Cyber Security

By Rohit Shirur.

What do you mean by cyber security?

• Definition: Cyber security or information technology security are the techniques of protecting computers, networks, programs and data from unauthorized access or attacks that are aimed for exploitation. ... Network security includes activities to protect the usability, reliability, integrity and safety of the network...

Overview.

• At the core of information security is information assurance, the act of maintaining the confidentiality, integrity and availability (CIA) of information, ensuring that information is not compromised in any way when critical issues arise.These issues include but are not limited to natural disasters, computer/server malfunction, and physical theft. While paper-based business operations are still prevalent, requiring their own set of information security practices, enterprise digital initiatives are increasingly being emphasized,with information assurance now typically being dealt with by information technology (IT) security specialists. These specialists apply information security to technology (most often some form of computer system). It is worthwhile to note that a computer does not necessarily mean a home desktop. A computer is any device with a processor and some memory. Such devices can range from non-networked standalone devices as simple as calculators, to networked mobile computing devices such as smartphones and tablet computers. IT security specialists are almost always found in any major enterprise/establishment due to the nature and value of the data within larger businesses.

•  As of 2013 more than 80 percent of professionals had no change in employer or employment over a period of a year, and the number of professionals is projected to continuously grow more than 11 percent annually from 2014 to 2019.

Threats.

• Cybercrime, or computer-oriented crime, is the crime that involves a computer and a network.The computer may have been used in the commission of a crime, or it may be the target.Cybercrimes can be defined as: "Offences that are committed against individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm, or loss, to the victim directly or indirectly, using modern telecommunication networks such as Internet (networks including chat rooms, emails, notice boards and groups) and mobile phones (Bluetooth/SMS/MMS).
• Cybercrime may threaten a person or a nation's security and financial health. Issues surrounding these types of crimes have become high-profile, particularly those surrounding hacking, copyright infringement, unwarranted mass-surveillance, sextortion, child pornography, and child grooming.There are also problems

of privacy when confidential information is intercepted or disclosed, lawfully or otherwise. Debarati Halder and K. Jaishankar further define cybercrime from the perspective of gender and defined 'cybercrime against women' as "Crimes targeted against women with a motive to intentionally harm the victim psychologically and physically, using modern telecommunication networks such as internet and mobile phones".

A report (sponsored by McAfee), published in 2014, estimated that the annual damage to the global economy was $445 billion. Approximately $1.5 billion was lost in 2012 to online credit and debit card fraud in the US. In 2018, a study by Center for Strategic and International Studies (CSIS), in partnership with McAfee, concludes that close to $600 billion, nearly one percent of global GDP, is lost to cybercrime each year.

Financial fraud crimes.

• Computer fraud is any dishonest misrepresentation of fact intended to let another to do or refrain from doing something which causes loss. In this context, the fraud will result in obtaining a benefit by:

• Altering in an unauthorized way. This requires little technical expertise and is common form of theft by employees altering the data before entry or entering false data, or by entering unauthorized instructions or using unauthorized processes;
• Altering, destroying, suppressing, or stealing output, usually to conceal unauthorized transactions. This is difficult to detect;
• Altering or deleting stored data.

Cyberterrorism.

• Government officials and information technology security specialists have documented a significant increase in Internet problems and server scans since early 2001. But there is a growing concern among government agencies such as the Federal Bureau of

Investigations (FBI) and the Central Intelligence Agency (CIA) that such intrusions are part of an organized effort by cyberterrorists, foreign intelligence services, or other groups to map potential security holes in critical systems. A cyberterrorist is someone who intimidates or coerces a government or an organization to advance his or her political or social objectives by launching a computer-based attack against computers, networks, or the information stored on them.

• Cyberterrorism in general can be defined as an act of terrorism committed through the use of cyberspace or computer resources (Parker 1983). As such, a simple propaganda piece in the Internet that there will be bomb attacks during the holidays can be considered cyberterrorism.

Computer as a target.

These crimes are committed by a selected group of criminals. Unlike crimes using the computer as a tool, these crimes require the technical knowledge of the perpetrators. As such, as technology evolves, so too does the nature of the crime. These crimes are relatively new, having been in existence for only as long as computers have—which explains how unprepared society and the world in general is towards combating these crimes. There are numerous crimes of this nature committed daily on the internet.

