Cyber-security is when one defends his computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. It’s is also called information technology security or electronic information security. The term applies in lot of sphere, from business to mobile computing, and it can be divided into some few common categories.
CATEGORIES OF CYBER-SECURITY
1. Network Security
This is when one secures a computer network from intruders; either from targeted attackers or opportunistic malware.
2. Application Security
This ensures both the software and devices are free of threats. An application that has been compromised is likely to provide access to the data it is designed to protect. A successful security starts from the design stage, well before a program or device is deployed.
3. Information security
This protects the integrity and privacy of data, both in storage and in transit i.e. during transfer from one point to another.
4. Operational security
This includes the processes and decisions involved in the handling and protection of data assets. The permissions users have when accessing a network and the procedures that determine how and where data may be stored or shared all fall under this umbrella.
5. Disaster recovery and business continuity
This defines how an organization responds to a cyber-security incident or any other breach that results in the loss of operations or data. Disaster recovery policies shows how an organization restores its operations and information to return to the same operating capacity as before the cyber-security breach. Business continuity is the plan the organization falls back on while trying to operate without certain resources.
6. End-user education
This addresses the most unpredictable cyber-security factor: people. Virus can be introduced to any system or network accidentally by anyone when the person(s) fails to follow good security practices.
An organization should teach their users to delete suspicious email attachments, not to plug in unidentified USB drives, and various other important lessons is vital for the security of any organization.
The scale of the cyber threat
The global cyber threat continues to evolve at a rapid pace, with a rising number of data breaches each year.
A report by Risk Based Security (RBS) revealed that a shocking 7.9 billion records have been exposed by data breaches in the first nine months of 2019 alone. This figure is more than double (112%) the number of records exposed in the same period in 2018.
Medical services, retailers and public entities experienced the most breaches, with malicious criminals responsible for most incidents.
Some of these sectors are more appealing to cyber-criminals because they collect financial and medical data, but all businesses that use networks can be targeted for customer data, corporate espionage, or customer attacks.
With the scale of the cyber threat set to continue to rise, the International Data Corporation International Data Corporation predicts by 2022 $133.7 billion would we spent on cyber-security worldwide.
Governments all across the world are becoming sensitive to cyber-crimes, thus, they are helping organizations implement effective cyber-security practices.
Types of cyber threats
The threats countered by cyber-security are three-fold:
Cyber-crime this includes a person or group of people who target systems for financial gain or to cause disruption.
Cyber-attack are often used for politically motivated information gathering.
Cyber-terrorism this is used to undermine electronic systems so as to cause cause panic or fear.
So, how do malicious actors gain control of computer systems? Here are some common methods used to threaten cyber-security:
Malware
Malware is a malicious software used by a cyber-criminal or hacker with the aim of disrupting or damaging a legitimate user’s computer. This is usually spread through the use of unsolicited email attachment or legitimate-looking download. It may also be used by cyber-criminals as a means of making money or in politically motivated cyber-attacks.
TYPES OF MALWARE
1. Virus: This is a program that self-replicates. It attaches itself to clean files and spread throughout a computer system, infecting files with malicious code.
2. Trojan: This type of malware disguises itself as a legitimate software. Users are tricked by cyber-criminals in downloading software on their system, when launched, Trojans move onto the user’s computer where they cause damage or collect data.
3. Spyware: This program secretly records what a user does, so that cyber-criminals can use this information to create havoc. For example, spyware could capture credit card details.
4. Ransomware: This locks a user’s files and data, threatening the user that his data will be erased unless a ransom is paid.
5. Adware: This is a software that is used to spread malware.
6. Botnets: Networks of malware infected computers which cyber-criminals use to perform tasks online without the user’s permission.
SQL INJECTION
An SQL (Structured Language Query) injection is a type of cyber-attack that is used to take charge and steal data from a database. This done when cyber-criminals exploit vulnerabilities in a data-driven application by inserting malicious code into a database via a malicious SQL statement. This will give them access to all sensitive information that are in the database.
Phishing
Phishing occurs when cyber-criminals target victims using emails that looks like that of a legitimate company asking their victims for sensitive information. These attacks are often used to dupe people into handing over credit card data and other personal information.
MAN-IN-THE-MIDDLE ATTACK
A man-in-the-middle attack is a type of cyber threat where a cyber-criminal intercepts communication between two individuals in order to steal data. For example, on an unsecured WiFi network, an attacker could intercept data being passed from the victim’s device and the network.
Denial-of-service attack
A denial-of-service attack is where cyber-criminals overwhelms a network or server with lot of traffic to prevent from performing its purpose. Popularly known as DoS. This attack makes the system unusable, preventing an organization from carrying out important functions.
End-user protection
End-user protection is an important aspect of cyber security. It is also known as Endpoint Security. Most often than not, it is the individual (the end-user) who accidentally uploads malware or other forms of cyber threat to their desktop, laptop or mobile device.
how do cyber-security measures protect end users and systems?
Cyber-security depends on cryptographic protocols in encrypting emails, files, and other critical data. This protects information in transit, and also guards against loss or theft.
End-user security software scans computers for pieces of malicious code, quarantines this code, and then removes it from the machine.
Electronic security protocols also focus on real-time threats, viruses and malware. Many of these security protocols use heuristic and behavioural analysis to monitor and analyse the behaviour of a program and its code to defend against viruses or Trojans that normally change their shape with each execution (polymorphic and metamorphic malware).
Security programs mostly confine potentially malicious programs to a virtual bubble that is separate from the user’s network to analyse their behaviour and learn how to better detect new infections.
Security programs continue to evolve, creating new defences as new threats are identified by cyber-security professionals and new ways to combat them must be created.
Employees need to be educated about how to use the end-user security software. It is important to keep it running and updating it regularly ensures that it can protect users against the latest cyber threats.
Cyber safety tips
How can businesses and individuals guard against cyber threats? Here are our top cyber safety tips:
1. Update your software and operating system: Updated software and operating system always have updated security patches. This will reduce the vulnerabilities in the software.
2. Use anti-virus software: Security solutions will detect and removes threats. Keep your software updated for the best level of protection.
3. Use strong passwords: Use passwords that cannot be easily gotten. Combine both capital letters, small letters, figures, special characters when writing your password.
4. Do not open email attachments from unknown senders.
5. Do not click on links in emails from unknown senders or unfamiliar websites.
6. Avoid using unsecured WiFi networks in public places: Do not connect to an unsecured or unknown WiFi network in public.
Want to read more helpful articles like this, click here.
[…] Read Here: 6 Types of Cyber-Security and Cyber-Tips […]