All about Cybersecurity in 7minute 34seconds – The Ultimate Guide to Cyber Security.

Introduction

Cybersecurity (sometimes called computer security) is a collection of methods and practices for protecting computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. one can use Cybersecurity in various areas, from business to mobile technology. Several main categories can be distinguished in this direction.

• Network Security – Actions to protect computer networks from various threats, such as targeted attacks or malware.

• Application Security – Protecting devices from threats that criminals can hide in programs. An infected application can give an attacker access to data that it is supposed to protect. Application security is ensured even at the development stage, long before it appears in open sources.

• Information Security – ensuring the integrity and privacy of data both during storage and during transmission.

• Operational Security – handling and protecting information assets. This category includes, for example, managing network access permissions or rules that define where and how data can be stored and transmitted.

• Disaster Recovery and Business Continuity – Responding to a security incident (attacker) and any other event that could disrupt systems or lead to data loss. Disaster recovery is a set of rules that describe how an organization will deal with the impact of an attack and restore business processes. Business continuity is a plan of action if an organization loses access to specific resources due to a malicious attack.

• Raising Awareness – educating users. This direction helps to reduce the impact of the most unpredictable factor in Cybersecurity – the human. The most secure system can also be attacked due to someone’s error or ignorance. Therefore, every organization should conduct training for employees and tell them about the main rules: for example, that there is no need to open suspicious email attachments or plugin questionable USB devices.

Information protection aims to prevent or reduce the risks of cyberattacks, exclude data leaks or damage, and minimize system disruptions.

Cyber attacks are carried out for illegal access to a device, network, and infrastructure. They lead to the loss of confidential information, theft of funds, disruption of business processes, and, as a result, reputational and direct financial damage.

A cybersecurity specialist helps to protect confidential data from leaks and integrity breaches. The protection of digital assets is needed more and more every year, so that experts in this field will always be in demand in the market.

Three elements can be distinguished in the complex of organizational and technical measures to protect against cyber threats:

• Company staff. Information security (IS) often suffers from the human factor; therefore, personnel training is the basis for incident prevention. Employees need to explain the need to set complex passwords for accounts and change them periodically, provide instructions for handling confidential information, and define the need to back up data.
• Security tools for devices in need of protection.
• Well-built process of protecting the information environment. It is essential to understand that information security is not a complete object. The protection system should be continuously modernized, saving the IT infrastructure from the current threats.

Types of cyber attacks :-

From a computational perspective, security includes Cybersecurity and physical security. Companies use it to protect against unauthorized access to data centres and other computerized systems. Information security, which aims is to maintain the confidentiality, integrity, and availability of data, is a sub-area of Cybersecurity. Using Cybersecurity can help prevent cyberattacks, data breaches, and identity theft and can help manage Risk.

Therefore, speaking about Cybersecurity, one may ask the question: “What are we trying to protect ourselves from?”

There are three main aspects that we are trying to control:

• Unauthorized access
• Unauthorized deletion
• Unauthorized change

The three terms are synonymous with the very famous CIA triad of confidentiality, integrity, and availability. The CIA triad is commonly referred to as the three pillars of security, and much of the organization’s security policy is built on these three principles.

CIA triad

The CIA Triad stands for confidentiality, integrity, and availability. It is a design model to guide companies and organizations to shape their security policies.  To avoid confusion with the Central Intelligence Agency (CIA), it is also known as the AIC triad. The components of the triad are considered the most fundamental components of security. So let me briefly tell you all about the three components.

Confidentiality

It is about protecting personal/private information. Confidentiality means keeping customer information between you and the customer and not telling others, including employees, friends, family, etc.

Integrity

 Integrity refers to the methods used to ensure that data is authentic, accurate, and protected from unauthorized changes by users, in the context of computer systems,

Availability

Accessibility in the context of a computer system means the ability of a user to access the information or resources in a specific location and the correct format.

How is Cybersecurity implemented?

There are many procedures for actually implementing Cybersecurity, but there are three main steps in actually fixing a security issue.

The first step is to recognize the problem causing the security issue; for example, we need to realize if there is a denial of service attack or if the person is in the middle of an attack. The next step is to assess and analyze the problem. We need to make sure that we isolate all data and information that might have been compromised in such an attack. Finally, after assessing and analyzing the problem, the final step is to develop a patch that fixes the problem and returns the organization to a working state.

When detecting, analyzing, and treating a cyberattack, three principles are considered in various calculations. They are:

• Vulnerability
• A threat
• Risk

Cybersecurity – Benefits

The benefits of using cybersecurity include:

• You are protecting your business from malware, ransomware, phishing, and social engineering.
• Data and set-up protection.
• Increased confidence in the product from both developers and customers.
• Protection from unauthorized users.
• End-user protection.