Crimes that primarily target computer networks or devices include:

• Computer viruses
• Denial-of-service attacks
• Malware (malicious code).

Vulnerability.

What do you mean by the term vulnerability?

• Vulnerability is a cyber-security term that refers to a flaw in a system that can leave it open to attack. A vulnerability may also refer to any type of weakness in a computer system itself, in a set of procedures, or in anything that leaves information security exposed to a threat.

Vulnerability and risk factor models.

• A resource (either physical or logical) may have one or more vulnerabilities that can be exploited by a threat agent in a threat action. The result can potentially compromise the confidentiality, integrity or availability of resources (not necessarily the vulnerable one) belonging to an organization and/or other parties involved (customers, suppliers).
• The so-called CIA triad is the basis of Information Security.
• An attack can be active when it attempts to alter system resources or affect their operation, compromising integrity or availability. A "passive attack" attempts to learn or make use of information from the system but does not affect system resources, compromising confidentiality.

• OWASP: relationship between threat agent and business impact.

OWASP (see figure) depicts the same phenomenon in slightly different terms: a threat agent through an attack vector exploits a weakness (vulnerability) of the system and the related security controls, causing a technical impact on an IT resource (asset) connected to a business impact.

The overall picture represents the risk factors of the risk scenario.

Causes.

• Complexity: Large, complex systems increase the probability of flaws and unintended access points.
• Familiarity: Using common, well-known code, software, operating systems, and/or hardware increases the probability an attacker has or can find the knowledge and tools to exploit the flaw.
• Connectivity: More physical connections, privileges, ports, protocols, and services and time each of those are accessible increase vulnerability.
• Password management flaws: The computer user uses weak passwords that could be discovered by brute force. The computer user stores the password on the computer where a program can access it. Users re-use passwords between many programs and websites.
• Fundamental operating system design flaws: The operating system designer chooses to enforce suboptimal policies on user/program management. For example, operating systems with policies such as default permit grant every program and every user full access to the entire computer. This operating system flaw allows viruses and malware to execute commands on behalf of the administrator.
• Internet Website Browsing: Some internet websites may contain harmful Spyware or Adware that can be installed automatically on the computer systems. After visiting those websites, the computer systems become infected and personal information will be collected and passed on to third party individuals.

• Software bugs: The programmer leaves an exploitable bug in a software program. The software bug may allow an attacker to misuse an application.
• Unchecked user input: The program assumes that all user input is safe. Programs that do not check user input can allow unintended direct execution of commands or SQL statements (known as Buffer overflows, SQL injection or other non-validated inputs).

Malware.

• Malware (a portmanteau for malicious software) is any software intentionally designed to cause damage to a computer, server, client, or computer network. Malware does the damage after it is implanted or introduced in some way into a target's computer and can take the form of executable code, scripts, active content, and other software. The code is described as computer viruses, worms, Trojan horses, ransomware, spyware, adware, and scare ware, among other terms. Malware has a malicious intent, acting against the interest of the computer user—and so does not include software that causes unintentional harm due to some deficiency, which is typically described as a software bug.
• Programs officially supplied by companies can be considered malware if they secretly act against the interests of the computer user. For example, Sony sold the Sony rootkit, which contained a Trojan horse embedded into CD's that silently installed and concealed itself on purchasers' computers with the intention of preventing illicit copying. It also reported on users' listening habits, and unintentionally created vulnerabilities that were then exploited by unrelated malware.
• One strategy for protecting against malware is to prevent the malware software from gaining access to the target computer. For this reason, antivirus software, firewalls and other strategies are used to help protect against the introduction of malware, in addition to checking for the presence of malware and malicious activity and recovering from attacks.

Purposes.

• Many early infectious programs, including the first Internet Worm, were written as experiments or pranks. Today, malware is used by both black hat hackers and governments, to steal personal, financial, or business information.

Malware is sometimes used broadly against government or corporate websites to gather guarded information, or to disrupt their operation in general. However, malware can be used against individuals to gain information such as personal identification numbers or details, bank or credit card numbers, and passwords.

