What Is Cyber Security? A Thorough Definition

What is Cyber Security?

Cyber security is the state or process of protecting and recovery computer systems, networks, devices and programs from any type of cyber attack. Cyber attacks are becoming an evolving danger to the sensitive data of organizations, their employees and individuals.

Businesses and nation states have begun to recognize cyber security as a major challenge due to its complexity in terms of politics and the increasingly distributed attack surface. Many businesses are now including information risk management as part of their enterprise risk management.

Table of contents

  1. What types of cyber security threats are there?
  2. How defend against cyber attacks
  3. What are the common cyber attack targets?
  4. What are examples of notable data breaches?
  5. The NIST Cybersecurity Framework
  6. Cyber security careers
  7. How Upguard can improve your cyber security posture

1. What types of cyber security threats are there?

The process of keeping up with new technologies, security trends and threat intelligence is a massive task. The first stage is to understand what information may be valuable to an outside party and then how they may gain access to it. See our post on cyber security risk for more information.

Below we have outlined the common sources of cyber threats that you should be aware of.

What is a backdoor?

A backdoor is a method of bypassing normal authentication or encryption in a computer system, product, or embedded device (like a router). Cyber attackers often use backdoors to to secure remote access to a computer, obtain access to plaintext passports, delete hard drives, or transfer information within the cloud.

A backdoor can also take the form of a hidden part of a program, a separate program, code in firmware of hardware or operating systems. Although some backdoors are secretly installed, other backdoors are deliberate and known. These have legitimate uses such as providing the manufacturer with a way to reset a user’s password.

These legitimate backdoors can result in data leaks when misconfigured resulting in access to sensitive data and personal information that may be used for identity theft.

What is a denial of service attack?

A denial of service attack (DoS) is a cyber attack meant to shut down a machine or network, making it inaccessible to the end-user. DoS attacks do this by flooding a network with traffic or sending information that results in a machine crashing.

In both instances, the DoS attack deprives the legitimate user (customer, employee, etc) of the service or resource they were using. A simpler form of DoS attack is when an individual deliberately enters a wrong password consecutively to cause the victim’s account to be locked.

Victims of DoS attacks are often high-profile organizations such as banking, commerce, media companies and governments. DoS attacks do not generally result in theft or loss of significant information or other assets but can cost the victim a great deal of money and time.

One way to prevent DoS attacks is to use firewall rules that deny network attacks from a single IP address but more sophisticated distributed denial of service (DDoS) attacks can come from a large number of points making defence more difficult.

DDoS attacks can originate from zombie computers part of a botnet that may be control by a trojan horse or other malware, fooling innocent systems into sending traffic to a target.

What is a direct access attack?

A direct access attack is a cyber attack achieved through social engineering where an attacker gains physical access to a computer to modify it, copy sensitive information, or install malware or ransomware like WannaCry.

An attacker may also install a form of spyware such as a software worm or keylogger to gain direct access to an information system at a later date.

This is why disk encryption and Trusted Platform Modules are fundamental to any cyber risk management process.

What is eavesdropping?

Eavesdropping is when an attacker listens to a private conversations between hosts on a network. In the United States government agencies like the FBI and NSA have used programs like Carnivore and NarusInSight to eavesdrop on Internet service providers for national security purposes.

Network security solutions that prevent eavesdropping are part of any robust cyber security strategy to protect important information technology assets.

What is phishing?

Phishing is an attempt to acquire sensitive information such as usernames, passwords or credit cards directly from the end-user.

A typical phishing scam occurs through email spoofing or text messaging that directs the user to urgently enter their details into a fake website that looks and feels identical to the legitimate website. Once the user submits their details, their credentials are used to gain access to their real account.

What is privilege escalation?

Privilege escalation is a situation where an attack gains a level of access that enables them to continue to elevate their access level. For example, a standard computer user may be able to exploit a vulnerability in the system to gain access to restricted data or even become a root user with full unrestricted access to the system.

What is social engineering?

Social engineering is the process of gaining a user’s trust in order to convince them to disclose secrets like passwords or credit card numbers by impersonating their bank, a contractor, or even a customer.

A common security issue involves a fake CEO email sent to the accounting and finance department asking for payment of an invoice. In early 2016, the FBI reported that this scam had cost US businesses more than $960 million.

