Cyber-Security 2.0

 





Do visit the {fundamental of cyber security Blog} and read it before continuing.


WHY IS CYBER SECURITY SO IMPORTANT?

 

Our reliance on the internet has grown tremendously. And that gives enough opportunities for fraudsters to target you with your money or other important information if you are not careful.

 What is cyber security and why is it important? According to the report, up to 2019, Cyber-crimes have been operating at $ 2 trillion. And if research is to be believed, this could go up to $ 6 trillion if the need for Cyber-security is not realized. Understanding is not enough. It is important to take appropriate action against cyber-crime.

 Why is Cyber-security important to companies? Larger organizations with more employees are at greater risk of attack. This is for two reasons. First, because data is so important and secondly even if one employee does not follow the security process the whole organization gets into trouble.

 If you think you are safe and why we need Cyber-security and that only large organizations get into the trap of hackers or steal some malware then you are completely wrong. The average consumer, connected to the internet if he is not careful enough, can be easily caught. Because it's just a matter of minutes of hacking an Internet-connected device and that's why it's important that Cyber-security. This device can be a laptop, desktop, smart TV, smartphone, or smartwatch. Every smart device needs a smart user when connected to the internet! I hope this has brought awareness to why we need to be confident of cyber security. So let’s discuss the threats that exist online and the importance of cyber security with the following points:

 

HOW CYBER SECURITY WORKS?

 Four stages of cyber security

Due to the rapidly growing threat of cyber-attack and intrusion, Domain has created a dedicated section of Cyber ​​Security in its IT Assessments portfolio. Cyber security is an integral part of Domain’s IT Assessments.  The assessment is the first of four stages in Domain’s cyber security process.  The four stages are assessment, prevention, monitoring, and response.  The stages can be conducted together.

 

1. Assessment

Cyber security services provided by IT consulting firms use network analysis tools, measure the current state of the security network and identify system vulnerabilities. These services also analyze your network within your firewall and outside your firewall. A detailed report of your company's current security level is compiled and reviewed with your management team.

 

2. Protection

Based on the information from the analysis above, Cyber security services will work with your team to "lock down" your network. This can be as simple as closing down unnecessary network ports to open up the outside world, performing complex tasks such as using new and highly advanced firewalls and possibly hiding your information.

 

3. Monitoring

Hackers are persistent and are constantly changing their tactics. Due to the strong tendency of cyber crime, cyber security must be a constant, ongoing battle.

Cyber security services use sophisticated software to monitor your network traffic and notify server when suspicious activity is detected. If a suspicious activity is found, a notice is issued and then these services take immediate steps to protect your business from any threats.

4. Response

The domain uses the tools that differentiate the changes in your network to determine which changes were intended and which, if any, were harmful. This software not only helps to monitor your network, but also helps to conduct forensic research to determine if certain information is altered, deleted or stolen.

According to system findings, you may need to notify government agencies of this violation and you may need to inform your customers, especially if personal information is involved. The domain may use proper tools to provide you with the necessary information.

Recovery is part of the Response section. At this stage, Domain will help your organization get back on track with recovery information where possible and provide advice where needed. The biggest concern with cyber security is not IF your system will be hacked- but WHEN. Organizations should have a cyber-response response process prior to this event, in order to protect the organization from adverse effects.

 The plan should include:

Determining where the intervention occurred (anything "hacked"). This requires the installation of software to track the change before any attack.

Determining which information has been stolen or tampered with.

Determining how to turn off system vulnerability ("hole").

Deciding how to clean up all hack remnants from the system.

Immediately notifying everyone whose information was stolen or suspected of being stolen.

Providing credit monitoring, management, and refunds to stolen accounts.

Initiate a public relations campaign to protect and restore the brand image.

Using and implementing cyber insurance.

 

As you can see, cyber security planning is no longer just about protecting the system from hacking, but it involves acknowledging in advance that the system can be detected and setting up a strong response system that will help the organization recover successfully from cyber-attacks in the short term.

The main purpose of cyber security is to protect any system from malware attack or hijacking.

 

Now, the question is - What is Malware?

 Malicious software, or malware, is a term used to describe software designed to disrupt computer operations, or gain access to computer systems, without the user's knowledge or permission. Malware has become an umbrella term used to describe all hostile or intrusive software. The term malware includes computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. Malware may be obvious and simple to identify or it can be very stealthy and almost impossible to detect.

·       Viruses

A virus is malicious executable code attached to another executable file, such as a legitimate program. Most viruses require end-user initiation, and can activate at a specific time or date. Computer viruses usually spread in one of three ways: from removable media; from downloads off the Internet; and from email attachments. Viruses can be harmless and simply display a picture or they can be destructive, such as those that modify or delete data. In order to avoid detection, a virus mutates. The simple act of opening a file can trigger a virus. A boot sector, or file system virus, infects USB flash drives and can spread to the system’s hard disk. Executing a specific program can activate a program virus. Once the program virus is active, it will usually infect other programs on the computer or other computers on the network. The Melissa Virus was an example of a virus spread via email. Melissa affected tens of thousands of users and caused an estimated $1.2 billion in damage.

