“Why hacker will target me? I don’t have anything to hide.”
“Cyber security is the field requires high technical skills”
“Hackers target only government and large MNCs”– Cyber Security Myths
Computers are everywhere today. Computers control water supply at our home, they control fuel supply to fuel stations. They also control electricity and money transfer in banks. Computers are in our hands all the time in the form of mobile and collecting data of all the activities we are doing including our geo location. Almost all computers are connected today and we can talk to any other computer even if it is sitting at a distant part of the world. Due to this prevalence of computers and their obvious communication with each other, Cyber security is important to keep the data and lives safe.
Cybercrimes and data breaches are rising exponentially. According to Risk Based Security report, just in the month of April 2021, 830.6 Million records were exposed. It doesn’t matter whether company is small, medium or large enterprise, when it comes for data breaches, all are equally affected. If that was not all, cyber criminals are constantly getting more and more intelligent and creative. They are using sophisticated tools and millions of bots to attempt cyber-attacks. As these attacks are rising, there is one thing keeping us safe is Cyber Security.
Why we need cyber security
So again, Why we shall worry about cyber security and why organizations spend millions of dollars every year on it?
Let’s start with some recent news –
Insurance giant CNA Financial reportedly paid hackers $40M in ransom
CNA Financial, one of the biggest insurance companies in the US, reportedly forked over $40 million in ransom after it was hit by a cyberattack in late March. Ransomware is a malicious software that locks up a user’s data. Hackers typically demand money to unlock or return the affected data. (source: theguardian.com)
Colonial Pipeline confirms it paid $4.4m ransom to hacker gang after attack
Hacking shuttered the biggest oil pipeline in the US and spurred panic buying and gas shortages across the Southeast. The operator of the nation’s largest fuel pipeline confirmed it paid $4.4m to a gang of hackers who broke into its computer systems. Tens of millions of Americans rely on Colonial: hospitals, emergency medical services, law enforcement agencies, fire departments, airports, truck drivers and the traveling public. More than 9,500 gas stations were out of fuel on Wednesday, including half of the gas stations in DC and 40% of stations in North Carolina, according to Gasbuddy.com, which tracks fuel prices and station outages. (Source : nypost.com)
Above hacks are just a tip of the iceberg. News like above are published daily and there are many more which are never come out in public. There is bigger question, What if a hacker turns off the electricity supply of a hospital? Or turn on valve of a chemical factory which shouldn’t be turned on? There will be many lives at risk.
Data is an asset. In fact, for organizations data is the most valuable asset. There have been instances when company has to completely shut down forever, due to the data breach. Or they get permanent damage to their brand name and loose significant revenue for years to come.
Cyber security is important because its intention is to keep us safe from these cyber-attacks. Or at least minimize the risks, threats and vulnerabilities.
Risk is the possibility that something bad will happen. Threat is the bad thing that may happen. Vulnerability is the weakness that the threat takes advantage of.
Looking at the importance of cyber security, most of the government all over the world has implemented law to fulfill some minimum amount of cyber security if an organization is working for the critical infrastructure for ex. Electricity.
What is cyber security?
Cyber security is a broad term. It basically means protecting systems or networks from unintended use. This protection can be in the form of firewall, password policies, secure coding practices, DevSecOps, training employees and many more. It has sub categories like –
- Information Security – Protects information in an organization. The data which is stored in the computer, laptop, emails, cloud storage and the data which is being transferred from one system to another.
- Network security- Secures the network of an organization. Tools like firewalls, VPN, antivirus or monitoring apps are used.
- Application security – Security focused on individual applications. All the application being used/developed in the organization shall be malware free. It should also have proper protection mechanism to protect sensitive data it is storing. Example of protective measure can active directory authentication.
- Operation security – is to protect the sensitive data. Also called as OPSEC, It is analytical process and it uses countermeasures for reducing an attackers attempt to exploit sensitive data.
Cyber security is the application of technologies, processes and controls to protect systems, networks, programs, devices and data from cyber-attacks. It aims to reduce the risk of cyber-attacks and protect against the unauthorized exploitation of systems, networks and technologies.
Cyber security is an evolving field. As attackers are innovating with new tools and techniques, so is white hat hackers, who protects organizations. There are thousands of open source tools available to learn and use for cyber security. More advanced technologies like artificial intelligence and blockchains are also being utilized to improve cyber security defense.
CIA (confidentiality, integrity and availability) are the three main concepts which are the goal of the cyber security. These are important concepts and core of cybersecurity. Anytime any incident happens – leak of data or denial of service- its only because there was security leak in one of these three areas.
