What is Cyber Security or Computer Security or Information Technology Security? It's the practice of protecting computers, mobile phones, servers, electronic systems, IoT, and other devices, networks, and data from malicious attacks that disrupts the services they provide.
There are some common categories that we can classify Cyber Security:
🢂 Application and System security
🢂 Network security
🢂 Information and Data security
🢂 Disaster recovery and business continuity
🢂 Operational security
🢂 End-user Learning
The threat is real, and it is growing.
Cyber threats are increasing in numbers and becoming more complex every year. There are even reports that the data exposed every year double. As the pandemic raged on, medical services have become the most targeted, retailers, public, government, and private entities are targeted as well. Cybercriminals aim to acquire financial and medical data. In fact, any business that uses networks can be attacked for their customer data or even for corporate espionage.
Spending on Cyber Security to combat these threats are already critical and may reach billions by next year. This is probably why a lot of governments have taken the hint and are already giving guidance so that better and more effective Cyber Security practices can be put in place.
The NIST, or National Institute of Standards and Technology, has forged a Cyber Security Framework, you can take a look at their website here: https://www.nist.gov/cyberframework
Skimming through the framework, you'll know they recommend one thing-- constant, vigilant, monitoring.
Now, how do Cyber Criminals do the deed? Watch out for these common tricks:
Malware is a portmanteau of malicious and software. It's software, application, code, script, that is used to damage or disrupt a computer. It's spread through email, downloads, or even through external drives. Most of the time, it's because of money, but they can also be politically motivated.
Types of Malware
➽ Virus: Like the biological ones, it replicates, attaches to a clean host file then infects your system.
➽ Trojans: Named for the Trojan Horse, it hides inside real software. Once the user opens up that software, it runs smoothly, not knowing that a Trojan has been released and can now cause damage.
➽ Spyware: Another word combination-- spy + software. It's malware that records and steals information, it can be a password or a credit card.
➽ Adware: Malware inside advertising software.
➽ Botnets: Malware infected computers, used by cybercriminals to perform tasks over the internet without permission from the legitimate user.
➽ Ransomware: Ah, the infamous one. No matter if you are a tech or not, this kind of Malware has been in the news. It's Malware that locks down a user’s files and data, even entire systems. The files and data are held in ransom until the perpetrators are paid.
2. SQL injection
Through an SQL or structured language query injection, a cybercriminal can take control and steal data from a database. Using a malicious SQL Statement, Cybercriminals exploit vulnerabilities in database applications to insert malicious code and take lead. Imagine all the kinds of information they have access to when this happens.
That email from your financial institution, or your boss, that looks so real asking you for some sensitive information? That's a Phishing email. Phishing attacks steal your information, like credit card data, or app PINs, for financial gain. It can also take the form of SMS, called Smishing.
4. Man-in-the-middle attack
Nope, not that Michael Jackson song. A man-in-the-middle attack happens when a cybercriminal comes between two individuals and intercepts their communication. For example, in an open Wi-Fi in a cafe, a person can intercept the data from one person's device going to the internet by using tools that pretend to be the Wi-Fi.
5. Denial-of-service attack
A denial-of-service attack happens when a website or a computer system is bombarded with traffic that overwhelms the networks and servers. Essentially, the system becomes unusable as it can no longer get legitimate requests and the system is stopped.
These are just the most common forms of Cyber threats. As technology evolves and takes other forms, we will continue to seek better protection methods and the criminals will find other ways to create cyber security threats.
That's what Cyber Security or Computer Security or Information Technology Security is in a nutshell. That's our first peek into this deep dark world. Now that you have an idea about how these threats are initiated, delivered, and get inside your system, our next blog will deal with how you can protect and arm yourself from these threats and cyber attacks. Don't worry, Boom Logic's got your back.