Cyber Security

Intro
Cyber security a general term used when describing the protection of computers and networks from data theft and destructive attacks. This also includes physical security of systems to prevent an attacker from physically attacking a computer, or accessing a computer without authorization (if they find an unlocked system), or stealing data (such as copying confidential data onto an external drive). But the list of categories that cyber security covers is quite extensive.

Cyber security place an important role in our everyday lives, for instance when you make a financial transaction with online banking, purchasing a game or application on the app store on your smartphone, connecting to web accounts such as Facebook, Amazon, Email, etc. Cyber security is responsible for keeping your data and devices safe from malicious hackers trying to steal your data. Cyber security will always be a vital component to our digital lifestyle as the growing risk of cyber threats will always be present and always pose a danger to our data and our devices.

Types of Cyber Security
There are many different forms of cyber security and it does not all refer to web-based elements. Cyber security mainly focuses on application security, network security, information security, disaster recovery, mobile security and internet security, and these aspects can be broken down further.

1. Application security
Application security refers to protecting software and hardware from cyber threats. In the past when applications were developed, they were not designed with security in mind. This left them vulnerable to attackers who may know how to exploit vulnerable sections of the source code and attack the system undefined. Up until the mid-2000s, severe cyber attacks were quite common in terms of malware exploiting vulnerabilities of operating systems and software. Vulnerabilities in applications may allow attackers to gain elevated privileges to a system, steal (or tamper with) valuable or sensitive information, cause disruptions in the network or services, change system configurations, install additional malware and simply damage or destroy the targeted systems.

As a result, the need for secure software has become a rapidly growing need. As mentioned, software initially was not designed with security in mind, not it's becoming more and more of a standard practice to implement security measures in software so as to prevent attackers from exploiting the software. Applications now make use of encryption mechanisms, secure coding and continuous patches and updates undefined. However built-in security on its own will not be able to prevent falling victim to a cyber attack. Additional security measures are recommended, such as firewalls, antiviruses, anti-spyware tools and audit trails (for determining anomalies), just to name a few. These additional features can help keep potential attackers out and restrict what they can do if they get onto your network, and also prevent any known malware from infecting your system undefined.

Not all applications can be secured in the same manner. It all depends on how the application works, what its functions are and who will be using it (among other various factors). Another factor to take into consideration is the competence of the individual responsible for implementing the security that will be protecting the application. If the security features and measures are not properly implemented they will do very little to help and could even cause problems for legitimate users who need to use the application.

Ultimately applications need to be kept up-to-date to ensure any known vulnerabilities get patched. It's often the main reason why some malware outbreaks like Conficker and WannaCry were able to cause such a huge amount of damage, because many people and organizations tend to overlook updates and patches. Applications also have what's known as an end of life (EoL) which is where they no longer have support (legacy system) from their vendor and therefore no longer receive patches. This means that any vulnerabilities that are still in an application that has reached its EoL will never get patched. Continuing to use legacy systems is considered a huge cyber security risk, and an excellent example is the National Health Services in the United Kingdom that continued to use Windows XP systems after they reached their EoL in 2014. When WannaCry spread across the world, their computers alone made up nearly 35% of the global total systems infected by the ransomware.

2. Network Security
Network security involves protecting network hardware and applications from potential threats and also includes putting policies and practices into place to minimize human error allowing a threat to become a successful attack. It also works with network authorization so that only authorized personnel can gain access to a network and its data. There is a wide range of hardware and software that can be used to protect a networkundefined:

2.1 Active
Active network security measures relate to your antiviruses, firewalls, and content filtering devices. Such tools would be used to block excessive network traffic. Active measures are constantly working and keeping unwanted or unauthorized network traffic out of the network.

2.2 Passive
Passive security measures mainly run when they are needed or when they are triggered (unlike active measures that are constantly running). Intrusion detection systems are an example of a passive security measure as they would only be triggered once a an intrusion or some anomaly is detected (either through a signature or when a certain condition that the system uses is met).

2.3 Preventative
Preventative network security focuses more on preventative measures to help avoid any threats from successfully attacking the network. An increasingly popular measure is penetration testing, which entails an organization contracting a professional hacker (pen tester) to test the strength of the implemented security mechanisms (either onsite or remotely). The pen tester can either be tasked with trying to break into the network or certain systems, or they can simply review the policies and theoretically test the security measures in place. In the end, they will give a report to the organization explaining where the flaws in their security are, what could be done to fix these flaws and other recommendations.