What is spoofing?

Spoofing is the act of impersonating a real entity by faking data like IP address, username or email address in order to gain access to an application or data.

Common types of spoofing include:

  • Email spoofing where an attacker forges the “From” address of an email
  • IP address spoofing where an attacker alters the source IP address in a network packet to hide their identity or impersonate a computing system
  • Media Access Control (MAC) address spoofing where an attacker modifies their MAC address of their network interface to pose as a valid user of the network
  • Biometric spoofing where an attack uses fake biometric sample to pose as another user

What is tampering?

Tampering is the malicious modification of a product to gain surveillance capabilities or access to protected data.

One form of tampering is called the evil maid attack where an unattended device is physically altered in an undetectable way so it can be access later.

What is typosquatting?

Typosquatting is a form of cybersquatting where someone sits on similar domain names to those owned by another brand or copyright, targeting Internet users who incorrectly type in a website address into their web browser, rather than using a search engine. Typosquatting is also known as url hijacking, domain mimicry, a sting site, or a fake URL.

What are vulnerabilities?

A vulnerability is a weakness in design, implementation, operation, or internal controls of software, hardware, or data that could result in data breaches or disruption of services.

Malicious software or malicious code designed to gain unauthorized access to computer systems can scan for exploitable vulnerabilities automatically, so it is becoming increasingly important to keep computer systems up to date.

Vulnerabilities arne not the only way hackers can gain access to your critical infrastructure and it is important to understand the different types of cyber defence available for your organization as part of a cyber security program.

2. How to defend against cyber attacks

Cyber security mainly comprises preventative measures like firewalls, data protection and a range of other countermeasures that aim to reduce threats, vulnerabilities, and the attack surface by improving data security and application security.

Timely discovery and reporting of issues is also important so corrective action can be taken.

However, relatively few organizations have the expertise to maintain computer systems with effective detection systems and far fewer have organized response mechanisms in place resulting in massive data breaches and exposure of sensitive information.

Organizations are increasingly turning to more sophisticated platforms that utilise a range of techniques including machine-learning to detect threats before and as they happen.

Below are common cyber security defence mechanisms that can be employed or outsourced to a third-party vendor.

What are the common cyber security measures?

Common cyber security measures are attained through the use of three processes:

  1. Threat prevention
  2. Threat detection
  3. Incident response
  • Access controls and cryptography to protect system files and sensitive data
  • Hardware and software based firewalls as a network security prevention system shielding access to internal network systems and attacks like packet filtering when properly configured
  • Intrusion Detection Systems (IDS) designed to detect in-progress network attacks and assist in post-attack analysis with help from audit trails and logs

Incident responses can range from a simple upgrade of a computer or firmware to fix a known vulnerability to notification of legal authorities depending on the organization and severity of cyber attack.

In extreme cases, organization may opt for complete destruction of a compromised system as other compromised resources may not be detectable.

What is secure by design?

Software is said to be secure by design when security is considered a main feature and developed with a group of principles in mind:

  • Principle of least privilege: a subsystem should only have access to what it needs to function so if a hacker gains access to that part of the system they have limited access to the entire computer system
  • Automated theorem proving: to prove mathematical correctness of crucial software subsystems
  • Code reviews and unit testing: ensure modules are more secure by peer review where formal correctness proofs are not possible
  • Defence in depth: more than one subsystem needs to be violated to compromise the integrity of the system and its data
  • Default secure settings: systems should be default secure with deliberate, conscious actions from legitimate authorities needed to make it insecure
  • Audit trails: tracking systems designed to outline the cause and extent of a breach, store remotely so intruders are unable to cover their tracks
  • Disclosure of vulnerabilities: vulnerabilities must be disclosed when discovered

What is vulnerability management?

Vulnerability management is the process of identifying and remediating vulnerabilities in software and firmware.

Organizations can use a vulnerability scanner to analyze computer systems and search for known vulnerabilities, such as open ports, insecure software configuration, and susceptibility to malware.

Beyond vulnerability scanning, many organizations will use outside cyber security experts to run regular penetration tests against their systems to identify vulnerabilities.

What is two factor authentication?

