Cyber Security for 2020

Cyber Security protect from theft, corruption or natural disaster while allowing the information and property remain accessible. It helps to understand the cyber security strategy, cyber ecosystem and science of cyber security. Cyber security deals with securing the future- “Securing for tomorrow’s world”.
Securing for tomorrow’s world

Cyber Security Today

To the world of computer technology, government, police and intelligence units, Cyber crime is emerging as serious threat. Cyber Security techniques developed to safeguard information systems stored on computers. Potential threats which is include the destruction of Computer Software and Computer Hardware and the loss, modification, theft, unauthorized use, observation or disclosure of computer data. Cyber security restricted to describing the criminal activity in which the computer or network is a part of crime as fraud, black mail and theft.

Cyber Security protect from theft, corruption or natural disaster while allowing the information and property remain accessible. It helps to understand the cyber security strategy, cyber ecosystem and science of cyber security. Cyber security deals with securing the future- “Securing for tomorrow’s world”.

Many Companies spend million of their dollars on firewalls and secure access devices and it’s money wasted because none of these measures address the weakest link in the security chain.

5 Stages of Business Cyber Security

  1. Identity   
  • Am: Asset management
  • BE: Business environment
  • GV: Governance
  • RA: Risk Assessment
  • RM: Risk Management strategy

2. Project

  • AC: Access Control
  • AT: Awareness Training
  • DS: Data Security
  • IP: Information Protection process and procedures

3. Detect

  • AE: Anomalies and events
  • CM: Security Continuous Monitoring
  • DP: Detection Processes

4. Respond

  • RP: Response Planning
  • CO: Communications
  • AN: Analysis
  • MI: Mitigation
  • IM: Improvements

5. Recover

  • RP: Recovery Planning
  • IM: Improvements
  • CO: Communications

Cyber security Process

  • Assess = Analyze Assets and Controls
  • Evaluate = Understand GDPR Maturity Based on Current Program
  • Build = Develop Road map to Fill the Gaps
  • Execute = Take Action with Strategic GOPR Readiness Road map

This process repeat again and again.

Process for Secure from Cyber Security

  • Awareness = A lot of hacks happen because staff is not aware of the risks. Encourage SMEs to educate more in terms of cyber security.
  • Strong Passwords = With strong password it is one step closer to being secured from breaches or hacks.
  • Updates = Updating is one crucial part of being safe, for example a lot of websites get hacked through plugins that are out of date and vulnerable.
  • Backups = Having duplicate copies of your information saved in a remote location keeps it safe in case anything goes wrong with your computer or website.
  • Firewall = Use the protective measures which can protect you even if you can not react in time.

Real Challenges of Cyber Security

  • The world economic forum again rated cyber-attacks in top 5 risks to society
  • 46% of all companies were affected
  • 36% of all consumers globally lost data
  • 11% more was spent on cyber security this year

Generations of Attacks and Protections

First Generation ( Late 1980s)

Attack = Virus ( PC attacks – standalone)

Protection = The Anti Virus

Second Generations (Mid 1990s)

Attack = Networks ( Attacks from the internet)

Protections = The Firewall

Third Generations (Early 2000s)

Attack = Applications (exploiting vulnerabilities in applications)

Protections = Intrusion Prevention (IPS)

Fourth Generations (2010)

Attack = Payload (Polymorphic Content)

Protections = Behavioral Analysis

Top IT Security Salaries

  • Lead software security engineer – $233,333
  • Chief security officer – $225,000
  • Global information security director – $ 200,000
  • Chief information security officer – $192,500
  • Director of security – $178,333

Social Engineering Attacks

An attack or a hack through which the attacker users social skills via human interaction to obtain or compromise information about an organization or its computer systems is known as a social engineering attacks. Your data is at risk everyday through social engineering attacks because hacking a human is much easier than hacking a business.

What motivates social engineers?

  • Obtaining personal information.
  • Gaining unauthorized access.
  • Circumventing established procedures.
  • Because they can.

Common Attacks

Personal Approach :- In personal approaches, the social engineering may directly ask for approach in general meeting or gathering and get personal or critical information directly or indirectly about you.

