Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
We can also define cybersecurity as the set of principles and practices designed to protect
our computing resources and online information against threats. Due to the heavy
dependency on computers in a modern industry that store and transmit an abundance of
confidential and essential information about the people, cybersecurity is a critical function
and needed insurance of many businesses.
We live in a digital era which understands that our private information is more vulnerable
than ever before. We all live in a world which is networked together, from internet banking
to government infrastructure, where data is stored on computers and other devices. A
portion of that data can be sensitive information, whether that be intellectual property,
financial data, personal information, or other types of data for which unauthorized access or
exposure could have negative consequences.
Cyber-attack is now an international concern and has given many concerns that hacks and
other security attacks could endanger the global economy. Organizations transmit sensitive
data across networks and to other devices in the course of doing businesses, and
cybersecurity describes to protect that information and the systems used to process or store
it.
As the volume of cyber-attacks grows, companies and organizations, especially those that
deal information related to national security, health, or financial records, need to take steps
to protect their sensitive business and personal information.
These goals form the confidentiality, integrity, availability (CIA) triad, the basis of all
security programs. The CIA triad is a security model that is designed to guide policies for
information security within the premises of an organization or company. This model is also
referred to as the AIC (Availability, Integrity, and Confidentiality) triad to avoid the
confusion with the Central Intelligence Agency. The elements of the triad are considered the
three most crucial components of security.
The CIA criteria are one that most of the organizations and companies use when they have
installed a new application, creates a database or when guaranteeing access to some data.
For data to be completely secure, all of these security goals must come into effect. These
are security policies that all work together, and therefore it can be wrong to overlook one
policy.
1. Confidentiality
Encryption
Access control
Access control defines rules and policies for limiting access to a system or to physical
or virtual resources. It is a process by which users are granted access and certain
privileges to systems, resources or information. In access control systems, users
need to present credentials before they can be granted access such as a person's
name or a computer's serial number. In physical systems, these credentials may
come in many forms, but credentials that can't be transferred provide the most
security.
Authentication
An authentication is a process that ensures and confirms a user's identity or role that
someone has. It can be done in a number of different ways, but it is usually based
on a combination of-
o something the person has (like a smart card or a radio key for storing secret
keys),
Authorization
Physical Security
2. Integrity
Integrity refers to the methods for ensuring that data is real, accurate and
safeguarded from unauthorized user modification. It is the property that information
has not be altered in an unauthorized way, and that source of the information is
genuine.
Checksums
It is a method for storing data in such a way that small changes can be easily
detected and automatically corrected.
3. Availability
o Computational Redundancies
Physical Protections
Physical safeguard means to keep information available even in the event of physical
challenges. It ensure sensitive information and critical information technology are
housed in secure areas.
Computational redundancies
These are the attacks which occur on a website or web applications. Some of the important
web-based attacks are as follows-
1. Injection attacks
It is the attack in which some data will be injected into a web application to manipulate the
application and fetch the required information.
Example- SQL Injection, code Injection, log Injection, XML Injection etc.
2. DNS Spoofing
DNS Spoofing is a type of computer security hacking. Whereby a data is introduced into a
DNS resolver's cache causing the name server to return an incorrect IP address, diverting
traffic to the attacker?s computer or any other computer. The DNS spoofing attacks can go
on for a long period of time without being detected and can cause serious security issues.
3. Session Hijacking
It is a security attack on a user session over a protected network. Web applications create
cookies to store the state and user sessions. By stealing the cookies, an attacker can have
access to all of the user data.
4. Phishing
Phishing is a type of attack which attempts to steal sensitive information like user login
credentials and credit card number. It occurs when an attacker is masquerading as a
trustworthy entity in electronic communication.
5. Brute force
It is a type of attack which uses a trial and error method. This attack generates a large
number of guesses and validates them to obtain actual data like user password and
personal identification number. This attack may be used by criminals to crack encrypted
data, or by security, analysts to test an organization's network security.
6. Denial of Service
It is an attack which meant to make a server or network resource unavailable to the users.
It accomplishes this by flooding the target with traffic or sending it information that triggers
a crash. It uses the single system and single internet connection to attack a server. It can
be classified into the following-
Volume-based attacks- Its goal is to saturate the bandwidth of the attacked site, and is
measured in bit per second.
