What is Cybersecurity?
October 09, 2019
What is Cybersecurity
I'm here to tell you guys about how
cyber security makes this all possible
now before we begin let me brief you all
about the topics that we are going to
cover today so basically we are gonna
ask three questions that are important
to cyber security firstly we're going to
see why cyber security is needed next
we're going to see what exactly is cyber
security and in the end I'm going to
show you all through a scenario how
cyber security can save a whole
organization from organized cybercrime
okay so let's get started now as I just
said we are living in a digital era
whether it be booking a hotel room
ordering some dinner or even booking a
cab we are constantly using the Internet
and inherently constantly generating
data this data is generally stored on
the cloud which is basically a huge data
server or data center that you can
access online also we use an array of
devices to access this data now for a
hacker it's a golden age with so many
access points public IP addresses and
constant traffic and tons of data to
exploit blackhat hackers are having one
hell of a time exploiting
vulnerabilities and creating malicious
software for the same above that cyber
ducks are evolving by the day
hackers are becoming smarter and more
creative with their malware and how they
bypass virus scans and firewalls
still baffle many people let's go
through some of the most common types of
cyber attacks now
so as you guys can see I've listed out
eight cyberattacks that have plagued us
since the beginning of the Internet
let's go through them briefly so first
on the list we have general malware
malware is an all-encompassing term for
a variety of cyber threats including
Trojans viruses and bombs malware is
simply defined as code with malicious
intent that typically steals data or
destroy something on the computer next
on the list we are fishing often posing
as a request for data from a trusted
third party phishing attacks are sent
via email and asked users to click on a
link and enter the personal data
freshing emails have gotten much more
sophisticated in recent years making it
difficult for some people to discern a
legitimate request for information from
a false one phishing emails often fall
into the same category as spam but are
more harmful than just a simple ad next
on the list we have password attacks a
password attack is exactly what it
sounds like a third party trying to gain
access to your system by cracking a
user's password next up is DDoS which
stands for distributed denial of service
ad or staff focuses on disrupting the
service of a network attackers sent high
volumes of data or traffic through the
network that is making a lot of
connection requests until the network
becomes overloaded and can no longer
function next up we have
man-in-the-middle attacks by
impersonating the endpoint in an online
information exchange that is the
connection from your smartphone to a
website the MIT M attacks can obtain
information from the end users and
entity he or she is communicating with
for example if you're banking online the
man in the middle would communicate with
you by impersonating your bank and
communicate with the bank by
impersonating you the man in the middle
would then receive all the information
transferred between both parties which
could include sensitive data such as
bank accounts and personal information
next up we have drive-by downloads
through malware on a legitimate website
a program is downloaded to a user system
just by visiting the site it doesn't
require any type of action by the user
to download it actually next up we have
mal advertising which is a way to
compromise your computer with malicious
code that is downloaded to your system
when you click on an affected ad lastly
we have rogue softwares which are
basically malware that are masquerading
as legitimate and necessary security
software that will keep your system safe
so as you guys can see now the internet
sure isn't a safe place as you might
think it is this not only applies for us
as individuals but also large
organizations there have been multiple
cyber breaches in the past that has
compromised the privacy and
confidentiality of a data if we head
over to the site called information as
beautiful we can see all this major
cyber breaches that have been committed
so as you guys can see even big
companies like eBay
AOL Evernote Adobe have actually gone
through major cyber breaches even though
they have a lot of security measures
taken to protect the data that they
contain so it's not only that small
individuals are targeted by hackers and
other people but even bigger
organizations are constantly being
targeted by these guys so after looking
at all sorts of cyber attacks possible
the breaches of the past and the sheer
amount of data available we must be
thinking that there must be some sort of
mechanism and protocol to actually
protect us from all these sorts of cyber
attacks and indeed they're in a way and
this is called cyber security in a
computing context security comprises of
cyber security and physical security
both are used by enterprises to protect
against unauthorized access to data
centers and other computerized systems
information security which is designed
to maintain the confidentiality
integrity and availability of data in a
subset of cyber security the use of
cyber security can help prevent against
cyber attacks data breaches identity
theft and can aid in risk management so
when an organization has a strong sense
of network security and an effective
incident response plan this better able
to prevent and mitigate these attacks
for example and use a protection defense
information and guards against loss of
theft by lots of scanning computers for
malicious code now when talking about
cyber security there are three main
activities that we are trying to protect
ourselves against and they are
unauthorized modification unauthorized
deletion and unauthorized access these
freedoms are very synonymous to the very
commonly known CIA tried which stands
for confidentiality integrity and
availability
the CIA triad is also commonly referred
to as a three pillars of security and
most security policies of bigger
organizations and even smaller companies
are based on these three principles so
let's go through them one by one so
first on the list we have
confidentiality confidentiality is
roughly equivalent to privacy measures
