Cyber Security Introduction - Cyber Security Basics:

Cyber security is the most concerned matter as cyber threats and attacks are overgrowing.
Attackers are now using more sophisticated techniques to target the systems. Individuals, small-
scale businesses or large organization, are all being impacted. So, all these firms whether IT or
non-IT firms have understood the importance of Cyber Security and focusing on adopting all
possible measures to deal with cyber threats.
What is cyber security?
Cyber security is the body of technologies, processes, and practices designed to protect networks,
computers, programs and data from attack, damage or unauthorized access.
The term cyber security refers to techniques and practices designed to protect digital data.
The data that is stored, transmitted or used on an information system.
OR
Cyber security is the protection of Internet-connected systems, including hardware, software,
and data from cyber attacks.
It is made up of two words one is cyber and other is security.
1.Cyber is related to the technology which contains systems, network and programs or data.
2.Whereas security related to the protection which includes systems security, network security
and application and information security.
Cyber security Fundamentals – Confidentiality:
Confidentiality is about preventing the disclosure of data to unauthorized parties.
It also means trying to keep the identity of authorized parties involved in sharing and holding
data private and anonymous.
Often confidentiality is compromised by cracking poorly encrypted data, Man-in-the-middle
(MITM) attacks, disclosing sensitive data.
Standard measures to establish confidentiality include:
● Data encryption
∙ Two-factor authentication
∙ Biometric verification
∙ Security tokens
Integrity
Integrity refers to protecting information from being modified by unauthorized parties.
Standard measures to guarantee integrity include:
Cryptographic checksums
∙ Using file permissions
∙ Uninterrupted power supplies
∙ Data backups
Availability
Availability is making sure that authorized parties are able to access the information when
needed. Standard measures to guarantee availability include:
● Backing up data to external drives
∙ Implementing firewalls
∙ Having backup power supplies
∙ Data redundancy
Internet Governance – Challenges and Constraints:
Internet Governance is defined as the development and application by Government. The private
sector and civil sector in their respective roles of shared principles, norms, rules, decision
making procedures and programs that shape the evolution and use of the Internet.
The definition developed by the Working Group of Internet Governance (WGIG) dates back to
2005, and has remained unchanged ever since then and is now a complex system involving a
multitude of issues, actors, mechanisms, procedures and instruments.
Internet Governance Actors:
According to the definition, there is no single organization incharge of the Internet but various
stakeholders – Governments, Inter Governmental Organizations, the private sector, the technical
community and Civil Society share roles and responsibilities in shaping the evolution and use of
this network.
There are multiple actors which are involved in one way or another in the governance of Internet.
1. Internet Corporation for Assigned Names and Numbers (ICANN)
2. Internet Engineering Task Force (IETF)
3. International Telecommunication Union (ITU)
4. World Intellectual Property Organization (WIPO)
5. Internet Governance Forum (IGF)
Cyber Threats-Cyber Warfare:
Cyber warfare refers to the use of digital attacks -- like computer viruses and hacking -- by one
country to disrupt the vital computer systems of another, with the aim of creating damage, death
and destruction. Future wars will see hackers using computer code to attack an enemy's
infrastructure, fighting alongside troops using conventional weapons like guns and missiles.
Cyber warfare involves the actions by a nation-state or international organization to attack and
attempt to damage another nation's computers or information networks through, for example,
computer viruses or denial-of-service attacks.
Cyber Crime:
Cybercrime is criminal activity that either targets or uses a computer, a computer network or a
networked device.
Cybercrime is committed by cybercriminals or hackers who want to make money. Cybercrime is
carried out by individuals or organizations. Some cybercriminals are organized, use advanced
techniques and are highly technically skilled. Others are novice hackers.
Cyber Terrorism:
Cyber terrorism is the convergence of cyberspace and terrorism. It refers to unlawful attacks and
threats of attacks against computers, networks and the information stored therein when done to
intimidate or coerce a government or its people in furtherance of political or social objectives.