Confidentiality is about protecting data so that it cannot be seen by an unauthorized person or application. This requires that access is given to only those who are authorized for the access. Sounds simple but its challenging and complex when it comes to implementation. As an example of confidentiality, salary of an employee should be visible only to employee or the relevant persons and not everyone in the organization.
Authentication and authorization are the two main concepts under confidentiality. Authentication is to ensure that user is who he claims he is. This is done using passwords, biometric security tokens etc. Authorization is ensuring that after authentication users can read or modify only that data which he is authorized to see. This ensures that even if user’s account password is stolen, the attacker cannot access the data for which the user is not authorized.
In order to protect the confidentiality of data, organizations implement proper authentication and authorization mechanisms. Also encryption of data – whether in process, transit or storage is important.
Integrity means the data shall be present in its original and correct form. No tampering shall have been done with data and it is authentic and reliable. For example, if a company is sending quotation to its customer then it would like to ensure that the customer receives the bank details in the quotation as correct one. If data integrity not maintained then possibility is that hackers can replace the bank details in the quotation and when customer will make the payment, you can guess who will get the money.
To ensure integrity, cyber experts implement measures like encryption, hashing, digital signatures, digital certificates, version control systems and more.
Availability is to making sure system or data is available when it is needed. Availability might be important for the organizations. For example, if an ecommerce site goes down or power system goes down, it might mean millions of dollars of loss in revenue every hour for the company. The most infamous attacks against availability we know are DOS and DDOS (distributed denial of service) attacks. To do these kinds of attacks, the attacker basically don’t need to know anything internal about the application and can perform these attacks with minimal publicly available information.
To protect the system against availability related attacks, organizations implement measures like firewalls, redundancy, timely backups etc. This also requires to upgrade hardware, disaster recovery plans, continuous monitoring etc.
These concepts are represented as a triad always because they are interlinked. For ex. Once you implement authentication to control confidentiality, it affects availability in some way.
It is to be noted that for a system, not all three in CIA are of same importance. As an example, for a computer controlling valves of a chemical factory, availability is the most important thing compared to confidentiality or integrity. Similarly, confidentiality may be important than other two for some government agencies like intelligence services. Since there is nothing like an absolute secure system, An experienced organization finds out what is the most important goal of the system and put more focus to secure it, than other less important goals.
Threat Model – Threat modeling is a structured process which is done and analyzed by cyber security experts to identify potential threats to the system or application. This is important to uncover vulnerabilities and apply countermeasures wherever needed.
Attack vector – Attack vector is a technique using which hackers can gain unauthorized access to a system or network. Some examples could be malware attached in email or malicious links sent to users.
Attack surface – Attack surface is a consolidated list of vulnerabilities exist in a system. This is used by cyber security experts to visualize the security posture of the system.
How to stay protected against cyber threats?
As an individual you can follow below good measures to protect yourself –
- Use only genuine software and keep it up to date including operating system in your laptop.
- An antivirus software in all your system is a must. They protect you in real time.
- Use only strong passwords for all your accounts and keep the passwords different for all the accounts.
- Be vigilant about phishing emails. Do not open attachments from untrusted emails.
- Keep your router software update. Use strong password for wi-fi. Do not connect your system to unknown wi-fi
As an organization also you can do some minimum things to stay protected –
- Prioritize – as told earlier, know your prioritization in CIA. Protect most critical assets first and minimize risk for others. Document systematically all the threats and risks.
- Use upgraded tools- with all the data in cloud now a days, using old tools to detect or monitor risks will be difficult. Upgrade tools and technologies used in your organization as attackers are also evolving with novel techniques.
- Implement segmentation – it is really important to isolate your network. It reduces risk of all network getting compromised at once. Segmentation also gives you power to implement different kinds of security measures for each of the isolated group.
- Layered security architecture – Organizations implement multiple layers of the security since one mechanism is not sufficient. It is also referred as defense in-depth.
- IAM- implementing identity and access management in the organization is the first step and key to cyber security approach. Make sure you use correct tool and enforce proper policies..
Computers are controlling everything in our life, from electricity to vehicles to ICUs in the hospital. However, attacks on computer systems are rising manifold. Hence cyber security is gaining more and more importance than ever. Attackers are becoming more intelligent and efficient with more advanced tools.
There are many sub categories of cyber security for ex. Information security. Each one has its own importance and priorities. CIA triad is the main goal of the cyber security however the priority of security differs in system to system. Every individual and organization shall be aware about their security posture, importance of critical data and they should put proper measures to protect it.
Explain CIA traid.
Name two sub categories of cyber security.
What is the use of threat model?