Application layer attacks- Its goal is to crash the web server and is measured in request
per second.
7. Dictionary attacks
This type of attack stored the list of a commonly used password and validated them to get
original password.
8. URL Interpretation
It is a type of attack where we can change the certain parts of a URL, and one can make a
web server to deliver web pages for which he is not authorized to browse.
It is a type of attack that allows an attacker to access unauthorized or essential files which
is available on the web server or to execute malicious files on the web server by making use
of the include functionality.
It is a type of attack that allows an attacker to intercepts the connection between client and
server and acts as a bridge between them. Due to this, an attacker will be able to read,
insert and modify the data in the intercepted connection.
System-based attacks
These are the attacks which are intended to compromise a computer or a computer
network. Some of the important system-based attacks are as follows-
1. Virus
It is a type of malicious software program that spread throughout the computer files without
the knowledge of a user. It is a self-replicating malicious computer program that replicates
by inserting copies of itself into other computer programs when executed. It can also
execute instructions that cause harm to the system.
2. Worm
3. Trojan horse
It is a malicious program that occurs unexpected changes to computer setting and unusual
activity, even when the computer should be idle. It misleads the user of its true intent. It
appears to be a normal application but when opened/executed some malicious code will run
in the background.
4. Backdoors
It is a method that bypasses the normal authentication process. A developer may create a
backdoor so that an application or operating system can be accessed for troubleshooting or
other purposes.
5. Bots
A bot (short for "robot") is an automated process that interacts with other network services.
Some bots program run automatically, while others only execute commands when they
receive specific input. Common examples of bots program are the crawler, chatroom bots,
and malicious bots.
Types of Cyber Attackers
In computer and computer networks, an attacker is the individual or organization who
performs the malicious activities to destroy, expose, alter, disable, steal or gain
unauthorized access to or make unauthorized use of an asset.
As the Internet access becomes more pervasive across the world, and each of us spends
more time on the web, there is also an attacker grows as well. Attackers use every tools
and techniques they would try and attack us to get unauthorized access.
n ext →← prev
Cyber Criminals
Cyber criminals are individual or group of people who use technology to commit cybercrime
with the intention of stealing sensitive company information or personal data and generating
profits. In today's, they are the most prominent and most active type of attacker.
Cybercriminals use computers in three broad ways to do cybercrimes-
o Select computer as their target- In this, they attack other people's computers to
do cybercrime, such as spreading viruses, data theft, identity theft, etc.
o Uses the computer as their weapon- In this, they use the computer to do
conventional crime such as spam, fraud, illegal gambling, etc.
o Uses the computer as their accessory- In this, they use the computer to steal
data illegally.
Hacktivists
Hacktivists are individuals or groups of hackers who carry out malicious activity to promote
a political agenda, religious belief, or social ideology. According to Dan Lohrmann, chief
security officer for Security Mentor, a national security training firm that works with states
said "Hacktivism is a digital disobedience. It's hacking for a cause." Hacktivists are not like
cybercriminals who hack computer networks to steal data for the cash. They are individuals
or groups of hackers who work together and see themselves as fighting injustice.
State-sponsored Attacker
State-sponsored attackers have particular objectives aligned with either the political,
commercial or military interests of their country of origin. These type of attackers are not in
a hurry. The government organizations have highly skilled hackers and specialize in
detecting vulnerabilities and exploiting these before the holes are patched. It is very
challenging to defeat these attackers due to the vast resources at their disposal.
Insider Threats
The insider threat is a threat to an organization's security or data that comes from within.
These type of threats are usually occurred from employees or former employees, but may
also arise from third parties, including contractors, temporary workers, employees or
customers.
Insider threats can be categorized below-
Malicious-
Insiders may also become threats when they are disguised by malicious outsiders, either
through financial incentives or extortion.
Accidental-
Accidental threats are threats which are accidently done by insider employees. In this type
of threats, an employee might accidentally delete an important file or inadvertently share
confidential data with a business partner going beyond company?s policy or legal
requirements.
