Cybersecurity refers to the protection of computer resources – hardware as well as software. Cybersecurity intends to protect computer resources from cyber-threats or cyber-attacks wherein some persons with a mala-fide motive intend to harm a computer in particular or any computer in general .
People are often the weakest link in a system because they are the ones who make decisions, and some of those decisions can be not so wise ones. A good cybersecurity policy will focus not only on the systems/technology, but also on the people who are involved in the use of that technology as well as the procedures followed in the office. Thus, cybersecurity is preventive in nature. On the other hand, cyber-response and forensics deals with actions to be taken once a cyber-attack has happened.
For any computer resource you need to ensure what is known as CIA Triad – Confidentiality, Integrity, Availability. Cyber-threats target one of these aspects because if any one of them is targeted successfully, data loss is imminent. Billions of dollars are being lost to cyber-threats and cyber-attacks because they are getting increasingly complex and sophisticated day-by-day. With the use of modern hardware and technologies, cyber-threats have become easier to deploy and execute. Automation of cyber-attacks wherein no manual intervention is required is also making much more easier to conduct cyber-attacks. The costs of cybercrime are constantly rising. Thus cyber incident responders have to constantly update their skill-set on a regular basis.
Some common types of cyber-threats/attacks are as follows:
- Malware: This is a broad and the most common type of cyber-threat where a computer program may harm data on a computer or restrict the full functionality of the computer, e.g. restricting network access or file access, etc. A virus is a computer program will be attached to another file and gets executed only when that file is opened by the user. Thus when the user opens the file, the code of the virus is executed and user’s data may be harmed. A Trojan is a computer program which hides itself in another program that apparently looks useful, but has a darker side which harms your computer. A Worm is a self-contained program and does not require another program. They usually propagate via computer networks and removable media. Spyware is a program which spies on your activity and sends your activity data, which may include the keystrokes on your keyboard (and thus all your passwords), to another computer over internet. Ransomware is a program that encrypts the contents of a file and thus blocks access to data by the victim till a ransom is paid, usually in a cryptocurrency like bitcoin.
- Denial of Service (DoS) attack and Distributed Denial of Service (DDoS) attack: Denial of Service attack does one simple thing – it overwhelms the resources of a computer with so much amount of data to process that the entire system and its associated services are brought down and availability is hampered. When this attack data is sent from various computers so that the attack seems to come from various places in a distributed manner, it is referred to as Distributed Denial of Service (DDoS) attack.
- Man In The Middle attack (MITM): This attack will be best explained by an example. Suppose A and B are sending data to each other. Now the attacker X inserts himself in-between A & B so that all data from A to B is routed via X and all data from B to A is again routed via X. Here X can view all the communication being done, and can even alter the data to his favour. Here, X is carrying out a MITM attack.
- Phishing: It refers to sending some communication to users via email, SMS, etc in a way that the communication appears to be coming from legitimate sources. This way, an attacker can make a user do certain things which the user would not have done otherwise. E.g. A user may get an email apparently from facebook.com telling a user to reset his password as it has expired. When the user clicks on the link, a website containing exact copy of facebook homepage will open and the user will enter his old username/password. This username/password now may be used by the hacker to do anything illegal.
- SQL Injection Attack: Almost all of the websites use some form of database for storing and accessing data. If the database used in a website is a particular kind of database (called SQL database), a hacker may insert malicious code into the website thus forcing it to reveal data which the website would not have shown otherwise.
- Zero Day Exploit: Since softwares are programmed/coded by persons, there may be some vulnerabilities in the software due to improper programming. These vulnerabilities are removed when they are reported to the developers. But if a person discovers a vulnerability in a particular software but does not report it to the developers and instead exploits it, it is known as a Zero Day Exploit.
Cybersecurity is important because it may lead to:
- Data loss
- Identity theft
- Extortion/Ransom attempts
- Damage of Critical infrastructure like Power plants, etc.
- Personal information of users being stolen and sold
- Crimes being committed using a user’s stolen data
- Monetary loss to the users
- Disruption of services
- Unauthorised access to data
For Wikipedia entry on Cybersecurity, click here.
For more posts on Cybersecurity, click here.
For more posts in The Cyber Cops project, click here.