Introduction to Cyber Security
What Is Cyber Security?
Cyber security is the use of technology, processes, and policies to prevent cyber attacks on systems, networks, programmes, devices, and data. Its goal is to prevent and limit the risk of cyber attacks securing systems, networks, and technology from foreign unauthorised access and use.
Why Is Cyber Security important?
Most of our personal data is stored online (healthcare data base, online shopping, emails, online accounts, social media and more). It is now more critical than ever to prevent cyber criminals accessing and getting hold of our sensitive personal data and information. Cyber criminals often target and blackmail businesses, leaking private, sensitive data and information. Companies are increasingly concerned with potential leaks that could occur which can cause severe damage, face fines and reputational damage as well as costing them millions and billions of pounds to recover from such attacks.
Overview Of The Types Of Cyber Security
The effort aimed at ensuring the usability and integrity of your network, managing access to the network. Network security also aids in the protection of confidential information, safeguarding your reputation. Network Security is vital in protecting personal data and information, securing data, ensuring legitimate, verified access and network performance as well as protection and prevention from cyber threats. Most attacks occur over the network, and network security is implemented to identify and block these malicious attacks.
Cloud security is a software-based security technology for safeguarding and monitoring data in your cloud resources. Cloud security refers to the methods and technologies used to protect cloud computing infrastructures, data and applications in the cloud from both external and internal cyberattacks. The majority of our personal information is stored is stored in the cloud. An example of cloud storage platforms most people utilise now are: Google Drive, DropBox, iCloud, Microsoft OneDrive and more. It is crucial for these platforms to effectively implement cloud security as they contain large amounts of people’s personal data and information.
Application security is implemented to prevent bots attacks and malicious activity with applications, preventing unauthorised access. Application security involve measures such as : security questions, two-step verification, pin code authentication and more.
Operational security is implemented to ensure that employees are educated on the best practices for maintaining personal, business data and information secure. Operational security is a risk management and security process that keeps critical information and data out of cyber criminal’s reach by discovering any issues an organisation may have overlooked.
Internet of Things (IoT) Security
Industrial machinery, smart energy grids, building automation, and whatever personal IoT gadgets people bring to work which are connected to a network, are examples of IoT devices in the workplace. This collection of devices can put an organisation’s security at danger hence why IoT security is crucial to be implemented to prevent malicious cyber attacks. IoT security ensures both physical device security and network security,
Different Types Of Common Cyber Attacks
Usually these attacks are sent via email where it requests you to click on a fake link, carefully asks you to provide personal information or to log into accounts with your personal credentials which are then encrypted and stolen by the attacker. this common method is also used to deliver malware to your device.
These attacks work by flooding a network or data centre with a significant volume of traffic in order to slow down their systems (causing the system to crash) and prevent the business from providing normal services to authorised customers.
This attack occurs when unauthorised hackers inserts themselves between a device and a server/network to intercept communications that can then be read and manipulated. This type of cyber attack usually occurs when connecting to a public unsecured Wi-Fi network.
SQL Injection Attacks
A Structured Query Language injection, happens when a criminal hacker injects malicious code into a SQL server, the server is then forced to divulge information and data it would not ordinarily reveal. This attack can be easily carried out by inserting a malicious code into a security vulnerable website search box
Zero-Day Exploit Attacks
Cyber criminals target vulnerable security softwares and operation systems before business or individuals using that same software/operation system implements a solution to secure the network. Essentially cyber criminals find out a vulnerability within a certain software or operation system and target every business that uses it before they find a solution.
Malware is malicious software used to breach network security usually installed by clicking on suspicious links, opening malicious email attachments, downloading unsecured files. Once the malware is installed, it can be used to disrupt operations, access and steal sensitive data, block access to certain part of the network, install more malicious softwares, destroy computers and their systems.
Different Types Of Common Malware Attacks
Very common, these attacks happen daily worldwide. Ransomware is a type of malicious software that infects a computer, operational system or device, blocking and restricting the user’s access until a ransom is paid. This attack is usually used by attackers to extort very large amounts of money from victims (businesses, governments, corporations, industries) or for revenge and blackmail by leaking the stolen data and information. Unfortunately this type of attack can be extreme, ruining people’s life and reputation while putting many at risk. An example of this was the WannaCry attack on the NHS, many patients were unable to receive their urgent treatments as thousands of appointments were cancelled and systems were down causing serious damage.
Another type of malware used by cyber criminals to monitor a user’s device activity gathering and stealing information/data. This attack is usually used to spy on a user’s devise activity while stealing data and information, violating privacy.
A type of malware attack disguised as legitimate software used by cyber criminals to copy, steal, modify data, damage devices and other malicious actions on data and network. This attack is usually received by loading a malicious file disguised as a legitimate one, installing malicious softwares, download malicious content.
A type of malware that spreads just like viruses multiplying and infecting other parts of a computer or device by attaching themselves to other computer files. Viruses, unlike worms, require an active operating system or software that has already been infected.
Just like virus, worms self replicate and they are used to spread and infect computers used to steal and damage data, they can infect the whole network which the infected computer is connected to.
Bots may force a computer to perform particular instructions without the user’s permission or knowledge, infecting numerous computers with the same bot in order to form a “botnet,” (robot network) to remotely steal sensitive data, spy on user activity, automatically disseminate spam, or execute catastrophic attacks on computer networks and websites.
Undetectable and hard to remove, operates like a spyware by monitoring a user’s activity to steal data and information, used to access a computer, device or unaccessible parts of its software. Used to conceal other types of malware on an infected device, modify and deactivate security applications.
A software that displays adverts on your device. Adware can also trace your search and browsing history in order to serve you advertising that are more relevant to your interests. Once the developer gets access to your location and browsing history, they may profit from it by selling it to third parties.