Cyber Security

Definition :- Cyber security refers to the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access. Cyber security may also be referred to as information technology security.

Important :- Cyber security is important because government, military, corporate, financial, and medical organizations collect, process, and store unprecedented amounts of data on computers and other devices. A significant portion of that data can be sensitive information, whether that be intellectual property, financial data, personal information, or other types of data for which unauthorized access or exposure could have negative consequences. Organizations transmit sensitive data across networks and to other devices in the course of doing businesses, and cyber security describes the discipline dedicated to protecting that information and the systems used to process or store it. As the volume and sophistication of cyber attacks grow, companies and organizations, especially those that are tasked with safeguarding information relating to national security, health, or financial records, need to take steps to protect their sensitive business and personnel information. As early as March 2013, the nation’s top intelligence officials cautioned that cyber attacks and digital spying are the top threat to national security, eclipsing even terrorism.

Protecting your cyber assets and critical data

Cyber security has never been simple. And because attacks evolve every day as attackers become more inventive, it is critical to properly define cyber security and identify what constitutes good cyber security.

Why is this so important? Because year over year, the worldwide spend for cyber security continues to grow: 71.1 billion in 2014 (7.9% over 2013), and 75 billion in 2015 (4.7% from 2014) and expected to reach 101 billion by 2018. Organizations are starting to understand that malware is a publicly available commodity that makes it easy for anyone to become a cyber attacker, and even more companies offer security solutions that do little to defend against attacks. Cyber security demands focus and dedication.

Cyber security protects the data and integrity of computing assets belonging to or connecting to an organization’s network. Its purpose is to defend those assets against all threat actors throughout the entire life cycle of a cyber attack.

Kill chains, zero-day attacks, ransomware, alert fatigue and budgetary constraints are just a few of the challenges that cyber security professionals face. Cyber security experts need a stronger understanding of these topics and many others, to be able to confront those challenges more effectively.

The following articles each cover a specific cyber security topic to provide insights into the modern security environment, the cyber threat landscape and attacker mentality, including how attackers work, what tools they use, what vulnerabilities they target and what they’re really after.

Ransomware, as it is called, is malicious software that locks a device —computer, tablet or smartphone and demands a ransom to unlock it. It hits the device when navigating through various hacked websites, downloading a file or clicking a wrong link.

1. Introduction

In GCHQ we continue to see real threats to the UK on a daily basis, and the scale and rate of these attacks shows little sign of abating. The BIS 2014 Information Security Breaches Survey reported that 81% of large organizations had experienced a security breach of some sort. This costs each organization, on average, between ￡600,000 and ￡1.5 million.

This guidance is for businesses looking to protect themselves in cyberspace. The 10 Cyber Security Steps - originally published in 2012 and now used by around two thirds of the FTSE350 - remain the same and are outlined below. But alongside this second version of the 10 Steps we are also publishing a new paper, “Common Cyber Attacks: Reducing The Impact”. The paper sets out what a common cyber attack looks like and how attackers typically execute them. We believe understanding the cyber environment and adopting the 10 Steps are effective means in protecting your organization from these attacks.

2. 10 Steps To Cyber Security: At-a-glance

Defining and communicating your Board’s Information Risk Management Regime (shown at the center of the following diagram) is central to your organization’s overall cyber strategy. This regime and the 9 steps that surround it are described below.

3. Information Risk Management Regime

Assess the risks to your organization’s information assets with the same vigour as you would for legal, regulatory, financial or operational risk. To achieve this, embed an Information Risk Management Regime across your organization, supported by the Board, senior managers and an empowered information assurance (IA) structure. Consider communicating your risk management policy across your organisation to ensure that employees, contractors and suppliers are aware of your organisation’s risk management boundaries.

4. Secure configuration

Introduce corporate policies and processes to develop secure baseline builds, and manage the configuration and use of your ICT systems. Remove or disable unnecessary functionality from ICT systems, and keep them patched against known vulnerabilities. Failing to do this will expose your business to threats and vulnerabilities, and increase risk to the confidentiality, integrity and availability of systems and information.

5. Network security

Connecting to entrusted networks (such as the Internet) can expose your organization to cyber attacks. Follow recognized network design principles when configuring perimeter and internal network segments, and ensure all network devices are configured to the secure baseline build. Filter all traffic at the network perimeter so that only traffic required to support your business is allowed, and monitor traffic for unusual or malicious incoming and outgoing activity that could indicate an attack (or attempted attack).

