Prerequisites & Important Definitions:
"Attack is an attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset " (ISO IEC 27000 : 2017 Clause 2.3)
The Cyber Security is a multidisciplinary field. The primary objective of cybersecurity is to defend digital systems, networks, and data against threats, vulnerabilities, and attacks. It is essential in today's interconnected world, where reliance on technology and the internet has made people, organizations, and governments vulnerable to a number of cyberthreats.
Cyberthreats: These are criminals or hacker-initiated online behaviors or acts that target weaknesses in computer networks, systems, and data. Malware (such as viruses and ransomware), phishing scams, denial-of-service (DoS) attacks, data breaches, and insider threats are examples of common cyberthreats.
Cyber Security Objectives
Confidentiality: Preventing unauthorized access to or exposure of private information.
Integrity: Keeping data accurate and undisturbed or complete.
Availability: Making sure that data and systems are accessible when required.
Authentication: The process of verifying the identity of persons, systems, and entities seeking to access data is called authentication.
Authorization: Choosing which information and actions a user or system is permitted access to is known as authorization.
Non-repudiation: Ensuring that a sender can not deny the authenticity of a message or action.
Privacy: Safeguarding people's private and sensitive data.
Key areas of Cybersecurity
Network Security: Protecting the integrity and confidentiality of data as it travels over computer networks. Network security measures include firewalls, intrusion detection systems (IDS), and virtual private networks (VPNs).
Endpoint Security: Securing individual devices (endpoints) such as computers, smartphones, and tablets. This involves antivirus software, endpoint detection and response (EDR) tools, and mobile device management (MDM) systems.
Application Security: Ensuring that software applications are designed and developed with security to prevent vulnerabilities and exploits. Techniques include secure coding practices i.e SDLC (Software Development Life Cycle), Source code reviews, and vulnerability assessments.
Cloud Security: Protecting data and applications hosted in cloud environments. Cloud security involves encryption, access controls, and continuous monitoring of cloud resources.
Identity and Access Management (IAM): Managing user identities, roles, and permissions to ensure that only authorized individuals or systems have access to resources. This includes multi-factor authentication (MFA) and single sign-on (SSO) solutions.
Incident Response and Forensics: Developing plans and procedures to detect, respond to, and recover from cybersecurity incidents. Forensics involves investigating and analyzing security breaches.
Security Policies and Procedures: Establishing and enforcing rules and guidelines for cybersecurity, including acceptable use policies, data classification, and incident reporting.
Threat Intelligence: Collecting, analyzing, and using information about emerging threats and vulnerabilities to enhance security measures and response strategies.
Cyber Security Frameworks and Standards
Summary
The Cyber Security frameworks and standards help organizations establish best practices and guidelines for Cyber Security like NIST Cyber Security Framework, ISO 27001/27002, CIS Controls, GDPR (General Data Protection Regulation) and Digital Personal Data Protection Act 2023 (DPDPA) for data protection and privacy.
Case Study: The Equifax Data Breach (2017)
Equifax, one of the largest credit reporting agencies in the U.S., suffered a massive data breach that exposed the personal information of 147 million people—including names, birthdates, Social Security numbers, and addresses.
Root Cause
- Unpatched Vulnerability: Hackers exploited a known flaw in the Apache Struts web application framework.
- Delayed Response: Equifax failed to apply a security patch that had been available for months.
- Poor Communication: The company’s slow and unclear public response worsened the damage to its reputation.
Lessons Learned
- Patch Management is Critical: Always update software promptly to close known vulnerabilities.
- Transparency Matters: Clear communication during a breach builds trust and helps users take protective action.
- Third-Party Risk Awareness: Vendors and external systems must be monitored for security compliance.
Impact Analysis
- Equifax faced lawsuits, regulatory scrutiny, and a loss of public trust.
- The breach led to a $700 million settlement and long-term damage to its brand.
Frequently Asked Questions
1. What is cybersecurity?
Cybersecurity refers to the protection of systems, networks, and data from digital attacks, unauthorized access, or damage.
2. Why is cybersecurity important?
Because every online activity—from banking to chatting—exposes you to potential threats. Cybersecurity helps keep your identity, privacy, and finances safe.
3. What's the difference between cybersecurity and information security?
Information security protects all data, while cybersecurity focuses specifically on digital threats and online environments.
4. What are the most common types of cyber threats?
- Phishing
- Malware
- Ransomware
- DDoS attacks
- Insider threats
5. Who are cyber attackers?
They can range from:
- Criminal hackers
- Nation-state actors
- Insider threats
- Script kiddies (novice attackers)
6. What is malware?
Malware is malicious software (viruses, worms, trojans) designed to damage or disrupt systems.
7. How does phishing work?
Phishing tricks users into revealing sensitive data through fake emails, messages, or websites that appear legitimate.
8. What is ransomware?
Ransomware locks your files and demands payment to release them—often in cryptocurrency.
9. What is ethical hacking?
Also known as white-hat hacking, it involves hacking systems with permission to find and fix security vulnerabilities.
10. What does a firewall do?
It acts as a barrier between your system and external networks, controlling incoming and outgoing traffic based on security rules.
11. What is two-factor authentication (2FA)?
2FA adds an extra security step—usually combining a password with something you own (e.g. mobile device).
12. Are smartphones vulnerable to cyber threats?
Yes. Phones can be attacked via:
- Malicious apps
- Public Wi-Fi
- SMS phishing (smishing)
13. How can I stay safe on public Wi-Fi?
- Avoid sensitive transactions
- Use a VPN
- Disable auto-connect features
14. What is a VPN?
A Virtual Private Network encrypts your internet traffic, making it harder for hackers to spy on you.
15. How often should I update my software?
Always apply updates promptly—they often patch security holes.
16. What are strong password practices?
- Use unique passwords for each account
- Combine letters, numbers & symbols
- Consider using a password manager
17. What are cybersecurity best practices for businesses?
- Employee training
- Regular security audits
- Strong access controls
- Multi-factor authentication
18. Is cloud storage safe?
It can be, if configured properly. Use strong passwords, 2FA, and check your provider's security policies.
19. Can cybersecurity stop all threats?
No system is foolproof—but layered defenses drastically reduce the risk and impact of cyberattacks.
20. What career options exist in cybersecurity?
- Security Analyst
- Penetration Tester
- Incident Responder
- Chief Information Security Officer (CISO)
Further reading:
https://vipintiwarionline.blogspot.com/2023/10/network-connections.html
https://vipintiwarionline.blogspot.com/2023/11/osi-model.html
https://vipintiwarionline.blogspot.com/2024/01/network-architecture.html
https://vipintiwarionline.blogspot.com/2024/03/application-architecture.html
https://vipintiwarionline.blogspot.com/2024/04/tcpip-model.html
https://vipintiwarionline.blogspot.com/2024/05/owasp-top-10.html
Great article , thank you for sharing the valuable information with us.
ReplyDeleteBest Cybersecurity Services In The USA.