Telephone :- Request information usually through the imitation of a legitimate bank/company through system to get critical information such as bank/credit card data.

Online :- Internet connectivity enables attackers to approach individuals or employee an anonymous internet source and convince them to provide information through a believable user.

Ransomware a Nightmare for Businesses

Ransomware is an attack that installs covertly on a company’s computer

Ransomware is an attack that installs covertly on a company’s computer, blocking or limiting user access and demanding a ransom payment to restore it. This is one of the fastest growing cyber threats and is expected to increase 400% every years.

The state of ransomware

  • 25% of organizations had to cease business operations immediately because of ransomware.
  • 81% of business have experienced a cyber attack.
  • 66% have suffered a data breach
  • 35% were victims of ransomware
  • 72% of companies affected by ransomware that could not access data for at least 2 days following the attack.
  • 32% that lost access to their data for
  • $10-$50 million estimated monthly income for cyber criminals from ransomware

Ways to Stop Social Engineering Attack

  • Walk through company and make sure employees are not leaving personal or sensitive information in plain view of passing people such as e-mail accounts, login information, passwords etc.
  • Use dummy accounts to monitor networks, and also use the admin account as a dummy as well and monitor who attempts to access it and trap them in the act.
  • Make a security policy that enforces that passwords must contain a certain combination of words,numbers and characters.
  • Never allow an employee to leave their terminal or desk without first logging out of their respected machine or workstation

Tips for Avoiding a Social Engineering Attack

  • Limit public information:- Limit the amount of personal information that you share online.
  • Be a skeptical:- Always question requests for sensitive information.
  • Trust but verify:- Don’t share information with people you don’t know unless you can verify their identity.
  • Call them back:- Through the main switchboard if possible.
  • No password over the phone:- Never share your password with anyone over the phone

Spot Fake E-mails and Stay Safe

In June 2015, famous company Ubiquiti networks Inc. willing wired $46.7 million to fake bank accounts in china. Why? Because the company CEO asked them to an email. Of course, the actual CEO never made any such request a group of hackers did.

  • Contact information:- The email contains a generic salutation or lacks any contact information for the recipient to use if they have questions.
  • Spelling and grammar errors:- The email contains clear spelling or grammatical errors or emails from legitimate companies are normally proof read extensively before sending.
  • Requests personal information:- The email requests that you follow a link to log in, or request personal information such as a credit card pin number or password.
  • High urgency or threats:- The email creates a high sense of urgency, or threatens consequences for inaction.
  • Fake web links:- The sender’s displayed name and email address do not match the purported company the email represents, or the links send the recipient to other websites not associated with the purported company

Notes : 80% of attacks are phishing

Cyber Scams

Social engineering exploits the goodwill of unwitting victims. Here’s how….

  • Website Spoofing:- Bogus websites masquerade as the real thing, tricking victims into sharing sensitive information.
  • Phishing :- Emails impersonate legitimate businesses to acquire information. This websites will request information through forms ad offer downloads containing malware.
  • Social Media Phishing :- In social media phishing is when attackers use social networking sites like Facebook, Twitter and Instagram instead of email to obtain your sensitive personal information or click on malicious links.
  • Baiting :- In baiting, the attacker dangles something enticing to move his victim to action. Physical media sources loaded with malware infect computers and steal information.
  • Impersonation :- Scammer impersonates a trusted sources online or in person to obtain valuable information
  • Poser :- Attackers poses as a vendor, client or employee and sends email from what links like a reputable source.

How to Spot a Phishing

Phishing is a technique used to fraudulently obtain usernames, passwords, credit card numbers and other sensitive information.

Fraudulent emails typically ask you to:

  • Open an attachment
  • Click on link, redirecting you to a malicious website.
  • You may be prompted to enter personal information.

Types of Phishing Attacks

  • Spear Phishing: A highly targeted form of phishing that hones in on a specific group of individuals or organization.
  • Whaling: A form of phishing, targeted at executive level individuals.
  • Cloning: Whereby a legitimate email is duplicated but, the content is replaced with malicious links or attachments.