CYBER SECURITY

  • Home
  • CYBER SECURITY

Cyberspace,

“A global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers.”

 

Cyber security refers to the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access. Cyber security may also be referred to as information technology security.

Types of cyber security

In order to be better protected, it’s important to know the different types of cybersecurity. These include critical infrastructure security, network security, application security, information security, cloud security, data loss prevention, and end-user education.

Critical infrastructure security: Consists of cyber-physical systems such as electricity grid and water purification systems.

Network security: Protects internal networks from intruders by securing infrastructure. Examples of network security include the implementation of two-factor authentication (2FA) and new, strong passwords.

Application security: Uses software and hardware to defend against external threats that may present themselves in an application’s development stage. Examples of application security include antivirus programs, firewalls and encryption.

Information security: Also known as InfoSec, protects both physical and digital data—essentially data in any form—from unauthorized access, use, change, disclosure, deletion, or other forms of malintent.

Cloud security: A software-based tool that protects and monitors your data in the cloud, to help eliminate the risks associated with on-premises attacks.

Data loss prevention: Consists of developing policies and processes for handling and preventing the loss of data, and developing recovery policies in the event of a cyber security breach. This includes setting network permissions and policies for data storage.

End-user education: Acknowledges that cyber security systems are only as strong as their potentially weakest links: the people that are using them. End-user education involves teaching users to follow best practices like not clicking on unknown links or downloading suspicious attachments in emails—which could let in malware and other forms of malicious software.

The importance of Cybersecurity

Cybersecurity is important because it encompasses everything that pertains to protecting our sensitive data, personally identifiable information (PII), protected health information (PHI), personal information, intellectual property, data, and governmental and industry information systems from theft and damage attempted by criminals and adversaries.

Cybersecurity’s importance is on the rise. Fundamentally, our society is more technologically reliant than ever before and there is no sign that this trend will slow. Personal data that could result in identity theft is now posted to the public on our social media accounts. Sensitive information like social security numbers, credit card information and bank account details are now stored in cloud storage services like Dropbox or Google Drive.

Governments around the world are bringing more attention to cybercrimes. GDPR is a great example. It has increased the reputational damage of data breaches by forcing all organizations that operate in the EU to:

  • Communicate data breaches
  • Appoint a data-protection officer
  • Require user consent to process information
  • Anonymize data for privacy

Evolution of Cyber Security

 

CHALLENGES OF CYBER SECURITY

For an effective cyber security, an organization needs to coordinate its efforts throughout its entire information system. Elements of cyber encompass all of the following:

  • Network security
  • Application security
  • Endpoint security
  • Data security
  • Identity management
  • Database and infrastructure security
  • Cloud security
  • Mobile security
  • Disaster recovery/business continuity planning
  • End-user education

The most difficult challenge in cyber security is the ever-evolving nature of security risks themselves. Traditionally, organizations and the government have focused most of their cyber security resources on perimeter security to protect only their most crucial system components and defend against known treats. Today, this approach is insufficient, as the threats advance and change more quickly than organizations can keep up with. As a result, advisory organizations promote more proactive and adaptive approaches to cyber security. Similarly, the National Institute of Standards and Technology (NIST) issued guidelines in its risk assessment framework that recommend a shift toward continuous monitoring and real-time assessments, a data-focused approach to security as opposed to the traditional perimeter-based model.

Types of Cyber Attacks

A cyber-attack is an exploitation of computer systems and networks. It uses malicious code to alter computer code, logic or data and lead to cybercrimes, such as information and identity theft.

Cyber-attacks can be classified into the following categories:

  1. Web based Attacks
  2. System based Attacks

 

  1. Web-based attacks

These are the attacks which occur on a website or web applications. Some of the important web-based attacks are as follows-

Injection attacks

It is the attack in which some data will be injected into a web application to manipulate the application and fetch the required information. Example- SQL Injection, code Injection, log Injection, XML Injection etc.

DNS Spoofing

DNS Spoofing is a type of computer security hacking. Whereby a data is introduced into a DNS resolver’s cache causing the name server to return an incorrect IP address, diverting traffic to the attacker?s computer or any other computer. The DNS spoofing attacks can go on for a long period of time without being detected and can cause serious security issues.

Session Hijacking

It is a security attack on a user session over a protected network. Web applications create cookies to store the state and user sessions. By stealing the cookies, an attacker can have access to all of the user data.

Phishing

Phishing is a type of attack which attempts to steal sensitive information like user login credentials and credit card number. It occurs when an attacker is masquerading as a trustworthy entity in electronic communication.

Brute force

It is a type of attack which uses a trial and error method. This attack generates a large number of guesses and validates them to obtain actual data like user password and personal identification number. This attack may be used by criminals to crack encrypted data, or by security, analysts to test an organization’s network security.

Denial of Service

It is an attack which meant to make a server or network resource unavailable to the users. It accomplishes this by flooding the target with traffic or sending it information that triggers a crash. It uses the single system and single internet connection to attack a server. It can be classified into the following-

  • Volume-based attacks- Its goal is to saturate the bandwidth of the attacked site, and is measured in bit per second.
  • Protocol attacks- It consumes actual server resources, and is measured in a packet.
  • Application layer attacks- Its goal is to crash the web server and is measured in request per second.

Dictionary attacks

This type of attack stored the list of a commonly used password and validated them to get original password.

URL Interpretation

It is a type of attack where we can change the certain parts of a URL, and one can make a web server to deliver web pages for which he is not authorized to browse.

File Inclusion attacks

It is a type of attack that allows an attacker to access unauthorized or essential files which is available on the web server or to execute malicious files on the web server by making use of the include functionality.

