Cyber Security

Cyber security is the application of technologies, processes and controls to

protect systems, networks, programs, devices and data from cyber attacks. It
aims to reduce the risk of cyber attacks, and protect against the unauthorised
exploitation of systems, networks and technologies.

Challenges of Cyber Security

For an effective cyber security, an organization needs to coordinate its efforts
throughout its entire information system. Elements of cyber encompass all of
the following:

• Network security
• Application security
• Endpoint security
• Data security
• Identity management
• Database and infrastructure security
• Cloud security
• Mobile security
• Disaster recovery/business continuity planning
• End-user education

Key Terms & Definitions

Anti-Malware—Software that prevents, detects and eliminates malicious
programs on computing devices.

Antivirus—Software that prevents, detects and eliminates computer viruses.

Backdoor Trojan—A virus that enables remote control of an infected device,

allowing virtually any command to be enacted by the attacker. Backdoor
Trojans are often used to create botnets for criminal purposes.

1|Page
Botnets—A group of Internet-connected devices configured to forward
transmissions (such as spam or viruses) to other devices, despite their owners
being unaware of it.

Cybercrime—Also known at computer crime or netcrime, cybercrime is loosely

defined as any criminal activity that involves a computer and a network,
whether in the commissioning of the crime or the target.

DoS—An attempt to interrupt or suspend host services of an Internet-connected

machine causing network resources, servers, or websites to be unavailable or
unable to function.

DDoS—Distributed denial of service attack. A DoS attack that occurs from

multiple sources.

Malware—An overarching term describing hostile and/or intrusive software

including (but not limited to) viruses, worms, Trojans, ransomware, spyware,
adware, scareware, and other more, taking the form of executables, scripts,
and active content.

Phishing—An attempt to acquire sensitive information like usernames,

passwords, and credit card details for malicious purposes by masquerading as
a trustworthy entity in a digital environment.

Rootkit—Trojans that conceal objects or activities in a device’s system,

primarily to prevent other malicious programs from being detected and
removed

Social Engineering—Non-technical malicious activity that exploits human

interaction to subvert technical security policy, procedures, and programs, in
order to gain access to secure devices and networks.

Trojan—Malicious, non-replicating programs that hide on a device as benign

files and perform unauthorized actions on a device, such as deleting, blocking,
modifying, or copying data, hindering performance, and more.

Zero-Day Vulnerability—a security gap in software that is unknown to its

creators, which is hurriedly exploited before the software creator or vendor
patches it.

2|Page
Common types of cybersecurity
Network Security protects network traffic by controlling incoming and
outgoing connections to prevent threats from entering or spreading on the
network.

Data Loss Prevention (DLP) protects data by focusing on the location,

classification and monitoring of information at rest, in use and in motion.

Intrusion Detection Systems (IDS) or Intrusion Prevention Systems (IPS)

work to identify potentially hostile cyber activity.

Identity and Access Management (IAM) use authentication services to limit

and track employee access to protect internal systems from malicious
entities.Cloud Security provides protection for data used in cloud-based
services and applications.

Encryption is the process of encoding data to render it unintelligible, and is

often used during data transfer to prevent theft in transit.

Antivirus/anti-malware solutions scan computer systems for known threats.

Modern solutions are even able to detect previously unknown threats based on
their behavior.

Common types of cyber threats

Malware – Malicious software such as computer viruses, spyware, Trojan
horses, and keyloggers.

Ransomware – Malware that locks or encrypts data until a ransom is paid.

Phishing Attacks – The practice of obtaining sensitive information (e.g.,

passwords, credit card information) through a disguised email, phone call, or
text message.

Social engineering – The psychological manipulation of individuals to obtain

confidential information; often overlaps with phishing.

Advanced Persistent Threat – An attack in which an unauthorized user gains

access to a system or network and remains there for an extended period of time
without being detected.
3|Page
Man-in-the-Middle (MitM)

As the name suggests, a Man-in-the-Middle attack is when a hacker inserts

themselves between two legitimate hosts. It’s the cyber equivalent of
eavesdropping on a private conversation.

In fact, an Eavesdropping attack is a common type of attack itself. But the MitM
attack goes a step further. The MitM attack has the added malevolence of
disguising itself as one, or both of the people speaking.

This means it doesn’t just intercept and listen into messages between clients and
servers. It can also change the messages and plant requests that appear to be from
a legitimate source. These type of attacks are notoriously difficult to detect - but
there are preventative measures you can take.

›› To Preventing MitM attacks:

o Make sure you use SSL certificates (HTTPS, not just HTTP) to enhance
security (and user trust) in your website / extranet.
o Consider an Intrusion Detection System (IDS).
o Set-up a VPN to add additional layers of protection over Wi-Fi (and other
confidential networks).

4|Page
SQL Injections
A Structured Query Language (SQL) injection is
when malicious code is inserted into an SQL
database. For an attacker, it can be as simple as
submitting malicious code into a website’s search
box.

Once the code’s been unleashed, it can read, modify or delete your data. Some
SQL attacks can even shutdown your database and issue commands to your
operating system.

›› How to protect against SQL injection attacks:

o Apply a least-privilege permissions model in your databases.

o Stick to stored procedures (exclude dynamic SQL) and prepared statements
(parameterized queries).
o Validate SQL data inputs against a whitelist.

Cross-site Scripting (XSS)

This attack usually runs in conjunction with social
engineering because it requires a user to visit a web
page where the hacker has inserted malicious
script.

When you land on an infected web page, the malicious payload can leave you
exposed to a variety of unpleasant consequences. In a worst-case scenario, the XSS
attack can access webcams, microphones, log keystrokes and even take remote
control over your machine. The most common vehicle is JavaScript as it is so
widely used across the web.

›› How to prevent XXS attacks:

o Ensure your users are educated on phishing techniques.

o Sanitise the data input by users with an HTTP request.
o Run XXS vulnerability tests.

5|Page