Everything You Need to Know About Cyber security

It’s Cyber Security Month, so DCSL has a special blog to highlight the importance of keeping your systems safe from unscrupulous hackers! Cyber security is, and has been since the dawn of the information era, a very important aspect in our lives, regardless of whether it affects you directly or not.

In today’s modern age, there is a plethora of services and systems, managing our personal information, our finances, and our social life. As such, it is becoming vital for us to stay informed on this subject and treat our digital security as we would treat our real-life security.

What is Cyber Security?

Cyber security encompasses all technologies and procedures designed to protect networks, devices, software programs, and data from cyber-attacks. These attacks target sensitive data or business processes, most commonly to extort money.

A comprehensive cyber security programme relies on People, Processes, and Technology to safeguard its systems:

  • People
    The users on the system need to be aware of basic security protocols, such as password security (having a secure password and not having the same password for different accounts), being aware of the dangers of opening untrusted attachments, and data backup.
  • Processes
    These define the roles and responsibilities of individuals in the event of an attempted or even a successful cyber-attack. They also outline the procedures in place to prevent such attacks from getting through.
  • Technology
    This is an umbrella term for the tools designed to protect systems from a cyber attack – firewalls, antivirus programs, DNS filtering, for example.

Types of Cyber Security Threats

There are four broad categories of cyber security threats. These are:

  • Ransomware
    As the name suggests, ransomware attacks hold a system to ransom by preventing users from accessing the system or the data unless a ransom is paid. Typically, the malicious bit of code either blocks access or encrypts files so that users cannot open them.
  • Malware
    Malware (malicious software) is a software program that has been designed to cause damage to a computer, server, client, or computer network. The term covers a variety of programs, including viruses and worms, Trojan horses, spyware, adware, ransomware, and more.
  • Social Engineering
    A social engineering attack uses psychological manipulation to get the user to make a security mistake. Most social engineering attacks rely on people’s greed or creating a situation where their victims react in fear. The attacks may even impersonate people with authority.
  • Phishing
    Phishing is a form of a social engineering attack carried out through emails or instant messages that look ‘official’ or trustworthy. It is designed to trick victims into handing over sensitive information, which can then be used for identity theft, fund transfer, or to launch a bigger attack after having gained an initial foothold.

Cyber Security: A 2019 Overview

Yearly, Verizon creates a report titled Data Breach Investigations Report. Although this document, like any other, is limited in its scope, it does provide a good view of the evolution of cybersecurity-related incidents.

The 2019 report presents a few interesting figures, showing how the cyber security landscape is constantly shifting. We can see that most cyber-attack victims reside in the small business category, loosely followed by the public sector and healthcare organisations. Furthermore, we can see that attack tactics and the attackers themselves are changing.

An impressive 33% of breaches include social attacks, while 52% are related to technical exploits. More so, 34% of the attackers have been proven to involve internal actors, such as employees, while 69% remain outside attackers.

Retrospectively, data from 2018 reveals that although technical exploits have negligibly decreased, social engineering attacks have greatly increased. An explanation for this can be found in the fact that attackers prefer to use email as a deployment method and rely on commercial applications, such as Microsoft Office, for exploits.

As history dictates, the most targeted platforms are web applications. Due to their nature, web applications are versatile and increasingly complex, leaving plenty of room for error and negligence.

At DCSL we make sure to closely follow the evolution of cyber security, both from an attack and defence perspective, producing quality software at current security standards.