Two factor authentication is a method of mitigating unauthorized access to a system or sensitive information. The idea is that the user “needs to know something” like their username or password and has “to have something” like a card, dongle, cellphone, or app.

Training is often involved to mitigate social engineering risk but even in highly disciplined environments social engineering attacks are difficult to prevent.

Two factor authentication improves security and reduces the impact of phishing and other social engineering attacks as an attacker needs credentials and the two factor authentication method to gain access.

What are hardware security mechanisms?

Beyond two-factor authentication, there are other alternatives to software-only security. Devices and methods include USB dongles, intrusion-aware computer cases, drive locks, disabling USB ports, and mobile-enabled access improve security due to the physical access required to be compromised.

  • USB dongles: used to prevent unauthorized access to a computer or other software creating an encryption scheme that is harder to replicate than simply copying software to another machine
  • Intrusion-aware computer cases: detect when a computer case is opened and alerts the end-user when the computer is booted up
  • Drive locks: software tools that encrypt hard drives
  • Disabling USB ports: prevents unauthorized access to an otherwise secure computer
  • Mobile phones: built-in capabilities like Bluetooth, Bluetooth low energy (LE), Near field communication (NFC) and biometric validation offer new secure ways to connect to access control systems like access to secure buildings

What is end-user security training?

The end-user is widely recognized as the weakest link in any cyber security system, with many estimating more than 90to 95% of security incidents and breaches involving human error.

One of the most common forms of error is poor password management and the inability to recognize the difference between legitimate emails and login pages, and phishing attempts. This is one of the reasons that single sign on and password managers are quickly becoming required purchases for small and large organizations alike.

Further, security awareness training is quickly becoming popular at all levels of an organization, not just what is required by formal compliance with regulatory and industry mandates. Too many organizations focus on a cyber security approach that is exclusively technical and need to raise awareness of cyber attacks throughout the business.

What is incident response planning?

Responding to a cyber attack is often difficult because attacks can be geographically distributed, operating in different jurisdictions to the systems they are attempting to breach. This is further obfuscated through use of proxies, temporary wireless connections, and other anonymizing procedures. Furthermore, they may delete logs to cover up their tracks.

Due to these issues, and the fact that law enforcement are often unfamiliar with information technology attackers are often not pursued. This is makes it more important to have an organized incident response process that addresses and manages the aftermath of a cyber attack.

It is better to prevent and mitigate cyber risk.

Incidents that are not identified and managed at the time of intrusion can escalate to more impactful events such as data breaches or system failure. Incident response planning establishes best practices to stop an intrusion before it causes extensive damage. A typical plan contains a set of written instructions that outlines the organization’s response to a cyber attack.

Without proper documentation, organizations may not successfully detect an intrusion and stakeholders may not understand their role slowing the organizations response time.

The four keys components of a computer security incident response plan are as follows:

  1. Preparation: stakeholders need to understand procedures for handling computer security incidents or compromises before hand
  2. Detection and analysis: suspicious activity must be identified and investigated, prioritizing a response based on impact
  3. Containment, eradication and recovery: affected systems must be isolated to prevent escalation, limit impact, removing malware and finding the root cause of the attack then steps must be taken to restore systems and data to pre-attack conditions
  4. Post incident activity: post mortem analysis is done to improve the incident response plan for future incidents

3. What are the common cyber attack targets?

The exponentially growing number of computer systems and increasingly reliance on computing infrastructure by individuals, businesses, industries, and governments has increased the risk of cyber attack and common cyber attack targets.

Financial systems

Computers sit at the heart of financial regulators and institutions like the U.S. Securities and Exchange Commission, Australian Stock Exchange, investment banks, and commercial banks. Financial institutions are a favoured target for cyber criminals because they can use their infrastructure to influence markets and make illicit gains.

Web sites and apps are increasingly becoming part of the financial system with online brokerage accounts, and food delivery apps storing credit card numbers that are key targets because of the potential gain of transferring money, making purchases or selling information on to other interested parties.

Utilities and industrial equipment

An attack on critical infrastructure for the energy sector could cause loss of power in large areas for long periods of time with server consequences akin to a natural disaster.

