CYBER SECURITY Cybersecurity is the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information. In today's age, everything relies on computers and the internet, say how we communicate via email, smartphones, tablets; how we de-stress with interactive video games, social...
CYBER SECURITY
Cybersecurity is the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information. In today's age, everything relies on computers and the internet, say how we communicate via email, smartphones, tablets; how we de-stress with interactive video games, social media, apps; how we are moving around via our navigation systems, spending money online shopping, credit cards, UPI, wallets, personal information on our health medical equipment, medical records, COVID contacts - Aarogya Setu, Aadhaar/PAN details stored in the centralized repository, vaccination and temperature records… on and on.
With so much of our daily life relying on technology, so much of our personal information stored either on your own computer, smartphone, tablet or on someone else's system… What is the risk? YOUR & MY DATA
Why? Because today, you & I are leaving our data footprints with state-of-the-art databanks to the mall guard collecting temperature.
The threat is:
1. Cybercrime - single actors or groups targeting systems for financial gain or to cause disruption.
2. Cyber-attack - mostly politically motivated information gathering.
3. Cyberterrorism - intended to undermine electronic systems to cause panic or fear.
Some of the known methods are:
Malware
Malicious software, such as:
· Virus: A self-replicating program that attaches itself to a clean file and spreads throughout a computer system, infecting files with malicious code.
· Trojans: A type of malware that is disguised as legitimate software. Cybercriminals trick users into uploading Trojans onto their computer where they cause damage or collect data.
· Spyware: A program that secretly records what a user does, so that cybercriminals can make use of this information. For example, spyware could capture credit card details.
· Ransomware: Malware which locks down a user's files and data, with the threat of erasing it unless a ransom is paid.
· Adware: Advertising software which can be used to spread malware.
· Botnets: Networks of malware-infected computers which cybercriminals use to perform tasks online without the user's permission.
SQL injection
Cybercriminals exploit vulnerabilities in data-driven applications to insert malicious code into a databased via a malicious SQL statement. This gives them access to the sensitive information contained in the database.
Phishing
When cyber-criminals target victims with emails that appear to be from a legitimate company asking for sensitive information. Phishing attacks are often used to dupe people into handing over credit card data and other personal information.
Man-in-the-middle attack
Where a cyber-criminal intercepts communication between two individuals in order to steal data. For example, on an unsecure WiFi network, an attacker could intercept data being passed from the victim's device and the network.
Denial-of-service attack
Where cyber-criminals prevent a computer system from fulfilling legitimate requests by overwhelming the networks and servers with traffic. This renders the system unusable, preventing an organization from carrying out vital functions.
What can you do to improve your cybersecurity?
Follow basic cybersecurity practices and up the bar:
• Keep software up to date - Install software patches so that attackers cannot take advantage of known problems or vulnerabilities.
• Run up-to-date antivirus software - It can automatically detect, quarantine, and remove various types of malware. Be sure to enable automatic virus definition updates to ensure maximum protection against the latest threats...
• Use strong passwords
• Change default usernames and passwords
• Implement multi-factor authentication (MFA) - Uses at least two identity components to authenticate a user's identity, minimizing the risk of a cyber attacker gaining access to an account if they know the username and password.
• Install a firewall - Prevent some types of attack vectors by blocking malicious traffic before it can enter a computer system, and by restricting unnecessary outbound communications.
• Be suspicious of unexpected emails
• Get a world view and learn from more evolved economies/companies - Everyday
• Educate teams/employees and then Refresh
The Information Technology Act of 2000 and rules made therein have, in an incremental manner, built the legal edifice for cybersecurity. But the rapid advancement in technology has made the protection of "information infrastructure" vulnerable. Lawmakers will need to stay ahead of the attacker, take decisive measures to penalize perpetrators, move to protect the users and the companies/industries which are also key in the scheme of things. Encourage participation by stakeholders and move with the times progressively.
Disclaimer – The views expressed in this article are the personal views of the author and are purely informative in nature.