Popular professions in Cybersecurity :-

Cybersecurity professionals can be roughly divided into three categories:

• White hat – works legally, protects company data, identifies vulnerabilities, and helps to get rid of them.
• Gray hat includes hackers who carry out illegal hacking without malicious intent and purpose to profit or harm.
• Black hat – these hackers always harm. They illegally hack into systems, networks, and devices for hooligan motives or gain profit, incl, by order.

In this article, we only consider information security experts working in the “white” zone. They have quite a lot of different specializations – let’s take a look at the main ones.

Antifraud analyst

Such specialists are in demand in fintech companies and the banking sector. An anti-fraud analyst is engaged in the protection of online transactions of individuals. It limits spending and purchases from bank cards, monitors cash transactions with bank cards, analyzes investments to identify suspicious online transactions, and solves other problems in this area.

Reverse Engineering Specialist or Code Analyst

Analyzes program code to find areas vulnerable to cyber attacks in the program. The code analyst must have basic knowledge of programming in Python, C ++, ASM, etc., as well as know about the existing types of vulnerabilities (SANS Top-25, OWASP Top-10). A reverse engineering specialist should identify threats and provide recommendations for their elimination.

Information security system (ISS) developer

These professionals must combine programming skills with knowledge of data protection tools. ISS developers need to know DLP systems, cloud storage MS Azure and AWS, programming languages, CI / CD, frameworks, antivirus solutions, and much more. Their main task is to create a corporate information security system.

Forensic or cyber crime investigator

Experts in this area are often hired for a one-time investigation of the problem. Usually, their services are required after a successful breach or other information security incident. A cybercrime investigator finds traces of intrusion into the system and reconstructs the events that led to the violation. Forensic collects evidence and exposes hackers, possesses programming skills in popular languages, and understands where cybercriminals bypass the protection of systems.

Pentester

Penetration tests are carried out in close to “combat” conditions. The task of the pen tester is to hack the system and steal data from it, i.e., identify vulnerabilities, the elimination of which will improve security. Pen testers are in demand in IT companies, financial organizations, and large corporations, regardless of the field of activity. They need to know how operating systems (Linux, Windows) and networks work and which parts of the corporate IT infrastructure are most vulnerable.

Application Security Specialist

Analyzes the Vulnerability of web applications and source code in JavaScript, PHP, Ruby, ASP.Net, ASP, Java, etc. An application security specialist will need skills in working with relational DBMS, knowledge of network protocols and programs, Apache, Nginx, IIS servers, and other skills depending on the project’s complexity.

DevSecOps

A Development Security as Code Operations (DevSecOps) Specialist provides security at all stages of application development, controls, and secures in parallel with programming. The DevSecOps model is automated, reducing the risk of misadministration and downtime.

Corporate IT Security Specialist

It is engaged in data preservation, prevents cyberattacks and information leakage, and strengthens information systems’ security. A corporate expert must understand the legal basis of information security and have practical skills in working with technologies.

In addition to the professions listed above, there are also SOC analysts, security testers and security architecture specialists, virus analysts, computer forensics, and even ethical (white) hackers on the loose.

Requirements for cybersecurity professionals :-

Let’s list the minimum set of knowledge, skills, and abilities required by cybersecurity specialists:

• I am reading the code, the ability to distinguish between legitimate source code and intrusions from the outside.
• Programming skills.
• Knowledge of the device of popular hardware solutions, incl. PCs and servers.
• Basics of web layout.
• Analytical skills and forecasting.
• Understand the principles of cyber attacks and protection against them.
• The ability to quickly assess security threats and identify their source.
• Skills of working with popular DBMS (types, basic queries).
• Ability to work with large data streams.

Depending on the level of professionalism, the set of requirements for specialists is supplemented and specified.

Junior

• work with the command line;
• setting up databases: Auditd, MySQL, Rsyslog, Apache2, Nginx, PostgreSQL;
• experience in setting up antivirus programs and Windows OS;
• Active Directory administration skills, Group Policy (GPO) configuration, and user rights management;
• Knowledge of IP addressing and static routing, TCP / IP, ISO / OSI.

Middle

• Windows, Linux administration skills;
• security analysis;
• experience in anti-intrusion systems and corporate antivirus solutions;
• experience in automated testing in Bash, Perl, Python;
• Theoretical knowledge of the structure and functioning of TCP / IP, ISO / OSI, computer, network, and security of web applications.

Senior

• experience in investigating cybercrimes (detecting intrusions, collecting evidence);
• skills in working with SS7, ERP, Hardware, SCADA;
• knowledge and practical experience with specialized software: Maxpatrol, IBM Qradar, Splunk, Symantec Critical System Protection, Enterprise, Gigamon Networks Tuffin, Cisco ASA, Imperva DAM;
• awareness of the legal framework for information security;
• understanding of primary methodologies, classifications, and world practices such as OWASP, OSSTMM, NIST SP800-115, WASC;
• the ability to detect cyber threats;
• knowledge of PCI DSS standards, STO BR IBBS, ISO 27xxx.