The express expansion of Information Technology to the four corners of the world, though has increased connectivity, it has also compromised individual privacy. Statistics confirm this unambiguously and comprehensively:
A 2014 report sponsored by McAfee estimated that cybercrime had resulted in $445 billion USD in annual damage to the global economy. The World Economic Forum 2020 Global Risk Report confirmed that organized cybercrime groups were joining forces to commit criminal activities online, while estimating the likelihood of their detection and prosecution to be less than 1 percent in the US.
The importance of Cyber Security in such a state of affairs cannot be thus overemphasized by any sake.
Methods of Attack
There are many ways that Cyber Criminals carry out their attack:
- Malware: These are maliciously designed software that slip-in, when legitimate-looking email attachments or downloads are accessed. With these the hacker can disrupt and damage the user’s computer or gain unauthorized entry. There are many types of malware:
- Virus: A Virus is a self-replicating program that attaches itself to a clean file and spreads throughout the system infecting files with malicious code
- Trojans: They are a disguised piece of code that may collect information or damage the user’s computer
- Spyware: It is a program that monitors the user’s activity and transmits information to the hacker secretly. For example the spyware could collect credit card details
- Ransomware: This is a malware that blocks access to files and folders demanding a ransom for them
- Adware: Adware is malware hidden in innocent-looking advertisements
- SQL injection: SQL stands for Structured Query Language. Cybercriminals exploit the vulnerabilities in data-driven applications by inserting malicious SQLs and steal data.
- Phishing: Here, scammers send genuine-looking emails soliciting sensitive information like credit card details and login information.
- Man-in-the-middle attack: Here a cyber criminal intercepts communication between two parties and steals data. For example, this could happen in the case of an insecure WiFi.
- Denial-of-service attack: Here the cyber criminal floods the network with traffic, so that it is incapable of normal service.
Types of Security
Cyber Security is of the following types:
- Network Security: Most attacks happen over the Network and tools like Antivirus and Firewall form the front-line defense here.
- Cloud Security: To safeguard the cloud network, there are tools like two factor authentication and encryption. Two factor authentication secures logins and encryption codifies data.
- Endpoint Security: This type of security is for user nodes like personal computers and laptops. Advanced antivirus solutions, as part of endpoint security, communicate with each other to prevent attacks from repeating at other endpoints.
- Mobile Security: A secure mobile security environment offers protection in six primary areas: enterprise mobility management, email security, endpoint protection, VPN, secure gateways and cloud access broker
- IoT Security: Security for IoT devices can be enhanced by using Public Key Interfaces (PKI) and Digital Certificates. This way client-server interactions can be kept private.
- Application Security: In this type of security the aim is to protect software application code and data from cyber threats. Web Application Firewall (WAF) and Runtime Application Self Protection (RASP) are two ways to implement this.
Cyber Security Evolution
Cyber Security Evolution is generally divided into the following generations:
- Gen I (Virus): The first attacks started in the late 1980s against standalone computers. This inspired the first wave of antivirus solutions.
- Gen II (Network): As the internet expanded, cyber attacks came through the network. Thus the firewall was introduced.
- Gen III (Applications): To barricade against the vulnerabilities of newly launched Applications, Intrusion Prevention Systems (IPS) were introduced
- Gen IV (Payload): As malware became more targeted and able to evade signature based defenses, anti-bot and sandboxing solutions were introduced
- Gen V (Mega): This is the latest generation where large-scale and multi-vector attacks have to be handled
As fraudsters get smarter and evolve with time, Cyber Security needs to up its game. The advances of Information Technology germinate vast possibilities for both legitimate and ill-legitimate uses. In such a fluid situation, Cyber Security Professionals need to be ever-more vigilant and ready to anticipate novel Cyber Attacks.