A rundown on cybersecurity & threats
In 2009, a person from Miami hacked the payment card network from companies & stole tens of millions of credit card and debit card numbers from over 250 financial institutions.
Three healthcare payer organizations had been attacked in the United States in 2014 and 2015 & netted information on more than 91 million people.
In 2016, 3.2 million debit cards from major banks of India were compromised.
In 2017, Equifax Inc. announced that a cyber-security breach occurred between May to mid-July of that year. Cybercriminals had accessed approximately 145.5 million U.S. Equifax consumers’ personal data, including their full names, Social Security numbers, credit card information, birth dates, addresses, and, in some cases, driver’s license numbers.
Cybercrime generates many such spine-chilling headlines reporting huge data breaches at major corporations and computing systems of government agencies being shut down for ransom. The increased risk of Cyber threats is real. Cyberattacks can cause electrical blackouts, failure of military equipment, and breaches of national security secrets. They can result in the theft of valuable, sensitive data like health & financial records. They can disrupt phone and computer networks or paralyze systems, making data unavailable. It isn’t an overstatement that cyberattacks and digital spying are the top threat to national security, eclipsing even terrorism.
But, cybercrime isn’t just a major issue only for big businesses and national governments. Cybercriminals target individuals as relentlessly as they go after large companies and organizations. It’s not an exaggeration to say that cyber threats may affect the functioning of life as we know it.
Important terminologies of Cybersecurity
Let’s go a little back in history.
The word ‘cyber’ came from cybernetics. In the late 1940s, cybernetics arose as the study of control systems and communications between people and machines. Cyber is a neologism based on cybernetics.
Anything relating to computing, such as the internet, falls under the cyber category. It can relate to all aspects of computing, including storing, accessing, processing, and transmitting data.
Where cyberspace is the environment where data storage and communications using computer networks occur. Cyberspace describes the flow of digital data through the network of interconnected computers & devices.
A cyberattack is a standoff attack to disrupt, disable, destroy, or control a computing environment or to access controlled information.
Cybercrime is any crime that is carried out using information technology or which targets information technology.
In the course of doing business, organizations are generating, transmitting, collecting, processing, and storing unprecedented amounts of data in cyberspace. A good portion of the data is sensitive information which might be health, financial records, or data related to national security.
Cybersecurity is “the ability to protect or defend the use of cyberspace from cyberattacks”
The bonafide objective of cybersecurity is to protect sensitive business & personal information and the systems used to process or store it. But it’s further-reaching it. Cybersecurity now intends to protect all things such as networks, devices, programs, and data accessible in cyberspace from electronic attack, damage, or unauthorized access.
Intents & sources of Cybersecurity Threats
The broad intents of cyber threats are financial gain, information gathering, and causing disruptions.
Cyber threats come from a variety of places, people, and contexts. Malicious actors include individual hackers, organized crime syndicates, nation-states, terrorists, business rivals, industrial spies, and disgruntled insiders.
Terrorist organizations & Nation-states are the sources of many of the most serious attacks. Terrorist groups use information technology to further their political agenda. Cyberterrorism is intended to undermine electronic systems to cause panic or fear by terrorist organizations.
There are several different versions of nation-state cyber threats. Some are basic espionage — trying to gather another country’s national secrets. Others are aimed at disruption. These are the so-called “cyber weapons” that might be used to shut off electricity in enemy territory during a war. Cyberwarfare has been acknowledged as the fifth domain of warfare.
Many cyber threats are bought and sold on the “dark web,” an inconspicuous online bazaar where nefarious elements can buy ransomware, malware, credentials for breached systems, and more. The dark web serves as threat-multipliers, with one hacker being able to sell his or her creation time and again.
Types of Cyberthreats
In terms of attack techniques, criminal elements have an abundance of options.
Malware: Malware means malicious software that a cybercriminal or hacker has created to disrupt or damage a legitimate user’s computer, device, or other computing hardware. Often spread via an unsolicited email attachment or legitimate-looking download, malware may be used by cybercriminals to make money or in politically motivated cyber-attacks. There are a number of different types of malware, including:
Virus: A self-replicating program that attaches itself to clean files and spreads throughout a computer system, infecting files with malicious code.
Trojans: A type of malware that is disguised as legitimate software. Cybercriminals trick users into uploading Trojans onto their computers where they cause damage or collect data.
Spyware: A program that secretly records what a user does, so that cybercriminals can make use of this information. For example, spyware could capture credit card details.
Ransomware: Malware that locks down a user’s files and data, with the threat of erasing it unless a ransom is paid.
Adware: Advertising software which can be used to spread malware.
Botnets: Networks of malware-infected computers that cybercriminals use to perform tasks online without the user’s permission.
Phishing: An email-borne attack that involves tricking the email recipient into disclosing confidential information or downloading malware by clicking on a hyperlink in the message.
Spear Phishing: A more sophisticated form of phishing where the attacker learns about the victim and impersonates someone he or she knows and trusts.
Man in the Middle (MitM) attack: Where an attacker establishes a position between the sender and recipient of electronic messages and intercepts them, perhaps changing them in transit. The sender and recipient believe they are communicating directly with one another. A MitM attack might be used in the military to confuse an enemy.
Denial of Service attack or Distributed Denial of Service Attack (DDoS). Where an attacker takes over many (perhaps thousands) of devices and uses them to invoke the functions of a target system, e.g. a website, causing it to crash from an overload of demand.
Attacks on IoT Devices. IoT devices like industrial sensors are vulnerable to multiple types of cyber threats. These include hackers taking over the device to make it part of a DDoS attack and unauthorized access to data being collected by the device. Given their numbers, geographic distribution, and frequently out-of-date operating systems, IoT devices are a prime target for malicious actors.