Examples are hacking into computer systems, introducing viruses to vulnerable networks, web
site defacing, Denial-of-service attacks, or terroristic threats made via electronic communication.
Cyber Espionage:
Cyber spying, or cyber espionage, is the act or practice of obtaining secrets and information
without the permission and knowledge of the holder of the information from individuals,
competitors, rivals, groups, governments and enemies for personal, economic, political or
military advantage using methods on the Internet
Security Policies:
 Security policies are a formal set of rules which is issued by an organization to ensure that the
user who are authorized to access company technology and information assets comply with rules
and guidelines related to the security of information.
A security policy also considered to be a "living document" which means that the document is
never finished, but it is continuously updated as requirements of the technology and employee
changes.
We use security policies to manage our network security. Most types of security policies are
automatically created during the installation.
We can also customize policies to suit our specific environment.
Need of Security policies1) It increases efficiency. 2) It upholds discipline and accountability 3)
It can make or break a business deal 4) It helps to educate employees on security literacy
There are some important cyber security policies recommendations describe below
Virus and Spyware Protection policy:
It helps to detect threads in files, to detect applications that exhibits suspicious behavior.
Removes, and repairs the side effects of viruses and security risks by using signatures.
.1. Firewall Policy:
It blocks the unauthorized users from accessing the systems and networks that connect to the
Internet. It detects the attacks by cybercriminals and removes the unwanted sources of network
traffic.
2.Intrusion Prevention policy: This policy automatically detects and blocks the network attacks
and browser attacks.∙ It also protects applications from vulnerabilities and checks the contents of
one or∙ more data packages and detects malware which is coming through legal ways.
3.Application and Device Control: This policy protects a system's resources from applications
and manages the peripheral devices that can attach to a system.
The device control policy applies to both Windows and Mac computers whereas application
control policy can be applied only to Windows clients.
What Is a Vulnerability in Cyber Security?
A vulnerability is a weakness in an IT system that an attacker can exploit to deliver an
attack. Security vulnerabilities can result from a system flaw, an error in software features, or
more. When an attacker finds a vulnerability, they will use it to bypass security controls and gain
illegitimate access to a system or network.
Types of Vulnerabilities
There are six main categories of security vulnerabilities, classified according to where they are
found.
The Hardware
Computer hardware and physical infrastructure can be exposed to sabotage, firmware
vulnerabilities, or theft.
The Software
Software may have design flaws, input validation errors, insufficient testing, side-channel
attacks, user interface failures, format string attacks, HTTP header injection, and more.
The Network
Networks are complex infrastructures, and a typical control system uses multiple computing and
communications tools. Each of them, as well as their software, can be a victim of an attack.
Network vulnerabilities can include insecure network architecture, poor network security
practices, man-in-the-middle attacks, or poor authentication practices.
The Personnel
People are the first line of defense and the first cause of security vulnerabilities. Security
weakness can come from a poor recruiting policy, insufficient security training, or inadequate
security hygiene, such as a lack of password management, or employees accidentally
downloading malware.
Organizational Deficiencies
Organizations may put themselves at risk with poor internal controls and a lack of an incident
response plan or continuity plan.
Physical site
Cyber security vulnerability can also stem from a poor choice of place, such as an area with high
foot traffic, an unreliable power source, or poor connectivity.
Vulnerability vs. Risk vs. Threat
a vulnerability is a weakness in a system that malicious actors can exploit. For example, an
excess of permissions in accounts or mistakes in code that cybercriminals can use to access the
network.
A threat is what cybercriminals do to exploit a vulnerability.
A risk is the probability and impact of a vulnerability being exploited—the damage the attack
can cause, the potential loss, destruction, or theft of your assets. Risk is the measure of what can
happen when the attacker exploits the vulnerability.