Network security is possibly one of the most extensive categories in cyber security as a vast majority of attacks take place by exploiting network components. That's one of the reasons why using only one security component on its own will not be sufficient in preventing an attack. A small network in a private home may be an exception and a security suite, such as an antivirus with content filtering, firewall, and web protection all included in one package may be sufficient, but successful attacks are still possible. But for large organizations, more advanced and multiple integrated security mechanisms are needed.

3. Information Security
Information security is one of the biggest aspects when it comes to cyber security, as it involves protecting the most common target for attackers, which is information. It prevents an attacker from accessing, manipulating, deleting or stealing information from users and systems. The ultimate goal of information security is to maintain the CIA triad, which refers to confidentiality, integrity and availability undefined.

3.1 Confidentiality
This relates to ensuring only people with authorization to certain information are permitted to access that information. It helps control user access to information and protects information from potential attackers or unauthorized users from accessing, manipulating or stealing information undefined.

3.2 Integrity
The purpose of integrity is to ensure that information has not been tampered with in any way, thereby ensuring its accuracy. Whether information is in storage, being transferred or being accessed by a user, it should remain as unchanged as possible unless there is a needed change to be applied to the information. If information's integrity is maintained, it can be seen as being well-protected undefined. A method of ensuring integrity is making a hash of the data. A hash essentially a fixed length value of the data that is unique to that exact piece of data (exact same data will produce the same value). A single change in that data will change the hash value, therefore if the original has of the information matches a rehash of that information, it can be said that integrity is maintained undefined.

3.3 Availability
This ensures that information is available to user that have access to it and when they need it, and should not be available to unauthorized users and also when it's not needed. The availability of information can be regarded as proper system security as the system managing the information can be seen as not being compromised. If there are any problems with the information system due to security issues, then information availability would most likely be an issue undefined.

Organizations are mainly targeted in large-scale cyber attacks because the information they possess is of high value to attackers. Such information can be financial details, contact information and other personal information. Attackers can use this information to steal funds from bank accounts, used for identity theft, spoof user accounts to carry out other cyber attacks. A dedicated security plan often needs to be devised by organizations to protect their information, and this usually includes the input of the chief information security officer (CISO) undefined.

4. Disaster Recovery
Disaster recovery (DR) is a policy (mainly data backup) that's put in place for if there's ever a critical situation where an organization loses information on its primary systems. A few examples where this could happen would be natural disaster (non-cyber related), the WannaCry ransomware outbreak, the NotPetya wiper attack and denial of service (DoS) attacks. In the event an organization's primary information storage is inaccessible, then the information can be retrieved from backed up data stored on secondary systems (sometimes offsite or off the network) undefined.

This allows organizations to continue business operations as efficiently as their DR plan allows them to. Many organizations do not have DR policies in plan, or they do not adhere to policies accordingly and in the event of a disaster, they can suffer immense losses due to being unable to continue with business functions. A common reason organizations do not adhere or implement DR plans is to cut down on expenses, and they do not tend to anticipate the cost of running and maintaining a DR plan and the cost of damages due to a malware attack and no DR plan.

5. Mobile Security
Mobile security plays a significant role in our lives everyday. Mobile phones have become more than simple devices to send texts and make/receive phone calls. The development of smartphones (as well as tablets and other smart mobile devices) now allow us to carry all of our personal information in our pockets, such as emails, PDF files, financial information and applications, social connections, locations, and more. As a result, mobile devices have become a popular target for attackers. The techniques that are used vary greatly, some of which are phishing attacks, Wi-Fi attacks (evil twin, packet sniffing, and sidejacking attacks), Trojan applications on app stores, and near field communication (NFC) attacks.

Mobile device operating systems are implementing improved security measures with each new release, and try protecting applications from affecting one another, although this is a very difficult approach. The Android operating system is designed to run each application in isolation undefined, almost as though it's running in a virtual machine. This approach prevents applications from unnecessarily affecting other application on the device, however many applications are dependent on other applications in order to work. Therefore permissions are granted to these applications to access each others' data and make necessary changes. Attackers will often forge application certificates that allow their malicious applications to access and manipulate or steal data from other applications and in some cases grant the attacker escalated privileges on the device.

Antivirus tools can be used to help protect devices from malicious applications and keeping the device's operating system up-to-date with the latest patches are the main methods of defense for mobile devices, however there are other tools and methods for additional security. Some people tend to make the mistake of rooting their mobile device to grant them full developer-level control of their device. Granted the actions you can perform to alter your device and some applications is greater, rooting the device will virtually void the security implemented by the manufacturer. This can open your device up to even some of the most basic malware, therefore it is highly unwise to root your device. Some applications (such many screenshot applications) will state your device needs to be rooted in order for the app to work, this is often wrong and unnecessary as there is some variant of the desired application that will work on a non-rooted device. The only time an application would really rely on a rooted device is an application that needs to access and alter data at almost the kernel level.

