Cybersecurity & its increasing demand

"In Order to protect something, another must be sacrificed. ~ Vipul Garg"

The way we live and work has undergone a drastic change in modern times. The new normal has prompted us to be increasingly dependent on technology, and we are spending most of our time in cyberspace or the interconnected networks over ecosystems. Anything that is related to the internet or the web of digital technology is known as Cyberspace.

However, high reliance on gadgets for remote working, virtual classes, and e-commerce also expose cyberspace to several malicious attacks that leak sensitive personal and business information. During the coronavirus-led lockdown, cyber-attacks on organizations and individuals increased substantially. There was an 800% increase in reported ransomware attacks and other cybercrimes.

Cyber threats have evolved from just viruses and hacking in the early 2000s to a more advanced, targeted, and an organized form of attack.

One of our most significant responsibilities is to ensure the safety of the things critical to our existence. Cyberspace is also an integral part of our lives now, and its protection is crucial. So, how can we keep our internet and devices secure from malicious attacks? The answer lies in cybersecurity.

Shielding the internet from damage, data breaches, and economic espionage is known as cybersecurity. A secure data environment is a must to ensure the smooth functioning of an economy.

According to Niti Ayog, financial organizations, healthcare sector, public sector organizations, and retail & accommodation are affected by 24%, 15%, 12%, and 15% of the breaches, respectively. Experts also predict that cybercrime would cause damages worth $6 trillion annually by 2021. Therefore, it is the need of the hour to have many cybersecurity professionals in the country. Skilled resources are scarce in this rapidly emerging field.

What are cyber attacks?

A cyber attack is any attempt to gain unauthorized access to a computer, computing system or computer network with the intent to cause damage. Cyber attacks aim to disable, disrupt, destroy or control computer systems or to alter, block, delete, manipulate or steal the data held within these systems. A cyber attack can be launched from anywhere by any individual or group using one or more various attack strategies.

People who carry out cyber attacks are generally regarded as cybercriminals. Often referred to as bad actors, threat actors and hackers, they include individuals who act alone, drawing on their computer skills to design and execute malicious attacks. They can also belong to a criminal syndicate, working with other threat actors to find weaknesses or problems in the computer systems -- called vulnerabilities -- that can be exploited for criminal gain.

Government-sponsored groups of computer experts also launch cyber attacks. They're identified as nation-state attackers, and they have been accused of attacking the information technology (IT) infrastructure of other governments, as well as nongovernment entities, such as businesses, nonprofits and utilities.

Why do cyber attacks happen?

Cyber attacks are designed to cause damage. They can have various objectives, including the following:

Financial gain

Most cyber attacks today, especially those against commercial entities, are launched by cybercriminals for financial gain. These attacks often aim to steal sensitive data, such as customer credit card numbers or employee personal information, which the cybercriminals then use to access money or goods using the victims' identities.

Other financially motivated attacks are designed to disable the computer systems themselves, with cybercriminals locking computers so that their owners and authorized users cannot access the applications or data they need; attackers then demand that the targeted organizations pay them ransoms to unlock the computer systems.

Still other attacks aim to gain valuable corporate data, such as propriety information; these types of cyber attacks are a modern, computerized form of corporate espionage.

Disruption and revenge

Bad actors also launch attacks specifically to sow chaos, confusion, discontent, frustration or mistrust. They could be taking such action as a way to get revenge for acts taken against them. They could be aiming to publicly embarrass the attacked entities or to damage the organizations' reputation. These attacks are often directed at government entities but can also hit commercial entities or nonprofit organizations.

Nation-state attackers are behind some of these types of attacks. Others, called hacktivists, might launch these types of attacks as a form of protest against the targeted entity; a secretive decentralized group of internationalist activists known as Anonymous is the most well-known of such groups.

Insider threats are attacks that come from employees with malicious intent.

Cyberwarfare

Governments around the world are also involved in cyberattacks, with many national governments acknowledging or suspected of designing and executing attacks against other countries as part of ongoing political, economic and social disputes. These types of attacks are classified as cyberwarfare.

How do cyber attacks work?

Threat actors use various techniques to launch cyber attacks, depending in large part on whether they're attacking a targeted or an untargeted entity.

In an untargeted attack, where the bad actors are trying to break into as many devices or systems as possible, they generally look for vulnerabilities that will enable them to gain access without being detected or blocked. They might use, for example, a phishing attack, emailing large numbers of people with socially engineered messages crafted to entice recipients to click a link that will download malicious code.