undertaken to ensure confidentiality are
designed to prevent sensitive
information from reaching the wrong
people while making sure that the right
people can in fact get it access must be
restricted to those authorized to view
the data in question in as common as
well for data to be categorized
according to the amount and type of
damage that could be done should it fall
into unintended hands more or less
stringent measures can then be
implemented across to those categories
sometimes safeguarding data
confidentiality may involve special
training for those privy to such
documents such training would typically
include security risks that could
threaten this information training can
help familiarize authorized people with
risk factors and how to guard against
them further aspects of training can
include strong password and password
related best practices and information
about social engineering methods to
prevent them from bending data handling
rules with good intention and
potentially disastrous results next on
the list we have integrity integrity
involves maintaining the consistency
accuracy and trustworthiness of data
over its entire lifecycle data must not
be changed in transit and steps must be
taken to ensure that data cannot be
altered by unauthorized people for
example in a breach of confidentiality
these measures include file permissions
and user access controls version control
may be used to prevent erroneous changes
or accidental deletion by authorized
users becoming a problem in addition
some means must be in place to detect
any changes in data that might occur as
a result of non human caused events such
as electromagnetic pulses or silver
crash some data might include checksums
even cryptographic checksums for a
verification of integrity back up or
redundancies must be available to
restores affected data to its correct
state last but not least is availability
availability is best ensured by rigorous
maintaining of
hardware performing hardware best
immediately when needed and maintaining
a correctly functional operating system
environment that is free of software
conflicts it's also important to keep
current with all necessary system
upgrades providing adequate
communication bandwidth and preventing
the occurrences of bottlenecks are
equally important
redundancy failover and even high
availability clusters can mitigate
serious consequences when Hardware
issues do occur fast in as adaptive
disaster recovery is essential for the
worst case scenarios that capacity is
reliant on the existence of a
comprehensive disaster recovery plan
safeguards against data loss or
interruption in connection must include
unpredictable events such as natural
disasters and file to prevent data loss
from such occurrences a backup copy must
be stored in a geographically isolated
location perhaps even in a fireproof
water safe place extra security
equipments or software such as firewalls
and proxy servers can guard us against
down times and unreachable data due to
malicious actions such as denial of
service attacks and network intrusions
so now that we have seen what we are
actually trying to implement when trying
to protect ourselves on the internet we
should also know the ways that we
actually protect ourselves when we are
attacked by cyber organizations so the
first step to actually mitigate any type
of cyber attack is to identify the
malware or the cyber threat that is
being currently going on in your
organization next we have to actually
analyze and evaluate all the affected
parties and the file systems that have
been compromised and in the end we have
to patch the whole treatment so that our
organization can come back to its
original running state without any cyber
breaches so how is it exactly done this
is mostly done by actually calculating
three factors the first factor is
vulnerability the second factor is
threat and the third is risk so let me
tell you about the three of them a
little bit so first on the list of
actual calculation is we have
vulnerability so a vulnerability refers
to a known weakness of an asset that can
be exploited by one or more attackers in
other words it is a known issue that
allows an attack to be successful for
example when a team member resigns and
you forgot to disable their access to
external accounts change logins or
remove
their names from the company credit
cards this leaves your business open to
both unintentional and intentional
threats
however most vulnerabilities are
exploited by automated attackers and on
a human typing on the other side of the
network next testing for vulnerabilities
is critical to ensuring the continuity
of your systems by identifying weak
points and developing a strategy to
respond quickly here are some questions
that you ask when determining your
security vulnerabilities so you have
questions like is your data backed up
and stored in a secure off-site location
is your data stored in the cloud if yes
how exactly is it being protected from
cloud vulnerabilities what kind of
security do you have to determine who
can access modify or delete information
from within your organization next like
you could ask questions like what kind
of antivirus protection is in use
what are the license currents are the
license current and is it running as
often as needed also do you have a data
recovery plan in the event of
vulnerability being exploited so these
are the normal question that one asks
when actually checking their
vulnerability next up is threat a threat
refers to a new or newly discovered
incident with potential to do harm to a
system or your overall organization
there are three main types of threat
national threats like floods or
tornadoes unintentional threats such as
employee mistakingly accessing the wrong
information and intentional threats
there are many examples of intentional
threats including spyware malware adware
companies are the actions of disgruntled
employees in addition worms and viruses
are categorized as threats because they
could potentially cause harm to your
organization through exposure to an
automated attack as opposed to one
perpetrated by human beings although
these threats are generally outside of
one's control and difficult to identify
in advance it is essential to take
appropriate measures to assess threats
regularly here are some ways to do so
and sure that your team members are
staying informed of current trends in
cybersecurity so they can quickly
identify new threats they should