When does a vulnerability become exploitable?

A vulnerability, which has at least one definite attack vector is an exploitable vulnerability.
Attackers will, for obvious reasons, want to target weaknesses in the system or network that are
exploitable. Of course, vulnerability is not something that anyone will want to have, but what
you should be more worried about is it being exploitable.

There are cases when something that is vulnerable is not really exploitable. The reasons could
be:

1. Insufficient public information for exploitation by attackers.

2. Prior authentication or local system access that the attacker may not have
3. Existing security controls

Strong security practices can prevent many vulnerabilities from becoming exploitable.

What causes the vulnerability?

There are many causes of Vulnerabilities, a few of them are mentioned below:

Complex Systems

Complex systems increase the probability of misconfigurations, flaws, or unintended access.

Familiarity

Attackers may be familiar with common code, operating systems, hardware, and software that
lead to known vulnerabilities.

Connectivity

Connected devices are more prone to have vulnerabilities.

Poor Password Management

‍Weak and reused passwords can lead from one data breach to several.

OS Flaws

‍ perating systems can have flaws too. Unsecured operating systems by default can give users
O
full access and become a target for viruses and malware.‍

Internet

The internet is full of spyware and adware that can be installed automatically on computers.

Software Bugs

Programmers can sometimes accidentally, leave an exploitable bug in the software.

Unchecked user input

If software or a website assumes that all input is safe, it may run unintended SQL injection.

People

Social engineering is the biggest threat to the majority of organizations. So, humans can be one
of the biggest causes of vulnerability.
What is a threat actor?
Threat actors, also known as cyber threat actors or malicious actors, are individuals or groups
that intentionally cause harm to digital devices or systems. Threat actors exploit vulnerabilities in
computer systems, networks, and software to perpetuate a variety of cyberattacks, including
phishing, ransomware, and malware attacks.

Today, there are many types of threat actors—all with varying attributes, motivations, skill
levels, and tactics. Some of the most common types of threat actors include hacktivists, nation-
state actors, cybercriminals, thrill seekers, insider threat actors, and cyberterrorists.

As the frequency and severity of cybercrimes continue to grow, understanding these different
types of threat actors is increasingly critical for improving individual and organizational
cybersecurity.
Types of threat actors
The term threat actor is broad and relatively all-encompassing, extending to any person or group
that poses a threat to cybersecurity. Threat actors are often categorized into different types based
on their motivation and, to a lesser degree, their level of sophistication.

Cybercriminals
These individuals or groups commit cyber crimes, mostly for financial gain. Common crimes
committed by cybercriminals include ransomware attacks, and phishing scams that trick people
into making money transfers or divulging credit card information, login credentials, intellectual
property or other private or sensitive information.

Nation-state actors
Nation states and governments frequently fund threat actors with the goal of stealing sensitive
data, gathering confidential information, or disrupting another government’s critical
infrastructure. These malicious activities often include espionage or cyberwarfare and tend to be
highly funded, making the threats complex and challenging to detect.

Hacktivists
These threat actors use hacking techniques to promote political or social agendas, such as
spreading free speech or uncovering human rights violations. Hacktivists believe they are
affecting positive social change and feel justified in targeting individuals, organizations, or
government agencies to expose secrets or other sensitive information. A well-known example of
a hacktivist group is Anonymous, an international hacking collective that claims to advocate for
freedom of speech on the internet.

Thrill seekers
Thrill seekers are just what they sound like—they attack computer and information systems
primarily for fun. Some want to see how much sensitive information or data they can steal;
others want to use hacking to better understand how networks and computer systems work. One
class of thrill seekers, called script kiddies, lack advanced technical skills, but use pre-existing
tools and techniques to attack vulnerable systems, primarily for amusement or personal
satisfaction. Though they don't always seek to cause harm, thrill seekers can still cause
unintended damage by interfering with a network's cybersecurity and opening the door to future
cyberattacks.

Insider threats
Unlike most other actor types, insider threat actors do not always have malicious intent. Some
hurt their companies through human error, e.g. by unwittingly installing malware, or losing a
company-issued device that a cybercriminal finds and uses to access the network. But malicious
insiders do exist—for example, the disgruntled employee who abuses access privileges to steal
data for monetary gain, or causes damage to data or applications in retaliation for being passed
over for promotion.

Cyberterrorists
Cyberterrorists launch politcally or ideologically motivated cyberattacks that threaten or result in
violence. Some cyberterrorists are nation-state actors; others actor on their own or on behalf of a
non-government group.

Threat actor targets

Threat actors often target large organizations; because they have more money and more sensitive
data, they offer the largest potential payoff.
In recent years, however, small and medium-sized businesses (SMBs) have also become frequent
targets for threat actors due to their relatively weaker security systems. In fact, the FBI recently
cited concern over the rising rates of cybercrimes committed against small businesses, sharing
that in 2021 alone, small businesses lost USD 6.9 billion to cyberattacks, a 64 percent increase
from the previous year (link resides outside ibm.com).

Similarly, threat actors increasingly target individuals and households for smaller sums. For
example, they might break into home networks and computer systems to steal personal identity
information, passwords, and other potentially valuable and sensitive data. In fact, current
estimates suggest that one in three American households with computers are infected with some
kind of malware (link resides outside ibm.com).

Threat actors are not discriminating. Though they tend to go for the most rewarding or
meaningful targets, they’ll also take advantage of any cybersecurity weakness, no matter where
they find it, making the threat landscape increasingly costly and complex.