When asked about cyber-security what comes to mind?
Most people will answer this question and say hacking or some even say Penetration testing. Cyber-security goes way beyond hacking and pen testing, according to IBM.
Cyber-security is the practice of protecting critical systems and sensitive information from digital attacks. Also known as information technology (IT) security, cyber-security measures are designed to combat threats against networked systems and applications, whether those threats originate from inside or outside of an organization.
In simpler English Cyber-security is the protection of internet-connected systems such as hardware, software and data from cyber-threats. Before diving into the elements of cyber-security we should first of all understand some basic terms.
Hardware:
Quite simply, computer hardware is the physical components that a computer system requires to function. It encompasses everything with a circuit board that operates within a PC or laptop; including the motherboard, graphics card, CPU (Central Processing Unit), ventilation fans, webcam, power supply, and so on.
Software:
Computer software is a program that tells a computer what to do. These instructions might be internal commands, such as updating the system clock, or a response to external input received from the keyboard or mouse.
Data:
Ever heard the phrase Data is the new gold. Well data is a collection of facts, such as numbers, words, measurements, observations or just descriptions of things. Data is most commonly the target of cyber-threats.
Cyber-Threats:
A cyber threat or cyber-security threat is a malicious act intended to steal or damage data or disrupt the digital well-being and stability of an enterprise. Cyber threats include a wide range of attacks ranging from data breaches, computer viruses, denial of service, and numerous other attack vectors.
Now that we understand what all the terms above are we can now start dissecting the different aspects involved in cyber-security starting with the various types of cyber-threats.
Types of Cyber-Threats
A cyber-threat as explained earlier is a is a malicious act intended to steal or damage data. Their are several types of cyber-threat, each of which has different effects and mode of execution. A few of them are:
1. Malware:
This is a form of malicious software in which any file or program can be used to harm a computer user. Malware's are the most common type of cyber attacks and they include but are not limited to worms, viruses, Trojans and spyware.
2. Ransomware:
Imagine being locked out of your system, and being told to pay before you can access it. This attack involves an attacker locking the victim's computer system files -- typically through encryption -- and demanding a payment to decrypt and unlock them. Large organization such as hospitals data farms and government offices commonly fall prey to this form of cyber attack.
3. Social engineering:
This is an attack that relies on human interaction to trick users into breaking security procedures to gain sensitive information that is typically protected.
4. Phishing:
This is a form of social engineering where fraudulent email or text messages that resemble those from reputable or known sources are sent. Often random attacks, the intent of these messages is to steal sensitive data, such as credit card or login information. Phishing is another very common cyber attack with the number of people falling prey to this rising on a daily basis.
4. Spear phishing:
This is a type of phishing attack that has an intended target. This target could be a user, organization or business.
5. Insider threats:
This are security breaches or losses caused by humans -- for example, employees, contractors or customers. Insider threats can be malicious or negligent in nature.
6. Distributed denial-of-service (DDoS):
This attacks are those in which multiple systems disrupt the traffic of a targeted system, such as a server, website or other network resource. By flooding the target with messages, connection requests or packets, the attackers can slow the system or crash it, preventing legitimate traffic from using it.
7. Advanced persistent threats (APTs):
This are prolonged targeted attacks in which an attacker infiltrates a network and remains undetected for long periods of time with the aim to steal data.
8. Man-in-the-middle (MitM):
This attacks are eavesdropping attacks that involve an attacker intercepting and relaying messages between two parties who believe they are communicating with each other.
9. SQL Injection:
This is a code injection technique used to attack data-driven applications by inserting malicious SQL statements into the execution field. The database is a vital part of any organization. This is handled by high-level security in an organization. SQL is a structured query language. Used to interact and to manipulate the database.
We could go on and on about the various types of cyber attacks but this would then be a very long read. Other common types of cyber attacks are botnets, drive-by-download attacks, exploit kits, malvertising, vishing, credential stuffing attacks, cross-site scripting (XSS) attacks, business email compromise (BEC) and zero-day exploits.
