# Introduction of Cyber Security

December 5, 2017

The term cyber security is often used interchangeably with the term information security. Cyber security is the activity of protecting information and information systems (networks, computers, data bases, data centres and applications) with appropriate procedural and technological security measures. Cyber security has become a matter of global interest and importance. Cyber security refers to a set of techniques used to protect the integrity of networks, programs and data from attack, damage or unauthorized access.

### Cyber security Definition

Cyber security is the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user’s assets. Organization and user’s assets include connected computing devices, personnel, infrastructure, applications, services, telecommunications systems, and the totality of transmitted and/or stored information in the cyber environment. Cyber security strives to ensure the attainment and maintenance of the security properties of the organization and user’s assets against relevant security risks in the cyber environment.

More specifically, “Cyber security refers to the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access. Cyber security may also be referred to as information technology security.”

### Why Cyber security is required?

The core functionality of cyber security involves protecting information and systems from major cyber threats. These cyber threats take many forms (e.g., application attacks, malware, ransomware, phishing, exploit kits). Unfortunately, cyber adversaries have learned to launch automated and sophisticated attacks using these tactics – at lower and lower costs. As a result, keeping pace with cyber security strategy and operations can be a challenge, particularly in government and enterprise networks where, in their most disruptive form, cyber threats often take aim at secret, political, military or infrastructural assets of a nation, or its people. Some of the common threats are outlined below in detail.

• Cyber terrorism is the disruptive use of information technology by terrorist groups to further their ideological or political agenda. This takes the form of attacks on networks, computer systems and telecommunication infrastructures.
• Cyber warfare involves nation-states using information technology to penetrate another nation’s networks to cause damage or disruption. In the U.S. and many other nations, cyber warfare has been acknowledged as the fifth domain of warfare (following land, sea, air and space). Cyber warfare attacks are primarily executed by hackers who are well-trained in exploiting the intricacies of computer networks, and operate under the auspices and support of nation-states. Rather than “shutting down” a target’s key networks, a cyber warfare attack may intrude into networks to compromise valuable data, degrade communications, impair such infrastructural services as transportation and medical services, or interrupt commerce.
• Cyber espionage is the practice of using information technology to obtain secret information without permission from its owners or holders. Cyber espionage is most often used to gain strategic, economic, political or military advantage, and is conducted using cracking techniques and malware

### Types of cyber security threats

Ransomware:  Ransomware is a type of malicious software. It is designed to extort money by blocking access to files or the computer system until the ransom is paid. Paying the ransom does not guarantee that the files will be recovered or the system restored.

Malware: Malware is a type of software designed to gain unauthorized access or to cause damage to a computer.

Social engineering: Social engineering is a tactic that adversaries use to trick you into revealing sensitive information. They can solicit a monetary payment or gain access to your confidential data. Social engineering can be combined with any of the threats listed above to make you more likely to click on links, download malware, or trust a malicious source.

Phishing: Phishing is the practice of sending fraudulent emails that resemble emails from reputable sources. The aim is to steal sensitive data like credit card numbers and login information. It’s the most common type of cyber attack. You can help protect yourself through education or a technology solution that filters malicious emails.

Figure 1: Layered View of Cyber Security Framework

### Cyber Security Trends

• Cyber security regulations improvement
• Data theft turning into data manipulation
• Demand will continue to rise for security skills
• Cyber security and Internet of Things (IoT)
• Attackers will target consumer devices
• Attackers will become bolder, more commercial less traceable
• Cyber risk insurance will become more common
• New job titles appearing – CCO (chief cybercrime officer)

### References

[1] Atul M. Tonge and Suraj S. Kasture, “Cyber security: challenges for society- literature review”, IOSR Journal of Computer Engineering (IOSR-JCE), Volume 12, Issue 2 (May. – Jun. 2013), pp. 67-75

[2] “What is Cyber security? A Definition of Cyber security”, available online at: https://www.paloaltonetworks.com/cyberpedia/what-is-cyber-security

[3] “What Is Cyber security?”, https://www.cisco.com/c/en/us/products/security/what-is-cybersecurity.html

[4] Rossouw von Solms and Johan van Niekerk, “From information security to cyber security”, computers & security 38 (2013), pp. 97-102

$${}$$