This Cyber Security Guide is tailored for small scaled and large scaled organizations aiming to secure their IT resources from Cyber security threats.
What Is Cyber Security?
Cybersecurity is the practice of ensuring security for computing systems involving hardware, software as well as networks. This Cyber Security Guide provides a guideline to effective cybersecurity that minimizes the chances of cyber-attacks as well as shield against possible compromise of networks, systems, and technologies.
Cybersecurity necessitates the coordination of efforts across an information system including network security, application security, and information security. Putting in place effective cybersecurity procedures is essentially complex today due to the increase in the number of electronic devices and innovation by attackers. Furthermore, attackers have joined efforts in planning attacks to cyberspaces that are deemed complex or where they stand to gain big.
Cyber Security Guide-What Are The Benefits Of Cyber Security?
Cybersecurity is critical to persons, agencies, government institutions, and businesses globally. It is vital to families, parents, and educational institutions in safeguarding children from cyber-based fraud. Cybersecurity also helps to assure some sense of financial security in the essence that any attempts to compromise online payment systems are thwarted by cybersecurity. Cybersecurity simply reduces the probabilities of costly data breaches by ceiling potential loopholes that can be exploited by attackers. According to an article on CSO online, average costs of data breaches across North America is $1.3 million and $117, 000 for enterprises and medium-sized businesses respectively.
Cybersecurity offers significant protection from the various kinds of virus attacks, spyware, and malware which are serious threats to computing systems. It also shields users of computers from data theft a major challenge facing users right from general information to personally identifiable information, cybersecurity makes it hard for cyber attackers to get hold of such data.
Cyber Security Guide also offers much-needed protection against hackers through employing tough security mechanisms or a combination off security features to help make it hard for hackers to penetrate.
Some cyber-attacks affect computer performances in such a way that the CPU slows down or freezes, cybersecurity boosts system performances preventing it from crashing. Cybersecurity also improves recovery time in the event of a breach through business recovery and continuity planning.
Cyber Security Guide-The History Of Cyber Security Attacks (1970 – 2019)
The first computer attack in the form of a virus was reported in the early 1970s on ARPANET, just before the invention of the internet. The first computer worm was first distributed in 1988, gaining a great deal of attention globally. Thirty years later, worms and viruses have evolved to alarming rates. Viruses have largely proliferated the internet while worms have become hard to control.
The Creeper worm, a self-replicating experimental program coded by Bob Thomas at Cambridge is considered as the first computer virus created.
The virus infected computers running on a TENEX operating system platform. It gained access to the computers via the ARPANET and replicated itself to the host’s systems. The virus caused the infected systems to display the message ‘I am the creeper: catch me if you can.’.
The extent of the damage caused by the creeper was actually not ascertained. Some people claim that the virus replicated itself several times hence crowding other programs while some claimed that it just hoped from one computer to another after finding a connection. Its key impact is that it led to the development of the first computer antivirus termed the Reaper.
The period between 1980 and 1990 was significant to cybersecurity majorly because it marked an increase in sales of personal computers which were linked together through a phone network. It marked a shift from experimental cyber-attacks to real motivation based attacks. Hackers met on digital hangouts to share passwords as well as insights into the breaking of computer systems.
One notable cybersecurity incident during this period was the hacking of the United States military computers by a German citizen named Markus Hess allegedly on behalf of KGB. He was recruited by the Soviets to break into US computer systems and obtain classified information.
A student of the University of Bremen in Germany then, Markus used a German Datex-P network through a satellite link to the Tymnet international gateway. He managed to infiltrate over four hundred United States military computers which included installations in Japan and Germany, the OPTIMIS pentagon based database, and machines at MIT Massachusetts.
The attack compromised the security of America and its agents based outside the US. Markus was detected tracked and apprehended with the help of Clifford Stoll who was a systems administrator based at Lawrence Berkeley Laboratory California.
This period marked an increasing sophistication in computer hacks with a shift to financially motivated cyber-attacks. One major cybersecurity incident was Vladimir Levin’s attack on Citibank in 19995. This was a high profile case of financially motivated cyber-attack, where Vladimir a leader of a Russian crime group managed to infiltrate Citibank systems gaining access to restricted accounts at the Bank managing to steal millions of dollars.
Vladimir was in charge of a small gang and with the aid of a London based computer, he illegally acquired Citibank customer codes and passwords which then allowed him to log in multiple times transferring 3.7 million dollars into bank accounts belonging to the crime organization.
Vladimir was eventually apprehended by the FBI at a London airport, tried and convicted to serve a three-year jail term in the US. The courts also gave orders for Vladimir to pay back 240, 015 dollars. Critics, however, saw the jail term as lenient with regard to the crime committed arguing that Vladimir should have been given a much tougher penalty.