subscribe to blogs like Y owed and
podcasts like the tech janux extreme IT
that covers these issues as well as
joined professional associations so they
can benefit from breaking news feeds
conferences and Vimanas
you should also perform regular threat
assessment to determine the best
approaches to protecting a system
against a specific threat
along with assessing different types of
tech in addition penetration testing
involves modeling real-world threats in
order to discover bollen abilities next
on the list we have risk so risk refers
to the potential for loss or damage when
a threat exploits a vulnerability
examples of risks include financial
losses as a result of business
disruption loss of privacy reputation or
damage legal implications and can even
include loss of life risk can also be
defined as follows
which is basically threat x the
vulnerability you can reduce the
potential for risk by creating and
implementing a risk management plan and
here are the key aspects to consider
when developing your risk management
strategy firstly we need to assess risk
and determine needs when it comes to
designing and implementing a risk
assessment framework it is critical to
prioritize the most important breaches
that need to be addressed all the
frequency may differ in each
organization this level of assessment
must be done on a regular recurring
basis next we also have to include a
total stakeholder perspective
stakeholders include the business owners
as well as employees customers and even
vendors all of these players have the
potential to negatively impact the
organization but at the same time they
can be assets in helping to mitigate
risk so as we see risk management is the
key to cybersecurity so now let us go
through a scenario you actually
understand how cyber security actually
defends an organization against very
manipulative cyber crime so cyber crime
as you all know is a global problem
that's been dominating the news cycle it
poses a threat to individual security
and an even bigger threat to large
international companies banks and
government today's organized cybercrime
for our shadows lone hackers are fast
and now large organized crime rings
function like startups and often imply
highly-trained developers who are
constantly innovating new online attack
most companies have preventative
security software's to stop these types
of attacks but no matter how secure we
are cybercrime is going to happen so
meet Bob
he's the chief security officer for a
company that makes a mobile app to help
customers track and my
manage the finances so security is a top
priority so Bob's company has an
activity response platform in place that
automates the entire cybersecurity
process the ARP software integrates all
the security and ID software needed to
keep a large company like Bob's secure
into single dashboard and acts as a hub
for the people processes and technology
needed to respond to and contain cyber
attack let's see how this platform works
in the case of a security breach
while Bob is out on a business trip
irregular activity occurs on his account
as a user behavior analytics engine that
monitors account activity recognize a
suspicious behavior involving late-night
logins and unusual amounts of data being
downloaded this piece of software is the
first signal that something is wrong and
alert is sent to the next piece of
software in the chain which is the
security information and event
management system now the ARP can
orchestrate a chain of events that
ultimately prevents the company from
encountering a serious security disaster
the ARP connects to a user directory
software that Bob's company uses which
immediately recognizes the user accounts
belong to an executed who is out on a
business trip and then proceeds to lock
his account the ARP sends the incident
IP address to a threat intelligence
software which identifies the address as
a suspected malware server as each piece
of security software runs the findings
are recorded in the ARP incident which
is already busy creating a set of
instructions called a playbook for a
security analyst to follow the analyst
then locks Bob's accounts and changes
his passwords this time the software has
determined the attempted attack came
from a well known cyber crime
organization using stolen credentials
Bob's credentials were stolen when the
hacker found a vulnerability in his
company's firewall software and used it
to upload a malware infected file now
that we know how that happened the
analyst uses the ARP and identifies and
patches all the things the ARP uses
information from endpoint tools to
determine which machines need to be
patched recommends how to bash them and
then allows the analyst to push the
patches to all the computers and mobile
devices instantly
meanwhile bob has to alert the legal
departments of the
and the AARP instantly notify the
correct person of the situation and the
status of the incident after the attack
is contained and Bob's account is
secured the analysts then communicates
which data may have been stolen or
compromised during the incident he
identifies which geographies
jurisdictions and regulatory agencies
cover the users and informations
affected by the attack then the ARP
creates a series of tasks so the
organization can notify the affected
parties and follow all relevant
compliances and liability procedures in
the past a security breach this large
would have required Bob's company to
involve several agencies and third
parties to solve the problem a process
that could have taken months or longer
but in a matter of hours the incident
response platform organized all of the
people processes and technology to
identify and contain the problem find
the source of the attack fix the
vulnerability and notify all affected
parties and in the future Bob and his
team will be able to turn the cognitive
security tools these tools will read and
learn from tens of thousands of trusted
publication blogs and other sources of
information this knowledge will uncover
new insights and patterns anticipate and
isolate and minimize attacks as they
happen and immediately recommend actions
for security professionals to take
keeping data safe and companies like
Bob's out of the headlines ok guys I
hope you all learned something about
cyber security today and why it is so
essential in today's world if you all
have any doubts or questions regarding
this video please post a comment down in
the comment section that's it for me
goodbye