Cybersecurity 

is the practice of protecting or defending systems, networks, and programs from digital
attacks. These cyberattacks are usually aimed at accessing, changing, or destroying sensitive
information; extorting money from users; or interrupting normal business processes.

----- Meaning cybersecurity is protecting data, networks, programs and other information from
unauthorized or unattended access, destruction or change.

Implementing effective cybersecurity measures is particularly challenging today because there are more
devices than people, and attackers are becoming more innovative.

Why is cybersecurity important?

We live in a digital era which understands that our private information is more vulnerable than
ever before. We all live in a world which is networked together, from internet banking to government
infrastructure, where data is stored on computers and other devices. A portion of that data can be
sensitive information, whether that be intellectual property, financial data, personal information, or
other types of data for which unauthorized access or exposure could have negative consequences.

Cyber-attack is now an international concern and has given many concerns that hacks and other
security attacks could endanger the global economy. Organizations transmit sensitive data across
networks and to other devices in the course of doing businesses, and cybersecurity describes to protect
that information and the systems used to process or store it.

As the volume of cyber-attacks grows, companies and organizations, especially those that deal
information related to national security, health, or financial records, need to take steps to protect their
sensitive business and personal information.

Cyber Security Objectives

Confidentiality

the property that information is not made available or disclosed to unauthorized individuals, entities, or
processes.

It refers to protecting information from being accessed by unauthorized parties. In other words, only the
people who are authorized to do so can gain access to sensitive data. A failure to maintain
confidentiality means that someone who shouldn't have access has managed to get it, through
intentional behavior or by accident. Such a failure of confidentiality, commonly known as a breach.

Integrity

the property of safeguarding the accuracy and completeness of assets.

It refers to ensuring the authenticity of information—that information is not altered, and that the source
of the information is genuine. Imagine that you have a website and you sell products on that site. Now
imagine that an attacker can shop on your web site and maliciously alter the prices of your products, so
that they can buy anything for whatever price they choose. That would be a failure of integrity, because
your information—in this case, the price of a product—has been altered and you didn't authorize this
alteration.

Availability

The property of being accessible and usable upon demand by an authorized entity.

It means that information is accessible by authorized users. Information and other critical assets are
accessible to customers and the business when needed. Note, information is unavailable not only when
it is lost or destroyed, but also when access to the information is denied or delayed

To achieve and maintain these goals, good cyber security requires:

(i) determining the assets that are so important to the business that they need to be kept secure at all
times;

(ii) identifying the threats and risks;

(iii) identifying the safeguards that should be put into place to deal with these threats and risks;

(iv) monitoring the safeguards and assets to manage security breaches;

(v) responding to cyber security issues as they occur and;

(vi) updating and adjusting safeguards in response to changes in assets, threats and risks.

Cyberspace as a Battleground?

Each day, there is an increase in the number of threats against our nation's critical
infrastructures. These threats come in the form of computer intrusion (hacking), denial of service
attacks, and virus deployment.  In every crisis there is opportunity, as the old adage goes, even for
unscrupulous people. This especially applies to the coronavirus pandemic, which has opened
opportunities for hackers to prey on distracted peoples and organizations in many countries.

In fact, the World Health Organization has urged people to be vigilant about this as early as
April, as cyberattacks have increased fivefold. Last year, Deloitte’s Cyber Intelligence Centre reported a
spike in phishing attacks, mal-spams and ransomware assaults after their perpetrators took advantage of
Covid-19 to pretend as legitimate brands and mislead employees and customers alike. In June,
Swissinfo.ch cited figures from the National Cyber Security Center in reporting that the number of
cyberattacks — phishing, fraudulent websites and direct attacks on companies, among others — in
Switzerland reached 350, compared to the usual 100 to 150.

All the tell-tale signs were there at the onset of the pandemic. Employees under work-from-
home arrangements did not enjoy the same data-protection measures a working environment has.
Many individuals who lost their jobs were likely forced to turn to cybercrime. These have led to a global
threat called a “cyber pandemic,” an organized cybersecurity attack on organizations that takes
advantage of people’s vulnerabilities during the pandemic.

Cyber-attack

A malicious attempt, using digital technologies, to cause personal or property loss or damage,
and/or steal or alter confidential personal or organizational data

Major security problems:

♦ Virus

♦ Hacker

♦ Malware

♦ Trojan horses

♦ Password cracking

Viruses and worms

It is a malware attached to a carrier such as an email message or a word processing document

♦ A Virus is a “program that is loaded onto your computer without your knowledge and runs against
your wishes

♦ Worm – malware can autonomously spread itself without a carrier, using information about connected
computers

Solution

♦ Install a security suite that protects the computer against threats such as viruses and worms.

Hackers

♦ In common a hacker is a person who breaks into computers, usually by gaining access to
administrative controls.

3 Types of Hackers

White Hat Hackers

The term "white hat" in Internet slang refers to an ethical computer hacker, or a computer security
expert, who specializes in penetration testing and in other testing methodologies to ensure the security
of an organization's information systems.

Grey Hat Hackers

The term "gray hat" refers to a computer hacker or computer security expert who may sometimes
violate laws or typical ethical standards, but does not have the malicious intent typical of a black hat
hacker.

Black Hat Hackers

A black hat hacker (or black-hat hacker) is a hacker who "violates computer security for little reason
beyond maliciousness or for personal gain".

