Cyber Security is the application of protecting computer systems and networks from unauthorised access, theft or damage to their hardware, software or data. It aims to put security measures in place to protect critical infrastructure and sensitive information from bad actors.
Why is Cyber Security Important?
Cyber Security is important because the internet, smartphones and computers are now fundamental parts of modern life. Almost every industry in the world collects and stores endless amounts of sensitive data on computers and other digital devices. This could be personal data to intellectual properties, to government documents, and if any of this gets into the hands of bad actors, there will be negative consequences. Protecting data is a challenging task with severe repercussions if done incorrectly.
Most Common Cyber Security Threats
Cyber Threats come in all different shapes and sizes. Cyber Criminals will use several different methods to try and gain access to sensitive information. Some attacks will be carried out by nation-states and will be highly complex. Others will be much more simple and be carried out by individuals trying to make a quick buck.
Below are a number of the most common ones used by Cyber Criminals.
Phishing – This is one of the most common Cyber Threats. An attacker will send a fraudulent message (usually in the form of an email) pretending to be a trusted source with the goal of deploying malicious software such as Ransomware or keyloggers.
Malware – Malware, short for Malicious Software, is any software purposely designed to cause damage to a computer, server, client or computer network. Malware comes in all different shapes and sizes. Some are stealthy and hardly leave a trace, whereas others are like a wrecking ball leaving destruction behind them.
Ransomware – Ransomware is a type of Malware that encrypts a users information making them unable to use any of their files, databases or applications. Once the files are encrypted it is often very difficult to fix the issue. A ransom is demanded in order to reverse the encryption. The attacks are often carried out using a Trojan disguised as a legitimate file that trick the users into downloading or opening it.
Social engineering – Social engineering in the context of Cyber Security is the art of manipulating a person into giving over sensitive information. Attackers use this methodology as it is easier to “break” a single person than to discover ways to hack your software.
DDoS attacks – A Denial-of-service attack is where an attacker will render a server, service or network unavailable by overwhelming it with internet traffic. Cyber Criminals will infect internet-connected devices with malware to control them remotely.
Password reuse – Although simple, this can still be very costly. Password reuse is where a user will use the same username/email and password for numerous online services. When one of the sites becomes involved in a data breach, Cyber Criminals will then run a credential stuffing attack to see where that username/password combination was used.
IoT hacking – IoT or Internet of things refers to the near-endless amounts of physical devices connected to the internet such as home security devices and AI voice assistants like Amazon Echo and Google Home. Hackers can gain easy access to these devices and will utilise the 24hr connectivity to launch DDoS attacks. These devices have limited power on their own but grouped together, they can form a formidable army.
Is There Anything I Can Do To Stop Cyber Threats?
Don’t worry; for every new Cyberthreat, there is also a way of countering them. Most methods of gaining access require some form of ignorance from the user. A user that is well educated on Cyber threats and has good Cyber hygiene is the best way to counter a Cybercriminal.
Firewalls – A firewall will monitor and control incoming and outgoing network traffic, blocking unauthorised traffic based on a set of security parameters. Firewalls have been the first line of defence in network security for over 25 years. The firewall will act as a barrier between a trusted network and an untrusted network, such as the internet.
Anti-Malware – Anti-Malware is software specifically designed to protect computer, server, client or computer networks from Malicious Software. The software will scan a computer to try and detect and remove any malware. Some Anti-malware will be preventative, scanning ay files and websites before they have the chance to do any damage. Anti-Virus is another term often used, the difference between the two is that Anti-Virus is often less powerful and slower than Anti-Malware. Anti-Malware can detect more advanced forms of Malware.
Phishing training – The best way to combat phishing attempts is not to click the link. However, all it takes is one slip up, and suddenly a whole network could become compromised. There are many training courses out there to help users understand what to look out for and how to respond to these dangerous threats.
Multi-factor authentication – Almost all modern platforms and applications are using Multi-factor authentication (MFA), which is for a good reason. MFA makes users require two or more pieces of evidence of their identity to log in. This way, if a bad actor does access your login credentials, your account is still secure as they will not have access to your MFA details. The additional identity verification is usually a fingerprint scan or code that is received via phone or email.
Password practice – Yes, changing passwords often is a pain, but it is a necessary one. The Verizon 2016 Data Breach Investigations Report found that 63% of data breaches happened due to lost, stolen or weak passwords. Regularly changing and using a combination of numbers, symbols, and upper and lowercase letters is an easy way to stay secure. Check out the image below to see how long it would take for a hacker to brute force your password.