Data Breaches. A data breach is a theft of data by a malicious actor. Motives for data breaches include crime (i.e. identity theft), a desire to embarrass an institution (e.g. Edward Snowden or the DNC hack), and espionage.
SQL injection An SQL (structured language query) injection is a type of cyber-attack used to take control of and steal data from a database. Cybercriminals exploit vulnerabilities in data-driven applications to insert malicious code into a database via a malicious SQL statement. This gives them access to the sensitive information contained in the database.
Latest cyber threats
Dridex malware
Dridex is a financial trojan with a range of capabilities. Affecting victims since 2014, it infects computers through phishing emails or existing malware. Capable of stealing passwords, banking details, and personal data which can be used in fraudulent transactions, it has caused massive financial losses amounting to hundreds of millions.
Romance scams
In February 2020, the FBI warned U.S. citizens to be aware of confidence fraud that cybercriminals commit using dating sites, chat rooms, and apps. Perpetrators take advantage of people seeking new partners, duping victims into giving away personal data.
The FBI reports that romance cyber threats affected 114 victims in New Mexico in 2019, with financial losses amounting to $1.6 million.
Emotet malware
In late 2019, The Australian Cyber Security Centre warned national organizations about a widespread global cyber threat from Emotet malware.
Emotet is a sophisticated Trojan that can steal data and also load other malware. Emotet thrives on unsophisticated passwords: a reminder of the importance of creating a secure password to guard against cyber threats.
Emerging Cyber Threats
Cyber threats are ever-evolving. Millions of them being created each year and they are becoming more potent. The new generation of “zero-day” threats carry no discernable digital signatures and traditional measures are ineffective in countering them. Then there are “Advanced Persistent Threats” (APTs).
As Business Insider describes APTs, “It’s the best way to define the hackers who burrow into networks and maintain ‘persistence’ — a connection that can’t be stopped simply by software updates or rebooting a computer.”
The notorious Sony Pictures hack is an example of an APT, where a nation-state actor lurked inside the company’s network for months, evading detection while exfiltrating enormous amounts of data.
Challenges of cybersecurity
The foundation of any organization’s information security is built on three CIA principles- Confidentiality, Integrity, Availability.
- Confidentiality: Only authorized parties have access to sensitive information and functions.
- Integrity: Only authorized people and means can modify, add, or remove sensitive information and functions.
- Availability: Systems, functions, and data must be available on-demand according to service level agreement.
An organization requires to encompass its entire information system for effective cybersecurity.
Network security: The process of securing a computer network from intruders & protecting it from the intentional or unintentional breach.
Data security: Protects the integrity and privacy of data, both in storage and in transit.
Endpoint security: Remote access is an essential part of business, but has the potential to become the weak link. Endpoint security is the process of protecting remote access to an organization’s network.
Disaster recovery/business continuity planning: It defines how an organization responds to a cyber-security incident or any other event that causes the loss of operations or data. Disaster recovery policies dictate how the organization restores its operations and information to return to the same operating capacity as before the event. Business continuity is the plan the organization falls back on while trying to operate without certain resources.
Application security: Apps require regular updates and testing to secure the programs from attacks. A compromised application could provide access to the data it's designed to protect. Successful security begins in the design stage, well before a program or device is deployed.
Mobile security: Cell phones and tablets involve virtually every type of security challenge in and of themselves.
Database and infrastructure security: Everything in a network involves databases and physical equipment. Protecting these devices is equally important.
Identity management is a process of managing the access every individual has in an organization.
Operational security includes the processes and decisions for handling and protecting data assets. The permissions users have when accessing a network and the procedures that determine how and where data may be stored or shared all fall under this umbrella.
Cloud security: Many files are in digital environments or “the cloud”. Protecting data in a 100% online environment presents a large number of challenges.
End-user education: It addresses the most unpredictable cyber-security factor- people. Anyone can accidentally introduce a virus to an otherwise secure system by failing to follow good security practices. Teaching users to delete suspicious email attachments, not plug in unidentified USB drives, and various other important lessons (password changes, 2-factor authentication, etc.) are vital for the security of any organization.
Summary
The most arduous challenge in cybersecurity is the ever-evolving nature of security risks themselves. Traditionally, the focus was on perimeter security to protect only the most critical components and defend against known threats. Today, this approach is insufficient, as the threats advance and evolve more rapidly than organizations can keep pace with. As a result, advisory organizations issue more proactive and adaptive approaches to cybersecurity.
The National Institute of Standards and Technology (NIST) issued guidelines in its risk assessment framework that recommend a shift toward continuous monitoring and real-time assessments, a data-focused approach to security as opposed to the traditional perimeter-based model.
The National Cyber Security Alliance, through SafeOnline.org, recommends a top-down approach to cybersecurity in which corporate management leads the charge in prioritizing cybersecurity management across all business practices. NCSA advises that companies must be prepared to
“respond to the inevitable cyber incident, restore normal operations, and ensure that company assets and the company’s reputation are protected.”
NCSA’s guidelines for conducting cyber risk assessments focus on three key areas:
Identifying your organization’s “crown jewels,” or your most valuable information requiring protection.
Identifying the threats and risks facing that information.
Outlining the damage your organization would incur should that data be lost or wrongfully exposed.
Cyber risk assessments should be very careful about the regulations that impact the way organization collects, stores, and secures data, such as PCI-DSS, HIPAA, SOX, FISMA, and others.
Cybersecurity is an ever-evolving field and its best practices must evolve to counter the increasingly sophisticated next-generation cyber threats.