In a targeted attack, the threat actors are going after a specific organization, and methods used vary depending on the attack's objectives. The hacktivist group Anonymous, for example, was suspected in a 2020 distributed denial-of-service (DDoS) attack on the Minneapolis Police Department website after a Black man died while being arrested by Minneapolis officers. Hackers also use spear-phishing campaigns in a targeted attack, crafting emails to specific individuals who, if they click included links, would download malicious software designed to subvert the organization's technology or the sensitive data it holds.

Cyber criminals often create the software tools to use in their attacks, and they frequently share those on the so-called dark web. Cyber attacks often happen in stages, starting with hackers surveying or scanning for vulnerabilities or access points, initiating the initial compromise and then executing the full attack -- whether it's stealing valuable data, disabling the computer systems or both.

Some Most common form of cyber attacks are as follows

1. Malware: In which malicious software is used to attack information systems. Ransomware, spyware and Trojans are examples of malware. Depending on the type of malicious code, malware could be used by hackers to steal or secretly copy sensitive data, block access to files, disrupt system operations or make systems inoperable.
2. Phishing: In which hackers socially engineer email messages to entice recipients to open them. The recipients are tricked into downloading the malware contained within the email by either opening an attached file or embedded link.
3. Man-in-the-middle or MitM: Where attackers secretly insert themselves between two parties, such as individual computer users and their financial institution. Depending on the details of the actual attack, this type of attack may be more specifically classified as a man-in-the-browser attack, monster-in-the-middle attack or machine-in-the-middle attack. It is also sometimes called an eavesdropping attack.
4. DDoS (Distributed Denial of Service Attack): In which hackers bombard an organization's servers with large volumes of simultaneous data requests, thereby making the servers unable to handle any legitimate requests.
5. SQL injection: Where hackers insert malicious code into servers using the Structured Query Language programming language to get the server to reveal sensitive data.
6. Zero-day exploit: Which happens when a newly identified vulnerability in IT infrastructure is first exploited by hackers.
7. Domain name system (DNS) tunneling: A sophisticated attack in which attackers establish and then use persistently available access -- or a tunnel -- into their targets' systems.
8. Drive-by, or drive-by download: Occurs when an individual visits a website that, in turn, infects the unsuspecting individual's computer with malware.
9. Credential-based attacks: It happens when hackers steal the credentials that IT workers use to access and manage systems and then use that information to illegally access computers to steal sensitive data or otherwise disrupt an organization and its operations.

What is Cybersecurity?

Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. These cyberattacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes. Implementing effective cybersecurity measures is particularly challenging today because there are more devices than people, and attackers are becoming more innovative.

Why is cybersecurity important?

In today's connected world, everyone benefits from advanced cyberdefense programs. At an individual level, a cybersecurity attack can result in everything from identity theft, to extortion attempts, to the loss of important data like family photos. Everyone relies on critical infrastructure like power plants, hospitals, and financial service companies. Securing these and other organizations is essential to keeping our society functioning.

Everyone also benefits from the work of cyberthreat researchers, like the team of 250 threat researchers at Talos, who investigate new and emerging threats and cyber attack strategies. They reveal new vulnerabilities, educate the public on the importance of cybersecurity, and strengthen open source tools. Their work makes the Internet safer for everyone.

Cyber security is important because government, military, corporate, financial, and medical organizations collect, process, and store unprecedented amounts of data on computers and other devices. A significant portion of that data can be sensitive information, whether that be intellectual property, financial data, personal information, or other types of data for which unauthorized access or exposure could have negative consequences. Organizations transmit sensitive data across networks and to other devices in the course of doing businesses, and cyber security describes the discipline dedicated to protecting that information and the systems used to process or store it. As the volume and sophistication of cyber attacks grow, companies and organizations, especially those that are tasked with safeguarding information relating to national security, health, or financial records, need to take steps to protect their sensitive business and personnel information. The nation's top intelligence officials cautioned that cyber attacks and digital spying are the top threat to national security, eclipsing even terrorism.

What does good cybersecurity looks like?

