CYBER SECURITY
1. Introduction
It is about our world we have built it time to time to time. How Secure, Vulnerable, Strong, Predictive, Adaptive, Sensible and futuristic it is. We have bit history behind full of rich culture, varieties of communities, Science & Astronomy. There are some mathematics algorithms are yet to solve and some we have to modify according to requirements. We are carrying all these data to cast our new future world. The word CYBER where our today’s world is living and exists. The world of Data, Network and Connectivity.
2. Information Protection
We have number of computers and square the number of service users are connected to the internet network using PC, mobile, embedded computer, i-pods etc. Here we need to protect Internet services, Product services, User database etc. It is general user-based internet service.
We have different kind Industries, Organizations, Institutions, Government Building, Military and Scientific Research facilities, Power stations, Air, Railway and Road Network, Banks, Stock exchanges, Public-places, Shopping- Malls etc. all are connected through internet network. Where we require uninterrupted power supply, internet connectivity and network security. As large number of data is moving in bound and out bound. So, we require data security also.
We have Information and Technology, Computer Science where we can study and prepare Roadmap to protect our internet-based infrastructure. Here we have LAN, WAN, MAN different kind of internet and intranet network used in above industries. Which can be compromised easily without protection. We should have separate budget for cyber security.
3. Cyber Landscape
When we talk about cyberspace it looks like it is prepared with social interaction aspects with less security measures. In cyberspace more freedom means less security of identity, data and privacy. We should treat this cyberspace as the nexus that allows for the potential and very real connections among organized crime, terrorist, hackers, foreign intelligence agencies, military and civilians.
The mistake of assuming security is someone else’s problem often comes with tragic consequences. It is not the responsibility of engineers, consultants, IT professionals or even management to undertake alone, but is the responsibility of every user. Granted, there are many specific roles required in security planning, but if the plan does not include each and every user as a member of the security team, it will be doomed before it has even been implemented.
cyber-security planning. Understanding the possible motivations and means behind a cyber-attack can better equip enterprises to prepare for and respond to an attack. By implementing Governance, Risk Management and Compliance (GRC) measures across the enterprise, we can overcome cyber-attacks.
4. Security Arena
The big and super power countries and their organizations face cyber-attacks and receives cyber-attack threats on regular basis. They have to spend more time and money to compromise these threats even for their little work. And this way this little work becomes more important.
The cyber-security arena has expanded dramatically. Cyber-security now includes mobile phones, embedded computers (widely employed in our infrastructure), cloud computing, and all types of data storage. And cyber-crime has become a business, operating without borders, and has become increasingly difficult to arrest
5. Cyber-attacks: Inspiration with Benefits
Here every system is a target. Information is one of our most valuable assets and wherever it is stored, transmitted or processed it becomes a target for cyber-attackers. US federals has raised the issue of financial crimes committed in the form of financial data theft in cyberspace by foreign actors. With this US government has also started outsourcing their IT business to China and other subcontinent countries to overcome the problem.
We have vulnerable security at nuclear plants, electric smart-grids, gas pipelines, traffic management systems, prison systems, and water distribution facilities, TV Broadcasting center requires procurement. The motivation behind cyber attacks is like intellectual property theft, Service disruption, financial gain, Equipment damage, Critical infrastructure control and sabotage, Political reasons, Personal Management.
The cyber-attackers are categorized mainly in two groups. Lone wolf or solo hacker and Well-Organized groups. Sometimes both can provide potentially equal threat.
There is one Hollywood Movie name “Die Hard 4” which shows How hero saves his country from “Fire Sale” with the help of hacker.
6. Type of Cyber attacks
There are no of types of cyber-attacks like,
· Malware:
With this attack the system becomes sluggish, slow, disruption of service, application and service use restrictions etc. By Denial of service (DoS) and Distributed Denial of Service (DDoS) It can even crash the system.
· Stealing of Internet service:
There are vendors provides legal program to steal the internet service.
· Web site and Web Applications:
The attacker can carry-out pivotal attack by bypassing perimeter security. Initially it gathers the information through website and then penetrate in the core system. There are several types of vulnerabilities that allow for different forms of attacks. The most common of these are cross-site scripting (XSS) and SQL injection.
· Advanced Persistent Threat:
To carry-out this kind of attack we require skilled programmer can program a malware for Persistent attacks until objective is achieved. Here objective site is programmed for attack. Every parameter is considered to make it successful. After the program is installed on the sight it stays a while till the right time to become active.
There are other types of cyber attacks too like, Phishing and social engineering, Stolen devices, Botnets, Malware, Viruses, worms and Trojans etc.
7. Cost of successful cyber attack
It is often impossible to calculate the precise damage of a cyber-intrusion. The consequences of an attack can be far-reaching and long-term. The damage may often be irreparable; no amount of money can undo what has been done. Some of the effects of a cyber-intrusion include:
- Financial loss from service unavailability
- Loss of customer/client confidence
- Market shift to competitors
- Lawsuits and liabilities from those who have had information stolen
- Cost of recovery
- Cost of security measures to prevent a repeat attack
- Cost of staff or consultants to investigate and identify the method of atta
- Fines from regulatory bodies
- Cost of informing customers of theft
- Theft of intellectual property
- Loss of human life
In IT industry there are number of companies works cyber security producing security products like CCTV monitoring, Biometric Scanners, Firewall, Antivirus programs, Data Protection & Data Recovery Software etc.
8. Security Implementation
The Cyber Security space can be broken down into three areas, or domains. These are:
1. Prepare
Preparation includes planning, risk assessment, policy, business continuity planning, countermeasure deployment, training, education and accreditation. These are all essential in optimizing our readiness for cyber-attacks.
2. Defend
In the context of defending against cyber-attacks, defensive processes include ongoing risk mitigation, service and device hardening, and incident detection.
3. Act
Finally, we should establish procedures and protocols to ensure that in the event of an incident we act appropriately. We avoid the use of the term ‘react’, as it tends to carry a negative connotation of a knee-jerk ‘reaction’ that is ill conceived and inflammatory. Actions in response to a cyber-attack should be carefully planned to facilitate the effective response that minimizes expense and collateral damage. The word act is hence deliberate and suggests that organizations should be proactive rather than reactive.
The continual application of these three domains cannot be emphasized enough. External consultants who are experienced, certified security professionals can be invaluable resources in maintaining an effective cyber-security posture and ensuring our businesses remain unhindered by an attack they were unprepared to handle.
These domains should not be seen as sequential steps in which each is terminated prior to the commencement of the next, but rather three continual processes that form the foundation of organizational security.
No comments:
Post a Comment