Blog

What is Cybersecurity? Free guide to Cyber

What is Cybersecurity?

Cybersecurity can be summarized as efforts aimed at preserving the confidentiality, integrity, and availability of computing systems. It’s the practice of affording security to networks and systems to protect them from cyber attacks.

According the definition of cybersecurity by Comodo, (https://one.comodo.com/blog/cyber-security/what-is-cyber-security.php) :
cybersecurity is the practice of protecting systems, networks, andprograms from digital attacks. These attacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes.
Implementing effective cybersecurity measures is particularly challenging today because there are more devices than people, and attackers are becoming more innovative.

Cyber attacks have been on the rise and are targeted at accessing, modifying, or deleting data, money extortion, and the interruption of normal services. Cybersecurity is of great concern to today’s businesses since there has been a high adoption of information technology to achieve efficiency and effectiveness in business operations. The current business environment is such that there are many devices, systems, networks, and users.

All these are targeted by cyber criminals, and multiple techniques have been devised and used against them. Cyber attacks are only becoming more effective and sophisticated. Therefore, cybersecurity is becoming a survival mechanism rather than a luxury for many businesses. Cybersecurity has multiple layers, which cover devices, networks, systems, and users. These layers are intended to ensure that these targets are not compromised by attackers. In organizations, these layers can be compressed into three categories: people, processes, and technology.

People

This is the category that includes users. Users are known to be particularly weak in the cybersecurity chain. Unfortunately, cyber criminals are aware of this and often target them rather than systems during attacks. Users are the culprits in creating weak passwords, downloading attachments in strange emails, and easily falling for scams.

Processes

This category encompasses all the processes used by the organization. These can include business processes, such as the supply chain, that could be exploited by attackers to get malware inside companies. Supply chains are, at times, targeted in organizations that are well secured against other methods of being attacked.

Technology

Technology relates to both the devices and software used by an organization. Technology has been a prime target for cyber criminals and they have developed many techniques to compromise it. While security companies try to keep abreast of the threats facing technology today, it seems that cyber criminals have always had the upper hand. Cyber criminals can source new types of malware from underground markets and use them in multiple attacks against different technologies.

The scope of cybersecurity

The importance of cybersecurity can’t be overstated. The world is in a state of interconnection, and therefore an attack on one host or user can easily become an attack against many people. Cyber attacks can range from the theft of personal information to extortion attempts for individual targets. For companies, many things are always at stake. There is, therefore, a broad scope of what cybersecurity covers for both individuals and corporate organizations—let’s look at this in more detail.

Cybersecurity Terminologies

Here are some terms related to the cybersecurity world:

  • Cybercrime: Any crime that involves the use of a computer as the object of a crime or as an accessory used to commit a crime. The perpetrators of such a crime are known as cyber criminals. They mostly use computer technology to illegally access sensitive information, scam, or carry out malicious actions.
  • Ransomware: Malware built to extort money from victims by blocking access to their computers and files until they pay a ransom amount. However, the payment of the ransom is never a guarantee of file recovery.
  • Malware: Malicious software. There are three categories of malware: viruses, worms, and Trojans. These are used to either allow unauthorized access or to
    damage computers.
  • Social engineering: An attack technique that is increasingly being used by cyber criminals to manipulate people into revealing some information or carrying out some actions. The end goal is either monetary gain or access to sensitive information, such as business secrets.
  • Phishing: A common exploitation attack that involves sending fraudulent emails, that claim to be from reputable sources, to users. Phishers aim to get sensitive data or money from their targets. With advancements in technology, phishing attacks are becoming more sophisticated and advanced, and thus more successful.
  • Botnet: A network of zombie devices that have been infected with malware to make them perform certain tasks, such as denial of service attacks. Personal
    computers were once key targets for recruitment in botnets, but since the introduction of IoT devices, hackers have been shifting focus to this largely
    insecure technology. A particularly dreadful botnet is the Mirai botnet, which is made up of IoT devices and has been used in several attacks.
  • Data breach: A corporate network is attacked by cyber criminals and some valuable data is stolen. In many cases, customer authentication details, addresses,
    and their financial information is stolen. Stolen data is valuable and can be sold in black markets or ransomed. Even when the stolen data is encrypted, hackers
    can find ways to decrypt it, especially if the encryption algorithm was weak.
  • DDoS attack: Attackers target a machine with an overwhelming number of requests, thus clogging its bandwidth and ability to respond to legitimate requests. DDoS attacks are carried out by botnets, which have been discussed previously. DDoS attacks can be used as a diversion technique where hackers
    cause security personnel to focus their efforts on recovering from the DDoS attack while another attack is taking place.
  • Spyware: Malware used to spy on people for the purposes of obtaining their personal information, login credentials, or other sensitive information. They
    mostly infect browsers or come hidden in apps and programs. For mobile devices, malware can use GPS sensors to communicate back the whereabouts of a
    user’s device, and they can also access the call history and SMS.

Types of Cybersecurity

Cyber Security is classified into the following types:

#Information Security

Information security aims to protect the users’ private information from unauthorized access, identity theft. It protects the privacy of data and hardware that handle, store and transmit that data. Examples of Information security include User Authentication and Cryptography.

#Network Security

Network security aims to protect the usability, integrity, and safety of a network, associated components, and data shared over the network. When a network is secured, potential threats gets blocked from entering or spreading on that network. Examples of Network Security includes Antivirus and Antispyware programs, Firewall that block unauthorized access to a network and VPNs (Virtual Private Networks) used for secure remote access.

#Application Security

Application security aims to protect software applications from vulnerabilities that occur due to the flaws in application design, development, installation, upgrade or maintenance phases.