• Since the rise of widespread broadband Internet access, malicious software has more frequently been designed for profit. Since 2003, the majority of widespread viruses and worms have been designed to take control of users' computers for illicit purposes. Infected "zombie computers" can be used to send email spam, to host contraband data such as child pornography, or to engage in distributed denial-of-service attacks as a form of extortion.
• Programs designed to monitor users' web browsing, display unsolicited advertisements, or redirect affiliate marketing revenues are called spyware. Spyware programs do not spread like viruses; instead they are generally installed by exploiting security holes. They can also be hidden and packaged together with unrelated user-installed software.

Viruses.

A computer virus is software usually hidden within another seemingly innocuous program that can produce copies of itself and insert them into other programs or files, and that usually performs a harmful action (such as destroying data). An example of this is a PE infection, a technique, usually used to spread malware, that inserts extra data or executable code into PE files.

Screen-locking ransomware.

• Lock-screens, or screen lockers is a type of “cyber police” ransomware that blocks screens on Windows or Android devices with a false accusation in harvesting illegal content, trying to scare the victims into paying up a fee. Jisut and Slocker impact Android devices more than other lock-screens, with Jisut making up nearly 60 percent of all Android ransomware detections.

Trojan horses.

• A Trojan horse is a harmful program that misrepresents itself to masquerade as a regular, benign program or utility in order to persuade a victim to install it. A Trojan horse usually carries a hidden destructive function that is activated when the application is started. The term is derived from the Ancient Greek story of the Trojan horse used to invade the city of Troy by stealth.

Trojan horses are generally spread by some form of social engineering, for example, where a user is duped into executing an e-mail attachment disguised to be un-suspicious, (e.g., a routine form to be filled in), or by drive-by download. Although their payload can be anything, many modern forms act as a backdoor, contacting a controller which can then have unauthorized access to the affected computer.While Trojan horses and backdoors are not easily detectable by themselves, computers may appear to run slower due to heavy processor or network usage.

• Unlike computer viruses and worms, Trojan horses generally do not attempt to inject themselves into other files or otherwise propagate themselves.
• In spring 2017 Mac users were hit by the new version of Proton Remote Access Trojan (RAT) trained to extract password data from various sources, such as browser auto-fill data, the Mac-OS keychain, and password vaults.

Backdoors.

A backdoor is a method of bypassing normal authentication procedures, usually over a connection to a network such as the Internet. Once a system has been compromised, one or more backdoors may be installed in order to allow access in the future, invisibly to the user.

• The idea has often been suggested that computer manufacturers preinstall backdoors on their systems to provide technical support for customers, but this has never been reliably verified. It was reported in 2014 that US government agencies had been diverting computers purchased by those considered "targets" to secret workshops where software or hardware permitting remote access by the agency was installed, considered to be among the most productive operations to obtain access to networks around the world.Backdoors may be installed by Trojan horses, worms, implants, or other methods.

Defenses.

Computer access control.

• In computer security, general access control includes identification, authorization, authentication, access approval, and audit. A more narrow definition of access control would cover only access approval, whereby the system makes a decision to grant or reject an access request from an already authenticated subject, based on what the subject is authorized to access. Authentication and access control are often combined into a single operation, so that access is approved based on successful authentication, or based on an anonymous access token. Authentication methods and tokens include passwords, biometric scans, physical keys, electronic keys and devices, hidden paths, social barriers, and monitoring by humans and automated systems.

• The two possibilities for imposing computer access control are those based on capabilities and those based on access control lists(ACLs):
• In a capability-based model, holding an unforge-able reference or capability to an object provides access to the object (roughly analogous to how possession of one's house key grants one access to one's house); access is conveyed to another party by transmitting such a capability over a secure channel
• In an ACL-based model, a subject's access to an object depends on whether its identity appears on a list associated with the object (roughly analogous to how a bouncer at a private party would check an ID to see if a name appears on the guest list); access is conveyed by editing the list. (Different ACL systems have a variety of different conventions regarding who or what is responsible for editing the list and how it is edited.),
• Both capability-based and ACL-based models have mechanisms to allow access rights to be granted to all members of a group of subjects (often the group is itself modeled as a subject).

