Cyber Security Awareness

Imagine a world without security measures. Sounds chaotic, right? Now imagine the internet without security. Security is critical in all aspects of life, and because we live in an age where everything is interconnected, and personal information is transmitted across websites, networks, and software programs, they must be protected at all costs.

There are many individuals across the globe who have one or more internet-connected devices with them at all times. More than a few hands would be raised if we requested to know those who have their passwords saved on the internet so that they do not have to recollect them from memory every time they want to log into an app.

There are a good number of individuals who believe that having a password is sufficient protection against attacks from malicious people, but is this actually true?

According to research, the most commonly hacked passwords among individuals are;

1. 123456
2. 123456789
3. qwerty
4. 1234567890
5. 111111
6. qwerty123
7. 1q2w3e
8. 12345678
9. 12345
10. Password

Imagine how simple it would be for any hacker to gain access to your devices and critical data with weak passwords like the samples listed above. What if hackers gained access to all the sensitive data we submit to networks and services? I am confident that we can infer what would happen as a result.

Due to the rising frequency of security threats on the internet, including malware, ransomware, and a long list of other security issues, people and businesses have suffered significant damage and continue to suffer harm. In this article, we’ll address and shed more light on cyber security, including certain principles and security concerns that we should be aware of.

The deployment of ways to safeguard networks, systems, and programs from digital threats is referred to as "security."

These attacks are typically carried out to gain access to, alter, and destroy crucial information for personal benefit and status. To prevent cyber dangers and manipulation, everyone should be educated on cyber security concerns and ensure that their online presence is secure. The goal of cyber security is to keep our data and information safe from intruders who want to tamper with them or manipulate them for personal gain.

Cybersecurity is a subset of information security, also known as "Infosec," and can be defined as the process of securing information through mitigating information risks. The Cybersecurity & Infrastructure Security Agency (CISA), in collaboration with the National Cyber Security Alliance, observes National Cyber Security Awareness Month in October to highlight the importance of cyber security. Several events are held to offer information about detecting and responding to cyber-attacks.

Networks, applications, the cloud, the Internet of Things (IoT), mobile devices, etc. are all impacted by cyber security assaults. This is where cyber security principles come into play; they help to manage and reduce risks both inside and outside the bounds of networks and systems. There are three pillars from which, cyber security is formed, or the "triad of cybersecurity," which are specific guidelines to adhere to, and they are:

1. Confidentiality

Data and information should be kept private, and communication and information should be protected from illegal access. This means that only authorized individuals should have access to certain data or information. This is vital for security, and it is possible with data encryption.

If a communication is sent in plain text, an attacker can easily read the message. To ensure that an attacker cannot read the information, we can encrypt the data in the network in an unreadable manner. We must preserve integrity in order to prevent the hacker or attacker from tampering with the data.

2. Integrity

Integrity ensures that the encrypted data has not been altered or tampered with. To maintain integrity, we must employ a technique known as Hashing. Hashing transforms data into a code that never changes. The receiver can decrypt the code by calculating the hash of the message and comparing it to what the sender sent.

3. Availability

When a server is attacked and we are unable to access or utilize a website, this downtime will result in a loss of business. Data should be accessible whenever it is needed. A system needs computational power, communication routes, and security safeguards. It also needs a strong defense against hardware failures, cyberattacks, and power outages.

An offensive, illegal system or network assault undertaken by a third party is referred to as a "cyber-attack."

This malicious attempt tries to disable, disrupt, destroy, or take control of computer systems in addition to altering, blocking, erasing, manipulating, or stealing the data kept there. A cyber-attack can be launched by any person or group from any location using one or more different attack tactics.

Malware: Any software created by hackers to disrupt or harm a computer, server, or network is known as malware or malicious software.

Phishing attack: A phishing assault is a type of social engineering attack in which the attacker sends a fake or false message in order to fool a person into disclosing essential information in order to distribute dangerous software. It is frequently used to steal login information, credit card information, and so forth. The attacker intercepts and transmits communications between two parties that believe they are conversing with each other. The attacker then controls the entire discussion.

Password attack: Attackers who target passwords utilize programs that guess or crack passwords. The many password attacks include;

• Brute force: This attack occurs when an attacker attempts to guess a password by repeating all possible transmissions of a set of characters, and symbols, and communicating with others until the correct combination is obtained.

• Dictionary Attack: This is carried out by iterating through commonly used passwords.

• Password Spraying: This is achieved by attempting to access thousands of accounts at once, trying commonly used passwords in hopes that one clicks.

DDOS (Denial of Service) attack: This is a malicious cyber-attack that cybercriminals employ to disrupt the traffic flow of online services, network resources, or servers.

