What is CyberSecurity?
CyberSecurity refers to the concept of protecting your hardware, software and most importantly personal or business data from outside or inside threats (more on this later). One thing to keep in mind is that CyberSecurity does not only refer to the protection of data but also encompasses the protection of physical components and perimeters.
CyberSecurity also refers to the ability to prevent, mitigate or deter disruptions of computer systems in a network.
CyberSecurity follows three basic principles known as CIA :
· Confidentiality – information is protected from non-authorized individuals.
· Integrity – information has not been altered in transit or at rest.
· Availability – information accessible only to users previously authorized.
Often as Security requirements increase the user’s convenience is compromised, this has become a problem for many industries when trying to protect their valued customers…
Think about how annoying it is to remember a sixteen-digit password with symbols and numbers! Now think about having twenty different accounts with twenty different passwords! Don’t you think it’s more convenient to have just one password for all your accounts? Why yes! It is more convenient! For the Attacker!!!!…
Currently, there is a high demand for CyberSecurity Professionals. As technology has significantly increased its presence in our daily lives in the shape of our smart phones, smart watches, smart TVs and Internet of Things devices, so to has the need to protect the data that is collected and shared with the devices has increased… Understand that with each smart device you add to your lifestyle you have also therefore added another point of vulnerability (also referred to as an attack vector) that may potentially be exploited by a Threat Actor or commonly known as Hackers.
What is a Threat Actor / Hacker?
Well a Hacker or Threat Actor is an individual or group of individuals who uses computer systems to gain unauthorized access to different types of information usually with malicious intent. Threat actors also come in different flavors and their intent varies, below I have outline some of the different types of threat actors.
· Script Kiddies: these individuals use attack software to perpetrate an attack however they lack in-depth knowledge.
· Hacktivists: Attackers who attack for ideological reasons.
· Nation/State Actor: these group has a very in-depth knowledge of computer systems and may be commissioned by governments.
· Advanced Persistent Threat: individuals performing an attack using multi-layer intrusion campaigns targeting highly sensitive data.
· Insider threat: Ah! The disgruntled employee who maliciously gave data away to competitors or corrupted the data.
· Cyber-terrorists: politically guided attackers that create massive disruption and spread fear in society.
How can you defend against an attack?
Well this one is tricky as there are no sure ways to defend against attackers (there are so many different ones!). However here are five basic principles you can follow to mitigate or reduce the impact an attack may have in your organization or your personal life.
Layering: information whether highly sensitive or not should be secured in multiple layers this may also be referred as defense-in-depth.
Limiting: this principle refers to limiting the access of information to only authorized users, using either technology (file permissions) or procedures (prohibiting the removal of information from the premises).
Diversity: while following the principle of layering implement software or hardware from multiple vendors. This approach will give you an edge when securing your information as the attacker would have to be familiar with a variety of vendor and/or vulnerabilities.
Obscurity: Hiding hardware or software information from outsiders; The attacker would have to find out what type of device or software you are using and then find its vulnerabilities.
Simplicity: A hardened system should be easy to access from inside but difficult from the outside, implementing inbound access control lists is an example of this principle. However other principles should be implemented inside the network as we have previously discussed “Inside Threat”.Following the principles listed above should give you a basic security approach.You can also check frameworks or network architecture references, they provide you with industry standards and resources as to how you can create a secure environment for your network… keep in mind that some frameworks are aimed at specific business sectors, so make sure you look for the one that fits your needs.
Conclusion:
CyberSecurity should now be a way of thinking when it comes to securing your information, the false sense of security we have now a days needs to come to an end, we need to be informed of what is out there and how is our data being manipulated or accessed by individuals without us even knowing.Remember that CyberSecurity should be implemented all around you! A full 360, no sense in locking the front door if the windows will be open all night!We will soon look at some of the most common types of malicious attacks!.Thank you for taking time to read this post! If you like it, please share it with a friend!.Let’s work towards a more secure future!!!
Welcome to Tech101s 