How To prevent hacking

It may be impossible to prevent computer hacking, however effective security controls including strong
passwords, and the use of firewalls can help.

Malware

The word "malware" comes from the term "MALicious softWARE." Software that has some malicious
intent and which is installed on a user’s computer without that user’s consent. Malware can usually
spread itself from one computer to another either as a virus or as a worm.

To Stop Malware

Download an anti-malware program that also helps prevent infections, do not download from unknown
sources, and Activate Network Threat Protection, Firewall, Antivirus.

Trojan Horses

are email viruses that can duplicate themselves, steal information, or harm the computer system. These
viruses are the most serious threats to computers.

How to Avoid Trojans

Security suites, such as Avast Internet Security, will prevent you from downloading Trojan Horses, and
also do not click unknown links.
Password Cracking

Password attacks are attacks by hackers that are able to determine passwords or find passwords to
different protected electronic areas and social network sites.

Securing Password

Use always Strong password and never use same password for two different sites.

Internal attacks

Attacks to an organization carried out by someone who is inside that organization either by himself or
with connivance of an outsider.

In many cases, the attacker employs a significant number of resources, tools and skill to launch a
sophisticated computer attack and potentially remove any evidence of that attack as well.

Highly-skilled and disgruntled employees (such as system administrators and programmers) or technical
users who could benefit from disrupting operations may choose to initiate an internal attack against a
company through its computer systems.

One of the best ways to protect against internal attacks is to implement an intrusion detection system
and to configure it to scan for both external and internal attacks. All forms of attacks should be logged,
and the logs should be reviewed regularly.

External attacks

Attacks to an organization carried out by an external agent. Requires either valid credentials or the
exploitation of some vulnerability to gain access to the systems.

One of the best ways to limit the attack surface for external attackers is to close down all network
sockets that are not being actively used by network clients. 
Common types of cyber-attack/threats

Malware. Software that performs a malicious task on a target device or network, e.g. corrupting data or
taking over a system.

Phishing. An email-borne attack that involves tricking the email recipient into disclosing confidential
information or downloading malware by clicking on a hyperlink in the message.

Spear Phishing. A more sophisticated form of phishing where the attacker learns about the victim and
impersonates someone he or she knows and trusts.

“Man in the Middle” (MitM) attack. Where an attacker establishes a position between the sender and
recipient of electronic messages and intercepts them, perhaps changing them in transit. The sender and
recipient believe they are communicating directly with one another. A MitM attack might be used in the
military to confuse an enemy.

Trojans. Named after the Trojan Horse of ancient Greek history, the Trojan is a type of malware that
enters a target system looking like one thing, e.g. a standard piece of software, but then lets out the
malicious code once inside the host system.

Ransomware. An attack that involves encrypting data on the target system and demanding a ransom in
exchange for letting the user have access to the data again. These attacks range from low-level
nuisances to serious incidents like the locking down of the entire city of Atlanta’s municipal government
data in 2018.

Denial of Service attack or Distributed Denial of Service Attack (DDoS). Where an attacker takes over
many (perhaps thousands) of devices and uses them to invoke the functions of a target system, e.g. a
website, causing it to crash from an overload of demand.

Data Breaches. A data breach is a theft of data by a malicious actor. Motives for data breaches include
crime (i.e. identity theft), a desire to embarrass an institution (e.g. Edward Snowden or the DNC hack)
and espionage.

Malware on Mobile Apps. Mobile devices are vulnerable to malware attacks just like other computing
hardware. Attackers may embed malware in app downloads, mobile websites or phishing emails and
text messages. Once compromised, a mobile device can give the malicious actor access to personal
information, location data, financial accounts and more.

Cyber safety tips - protect yourself against cyberattacks

Update your software and operating system: 

This means you benefit from the latest security patches.

2.      Use anti-virus software

 Security solutions like anti-virus apps will detect and removes threats. Keep your software updated for
the best level of protection.
3.      Use strong passwords: Ensure your passwords are not easily guessable.

4.      Do not open email attachments from unknown senders: 

These could be infected with malware.

5.      Do not click on links in emails from unknown senders or unfamiliar websites:

This is a common way that malware is spread.

6.      Avoid using unsecure WiFi networks in public places:

Where in unsecure networks leave you vulnerable to man-in-the-middle attacks.

Conclusion

In today’s dynamic environment, cyber security has become vital for individuals and
families, as well as organizations (such as military, government, business houses,
educational and financial institutions, corporations and others) that collect and store a
wide range of confidential data on computers and transmit that to other computers
across different networks. For families, protection of children and family members
from cyber-crime has become substantially important. For an individual, protecting
information that could impact social life as well as personal finance is essential. The
internet has provided a wide array of learning opportunities, but there are risks too.
Photos, videos and other personal information shared by an individual on social
networking sites such as Facebook, Twitter can be inappropriately used by others may
lead to serious and even life-threatening incidents. Social networking sites have
become the most popular medium for sharing information and connecting with other
people. But these sites have created varied opportunities for cyber-crimes,
compromised personal identities and information leakage. Therefore, it is important
for individuals to understand how to protect against cyber threats, and must also
comprehend the difference between virtual and real world. One should learn how to
protect computers and personal information from being hacked and should engage in
appropriate online behavior in order to eliminate changes of cyber threats and thereby
creating a safer online environment.