To counter the above mentioned issues, mobile security mainly involves implementing an antivirus (and a firewall in some cases), biometrics (such as fingerprint and facial recognition) making it harder to break than a password, running applications in isolation, use of digital certificates to grant permissions to applications, and additional tools that can be implemented such as an intrusion detection system.

6. Internet Security
This form of cyber security focuses on protecting aspects of the internet, such as data travelling from user to server over the internet, networks connected to the internet, web browsers, and network technology linked to the internet. The internet can be regarded as the largest network in the world as nearly 3.5 billion people as of 2016 are connected to the internet undefined. Like all networks, devices connected to a network have the ability to communicate and establish links with each other, and therefore the internet can be used by hackers to connect and attack targeted systems and internet-facing networks.

All forms of malware can be contracted from the internet, many of which relies on social engineering to successfully infect a computer or network. The most common forms of malware found on the internet are Trojans that pose as a legitimate application but when downloaded and executed, they actually install malware onto the victim's computer and this can result in any of the following: Other types of malware that can be found on the internet itself are: There are a wide range of security measures to help secure the internet, but the internet itself was not designed with security in mind and without these additional tools and mechanisms, the internet would not be secure at all. One of the most common mechanisms is transport layer security (TLS) which is used to encrypt traffic passing through the internet undefined. The network layer of the internet is generally protected using internet protocol security (IPsec), which is used for authentication at the internet protocol layer, and ultimately ensures integrity of data travelling over the internet and and prevents anti-replay attacks undefined.
 * Adware
 * Backdoors
 * Botnet malware
 * Browser hijackers
 * Keyloggers (password stealers)
 * Coin miners
 * Potentially unwanted applications
 * Ransomware
 * Rootkits
 * Software bundlers
 * Viruses
 * Wipers
 * Worms
 * Click fraud
 * Cross-site request forgery (XSRF/CSRF)
 * Cross-site scripting (XSS)
 * Drive-by downloads
 * Form grabbers
 * iFrames
 * Man-in-the-browser attacks
 * Rogue security software
 * Scareware
 * Trojan downloaders

Firewalls can also be implemented to enhance security, and a common type of firewall is an application-level gateway. This will forward a packet to its destination provided it is using a recognized protocol to establish a connection. If the protocol is not recognized, the packet will not be allowed to its destination as it will be regarded as either suspicious or not secure.

Some web browsers implement their own security features to try and protect users who are using their browser. However these mechanisms alone are not enough to protect users or their data and hence the use of other protocols are required. But like any other application, web browsers have got vulnerabilities that are occasionally exploited by attackers, for example the attacker may find a way to publish a malicious plug-in or infect an existing plug-in which may steal data or compromise the browser to benefit the attacker.

Legal Evolution
When cyber threats first surfaced, it was difficult to prosecute attackers because laws were not drafted to include cyber crimes. Over the years, countries around the world slowly started amending their laws to accommodate cyber crimes, and with the significant rise in cyber crimes in recent years, some countries are starting to implement penalties for organizations who suffer attacks. New laws are starting to set standards and regulations that organizations need to comply with to ensure that their data is secured properly. A number of organizations have been fined millions of dollars for not adhering to these regulations.

As mentioned earlier, laws were being amended to accommodate cyber crimes, but now cyber-related offenses are beginning to be drafted into new separate laws specifically designed for cyber crimes. This is to help establish well-defined laws for a wide range of offenses and what the penalties are should an individual or organization be prosecuted for a cyber crime or offense.

A complicated aspect to drafting cyber laws is when an offense occurs over the internet, it may be tricky to determine if and how the offender is to be prosecuted. The reason being is that the internet is essentially stateless, meaning it cannot be influenced by one universal law and the laws of a particular country. A user (User A) in one country could perform an action over the internet that affected a user (User B) in another country. The act committed by User A may not be illegal in their country but it may be illegal in User B's country. The matter would have to be carefully assessed as to determine what actions to take against User A, if any legal action is possible.

But as the laws evolve, there are plans to hopefully establish cyber laws that can be applicable worldwide and also make it easier for cyber-related court cases to be conducted without conflicts or loopholes in traditional criminal laws with insufficient (or no) amendments regarding cyber crimes.