Negligent-
These are the threats in which employees try to avoid the policies of an organization put in
place to protect endpoints and valuable data. For example, if the organization have strict
policies for external file sharing, employees might try to share work on public cloud
applications so that they can work at home. There is nothing wrong with these acts, but
they can open up to dangerous threats nonetheless.
1. Firewalls
As we know, the firewall is the core of security tools, and it becomes one of the most
important security tools. Its job is to prevent unauthorized access to or from a private
network. It can be implemented as hardware, software, or a combination of both. The
firewalls are used to prevent unauthorized internet users from accessing private networks
connected to the Internet. All messages are entering or leaving the intranet pass through
the firewall. The firewall examines each message and blocks those messages that do not
meet the specified security criteria.
The Firewall is very useful, but it has limitations also. A skilled hacker knew how to create
data and programs that are believing like trusted firewalls. It means that we can pass the
program through the firewall without any problems. Despite these limitations, firewalls are
still very useful in the protection of less sophisticated malicious attacks on our system.
2. Antivirus Software
Antivirus software is a program which is designed to prevent, detect, and remove viruses
and other malware attacks on the individual computer, networks, and IT systems. It also
protects our computers and networks from the variety of threats and viruses such as Trojan
horses, worms, keyloggers, browser hijackers, rootkits, spyware, botnets, adware, and
ransomware. Most antivirus program comes with an auto-update feature and enabling the
system to check for new viruses and threats regularly. It provides some additional services
such as scanning emails to ensure that they are free from malicious attachments and web
links.
3. PKI Services
PKI stands for Public Key Infrastructure. This tool supports the distribution and identification
of public encryption keys. It enables users and computer systems to securely exchange data
over the internet and verify the identity of the other party. We can also exchange sensitive
information without PKI, but in that case, there would be no assurance of the authentication
of the other party.
People associate PKI with SSL or TLS. It is the technology which encrypts the server
communication and is responsible for HTTPS and padlock that we can see in our browser
address bar. PKI solve many numbers of cybersecurity problems and deserves a place in the
organization security suite.
PKI can also be used to:
Today's cybercriminals and hackers used more advanced techniques and software to breach
organization security So, there is a necessity for every businesses to be used more powerful
forms of defences of cybersecurity. MDR is an advanced security service that provides
threat hunting, threat intelligence, security monitoring, incident analysis, and incident
response. It is a service that arises from the need for organizations (who has a lack of
resources) to be more aware of risks and improve their ability to detect and respond to
threats. MDR also uses Artificial Intelligence and machine learning to investigate, auto
detect threats, and orchestrate response for faster result.
o While some automation is used, MDR also involves humans to monitor our network.
o MDR service providers also perform incident validation and remote response.
5. Penetration Testing
6. Staff Training
Staff training is not a 'cybersecurity tool' but ultimately, having knowledgeable employees
who understand the cybersecurity which is one of the strongest forms of defence against
cyber-attacks. Today's many training tools available that can educate company's staff about
the best cybersecurity practices. Every business can organize these training tools to educate
their employee who can understand their role in cybersecurity.
1. Ransomware Evolution
Ransomware is a type of malware in which the data on a victim's computer is locked, and
payment is demanded before the ransomed data is unlocked. After successful payment,
access rights returned to the victim. Ransomware is the bane of cybersecurity, data
professionals, IT, and executives.
Ransomware attacks are growing day by day in the areas of cybercrime. IT professionals
and business leaders need to have a powerful recovery strategy against the malware
attacks to protect their organization. It involves proper planning to recover corporate and
customers' data and application as well as reporting any breaches against the Notifiable
Data Breaches scheme. Today's DRaaS solutions are the best defence against the
ransomware attacks. With DRaaS solutions method, we can automatically back up our files,
easily identify which backup is clean, and launch a fail-over with the press of a button when
malicious attacks corrupt our data.
2. Blockchain Revolution
Blockchain technology is the most important invention in computing era. It is the first time
in human history that we have a genuinely native digital medium for peer-to-peer value
exchange. The blockchain is a technology that enables cryptocurrencies like Bitcoin. The
blockchain is a vast global platform that allows two or more parties to do a transaction or do
business without needing a third party for establishing trust.
