Innovative Cyber security and Data Protection Practices for the Digitally Driven World
“““THE BLOG BELOW WAS FOR THE i4cblogathon-2020”””
What is Cyber Security?
Cyber Security refers to the protection of internet-connected devices such as software, hardware, and cloud/data from cyber threats. It is used by individuals or enterprises to protect the data from unauthorized sources causing cyber threats the goal of cybersecurity is to protect your computer, mobile, and data from cyber-attacks. Cyber-attacks are mainly done to access user sensitive information and delete or export the data of medical, government, and other organizations.
Cyber Security is a continuously changing field, with the new development in technology also lead to development in a new form of cyber-attack. Many organization's data get publicized even by having security breaches through phishing and viruses.
Cyber Security threats:
The term “cyber” was introduced in 1950 referred to computers, cyber threats describe the information security matters in the cyber world or the “cyberspace”. Cyberspace is a virtual world or an electronic world where all the data is stored.
“A cyber-attack is an attack caused to the digital devices in the cyberspace”
Cyber threats are a big deal and a major issue. Cyber-attacks can cause electrical blackouts, failure of military equipment and breaches of national security secrets. They can result in the theft of valuable, sensitive data like medical records. They can disrupt phone and computer networks or paralyze systems, making data unavailable.
The most common cybersecurity threats are:
- Spear Phishing
- DDoS attack
- Man in the Middle (MitM) attack
These are the most common cyber threats faced in cyberspace. The evolving technology in the cyber world leads to the development of a new cyber threat.
Here’s an example of a phishing email that users receive through emails.
If the user clicks on the link for the verification purpose it accesses the data of the user. Data here refers to all the account passwords which contain the sensitive information of that user.
Cyber threats are mostly planned by:
- National states
- Software tools used by individuals
- Business competitors
- Criminal organizations for deploying attack vectors
- International spies to steal sensitive information of a country
- Unhappy insiders
The most common example of it is the cyber weapon planned by the US state security department to track the movements of China and North Korea by letting one of their spies named Chris Panther access information of the state security of China and North Korea. He used cyber weapons to access the state security personal information like security details, medical records, and other sensitive information.
Stages of cyber threats:
“Cyber Security is used to protect the user from these cyber threats in the cyberspace”
Benefits of Cyber Security:
- Prevention of the unauthorized sources
- Protection of end-user
- Business protection from ransomware, malware, trojans, etc.
- Improves recovery time after a breach
- Protection of data and networks.
“A company can spend hundreds of thousands of dollars on firewalls, intrusion detection systems and encryption and other security technologies, but if an attacker can call one trusted person within the company, and that person complies, and if the attacker gets in, then all that money spent on technology is essentially wasted.”
- Kevin Mitnick
Social Engineering is a physiological manipulation of the user by divulging their confidential information in information security. A social engineer creates attack vectors to gain a foothold of an organization or an individual.
A social engineer is the same as a cracker who sells information to others for money. A social engineer will access sensitive information either to sell it to others or blackmail the victim by asking for money, possession in business or something else. The major toolkits used by a social engineer is phishing which he can perform by using …………………………
A social engineer uses 4 major attack vectors:
- Vishing (or voice phishing)
- Smishing (or SMS phishing)
- Impersonation (pretending to be someone else)
A social engineer creates a link which if user access lets him attack the sensitive information of the particular user. Tricks used by a social engineer in practice.
Image 1) Phishing — Sending an email to the victim having a link (something which attracts the victim to access it).
The most common link used earlier was for Bitcoin’s.
Image 2) Victim receives the email sent by the social engineer.
Image 3) Victim access the link and let the social engineer access all the sensitive information of the user.
Image 4) Social Engineer contacts the user/organization/sell the information
Image 5) Quaid Pro Quo — offering compensation to the victim or start working on a new project.
Innovation in Cyber Security:
Enough about the kind of cyber threats, types of social engineer, and everything about cybersecurity, let’s check the innovations in cybersecurity used for the protection of the end-user
As the technology in the IT sector is advancing rapidly, computer security is becoming more fragile and much prone to threats and risks. Certain innovations in the field of cybersecurity are:
- Automation in Cyber Security
Automation is key in IT sector. In cyber-security the automation leads to collection of data quick and easy. Integrated Machine Learning and AI leads to quick data analysis using the tools for analysis of data. Using the analysis, the organization can protect a particular content sensitive for the organization.
2. Increased expenditure on Cyber Security
Organizations and IT sectors have started really spending more on cyber security, the analysis chart of cyber security is shown
United States have the most expenditure on Cyber Security from the last ransomware attack which affected 55% ATM’s across US and also attacked on the largest ATM manufacturer “Diebold Nixdorf”. US now spends a total of USD 648 Billion for the military.
Global expenditure on Cyber Security (2017–21) exceeds USD 1 Trillion
” Information security spending in India to grow 12% to $1.5 billion”
- AI for attacking and defending
AI provides analysis of the data and even secures the connection. NLP, ML and AI works on the analysis of the data for cyber security. 19% of threats have been reduced after the introduction of AI. AI defends a network by shifting the sensitive information to other location while attack back the social engineer system.
- Single-use software
30% of computers worldwide have pirated software which are easily accessible for software engineers. Threats risk are reduced by the use of Anti-Virus software, which reduces theft on a system.
- End to end encryption
To reduce cyber thefts, end to end encryption with K2CR encryption have been introduced which don’t let unauthorized users to access the data, while for decrypting the data organizations have started using AI face detection/Biometrics/Eye scanner for security purposes which cannot be accessed by unauthorized sources.
“Data Protection laws seek to protect people’s data by providing individuals with rights over their data, imposing rules on the way in which companies and governments use data, and establishing regulators to enforce the laws.”
Data Protection Act’s (DPA) are established in every country from the year 1970 for the data protection and internet privacy of their citizens.
Few of the practiced DPA are:
- Lock down data
Use AI based security patches for protecting your individual/organization data. Use the analysis approach of ML and AI to secure the most sensible content. Cloud based data storage is the best practice right now for data protection as it is secured by AI.
- Check out all the advancement in the field of cyber security and improve the features accordingly.
- Enable multi-factor authentication for security
- Protect your PHI
4. Healthcare organizations are as attractive as ever to cybercriminals in 2019, due to the value of the data they could potentially gain. Medical data is sought-after on the dark web, costing up to USD 60 for medical records. Because of these threats and the value of healthcare data, it’s vital to ensure HIPPA compliance on any systems that you use to manage your PHI.
5. Explore AI carefully
Advancement in technology make computer security fragile, while exploring AI keep a practice of securing your content while checking any random links.