to extortion of money by preventing

the user from accessing data in the computer system until the owner pays the ransom, and

paying the ransom does not guarantee that the files will be recovered or that the system will

be restored. There are many cases in which ransomware is filed. A person should take certain

steps to prevent hacking of their data. If necessary, it’s advisable no to pay the ransom.

(iv) Trojan Horse Attack

CYBERSECURITY 10

It is the form of attack that depends heavily on human communication and often

involves trying to manipulate the user to break normal security procedures and providing best

practices to allow the user access to the system, physical location, and network. Applications

are made enticing, and the client is fooled into using or opening this file. As soon as the file is

opened, the malware will be activated, and the data damage process will begin. Such files or

viruses are sent to the client as a message, audio, or email file or video or image file, etc. The

user should not open such types of links or files as they can be dangerous malware and

thereby damage the data/files to your device.

(v) Social engineering

Social engineering is a technique used by attackers to trick the user into revealing

confidential information. They will request a monetary payment or have access to your

confidential information. In order to make you more likely to click on links, install malware,

or trust a malicious source, social engineering can be combined with any of the above-

described risks.

In conclusion, having effective cybersecurity reduces the risk of multiple cyber threats

and attacks, and provides protection to individuals and organizations from unauthorized

exploitation of the technology, network, and technology. There are three threats to cyber-

security: cyberwar, which often involves data collection and is politically motivated; cyber-

terrorism, which aims to undermine fear-causing electronic systems, and cybercrime, which

includes single or group of actors to target financial gain systems.

CYBERSECURITY 11

References

Alnasser, A., Sun, H., & Jiang, J. (2019). Cybersecurity challenges and solutions for V2X

communications: A survey. Computer Networks, 151, 52-67.

Gratian, M., Bandi, S., Cukier, M., Dykstra, J., & Ginther, A. (2018). Correlating human

traits and cybersecurity behavior intentions. Computers & Security, 73, 345-358.

Hasanov, A., Iskandarov, K., & Sadiyev, S. (2019). THE EVOLUTION OF NATO’S

CYBERSECURITY POLICY AND FUTURE PROSPECTS. Journal of Defense

Resources Management (JoDRM), 10(1), 94-106.

Housen-Couriel, D. (2016). Cybersecurity threats to satellite communications: Towards a

typology of state actor responses. Acta Astronautica, 128, 409-415.

Karlsson, J. (2016). A citizen perspective of phishing in Hong Kong.

Schneidewind, N. (2010). Metrics for mitigating cybersecurity threats to networks. IEEE

Internet Computing, 14(1), 64-71.

Li, J. (2018). Cybersecurity meets artificial intelligence: A survey. Frontiers of Information

Technology & Electronic Engineering, 19(12), 1462-1474.

Van Schaik, P., Jeske, D., Onibokun, J., Coventry, L., Jansen, J., & Kusev, P. (2017). Risk

perceptions of cyber-security and prudent behavior. Computers in Human Behavior,

75, 547-559.