Man in the middle attacks

It is a type of attack that allows an attacker to intercepts the connection between client and server and acts as a bridge between them. Due to this, an attacker will be able to read, insert and modify the data in the intercepted connection.

  1. System-based attacks

These are the attacks which are intended to compromise a computer or a computer network. Some of the important system-based attacks are as follows-

Virus

It is a type of malicious software program that spread throughout the computer files without the knowledge of a user. It is a self-replicating malicious computer program that replicates by inserting copies of itself into other computer programs when executed. It can also execute instructions that cause harm to the system.

Worm

It is a type of malware whose primary function is to replicate itself to spread to uninfected computers. It works same as the computer virus. Worms often originate from email attachments that appear to be from trusted senders.

Trojan horse

It is a malicious program that occurs unexpected changes to computer setting and unusual activity, even when the computer should be idle. It misleads the user of its true intent. It appears to be a normal application but when opened/executed some malicious code will run in the background.

Backdoors

It is a method that bypasses the normal authentication process. A developer may create a backdoor so that an application or operating system can be accessed for troubleshooting or other purposes.

Bots

A bot (short for “robot”) is an automated process that interacts with other network services. Some bots program run automatically, while others only execute commands when they receive specific input. Common examples of bots program are the crawler, chatroom bots, and malicious bots.

Steps Taken to Deal with Cyber Crime and Cyber Security

  • Central Government has taken steps to spread awareness about cyber crimes, issue of alerts/advisories,  capacity  building/training of law enforcement personnel/ prosecutors/ judicial officers, improving cyber forensics facilities etc. to prevent such crimes and to speed up investigation.
  • The Government has launched the online cybercrime reporting portal, www.cybercrime.gov.in to enable complainants to report complaints pertaining to Child Pornography/Child Sexual Abuse Material, rape/gang rape imageries or sexually explicit content.
  • The Central Government has rolled out a scheme for establishment of Indian Cyber Crime Coordination Centre (I4C) to handle issues related to cybercrime in the country in a comprehensive and coordinated manner.
  • ‘Police’ and ‘Public Order’ are State subjects as per the Constitution of India. States/UTs are primarily responsible for prevention, detection, investigation and prosecution of crimes through their law enforcement machinery. The Law Enforcement Agencies take legal action as per provisions of law against the cyber crime offenders.

 

 

Further, Government has taken several steps to prevent and mitigate cyber security incidents. These include:

  • Establishment of National Critical Information Infrastructure Protection Centre (NCIIPC) for protection of critical information infrastructure in the country.
  • All organizations providing digital services have been mandated to report cyber security incidents to CERT-In expeditiously.
  • Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre) has been launched for providing detection of malicious programmes and free tools to remove such programmes.
  • Issue of alerts and advisories regarding cyber threats and counter-measures by CERT-In.
  • Issue of guidelines for Chief Information Security Officers (CISOs) regarding their key roles and responsibilities for securing applications / infrastructure and compliance.
  • Provision for audit of the government websites and applications prior to their hosting, and thereafter at regular intervals.
  • Empanelment of security auditing organisations to support and audit implementation of Information Security Best Practices.
  • Formulation of Crisis Management Plan for countering cyber attacks and cyber terrorism.
  • Conducting cyber security mock drills and exercises regularly to enable assessment of cyber security posture and preparedness of organizations in Government and critical sectors.
  • Conducting regular training programmes for network / system administrators and Chief Information Security Officers (CISOs) of Government and critical sector organisations regarding securing the IT infrastructure and mitigating cyber attacks.

National Cyber Security Policy, 2013

Salient Features,

  • A vision and mission statement aimed at building a secure and resilience cyber space for citizens, businesses and Government.
  • Enabling goals aimed at reducing national vulnerability to cyber attacks, preventing cyber attacks & cyber crimes, minimising response & recover time and effective cyber crime investigation and prosecution.
  • Focused actions at the level of Govt., public-private partnership arrangements, cyber security related technology actions, protection of critical information infrastructure and national alerts and advice mechanism, awareness & capacity building and promoting information sharing and cooperation.
  • Enhancing cooperation and coordination between all the stakeholder entities within the country.
  • Objectives and strategies in support of the National cyber security vision and mission.
  • Framework and initiatives that can be pursued at the Govt. level, sectoral levels as well as in public private partnership mode.
  • Facilitating monitoring key trends at the national level such as trends in cyber security compliance, cyber attacks, cyber crime and cyber infrastructure growth.
  • Set up different bodies to tackle various levels of threats, along with CERT, to coordinate all matters related to cyber security.
  • Create NCIIPC
  • Create a workforce of around 5 Lakh trained in cyber security.
  • Provide fiscal benefits to businesses to adopt best security practices.
  • Set up testing labs to regularly check the safety of equipment being used in the country.
  • Create a cyber-ecosystem in the country, developing effective public-private partnerships
  • Building indigenous security technologies through research.

Way Forward

The present cyber threat landscape poses challenges due to rapid technological developments.

New challenges include data protection/privacy, law enforcement in evolving cyberspace, access to data stored overseas, misuse of social media platforms, international cooperation on cybercrime & cyber terrorism, and so on. Threats from organised cybercriminal groups, technological cold wars, and increasing state sponsored cyber-attacks have also emerged.

To nab the threats to Cyber Security the Indian Government under the aegis of National Security Council Secretariat through a well-represented Task Force is in the process of formulating the National Cyber Security Strategy 2020 (NCSS 2020) to cater for a time horizon of five years (2020-25).

The proposed vision of the upcoming policy is “to ensure a safe, secure, trusted, resilient and vibrant cyber space for our nation’s prosperity”.

Leave a Reply

Your email address will not be published. Required fields are marked *