Introduction to Cybersecurity Part 1

Introduction to Cybersecurity

This is a 7 part introduction to Cybersecurity. The first part of the guide introduces the reader to some basic concepts of cybersecurity

What is cybersecurity?

Cybersecurity is a matter increasingly relevant to board members of SMEs and large corporations. Understanding the fundamentals of Cyber Security will help any organisation to protect itself from external and internal cyber threats. According to Margaret Rouse (2010):

Cybersecurity can be defined as the body of technologies, processes and practices designed to protect networks, computers, programs and data from attacks, damage or unauthorized access.

There are some useful terms that can be helpful in understanding CyberSecurity.

Some of these are:

Active attack – this is an attack that is made intentionally which targets the integrity of a system, its resources, data or operations.

Blacklist – a blacklist is a list of constituents that are not allowed to have either access or sometimes other privileges on systems

Bot – a bot is a computer that is internet-connected and has been infiltrated with malicious code. This “bot” will potentially do damage by being controlled by a remote administrator.

Critical infrastructure – this term refers to assets such as systems that may be either physical or virtual, that if attacked could have a very detrimental impact on the economy, public health, security, safety or the environment.

Data breach – a data breach occurs when there is an unauthorised disclosure of information to a party that is not allowed to have access to such information.

Intrusion detection – this is an approach taken to detect if systems have been breached. It includes using processes and systems to see if a violation has happened.

Key – a key is a number that is used for aspects of Cybersecurity such as encryption, signature generation or verification or alternatively, decryption.

Malware – this is a type of software that infects a system with malicious code to disrupt computer operations, gather sensitive information, gain access to private computer systems, or display unwanted advertising.

Passive attack – this is an attack that is carried out deliberately but rather than trying to change the system, its resources, its data or operations, it instead seeks out information o learn from the system it is assaulting.

Penetration testing – this is a type of testing that is carried out that looks at potential Cybersecurity vulnerabilities in a system. As the name implies, in a penetration test, a software attack will be conducted in order to gain unauthorised access into a network infrastructure.

Phishing – in a phishing attack, a network participant will receive an email with an attachment. Generally, the body of the email will contain a message prompting the user to open the attachment, which would result in a malware spreading into the user’s network which could potentially remain undetected in the network for a long period of time. That malware could allow the hacker to monitor incoming and outgoing traffic from the user’s network or directly disrupt the integrity of the data flow.

Virus – this is a computer program that has the ability to self-replicate, without the user of the system that it is operating in having given permission. It may then spread to other computers in the network.

Glossary Cybersecurity

History of Cybersecurity

Understanding Cybersecurity – both the threat landscape and the actions that need to be taken to prevent and detect attacks – has become an increasingly important issue for businesses, independently of their size.

Looking at how threats have evolved over time is useful to gain perspective on Cybersecurity. Ted Julian, writing for Info Security documented the way in which Cybersecurity has changed in the last 25 years as a response to evolving threats.

The first computer worm was seen in the late 1980s and early 1990s. Its instigator was a hacker named Robert Morris. The Morris virus could represent the first denial of service attack. Following the propagation of the virus, people started to realise that they needed better security teams to protect businesses globally.

In 1990 emerged the first viruses. Particularly infamous were the ILOVEYOU as well as the Melissa viruses. Both made international news and infected millions of computers.

Email services were targeted and failed as a result of the attack. There appeared to be no financial incentive for carrying out the attacks. These types of viruses were ultimately beneficial for businesses in the longer run because from dealing with these people started to understand they had to handle their email in more appropriate ways to avoid infections. For example, opening attachments from unknown senders became known as bad practice.

In the late 2000s a new threat emerged, which was focused on credit cards. These attacks sought to gain access to credit card information to use them for fraudulent purposes. One renowned criminal in this area was Albert Gonzalez. Gonzalez was responsible between 2005 and 2007 for stealing a large amount of credit card data – at a minimum it is estimated that 45.7 million payment card details were sold. TJ Maxx, the target of this attack is believed to have lost $256 million as a result. This development became more problematic for businesses as the data stolen was part of a regulatory framework. This meant that organisations had to make sure that they had funds in place to be able to provide compensation to victims impacted by such attacks. With such dreadful financial consequences possible for businesses, organisations started implementing much more robust security systems to better protect themselves from this risk.

In the modern day there have been a couple of noteworthy attacks. One of the most prominent is that on Target, which led to 40 million credit and debit cards’ data being stolen. The attack was interesting because it leveraged a third party supplier to attack point of sale systems. The CEO resigned as the breach was so serious. It has become very apparent that organisations have to protect themselves from this type of attack. This means making sure that everyone knows the seriousness of the situation to help to protect against breaches, while also having good systems and controls in place to respond to incidents as they arise.

These days cybercrime is tremendously advanced. Organisations are constantly at threat, and it is very difficult to be 100% sure of preventing an attack, since new types of attack are being developed and attacks are evolving in sophistication. There has been a changed focus however in organisations in response to an evolving threat landscape. The emphasis is now more related to how organisations can prepare for and respond to incidents that occur. Handling them effectively can help an organisation to demonstrate how resilient it is. Organisations need to have in place systems, processes and procedures so that people know what to do when facing a cyber attack. It might be argued that a disaster recovery plan is also needed to help businesses recover from such situations. The key message to take away from this is that businesses that are prepared are less likely to be as detrimentally impacted as those that are not.