Antivirus software.

Antivirus software, or anti-virus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware.

Antivirus software was originally developed to detect and remove computer viruses, hence the name. However, with the proliferation of other kinds of malware, antivirus software started to provide protection from other computer threats. In particular, modern antivirus software can protect from: malicious browser helper objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious LSPs, dialers, fraudtools, adware and spyware. Some products also include protection from other computer threats, such as infected and malicious URLs, spam, scam and phishing attacks, online identity (privacy), online bankingattacks, social engineering techniques, advanced persistent threat (APT) and botnet DDoS attacks..

Encryption.

In cryptography, encryption is the process of encoding a message or information in such a way that only authorized parties can access it and those who are not authorized cannot. Encryption does not itself prevent interference, but denies the intelligible content to a would-be interceptor. In an encryption scheme, the intended information or message, referred to as plaintext, is encrypted using an encryption algorithm – a cipher – generating ciphertext that can be read only if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. It is in principle possible to decrypt the message without possessing the key, but, for a well-designed encryption scheme, considerable computational resources and skills are required. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients but not to unauthorized users.

Firewall (computing).

In computing, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted internal network and untrusted external network, such as the Internet.

Firewalls are often categorized as either network firewalls or host-based firewalls. Network firewalls filter traffic between two or more networks and run on network hardware. Host-based firewalls run on host computers and control network traffic in and out of those machines.

Cybersecurity Jobs Report 2018-2021

Cybersecurity Ventures predicts there will be 3.5 million cybersecurity job openings by 2021

• Cybersecurity Ventures has reviewed and synthesized dozens of employment figures from the media, analysts, job boards, vendors, governments, and organizations globally, in order to estimate the number of cybersecurity job openings over the next 5 years.
• We predict there will be 3.5 million unfilled cybersecurity positions by 2021.
• The cybersecurity jobs forecasts have been unable to keep pace with the dramatic rise in cybercrime, which is predicted to cost the world $6 trillion annually by 2021, up from $3 trillion in 2015.
• The 2014 Cisco Annual Security Report ventured what became a widely popular cybersecurity jobs forecast over the past 3 years, originally stating “It’s estimated that by 2014, the industry will still be short more than a million security professionals across the globe.”
• In 2015, Symantec expected the demand for cybersecurity talent would rise to 6 million globally by 2019, with a projected shortfall of 1.5 million.
• A 2016 skills gap analysis from ISACA estimated a global shortage of 2 million cybersecurity professionals by 2019 (a half-million more than Symantec’s prior estimate), according to the UK House of Lords Digital Skills Committee.

---

Cybercrime will more than triple the number of job openings over the next 5 years.

---

• The National Association of Software and Services Companies (NASSCOM) recently estimated that India alone will need 1 million cybersecurity professionals by 2020 to meet the demands of its rapidly growing economy.
• Israel — the world’s second largest exporter of cybersecurity technology behind the U.S. — leads employer demand for cybersecurity talent by a wide margin, according to a 2016 report from Indeed, one of the world’s largest job sites, with over 200 million unique visitors every month from over 60 different countries.
• In 2017 the U.S. employs nearly 780,000 people in cybersecurity positions, with approximately 350,000 current cybersecurity openings, according to CyberSeek, a project supported by the National Initiative for Cybersecurity Education (NICE), a program of the National Institute of Standards and Technology (NIST) in the U.S. Department of Commerce.
• The current number of U.S. cybersecurity job openings is up from 209,000 in 2015. At that time, job postings were already up 74 percent over the previous five years, according to a Peninsula Press analysis of numbers from the Bureau of Labor Statistics.
• Europe faces a projected cybersecurity skills gap of 350,000 workers by 2022, according to a survey by information security certification body (ISC)2.

---

Israel — the world’s second largest exporter of cybersecurity technology — leads employer demand for talent in our field.

