Due To The Deleterious Impact Of Cyber Security Threats

Why cyber security?

In today’s’ society we are increasingly connected, increasingly sharing, increasingly growing, learning, modernizing and finding faster, simpler ways to live, work and everything in between. We are increasingly digitizing our work, making everything more accessible to us without physical limits, improving the efficiency of living, but often at the expense of our security.

Cyber Security In the tone of our rapidly digitizing world, we find ourselves relying on smart devices, phones, computers, tablets, televisions. We connect with each other over wifi, Bluetooth, networks where information is stored and transmitted virtually across the world in seconds, to anyone interested in retrieving it. But should you be concerned about who is retrieving your information? Yes you should.

The credit card details that you saved on your Amazon account for 1-click shopping, what if that got into the wrong hands. The personal mailing addresses of all your family members that you saved in your online database so you could send out those Christmas cards on time this year. What if they got into the wrong hands. All your bank account information, private details about your medical treatment, those inter-office emails where you shared what you really thought about your boss, private, intimate photos you sent ‘for your eyes only’. All things we share over computer network, expecting them to be secure and unavailable,untainted and untouchable without our permission, but the fallacy of perfect cyber privacy is why it is critical that we have cyber security.

What is cyber security?

Cyber security is a practical field concerned with protecting computers, virtual networks, programs, software, apps and data from unintended or unauthorized access, changes or destruction.

When computer hardware, software, system and data are not properly protected, it could be just a mild inconvenience in one instance, if per se your favourite celeb gab website is temporarily closed,or a life-changing set-back if your bank accounts have been wiped clean without a trace. Cyber security, or rather the need for cyber security captures every attack on computing systems that can occur between these two extremes and the practical ways to prevent such attacks. On a national scale, consider the impact of inadequate cyber security at large banks, schools, government data banks and such. The risks of improperly secured computer systems are monumental.

There are three aspects of cyber security that must be protected:

1.    Confidentiality

Keep data secret from non-participants

2.    Integrity

Keep data from being modified

Keep it functioning properly

3.    Availability

Keep the system running and reachable

However confidentiality, integrity and availability may come under attack accidentally or intentionally.  The field of cyber security is primarily focused on:

1.    Vulnerabilities and Threats; and
2.    Countermeasures

A vulnerability is  a  weakness  which  allows  an  attacker  to  reduce  a  system’s  information assurance. They are risks that undermine the confidentially, integrity and availability of computing systems and technology. Cyber security is concerned with designing and managing systems in a way that mitigates against these vulnerabilities and threats.

Cyber Security

Although the types and forms of cyber attacks are evolving rapidly every day, vulnerabilities and threats can take several general forms:

1.    Backdoor Attacks – Any secret method of bypassing normal authentication or security controls in place, securing remote access to a computer while attempting to remain undetected. A backdoor may exist by design or due to a faulty configuration.

2.    Denial of Service Attacks – Unlike other types of attacks DOS attacks are not used to gain access or control of a system but rather to render it unusable. These times of attacks are designed to make a piece of hardware, software or network unavailable to its users. These types of attacks can be directed towards preventing access by a particular user, or may generally block access to all users.

3.    Direct Access Attacks – This type of attack involves an unauthorized party gaining directly physical access to a piece of hardware or system in such a way that they can directly control and/or affect the integrity of the data therein, and unleash any number of other attacks while in physical control of the system. This compromise of cyber securitymay involve system modification, installing malicious software worms,  viruses, keyloggers, cameras, audio recording devices in order to infringe further upon the security of the system.

4.    Eavesdropping – This is as the deliberate diversion of a conversation to parties not intended to be included in the conversation.

5.    Spoofing – The masquerading of a person or program to appear to be another.

6.    Tampering – The malicious and deliberate modification of products in a way that would make them harmful to users

7.    Repudiation – A challenge being posed on a legitimate signature.

8.    PrivilegeEscalation – The ability of an attacker to successfully gain authority in a domain to which they have not been intentionally granted access.  Exploiting a vulnerability in order for an outsider to gain insider access to the system.

9.    Phishing-This is the masquerading of a webpage to look almost identical to another in order to ‘trick’ users into entering and transmitting data to an unintended source. Usually mimicking credit card payment pages and email login pages in order to collect sensitive information.

10.    Clickjacking – A configuration on systems that ‘hikjacks’ intentional clicks by users and directs them to unintended, usually irrelevant places.

11.    Exploits – A piece of software, chunk of data or sequence of commands that take advantage of a glitch or ‘bug’ in software causing it to respond in an undesired way.

12.    Trojans  and Viruses – Malware disguised as legitimate software that attacks systems, data and network functions.

These forms of vulnerabilities are designed and manifested in many forms and can wreak havoc on computer systems, rendering them unusable or leave them poorly functioning in a way that disrupts daily lives, functions of business, government systems and global processes. Due to the deleterious impact of cyber security threats, countermeasures are constantly being designed.

Cyber Security

These are actions, procedures, protocols or devices that when commissioned have the potential to reduce or eliminate vulnerabilities, threats and attacks. Countermeasures mitigate the changes of security breaches, the harm caused by them or involve reporting frameworks so that attacks on cyber security can be discovered, reported and repaired in as expeditious way as possible.

Countermeasures involve the use of security measures such as user account access controls, cryptography, firewalls and intrusion Detection Systems. It is focused on reducing vulnerabilities firstly, through improved system design, sophisticated system architecture, use of hardware protection mechanisms, securing operating systems and increasing the general efficiency and authentication controls of systems. The last part and no less important part of countermeasures concerns effective and timely reporting mechanisms, in order to contain security breaches, trace attackers, detain cyber criminals and highlight system glitches/vulnerabilities so that they can be corrected, the security of the system restored and improved overall.

In conclusion, the cyber world is very enticing, convenient, fast and efficient. But these benefits come at the expense of an ever-expanding range of cyber security threats. However, efforts can and will always be needed to mitigate the success of these attacks and countermeasures are an integral part of cyber security design.