1. Secure your wifi: First and foremost Cybersecurity needs to know is: always keep your Wi-Fi network secure. This means, never keep your Wi-Fi without a password and use WPA2 (Wi-Fi protected access to version 2) as your method of security.
2. Wise GPS and Bluetooth Usage: To gain access to your system, the attacker can use your Bluetooth or GPS connection. So it is important to always keep them off on any device when not in use.
3. Select Strong Passwords: These days to protect you against Cyberattacks, you might have noticed that the website shows you the password strength. It should always be strong. A strong password is one that has 8 to 12 characters and includes both lowercase and uppercase letters. It should also contain a unique character and a number. Do not keep the password on easy-to-fetch information about yourself.
4. Use Antivirus in your System: Most internet providers will use antivirus software with the service they provide. This is because they understand the importance of Cyber Security in business. By chance the provider doesn't use one, do install one! These are not expensive. Do not forget to check whether the antivirus is running when you are installing something.
5. Avoid Suspicious Texts and Mails: Straight away delete texts and emails if you do not recognize the sender. These are considered to be the starting point of an online security breach.
6. Use Encryption and Firewalls: If you are a business owner and want to protect your business, you should deploy a Firewall and know why Cybersecurity is important for the business. A Firewall will help you regulate both inbound and outbound network traffic. Including encryption software will scramble the important data and will protect it even if it gets into the wrong hands until and unless the hacker knows the encryption key.
7. Keep your Mobile devices under your sight: Never lose sight of your devices like tablets, laptops, or smartphones. Don't leave them with people you don't know or trust. Since now you know why is Cybersecurity so important, always keep your device password protected with strong passwords!

Challenges of Cyber Security

For an effective cyber security, an organization needs to coordinate its efforts throughout its entire information system. Elements of cyber encompass all of the following:

• Network security: The process of protecting the network from unwanted users, attacks and intrusions.
• Application security: Apps require constant updates and testing to ensure these programs are secure from attacks.
• Endpoint security: Remote access is a necessary part of business, but can also be a weak point for data. Endpoint security is the process of protecting remote access to a company's network.
• Data security: Inside of networks and applications is data. Protecting company and customer information is a separate layer of security.
• Identity management: Essentially, this is a process of understanding the access every individual has in an organization.
• Database and infrastructure security: Everything in a network involves databases and physical equipment. Protecting these devices is equally important.
• Cloud security: Many files are in digital environments or 'the cloud'. Protecting data in a 100% online environment presents a large amount of challenges.
• Mobile security: Cell phones and tablets involve virtually every type of security challenge in and of themselves.
• Disaster recovery/business continuity planning: In the event of a breach, natural disaster or other event data must be protected and business must go on. For this, you'll need a plan. End-user education: Users may be employees accessing the network or customers logging on to a company app. Educating good habits (password changes, 2-factor authentication, etc.) is an important part of cybersecurity.

The most difficult challenge in cyber security is the ever-evolving nature of security risks themselves. Traditionally, organizations and the government have focused most of their cyber security resources on perimeter security to protect only their most crucial system components and defend against known treats. Today, this approach is insufficient, as the threats advance and change more quickly than organizations can keep up with. As a result, advisory organizations promote more proactive and adaptive approaches to cyber security. Similarly, the National Institute of Standards and Technology (NIST) issued guidelines in its risk assessment framework that recommend a shift toward continuous monitoring and real-time assessments, a data-focused approach to security as opposed to the traditional perimeter-based model.

Conclusion

The cybersecurity workforce encompasses a variety of contexts, roles, and occupations and is too broad and diverse to be treated as a single occupation or profession. Whether and how to professionalize will vary according to role and context.

Cybersecurity is a field that encompasses more than one kind of work and more than one occupation or profession. Some kinds of workers may come to be considered as professionals, but the committee believes that the field may also include a range of personnel and functions that are best not considered as professionals, much as many other fields contain both professionals and other workers who are not formally professionalized, including some who are designated as paraprofessionals. For example, there are today large numbers of people within organizations who have responsibility for cybersecurity functions, such as frontline IT support staff, for whom there may not be any formal education or accreditation requirements. The organizational context for cybersecurity work is diverse, ranging from firms that have highly proficient cybersecurity groups to ones where cybersecurity is one of the responsibilities of general IT groups. There are also varying approaches to how work is divided between the cybersecurity workforce and the broader IT workforce— some cybersecurity positions are clearly hybrid in nature, blending cybersecurity roles with other roles in IT, management, or law enforcement.

In digital forensics, where the results are to be used in a legal proceeding, the work is comparatively narrowly defined by procedures and law, the relevant domain of expertise appears to be sufficiently narrow, and the appropriate professionalization mechanism is clear (certification with periodic recertification reflecting advances in acceptable forensic techniques and practices). Even in this case, however, the committee learned that not all agencies that employ digital forensics examiners currently favor external certification.

Given the great diversity of roles, responsibilities, and contexts, the fact that professionalization measures may be warranted in a particular subfield and context should not be confused with a broad need for professionalization. Those organizations that find professionalization helpful can certainly insist on some form of certification or other professionalization measure for the workers they hire, and a number of organizations inside and outside government do so today. Other organizations, having given this serious thought, may find other ways to optimize and customize their hiring and cybersecurity workforce composition to best meet their specific needs.