The period marked an increase in financially motivated cyber-attacks with Albert Gonzalez being convicted of several cyber-attack crimes. Gonzalez hacked into corporate systems belonging to Dave & Buster where he managed to steal over five thousand credit card numbers. Gonzalez also stole one hundred and thirty million credit card numbers from Citibank ATMs.
Upon his arrest, the investigators found over one million dollars buried in Gonzalez Miami based house backyard. As per multiple sources, Gonzalez together with some accomplices created backdoors to perpetrated packet sniffing based cyber-attacks. He later hacked into crucial computing systems that housed primary banking data, fetching sensitive information including credit and debit cards, and proceeded to steal millions of dollars from customers of Citibank.
Cyber Security Guide-Data breaches
2004- Jason Smathers accessed America Online company screen name list and stole 92 million customer account details.
2005- Cyber attackers hacked DSW Shoe warehouse systems and stole over one million records comprising of customer account names and card numbers.
2009-Heartland Payment systems were compromised with hackers breaking into computer systems and stealing over one hundred and thirty million credit and debit card information.
In 2011, an anonymous group of hackers often associated with protests and referring itself as LulzSec attacked Sony. The perpetrators hacked Sony via a third party website managing to steal and publish records of over fifty thousand Sony customers.
The group also managed to swipe approximately fifty-four megabytes of source code by Sony Developers. Prosecutors estimated the damages at more than six hundred thousand dollars with massive indirect costs in customer loyalty. This was a retaliation to arrests of its members and sought to embarrass and ridicule security measures just to gain attention. The group of hackers only knew each other via pseudo names and met online to collaborate on attacks.
2013- Cyber criminals hacked Yahoo’s 3 billion email accounts gaining access to sensitive customer information.
2013-Cyber attackers used malware to steal data from Target company point of sale systems compromising information of approximately one hundred and ten million credit/debit carrying customers.
2014-Syrian Electronic Army cyber hacking group infiltrated eBay’s network stealing sensitive information of one hundred and forty-five million users.
2015-Hackers broke into Anthem Inc. servers and stole 37.5 million records consisting of sensitive information.
2015-Peace a Russian based Cyber-attack group infiltrated LinkedIn stealing email and password combinations of over 117 million customers.
2016-Peace cyber-attackers hacked Myspace compromising over 360 million accounts.
2017-Uber network was breached compromising data of fifty million riders, seven million drivers and 600,000 US based driver license details.
2017-Cyber-attackers hacked into Equifax servers and exposed over 143 million consumers’ personal information.
2014-2018-Cyber attackers hacked into Marriot international computer systems and compromised five hundred million accounts.
2018-Cathy pacific was hacked and 9.4 million accounts compromised.
2018-Facebook code was exploited by attackers and 50 million user accounts compromised.
2018-Quora was hacked and information belonging to 100million users compromised.
2019-Maryland Department of Labor was breached by hackers who illegally accessed names and social security numbers belonging to 78,000 people.
Cyber Security Guide-Most Common Cyber Security Threats Of 2019
The most common cyber security threats are Espionage, Financial gain and service disruption.
This refers to Cyber-attacks aimed at stealing sensitive or classified information or intellectual property with the aim of obtaining an advantage over a company or government entity. One recent high profile instance of Espionage is Stuxnet that was discovered in 2010. This was a Malware developed by the Israeli and U.S. governments with the purpose of derailing or delaying the Iranian nuclear weapons development program.
Stuxnet was widely perceived as an alternative to military airstrikes on Iran’s nuclear plants. The malware was targeted specifically at Iranian nuclear facilities, created to take over computer systems which controlled the facilities hardware. According to Symantec a cyber-security firm, Stuxnet infected Iran’s nuclear plant through a USB stick.
Someone had to physically insert a USB stick containing the malware into a computer within the network either accidentally or deliberately. The worm then infected itself to the plant’s computer system.
It is estimated that over fifteen facilities were attacked and compromised by Stuxnet. It is estimated that the worm destroyed over nine hundred and eighty-four uranium enriching centrifuges within Iranian facilities. Under current estimates, this meant a 30% reduction in enrichment efficiency.
To mitigate against Espionage, governments and corporate entities hope to put in place a comprehensive data policy defining user access control. There also should be commitment to securing critical infrastructure, this includes both physical security and software based control for instance use of biometric devices, firewalls, security personnel manning the physical premises among others. Lastly, organizations need to put in place measures to monitor unexpected behavior with use of intrusion detection systems, network scanning software’s to detect abnormal network traffic among others.
This are attempts to steal, alter, destroy or disable unauthorized access within computer systems and related infrastructure under the motivation of possible financial benefits. It could be in the form of stealing customer credit/debit card details, making fund transfers, ransom, money laundering or stealing information for sale to willing buyers.
The global cost of cyber threats is estimated at $4 trillion with an increase in the number of attack vectors exclusively deployed with the sole intention of gaining some financial benefit. One high profile case of such cyber threat is where Eurofins a leading British private forensics provider was forced to pay an undisclosed sum to hackers in order to regain control over its IT systems.
