WHAT IS CYBER SECURITY?
Cyber security, also referred to as information technology security, focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change or destruction.
5 cyber security trends to watch for 2016
Here are five major trends in cybersecurity that you should have in mind when updating your InfoSec plans for 2016.
As more and more of the services we use reside in the cloud, IT departments can lose oversight and control. Employees are bypassing IT to snag the services they feel they need, and there’s a real danger that they’re bypassing security protocols and systems in the process. You should take steps to ensure that your IT department has full visibility.Even approved cloud vendors must be scrutinized on an ongoing basis. Do you know where your data resides? Do your cloud service providers meet your security standards? If they aren’t in compliance, their failure to meet regulatory requirements could be something that you’re liable for. Don’t take it on trust, test your third-party vendors and verify for yourself.
The impact of ransomware is growing. According to the Cyber Threat Alliance, the recent CyrptoWall v3 threat has cost hundreds of thousands of users worldwide more than $325 million so far. This kind of attack encrypts important files, rendering data inaccessible until you pay the ransom. It often relies upon social engineering techniques to gain a foothold.
It works, and we expect to see a lot more of it over the next 12 months, because the easiest way for many individuals and businesses to get their data back is just to pay the ransom. With a bit of forethought, better education and real-time security protection, not to mention a regular, robust backup routine, the threat of ransomware can be cut down to size.
Cybercriminals follow the path of least resistance and the easiest way for them to gain access to your precious data is usually by tricking a person into handing over the keys, not by writing a clever piece of code. Phishing attacks are growing more sophisticated all the time, as official-looking messages and websites, or communications that apparently come from trusted sources, are employed to gain access to your systems.
The targeting of high-level execs or anyone with a high security clearance is on the rise. If cybercriminals can hack a CEO’s account, for example, they can use it to wreak havoc and expose a lot of sensitive data. Educating potential targets about the dangers is not enough. You need a combination of real-time monitoring and scanning systems, with protective blocking capabilities. That said, sometimes laying down a security policy for employee education is all you need.
WHY IS CYBER SECURITY IMPORTANT?
Governments, military, corporations, financial institutions, hospitals and other businesses collect, process and store a great deal of confidential information on computers and transmit that data across networks to other computers. With the growing volume and sophistication of cyber attacks, ongoing attention is required to protect sensitive business and personal information, as well as safeguard national security.
During a Senate hearing in March 2013, the nation’s top intelligence officials warned that cyber attacks and digital spying are the top threat to national security, eclipsing terrorism.
WHAT IS CYBER CRIMINALS
A cybercriminal is an individual who commits cybercrimes, where he/she makes use of the computer either as a tool or as a target or as both.
Cybercriminals use computers in three broad ways:
- Select computer as their target: These criminals attack other people’s computers to perform malicious activities, such as spreading viruses, data theft, identity theft, etc.
- Uses computer as their weapon: They use the computer to carry out “conventional crime”, such as spam, fraud, illegal gambling, etc.
- Uses computer as their accessory: They use the computer to save stolen or illegal data.
Here are seven common types of cyber criminals. Recognize any?
1) Script kiddies: A wannabe hacker. Someone who wants to be a hacker (or thinks they are) but lacks any serious technical expertise. They are usually only able to attack very weakly secured systems.
2) Scammers: Your email inbox is probably full of their work. Discount pharmaceuticals, time-shares, personal ads from available women in Russia…sound familiar?
3) Hacker groups: Usually work anonymously and create tools for hacking. They often hack computers for no criminal reason and are sometimes even hired by companies wanting to test their security.
4) Phishers: Gotten an email recently claiming your bank account is about to expire? Don’t fall for these jerks. They want your personal information and, most likely, your identity, by directing you to a phony websites.
5) Political/religious/commercial groups: Tend to not be interested in financial gain. These guys develop malware for political ends. If you think this group is harmless, think Stuxnet. The Stuxnet worm which attacked Iran’s Atomic Program of Its Nuclear Facilities was believed to be created by a foreign government.
6) Insiders: They may only be 20% of the threat, but they produce 80% of the damage. These attackers are considered to be the highest risk. To make matters worse, as the name suggests, they often reside within an organization.
7) Advanced Persistent Threat (APT) Agents: This group is responsible for highly targeted attacks carried out by extremely organized state-sponsored groups. Their technical skills are deep and they have access to vast computing resources.
So now you know who these bad guys are. As G.I. Joe would agree, “Now you know, and knowing is half the battle!”
Posted By: Delicana, Flora Mae