It is difficult to predict what blockchain systems will offer in regards to cybersecurity. The
professionals in cybersecurity can make some educated guesses regarding blockchain. As
the application and utility of blockchain in a cybersecurity context emerges, there will be a
healthy tension but also complementary integrations with traditional, proven, cybersecurity
approaches.
3. IoT Threats
IoT stands for Internet of Things. It is a system of interrelated physical devices which can
be accessible through the internet. The connected physical devices have a unique identifier
(UID) and have the ability to transfer data over a network without any requirements of the
human-to-human or human-to-computer interaction. The firmware and software which is
running on IoT devices make consumer and businesses highly susceptible to cyber-attacks.
When IoT things were designed, it is not considered in mind about the used in cybersecurity
and for commercial purposes. So every organization needs to work with cybersecurity
professionals to ensure the security of their password policies, session handling, user
verification, multifactor authentication, and security protocols to help in managing the risk.
4. AI Expansion
It is an area of computer science which is the creation of intelligent machines that do work
and react like humans. Some of the activities related to artificial intelligence include speech
recognition, Learning, Planning, Problem-solving, etc. The key benefits with AI into our
cybersecurity strategy has the ability to protect and defend an environment when the
malicious attack begins, thus mitigating the impact. AI take immediate action against the
malicious attacks at a moment when a threats impact a business. IT business leaders and
cybersecurity strategy teams consider AI as a future protective control that will allow our
business to stay ahead of the cybersecurity technology curve.
The serverless apps do nothing to keep the attackers away from our data. The serverless
application doesn't help if an attacker gains access to our data through a vulnerability such
as leaked credentials, a compromised insider or by any other means then serverless.
We can run software with the application which provides best chance to defeat the
cybercriminals. The serverless applications are typically small in size. It helps developers to
launch their applications quickly and easily. They don't need to worry about the underlying
infrastructure. The web-services and data processing tools are examples of the most
common serverless apps.
o To anticipates and reduce the effect of harmful results occurred from adverse events.
o To plan for technology or equipment failure or loss from adverse events, both natural
and human-caused.
o To evaluate whether the potential risks of a project are balanced in the decision
process when evaluating to move forward with the project.
o To identify the impact of and prepare for changes in the enterprise environment.
Every organization needs to understand about the risks associated with their information
systems to effectively and efficiently protect their IT assets. Risk analysis can help an
organization to improve their security in many ways. These are:
o Concerning financial and organizational impacts, it identifies, rate and compares the
overall impact of risks related to the organization.
o It helps to identify gaps in information security and determine the next steps to
eliminate the risks of security.
o It increases employee awareness about risks and security measures during the risk
analysis process and understands the financial impacts of potential security risks.
Steps in the risk analysis process
The basic steps followed by a risk analysis process are:
Getting the input from management and department heads is critical to the risk assessment
process. The risk assessment survey refers to begin documenting the specific risks or
threats within each department.
This step is used to evaluate an IT system or other aspects of an organization to identify the
risk related to software, hardware, data, and IT employees. It identifies the possible
adverse events that could occur in an organization such as human error, flooding, fire, or
earthquakes.
Once the risks are evaluated and identified, the risk analysis process should analyse each
risk that will occur, as well as determine the consequences linked with each risk. It also
determines how they might affect the objectives of an IT project.
After analysis of the Risk that provides an idea about which assets are valuable and which
threats will probably affect the IT assets negatively, we would develop a plan for risk
management to produce control recommendations that can be used to mitigate, transfer,
accept or avoid the risk.
The primary goal of this step is to implement the measures to remove or reduce the
analyses risks. We can remove or reduce the risk from starting with the highest priority and
resolve or at least mitigate each risk so that it is no longer a threat.
Monitor the risks:
This step is responsible for monitoring the security risk on a regular basis for identifying,
treating and managing risks that should be an essential part of any risk analysis process.
o The objective of qualitative risk analysis is to assess and evaluate the characteristics
of individually identified risk and then prioritize them based on the agreed-upon
characteristics.
o The assessing individual risk evaluates the probability that each risk will occur and
effect on the project objectives. The categorizing risks will help in filtering them out.
o It is used to evaluate the likelihood of success in achieving the project objectives and
to estimate contingency reserve, usually applicable for time and cost.