Aviation

Aviation’s critical infrastructure relies on computing and a power outage or disruption in flight communication can have cascading effects that are felt around the world. Further, the introduction of Wi-Fi on planes represents another potential attack vector for passengers who utilise their often insecure Wi-Fi network s.

Consumer devices and the Internet of Things

Desktop and laptops computers are common targets for gathering passwords or financial account information. This risk is increasingly due to the growth in smartphones, tablets, smart watches, and other internet enabled devices that often collect sensitive personal information such as location and heart rate

Corporations

Corporations are common targets for a variety of reasons from identity theft through to data breaches by both individuals and foreign governments who want to engage in cyber warfare to spread propaganda, sabotage, or spy on targets.

Automobiles

Cars are increasingly computerized with critical systems like cruise control, engine timing, anti-lock brakes, seat belt tensioners, door locks, airbags, and driver-assistance system controlled by computers on many models.

The introduction of Wi-Fi and Bluetooth to communicate with onboard devices and cell networks has increased the risk of cyber attacks, with self-driving cars expected to be even more complex.

Governments

Government and military systems are commonly attacked by activists and foreign governments who wish to engage in cyber warfare. Infrastructure like traffic lights, police and intelligence agency communications, personnel records, student records, and financial systems are now often computerized.

Medical systems

Medical systems like in-hospital diagnostic equipment and implanted devices like pacemakers and insulin pumps are the targets of attack with potentially deadly vulnerabilities.

Medical records are often targeted for use in general identity theft, health insurance fraud, and impersonation of patients to gain prescription drugs or recreational purposes or resale.

4. What are examples of notable data breaches?

See our biggest data breaches.

5. The NIST Cybersecurity Framework

Governments are becoming increasingly conscious of the risks of cyber attacks with many producing policy frameworks for guidance on how private sector organizations should assess and improve their ability to prevent, detect, and respond to cyber attacks.

The NIST Cybersecurity Framework from the United States is one such framework that has been translated into many languages and is used by governments in Japan and Israel, among others.

6. Cyber security careers

Cyber security is one of the fast-growing career paths for IT professionals as organization’s become increasingly aware of the risk of hacks and data breaches.

Many organizations employ cyber security experts including Google, Amazon, and Homeland security.

Typical cyber security job titles and roles are as follows.

What is a security analyst?

A security analyst’s job is to analyze and assess vulnerabilities to software, hardware and networks using tools and countermeasures to remedy any detected vulnerabilities.

They may also analyze and assess damage as a result of a breach and recommend solutions, as well as create and implement new security solutions.

What is a security engineer?

A security engineer’s job is to perform security monitoring, log analysis and forensic analysis to detect security incidents and mounts the incident response.

They also investigate and utilize technology and processes to enhance and improve security capabilities. In some organizations, they may also review code or perform other security engineering methodologies.

What is a security architect?

Security architects design security systems or major components of security systems and may head a security design team to build out new security systems.

What is a security administrator?

A security administrator installs and manages organization-wide security systems and may take on the role of a security analyst in some smaller organizations.

What is a Chief Information Security Officer (CISO)?

The Chief Information Security Officer (CISO) is responsible for the entire information security division of a company and may also include hands-on technical work.

What is a Security Consultant/Specialist/Intelligence?

These titles generally encompass one or more roles that are tasked with protecting computers, networks, software and sensitive data against viruses, worms, spyware, malware, intrusion detection, unauthorized access, denial of service (DoS), and an ever increasing list of cyber attacks.

7. How Upguard can improve your cyber security posture

UpGuard helps companies like Intercontinental Exchange, Taylor Fry, The New York Stock Exchange, IAG, First State Super, Akamai, Morningstar and NASA protect their data and prevent breaches.

UpGuard BreachSight’s typosquatting module can reduce the cyber risks related to typosquatting, along with preventing breaches, avoiding regulatory fines and protecting your customer’s trust through cyber security ratings and continuous exposure detection.

We can also help you continuously monitor, rate and send security questionnaires to your vendors to control third-party risk and improve your security posture, as well as automatically create an inventory, enforce policies, and detect unexpected changes to your IT infrastructure.

Book a demo today.

Originally published at https://www.upguard.com.

https://www.upguard.com — UpGuard combines third-party security ratings, vendor questionnaires, and threat intelligence in a single cyber risk solution.