Elements of cyber-security
The cyber-security field can be broken down into various sections. This sections working together contributes to a great cyber-security program. This sections are as follows:
1. Information or Data Security:
Information security, often shortened to infosec, is the practice, policies and principles to protect digital data and other kinds of information. Infosec responsibilities include establishing a set of business processes that will protect information assets, regardless of how that information is formatted or whether it is in transit, is being processed or is at rest in storage.
2. Application Security:
Application security, or appsec, is the practice of using security software, hardware, techniques, best practices and procedures to protect computer applications from external security threats. In software development, security used to be an afterthought, today security has become a very critical aspect of the development process right from design to deployment.
3. Disaster Recovery Planing:
So you are thinking "what does disaster recovery have to do with cybersec?", disaster recovery is very important to cyber security especially with it firms that deal in essential services like financial services.
A disaster recovery plan (DRP) is a documented, structured approach that describes how an organization can quickly resume work after an unplanned incident. A DRP is an essential part of a business continuity plan (BCP). It is applied to the aspects of an organization that depend on a functioning IT infrastructure. A DRP aims to help an organization resolve data loss and recover system functionality so that it can perform in the aftermath of an incident, even if it operates at a minimal level.
4. Operational Security:
OPSEC (operations security) is a security and risk management process and strategy that classifies information, then determines what is required to protect sensitive information and prevent it from getting into the wrong hands.
OPSEC gets information technology (IT) and security managers to view their operations and systems as potential attackers would. OPSEC includes analytical activities and processes, such as social media monitoring, behavior monitoring and security best practices.
5. Cloud Securitiy:
Cloud security refers to the technologies, policies, controls, and services that protect cloud data, applications, and infrastructure from threats.
Other elements of cyber-security are
- End-User Education
- Critical Infrastructure Security
- Physical Security
- Network Security
Maintaining cybersecurity in a constantly evolving threat landscape is a challenge for all organizations. Traditional reactive approaches, in which resources were put toward protecting systems against the biggest known threats, while lesser known threats were undefended, is no longer a sufficient tactic.
To keep up with changing security risks, a more proactive and adaptive approach is necessary. Several key cybersecurity advisory organizations offer guidance. For example, the National Institute of Standards and Technology (NIST) recommends adopting continuous monitoring and real-time assessments as part of a risk assessment framework to defend against known and unknown threats.
Job Opportunities in Cyber-security
As more cyber-threats emerge the need for cyber-security professionals is increasing making room for different opportunities in this field.
IT professionals and other computer specialists are needed in security roles, such as:
Chief Information Security Officer (CISO):
CISO is the individual who implements the security program across the organization and oversees the IT security department's operations.
Chief Security Officer (CSO):
CSO is the executive responsible for the physical and/or cyber-security of a company.
Security Engineers:
A Security Engineer protects company assets from threats with a focus on quality control within the IT infrastructure.
Security Architects:
Security Architects are responsible for planning, analyzing, designing, testing, maintaining and supporting an enterprise's critical infrastructure.
Security Analysts:
Security Analysts have several responsibilities that include planning security measures and controls, protecting digital files, and conducting both internal and external security audits.
Penetration Testers:
Pen Testers are Ethical Hackers who test the security of systems, networks and applications, seeking vulnerabilities that could be exploited by malicious actors.
Threat Hunters:
Threat Hunters are threat analysts who aim to uncover vulnerabilities and attacks and mitigate them before they compromise a business.
Other cyber-security careers include security consultants, data protection officer, cloud security architects, security operations manager (SOC) managers and analysts, security investigators, cryptographers and security administrators.
The topic of cyber-security is one that cannot be discussed with one article, but with this few points a beginner should be able to understand cyber-security to an extent.
So now lets answer the question that started all this in the first place.
Top comments (6)
Nice write up. Do you mind joining a Nigerian Cyber security space? Navigate through cysec.ng.
Thanks Boss
Nice one!
Have a look at
The Random
series of mine.The latest post Randomness and Cryptography
Well done 👍
Nice writeup. Keep it up!
Great one dear