6. Managing user privileges

All users of your ICT systems should only be provided with the user privileges that they need to do their job. Control the number of privileged accounts for roles such as system or database administrators, and ensure this type of account is not used for high risk or day-to-day user activities. Monitor user activity, particularly all access to sensitive information and privileged account actions (such as creating new user accounts, changes to user passwords and deletion of accounts and audit logs).

7. User education and awareness

Produce user security policies that describe acceptable and secure use of your organization’s ICT systems. These should be formally acknowledged in employment terms and conditions. All users should receive regular training on the cyber risks they face as employees and individuals. Security related roles (such as system administrators, incident management team members and forensic investigators) will require specialist training.

8. Incident management

Establish an incident response and disaster recovery capability that addresses the full range of incidents that can occur. All incident management plans (including disaster recovery and business continuity) should be regularly tested. Your incident response team may need specialist training across a range of technical and non-technical areas. Report online crimes to the relevant law enforcement agency to help the UK build a clear view of the national threat and deliver an appropriate response.

9. Malware prevention

Produce policies that directly address the business processes (such as email, web browsing, removable media and personally owned devices) that are vulnerable to malware. Scan for malware across your organization and protect all host and client machines with antivirus solutions that will actively scan for malware. All information supplied to or from your organization should be scanned for malicious content.

10. Monitoring

Establish a monitoring strategy and develop supporting policies, taking into account previous security incidents and attacks, and your organization’s incident management policies. Continuously monitor inbound and outbound network traffic to identify unusual activity or trends that could indicate attacks and the compromise of data. Monitor all ICT systems using Network and Host Intrusion Detection Systems (NIDS/HIDS) and Prevention Systems (NIPS/HIDS).

11. Removable media controls

Produce removable media policies that control the use of removable media for the import and export of information. Where the use of removable media is unavoidable, limit the types of media that can be used together with the users, systems, and types of information that can be transferred. Scan all media for malware using a standalone media scanner before any data is imported into your organization’s system.

12. Home and mobile working

Assess the risks to all types of mobile working (including remote working where the device connects to the corporate network infrastructure) and develop appropriate security policies. Train mobile users on the secure use of their mobile devices for locations they will be working from. Apply the secure baseline build to all types of mobile device used. Protect data-at-rest using encryption (if the device supports it) and protect data-in-transit using an appropriately configured Virtual Private Network (VPN).

2017's Biggest Cyber attack

The biggest cyber attacks from Wannacry to Petya and Fireball, could have all been avoided with Desktop Central! .

Petya

The second massive cyber attack, a variant of the ransomware Petya re-emerged using the same Eternal Blue exploit and hit organizations worldwide, especially Ukraine. It is found to exploit MS Office and SMBv1 vulnerabilities and has worm capabilities, which allows it to spread quickly across infected networks.

Skype

Hackers' left no stone unturned. Another cyber attacks was launched by unleashing a virus on the instant messaging app 'Skype', exploiting it's zero day vulnerability. This Skype virus allows attackers to remotely crash the application with an unexpected exception error, to overwrite the active process registers, and to execute malicious code.

Fireball

Fireball is a Chinese malware that affected nearly 250 million computers worldwide with India among the worst-hit countries. This Cyber attack was designed to hijack browsers and turn them into zombies. It is capable of executing any code on infected machines, resulting in a wide range of actions from stealing credentials to dropping additional software nasties.

Delta Charlie

Delta Charlie, a botnet malware used by Hidden Cobra, has affected thousands of computers worldwide. This cyber attack launches Distributed Denial-of-service attacks on vulnerable computers that are missing required patches.

Wannacry

May 12th, 2017 witnessed the biggest ever cyber attack in the Internet history. A ransomware named WannaCry stormed through the network. It targeted computers running Windows OS that are not up-to-date and brought computer systems from Russia to China and the US to their knees.

Security experts have predicted that this year's cyber-threats will be far worse than last's, with ransomware, DDoS, phishing, and cryptojacking attacks becoming even more sophisticated. Faced with an increase in cyberattacks and strict compliance regulations—like the EU's General Data Protection Regulation (GDPR) and the UK's Data Protection Bill—enterprises need to act now and implement practice best security measures.

The Center for Internet Security (CIS) has developed their own list of Critical Security Controls to help enterprises keep cybersecurity risks at bay. Of course, implementing all 20 controls is the best, but that's not always possible due to limited resources and budget restrictions. To help on this front, we're hosting a free webinar on April 24th to help enterprises pick the right security controls for building an effective cyber-defense strategy.

Key takeaways

• The need for critical security controls
• Choosing and employing the right security controls for your enterprise