Zero-Day Exploit: This is an assault carried out by cyber criminals who find system weaknesses or vulnerabilities and exploit them before developers or engineers can repair them.

Watering hole attack: This is a security flaw that allows an attacker to infect popular websites used by members of a certain industry or group by tricking them into visiting a malicious website.

You have likely come across the terms "hackers" and "attackers" throughout this article.

Hackers are people with advanced computer knowledge who use their knowledge to bypass cybersecurity measures to gain illegal access.

To do so, they identify and take advantage of a flaw in computer systems and/or networks. There are various categories for both hackers and the act of hacking; let's look at each category to see what kind of hacking is involved;

Black Hat Hackers:

Also known as “crackers,” these hackers infiltrate your computer network using malware, "fishing," and other forms of attack in order to steal or delete files, whether out of vengeance or for monetary gain. Kevin Poulsen, Adrian Lamo, and Kevin Mitnick are three of the most well-known and renowned black-hat attackers.

White Hat Hackers:

They are expert cyber security professionals who utilize their knowledge to identify weaknesses in networks and systems. White-hat hackers are permitted to assault the system and initiate malicious assaults in order to find weaknesses.

Gray Hat Hackers:

These hybridized white-and-black attackers assault systems, notify the appropriate parties, and demand payment. If the bounty is not collected; they can turn hostile and cause further damage.

Suicidal Hacker:

This group of hackers typically breaches systems and networks without concern for the repercussions of being discovered.

Cyber Terrorist:

Most often, this involves harm to human life. These attackers commit violent crimes by making grave and deadly threats in order to further their political or ideological goals.

Hacktivists:

These hackers typically have political agendas, and they engage in activism by using computer technology to enact or enforce change.

Script Kiddies:

This category includes novice or inexperienced computer hackers who access computers using pre-existing computer scripts or programs.

The implications of a data breach include but are not limited to, the loss of crucial information, reputational damage, and financial loss. Therefore, managing cyber risks such as data breaches requires an integrated approach designed to prevent, limit, and respond promptly in the event of an attack. This can be achieved via a process known as "security risk assessment." What exactly does this mean?

"Security risk assessment" consists of processes and techniques that examine the attack surface. It is vital for security teams to identify the numerous ways in which their system could be attacked and to put in place security measures to prevent such an assault from occurring. The evaluation involves;

1. Vulnerability: This can be discovered by assessing a system's or application's capacity to survive exploitation, including security protections and controls. This procedure scans networks for security flaws, identifying vulnerabilities in computer systems, networks, and communication channels.

2. Penetration testing: This is an authorized simulated attack on a computer system to establish its level of security by the use of technology tools and methods to demonstrate the meaning of a system's weakness.

The testing or evaluation described above is often undertaken by large corporations or organizations that supply products and services; nevertheless, as people who have signed up for these services, we must also apply security measures in our own tiny way.

You can limit the likelihood of a data breach by being knowledgeable of the various protocols, exploits, tools, and resources used by malicious actors. Here are some mechanisms that help reduce the risk of being attacked:

1. 2FA (Two-factor Authentication): This is an additional numeric code that will expire once used. Because this information changes with each use, attackers have a tough time gaining access.

2. Password Managers: This is password management software that may be installed on your computer, phone, or other devices. It generates random passcodes for you to use when logging into various websites where you have registered.

Every time you visit the same page, the password manager will download a new code for you to use. This is not to imply that your password manager should not be secured by a security feature on your phone or laptop, such as Face ID, fingerprint recognition, or a primary password. Some of these password managers are free, such as Last Pass, credential manager, keychain, and others.

3. End-to-end encryption: This is a secure communication mechanism that prevents third parties from accessing data while it is being delivered through a server. Consider it like a secret communication that can only be understood by the two parties involved, making it difficult for unauthorized parties to obtain the information. Companies such as Meta employ this communication technology, as do WhatsApp, Zoom, and others.

4. Incognito Mode: Incognito mode deletes locally stored information such as cookies. It's essentially a privacy mode that keeps your data safe from prying eyes. It's especially beneficial if you're using someone else's device and don't want any information, such as your passwords or URL history, to be viewed by anybody else.

5. Firewalls: The usage of firewalls and other network security solutions like as intrusion prevention systems, access control, application security, and so on aids in the prevention of cyber assaults on your systems, network, and devices.

Knowing about internet security threats, such as viruses and ransomware, allows you to navigate the internet with caution. As a person who relies heavily on the internet, it's important to understand all of the risks you may face in your personal life or as a business owner, for example. The truth is that when an attack is directed at an individual or organization for any reason, no one is spared, and crucial information, papers, and cash can be destroyed if proper safeguards are not taken.