#Cloud security

Among the new technologies that are receiving massive adoption is the cloud. The cloud allows organizations to access resources that they could previously not access due to the financial constraints of acquiring and maintaining the resources. It’s also a preferred option for backing up due to its reliability and availability compared to other backup options. However, the cloud has its own set of challenges where security is concerned.

Organizations and individuals are concerned about the theft of their cloud-stored data. There have already been incidences of data theft in the cloud. Cloud security ensures that cloud users can secure their data and limit the people that can access it.

#Internet of Things security

Internet of Things (IoT) is an emerging technology that has been plagued with security threats. However, its practicality has seen it being adopted in many organizations despite the security challenges. IoT devices have been shipping in an insecure state, which poses threats to organizations and individuals. Cybersecurity has therefore been extended to cover this threat landscape.

#User security

As said before, these are the weakest weak points, and they are particularly hard to protect since they are targeted using social-engineering techniques. These techniques cannot be prevented by using security tools. Attackers get to users through normal interactions, using media such as phones, emails, or face-to-face encounters. Organizations have lost a lot of money due to their employees being attacked using social-engineering attack methods. Therefore, user-awareness programs have been incorporated into most cybersecurity strategies.

Free guide to Cyber

You can watch many Free Video’s about various topic’s in my You Tube Channel :

https://www.youtube.com/c/erdalozkaya

Cybersecurity Free Guide 

https://www.cyber.gov.au/acsc/view-all-content/publications/small-business-cyber-security-guide

Cybersecurity: The Beginner’s Guide

It’s not a secret that there is a huge talent gap in the cybersecurity industry. Everyone is talking about it including the prestigious Forbes Magazine, Tech Republic, CSO Online, DarkReading, and SC Magazine, among many others. Additionally, Fortune CEO’s like Satya Nadella, McAfee’s CEO Chris Young, Cisco’s CIO Colin Seward along with organizations like ISSA, research firms like Gartner too shine light on it from time to time.

This book put together all the possible information with regards to cybersecurity, why you should choose it, the need for cybersecurity and how can you be part of it and fill the cybersecurity talent gap bit by bit. Starting with the essential understanding of security and its needs, we will move to the security domain changes and how artificial intelligence and machine learning are helping to secure systems.

Later, this book will walk you through all the skills and tools that everyone who wants to work as a security personal needs to be aware of. Then, this book will teach readers how to think like an attacker and explore some advanced security methodologies. Lastly, this book will dive deep into how to build practice labs, explore real-world use cases, and get acquainted with various security certifications.

By the end of this book, readers will be well-versed with the security domain and will be capable of making the right choices in the cybersecurity field

Things you will learn

  • Get an overview of what cybersecurity is, learn about the different faces of cybersecurity and identify the domain that suits you best
  • Plan your transition into cybersecurity in an efficient and effective way
  • Learn how to build upon your existing skills and experience in order to prepare for your career in cybersecurity

To order the book :

Amazon: Order here

Google Books Order here

Packt Publishing: Order here

Ozkaya

Dr. Erdal Ozkaya is a leading Cybersecurity Professional with business development, management, and Academic skills who focuses on securing the Cyber Space & sharing his real-life skills as a Security Adviser, Speaker, Lecturer, and Author. Erdal is known to be passionate about reaching communities, and creating cyber aware campaigns and leveraging new and innovative approaches and technologies to holistically address the information security and privacy needs for every person and organization in the world. He has authored many cybersecurity books as well as security certification courseware and exams for different vendors. Erdal has the following qualifications: Doctor of Philosophy in Cybersecurity. Master of Computing Research, Master of Information Systems Security, Bachelor of Information Technology, Microsoft Certified Trainer, Microsoft Certified Learning Consultant, ISO27001 Auditor & Implementer, Certified Ethical Hacker (CEH), Certified Ethical Instructor & Licensed Penetration Tester. He is an award-winning technical expert & speaker: His recent awards are: CISO Top 50 Award by Security ME Adviser Magazine & Tahawultech.com (2020) Legend Cybersecurity Pro by GEC Media (2019) Hall of Fame, CISO Magazine(2019) Cybersecurity Influencer of the year (2019) , CISO Magazine Cyber Security Professional of the year MEA (2019) Microsoft Circle of Excellence Platinum Club (2017), NATO Center of Excellence (2016) Security Professional of the year by MEA Channel Magazine (2015), Professional of the year Sydney (2014) and many speakers of the year awards at conferences. He also holds Global Instructor of the year awards from EC Council & Microsoft as well as Logical Operations. Erdal is also a part-time lecturer at Australian Charles Sturt University Erdal’s Social Media Accounts to follow: Twitter: https://twitter.com/Erdal_Ozkaya LinkedIn https://www.linkedin.com/in/erdalozkaya/ FaceBook https://www.facebook.com/CyberSec.Advisor/ Instagram https://www.instagram.com/drerdalozkaya/ Amazon https://www.amazon.com/-/e/B0796D9KQ4 He has built and managed CEO IT from scratch into a multi-million dollars National Training & IT Solutions center. With the skills, he has gained, he has introduced & repeated the success with KEMP Technologies, where he was tasked to single-handedly manage the ANZ region and then build the business in the Asia Pacific region. From there he joined Secunia as CISO in Dubai and extended his experience in Middle East & Africa. Beginning of 2016 he joined Microsoft as a Cybersecurity Architect / Trusted Security advisor where he is responsible in the EMEA region. Erdal currently works at Standard Chartered Bank as Head of Infomation and Cyber Security in a Managing Director status.

İlgili Makaleler

Bir Yorum

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

Başa dön tuşu