The company indulges in carrying out private forensic analysis and was a target of a highly sophisticated ransomware attack. The attack infiltrated the company’s IT systems with the hackers threatening to publish customer data as well as logging them out until a certain amount of money was made to them. The ransom is paid mostly in terms of untraceable crypto-currency.
The impact in this case was not only the financial losses as a result of payment of ransom but also loss of customers due to lack of trust with the company. The fear of having confidential information leaked pushed away prospective clients for instance the police leading to loss of business.
To mitigate against such kinds of attacks, organizations need to bolster their security using both system, network and physical controls. Network controls include network scanning software’s, firewalls and other network security hardware. The software includes antivirus, anti-malware, intrusion detection and auditing, and access control software’s. Physical controls include perimeter walls, CCTV cameras, biometric devices and security guards.
This are cyber threats that results in legitimate users not being able to access specific computer systems, services, devices or any IT based resources. This threats often flood systems, servers or networks with traffic so as to overwhelm their resources and render them impossible to be accessed.
The motive in this case is denying users certain services by bringing down the specific platforms or ways of accessing them.
One major example of a service disruption cyber threat is the GitHub attack that occurred in February of 2018. GitHub a platform that is widely known for software development was hit with a sudden surge in traffic that reached over 1.35 terabits per second. The traffic was later traced to several automated systems across multiple unique endpoints.
This caught GitHub administrators unawares as they were not prepared for such attack magnitudes. This attack exhausted GitHub network and system resources rendering its services unavailable. The few that managed to access GitHub found it slow hence could not find what they were looking for.
To mitigate against service disruption cyber threats, organizations need to deploy additional transit to their resources/facilities for instance increasing the bandwidth. Increasing transit capacity enables organizations to be able to withstand volumetric attacks up to a certain threshold without affecting users. It might also be vital to engage third party partners to help in blocking and filtering the network traffic.
Cyber Security Guide-How To Build A Cyber Security Program
In order to build an effective cyber-security program, a commitment to people, the processes and technology is fundamental. These fundamentals ought to align with each other as a backbone of the program. This Cyber Security Guide recommends the following steps;
Identifying the types of data to store
This is dependent on types of data whether it is financial data, payment information, health records, intellectual property or academic information, each organization has data that it processes, transmits and stores in its business operations. It is therefore the prerogative of each organization to protect such information. This cannot happen without first acknowledging the nature and types of data held.
Developing and enforcing cyber security policies
This involves coming up with a detailed security policy that will serve as a primary document for which security administration prospects are actualized into precise, measurable, and realistic goals. It should be written to offer guidance on resources and behavior required from users as well as what is forbidden. The policy should also detail implementation responsibilities as well as owners to specific segments to assist in enforcement. It, therefore, must provide an escalation matrix as well as a clear fall back mechanism in case a policy fails to work as expected.
Assessing your networks security
This involves taking stock of network devices and software within your network. This comes in handy when vital vulnerabilities or patches are announced, it is key to know the exact devices within your network environment that need to be patched or upgraded.
Implementing security awareness training
Cyber security goes beyond IT and requires adoption of a security conscious culture. Essentially, data and system security trickles down to end users. Where users do not understand their roles and responsibilities in protecting data as well as ensuring system integrity, they may unintentionally become security risks. It is therefore important to train employees and members of staff to spot and report any cyber-attacks as well as be versed with ways of protecting IT systems.
Installing email spam filters and anti-malware software
It is also important to put in place security precautions that bolster system security by detecting and preventing ham from potential attacks. Email spam filters and anti-malware help in flagging emails and programs from suspicious sources that may harm the system. Anti-malware helps in scanning new files and cleaning them to ensure that they pose no risks to the system.
Performing network vulnerability scans and assessments
For any network, it is important to also subject it to attacker schemes by scanning for vulnerability to identify any existing loopholes that can be exploited by attackers to compromise it. This is a proactive approach to network security, rather than waiting for weakness in your network to be exploited, you take personal initiatives to identify such loopholes and patch them early.
Conducting penetration testing
This are simulated cyber-attacks against your computer systems to check and test for exploitable loopholes. The process involves attempted breaching of systems either internally or by engaging ethical hackers to uncover any existing vulnerabilities that may be susceptible to hacker exploitation. This is fundamental in improving the overall computer system security posture.
Running Red Team Vs Blue Team Exercises.
This is an exercise where your security teams are divided into two teams a red team who perpetrate attempted attacks on the system and an opposing team who then defend the system against those attacks. They are integral in testing the physical security of sensitive computer systems by the fact that they offer an external review of in house systems and help the internal team fix issues identified. The red team often comprise people from outside with the view of an attacker on the system, they typically test the system the same way a cyber-attacker would and the blue team then attempt to thwart their efforts eventually improving the systems security.