So you want to get into Cyber Security? I’ll tell you how. Cyber security is about protecting data, networks and devices from unauthorised access.
Most people are currently working remotely. This increases the risk of security incidences as companies' data is now accessible over home networks with little or no security add ons.
During the lockdown, security incidences have risen. The advantage is that there is an opportunity for newbies in this field
Types of cyber security threats
First, you need to understand the different types of cyber security threats:
1. Social Engineering
This is when an attacker steals sensitive information by tricking or manipulating users through human interaction to gain access to sensitive information
This is when the attacker sends fraudulent emails from a source similar to a reputable source with the aim of stealing sensitive data
For example, when you receive an email from [email protected] You assume it's from paypal and you click on the links in the email which take you to an untrusted website where you input your credit card details or login information
This is how scammers like:
- Grant West (Just Eat Phish attack)
- Olajide Onikoyi (Student Loan Phish)
- Onur Kopçak (Banking Phish)
- Hushpuppi (Corp account Phish)
stole users log in details and got access to information to steal money or sell these credentials on the dark web
This is when a file or program uses malicious software to harm a computer user. Think about viruses, worms, spyware and Trojan horses that are used to steal data and damage devices.
This is when an attacker uses a malware to encrypt users' files and demands payment to decrypt and unlock them. Recently, LG electronics has been a victim of the Maze ransomware. Maze has been releasing sensitive information and will continually do so until LG pays a ransom.
Maze Ransomware Operators Claims to breach LG Electronics, a renowned South Korean multinational electronics company – Data Leak
Elements of cyber security
Now that you know the 4 main types of cyber attacks, the next step is to understand the elements of cyber security:
1. Network Security
A network is a group of computers that share computing resources provided by nodes using communication protocols over digital interconnections. Greek eh Think about when you are in an office or cyber cafe and you want to share printers or data safely.
To do this, computers have to be connected via telephone lines, cables etc. The common types of networks are LAN and WAN. To understand this better, read : What is a Network?
Now that you understand networks, you can see the need for network security.Intruders target networks with opportunistic malware to steal data. To protect the integrity of a network, companies implement layers of defences to implement policies and controls to prevent unauthorised access
The common types of network security are:
a. Firewalls: This is a network security system where security rules are implemented to monitor incoming and outgoing traffic with triggers to alert the security team when something unusual is happening
Think of this like how people are allowed into hotels. If you have a key card, you don't need to stop at the front desk to gain access to your room. If you manage to slip through the front desk security, when you get to the lift, you are unable to gain access to certain floors because you don't have key card access.
To understand this better, read What is a Firewall
b. Email security: In every network, email is the number 1 vector for network security breaches. Companies use email security tools to block incoming attacks and scan outgoing emails to prevent data loss.
To understand this better, read : What is Email Security? Data Protection 101
c. Wireless security: As many companies are moving from wired technologies (with those nasty cables) to wireless technology, security is an issue. Companies using WLAN use security protocols like WEP, WPA, WPA2 and WPS. Without these security protocols, hackers will exploit vulnerabilities and gain access to devices and data.
It's almost like living in an estate with the estate gate secured by only chickens. To understand this better, read : Wireless Security: How secure is your network?
d. Web security: This protects your website from hackers. It covers
- protecting an individual's or company's website
-denying users within your home or company network access to malicious websites
To understand this better, read : 10 Most Common Web Security Vulnerabilities.
e. Mobile device security: Portable devices are prone to being stolen, misplaced or hacks. Once a device leaves the hands of the authorised user, all the data on that device and all the data the device has access to is compromised
To understand this better, read Mobile Device Security
f. Access control: This is where you identify which user and what devices should have access to the data in your network. To keep hackers out of the network, you create and enforce security protocols to recognise compliant users and devices.
To understand this better, read What is access control? A key component of data security.
g. Intrusion prevention: This monitors systems and networks for policy violations or malicious activities. Think of it like laser fields in a museum
To understand this better, read : Intrusion Detection System (IDS) - GeeksforGeeks
h. Anti-malware and anti-virus: When malware infects a network or system, it could lay dormant for day, weeks or even months.
To understand how this is possible, listen to this episode of @darknetdiaries here : The Athens Shadow Games – Darknet Diaries.
With Anti-malware, you scan for malware to prevent viral infections and also remove files that have been infected.
To understand this better, read : What's the difference between antimalware and antivirus? by @ITPro
i. Network segmentation: To enforce security policies easily, segmentation classifies network traffic based on endpoint identity/ roles. Think of it like traffic lights conducting cars from different parts to prevent a gridlock
To understand this better, read : What Are the Benefits of Network Segmentation?
j. Data Loss Prevention: When sensitive, confidential and critical data is classified within a network, DLP prevents unauthorised users from opening, downloading, uploading, printing or forwarding sensitive information.
To understand this better, read : What is Data Loss Prevention (DLP)?
k. Security Information and Event Management: Now that these different network security tools are in place, SIEM gives the security team the necessary information to identify threats and respond to attacks. Think of it like a CCTV in a bank vault with security in the back office watching
l. VPN (Virtual Private Network): This secures your information by encrypting data as it travels back and forth from your device to the internet.
Then it authenticates communication between device and network. Think of when James Bond needs a secure line to communicate with M
2. Application Security:
Now that you understand Network Security, let's move on to Application Security
Security flaws are prevalent in apps and it is necessary to continually focus on keeping devices free from threats these flaws bring
When designing apps, a security consultant is brought in (usually at the design stage) to conduct pentests before the app is deployed.
To understand this better, read : What is application security? via @csoonline
3. Endpoint Security:
In an enterprise network, any device that can access data can be exploited by hackers to compromise the entire enterprise. Examples of endpoints are servers, printers, desktops, laptops...you get it? To understand this better, read What is Endpoint Security?
4. Data Security:
As the name implies, it involves securing data at rest and data in motion.
To understand this better, read : Data Security: Definition, Explanation and Guide
5. Identity Management Security:
When there are different users with different roles in a network, IMS ensures the right users have the appropriate access to the right data/ applications based on their roles
For example, if you are in the marketing team, you have no business accessing payroll data.
To understand this better, read : Identity management 101
6. Database and Infrastructure Security
This is where a DB Admin
- restricts unauthorised access to an organisation's database
- performs load/ pentest to make sure it doesn't crash when there a DDoS attack and
- review the existing infrastructure for vulnerabilities
To understand this better, read 7 Database Security Best Practices
7. Cloud Security:
This is a set of security policies implemented to secure cloud based infrastructure and systems.
To understand this better, read : What is Cloud Security? How to Secure the Cloud
8. Mobile Security:
This is when security measures and policies are implemented to protect smart phones and portable devices from being used as vectors to attack systems and networks.
To understand this better, read : 8 mobile security threats you should take seriously in 2020
9. Disaster recovery/business continuity planning:
This is how people & organisations respond to incidents that cause data loss or affect critical activities in organisations. My favourite DR/ BCP story is the NotPetya attack that Maersk suffered in 2017
To understand this better, read : What Is BCDR? Business Continuity and Disaster Recovery Guide via @TT_Infra