---

“I highly recommend pursuing your education in information technology or computer science” says Herjavec, directing his comments at IT workers and new entrants to the field — including college graduates. “There is a zero-percent unemployment rate in cybersecurity and the opportunities in this field are endless. Gone are the days of siloed IT and security teams. All IT professionals need to know security – full stop. Given the complexity of today’s interconnected world, we all have to work together to support the protection of the enterprise.”

• Security starts at the top. Right now, about 65 percent of large U.S. companies have a CISO (Chief Information Security Officer) position, up from 50 percent in 2016, according to ISACA, an independent, nonprofit, global association.
• Cybersecurity Ventures predicts that 100 percent of large companies globally will have a CISO position by 2021. They have to. The cybercrime and related workforce shortage is severe – and organizations need security leadership with a solid or dotted line to the CEO in order to remedy the problem.

How to solve your cybersecurity skills shortage.

We use the internet for day-to-day activities from work to play to shopping under the assumption that security experts are keeping us safe from cybercriminals. But those security experts are already stretched thin — and the situation promises to get worse.

• The nonprofit group ISACA predicts that by 2019, there will be a global shortage of 2 million cybersecurity experts. That is a skills gap crisis of epic proportions, and few organizations or companies have any clue what to do about it.
• Part of the reason the situation has become so bad is that instead of taking active measures to solve this growing worker shortage, many in the security industry have placed blame elsewhere. Too often, the lack of a talent pipeline is attributed to the failure of universities who supposedly have not done enough to prepare the next generation of cybersecurity experts. Instead of actively seeking measures to enable the development of new workers, companies are more likely to poach top-tier talent from another company, adding a incivility and unending staff changes to the existing talent-shortage problem.
• It should also be concerning that companies are using the skills shortage as an excuse to enable lax security strategies. Because they don’t want to do the work of developing their own roster of experts, technology companies will outsource security and bolt vital cybersecurity tools on at the end of product development. Instead of preventing or defending, this approach creates far greater risk for all involved.
• A far better approach, and one that my own team has adopted, is to develop security expertise in-house. We did this at my company by implementing an apprenticeship program we dubbed “Draft and Develop.” And it has worked to make us stronger.
• We now have a growing bench of cybersecurity talent built from the company’s in-house IT team who opted-in to a three-month program that combined internal education, like employee shadowing, and external training through security conferences and seminars. While it took a lot of hard work and perseverance, they now have expertise to run sound DevSecOps strategies to protect our critical data from cybercriminals.
• In an industry where any competitive advantage is guarded like state secrets, we believe overcoming the looming cybersecurity gap is too important to keep our apprenticeship program to ourselves.
• This is a strategy that every technology company can and should embrace.
• One of the biggest factors that created the cybersecurity skills shortage is the demand for in-house security staff at non-security technology companies. Instead of poaching from security companies or plugging untrained workers into key roles, most technology companies are perfectly situated to develop internal security expertise by leveraging their existing engineering and operations talent.

• Cybersecurity skills and the knowledge needed to manage the software can easily be taught on the job to IT teams and staffers that have the inherent ability and attitude needed to succeed in technology. A key to our program is the “Drafting” of team members who demonstrate a passion for security and the desire to continue improving their skills.
• The hard skills can be taught or developed on the job when you have an individual who is passionate and dedicated. Experience comes with time, and expertise can be learned. But you cannot teach attitude and enthusiasm.
• A well designed apprenticeship program can develop and mold employees with an existing technology background, but it’s important to remember that most companies don’t have the time or resources to train somebody from square one. The last thing you want to do when implementing a program like “Draft and Develop” is to take time from your leadership team, so ensuring the right people are being put into the program is a critical piece of an effective apprenticeship initiative.
• To succeed, you need to clearly define the program up front and and execute it properly. Focus on implementing a process that is repeatable and then finding passionate people who will do everything they can to succeed.
• With a well-designed apprenticeship program and the right people, technology companies can change the industry-wide momentum and start to close the skills gap that has been dragging the industry down for years. Now is the time to get started. Our world is becoming more connected, and the gap is only going to grow unless we take steps to counteract this trend today.
• I have already seen it work first hand at my company, and I believe that if others take the same approach, the cybersecurity skills gap will become a thing of the past.