·       Worms

Worms are malicious code that replicates by independently exploiting vulnerabilities in networks. Worms usually slow down networks. Whereas a virus requires a host program to run, worms can run by themselves. Other than the initial infection, worms no longer require user participation. After a worm affects a host, it is able to spread very quickly over the network. Worms share similar patterns. They all have an enabling vulnerability, a way to propagate themselves, and they all contain a payload.

Worms are responsible for some of the most devastating attacks on the Internet. For example, in 2001, the Code Red worm infected 658 servers. Within 19 hours, the worm infected over 300,000 servers.

  •    Trojan horse

A Trojan horse is malware that carries out malicious operations under the guise of a desired operation such as playing an online game. This malicious code exploits the privileges of the user that runs it. A Trojan horse differs from a virus because the Trojan binds itself to non-executable files, such as image files, audio files, or games.



 Risk management in cyber security:

Risks are part of everyday life and something we are all instinctively familiar with. A risk is the possibility of something happening with a negative consequence. Managing risk is at the heart of most businesses and the core of many industries.

All risks are not equally important. Certain risks may require urgent attention whereas others may be ignored.

Basic equation to calculate the value of a risk:

Risk value = Consequence x Likelihood


Consequence is the impact and associated damages.

Likelihood is how often the risk impact occurs.

 

Risk Response

 

Once an organization has assessed all of its risks, the emphasis is then placed upon risk management, or response. In general, there are four responses to a risk that an organization could choose. The following table describes them. 

Accept The organization accepts the risk in its current form. This is a decision that will be made by a senior individual within the organization, referred to as a “risk owner”.

Reduce The organization could decide a risk is too large to accept and aim to have it reduced in some fashion. This could either be through reducing the likelihood or consequence.

Transfer The organization may want a third party to accept the risk, or part of it, instead of accepting it themselves. This is done via insurance.

Reject The organization could decide a risk is too high and may withdraw from being affected by it. This will have significant business impacts such as shutting down sites or avoiding markets.

 Credits & References: Kushal Deulkar and Yash Bhoskar (Team Tech Tuesday)

Cisco cyber security

NOTE:

This blog is meant for Educational Purpose only .We do not own any Copyrights related to images and information , all the rights goes to their respective owners . The soul purpose of this blog is to Educate, Inspire, Empower and to create awareness in the viewers. The usage is non-commercial(Not For Profit) and we do not make any money from it.



                                                                                                                            

                                                                                                                                

Comments

Post a Comment

Popular posts from this blog

Managing Radioactive Waste: Modern Solutions and Innovations

Image
  Modern Solutions for Radioactive Waste Nuclear energy has been one of the few advances we have made to lower our carbon footprint. Nuclear is the world's second largest source of low-carbon power (26% of the total in 2020). Even though nuclear energy is one of the most efficient ways of producing energy, it has been well opposed by many due to the many issues it brings with it, one of them being radioactive waste. Inside nuclear power plants, nuclear reactors and their equipment contain and control the chain reactions, most commonly fueled by uranium-235, to produce heat through fission. The heat warms the reactor’s cooling agent, typically water, to produce steam. The steam is then channeled to spin turbines, activating an electric generator to create low-carbon electricity. During this process, the power plants produce radioactive waste with varying levels of radioactivity which have to be disposed off properly to prevent any mishaps.  This includes its collection and sorting;
Read more

WEB 3.0

Image
  Imagine a world where the internet isn't just a place to browse, shop, and share cat videos, but a decentralized network of interconnected platforms and applications that give users control over their data, privacy, and digital identity. This is the vision of Web 3.0, the next evolution of the internet that promises to transform the way we interact with technology and each other. From blockchain-based social networks and peer-to-peer marketplaces to AI-powered chatbots and immersive virtual worlds, Web 3.0 is poised to unlock a new era of innovation, collaboration, and value creation. But what exactly is Web 3.0, and how does it differ from the current web we know? Let's dive in.   HISTORY: WEB 1.0 and WEB 2.0 Web 1.0, also known as the "static web," emerged in the late 1990s and early 2000s. It was characterized by simple, static web pages that provided information but didn't allow for much interactivity or user participation. Websites were largely created and
Read more

TECHNOLOGY IN SPORTS: CRICKET

Image
  TECHNOLOGY IN SPORTS: CRICKET So as we are approaching the ICC worldcup which will be hosted by India this year, let us address one of the very common questions that most people get while watching this sport. How do the umpires use Snicko and Hotspot? SNICKO: The Snickometer, more commonly called the Snicko, or as we call it, the Ultra-edge, is used to check whether the ball has edged the bat or glove in some way, during the judgement of dismissals of Leg Before Wicket, or Caught behind.  The Snickometer was invented by English computer scientist Allan Plaskett in the mid-1990s. The snickometer was introduced by Channel 4 in the UK, who also introduced the Hawk-Eye and the Red Zone, in 1999.  So how does this work?  The Snickometer uses a very sensitive mic attached to the stumps which is connected to an oscilloscope that measures the sound waves. The mic captures the sound at the moment when the ball nicks the bat. The sound is amplified and filtered out to certain frequencies using
Read more