Cyber Security has been at the forefront and focus of many organization, as we live in a challenging times when Cyber Security Landscape is continuously evolving and becoming challenging.
We would like to start with the basics of Cyber security, it is a practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. It's also known as information technology security or electronic information security. In simple terms, Cybersecurity is making sure that an organization's data safe from attacks i.e. from both internal and external bad actors. The goal of any cybersecurity strategy is to ensure the confidentiality, data integrity, and availability.
In today’s computerized world, new risks emerge every hour of every day. Connecting to the Internet opens up the possibility of a hacker targeting your organization. Monetary and reputational risks are high if organizations don’t have an appropriate cybersecurity plan.
With technology becoming increasingly sophisticated, the skills of the criminals often outpace the ability of security professionals inside organizations. The proof of this is the number of attacks that succeed. Cybercriminals are constantly finding new ways to circumvent the latest defensive tools and technologies, landing themselves in the inboxes and browsers of your employees. So, to prevent these attacks that harm the company it is crucially essential to set up cybersecurity protocols and awareness programs in any organization.
Cyber security awareness plays a major role in helping to educate employees about potential risks, instil proper cybersecurity processes and train employees on what to do in the event of a security threat. Being aware of the dangers of browsing the web, checking email and interacting online are all components of cybersecurity awareness. Cyber security awareness help employees understand how they can be easily targeted by cybercrime, and the steps they can take in the event that they fall victim
The different vectors of Cyber Attack are as follows:
Phishing
Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message.
Vishing
Vishing is a type of cybercrime aimed at stealing personal information over the phone. Vishing—a combination of “voice” and “phishing”—is a phone-based phishing scam, and criminals are usually after personal or financial information they can use to exploit you.
Smishing
Smishing is a form of phishing that uses mobile phones as the attack platform. The criminal executes the attack with an intent to gather personal information, including social insurance and/or credit card numbers.
Ransomware
Ransomware is malware designed to deny a user or organization access to files on their computer. By encrypting these files and demanding a ransom payment for the decryption key, these malware place organizations in a position where paying the ransom is the easiest and cheapest way to regain access to their files.
Man in the Middle Attack
A man-in-the-middle (MITM) attack occurs when hackers insert themselves into a two-party transaction. After interrupting the traffic, they can filter and steal data. MITM attacks often occur when a visitor uses an unsecured public Wi-Fi network. Attackers insert themselves between the visitor and the network, and then use malware to install software and use data maliciously
Social Engineering
Social engineering is a manipulation technique that exploits human error to gain private information, access, or valuables. In cybercrime, these “human hacking” scams tend to lure unsuspecting users into exposing data, spreading malware infections, or giving access to restricted systems.
Password Attack
With the right password, a cyber attacker has access to a wealth of information. Social engineering is a type of password attack that Data Insider defines as “a strategy cyber attackers use that relies heavily on human interaction and often involves tricking people into breaking standard security practices.” Other types of password attacks include accessing a password database or outright guessing.
SQL Injection
A Structured Query Language (SQL) injection is a type of cyber attack that results from inserting malicious code into a server that uses SQL. When infected, the server releases information. Submitting the malicious code can be as simple as entering it into a vulnerable website search box
Identity Theft
Identity theft, also known as Identity Fraud, is a crime in which an imposter obtains key pieces of personally identifiable information (PII), such as Social Security or driver's license numbers, to impersonate someone else. The stolen information can be used for illegal activities.
General Cyber Security Tips:
· Clicking Without Thinking Is Reckless
· Use Two-Factor Authentication
· Keep Track of Your Digital Footprint
· Keep Up With Updates
· Look Out for Phishing Scams
· Connect Securely
· Secure Your Mobile Device
· Beware of Social Engineering
· Back-Up Your Data
· Strengthen your password
· Do NOT connect unknown or unauthorized media