Here we are presenting Cybersecurity For Dummies — a small glossary of the basics of cybersecurity and common cybersecurity terms to get you familiar with cyber risk and ways to protect yourself. So, let’s educate yourself on cybersecurity.
Technology has helped companies automate their processes and speed up tasks, but with this, the doors have also been opened for third parties with malicious intent to try to steal their data or enter their systems for illicit profit.
Cybersecurity is a current issue that affects both personal and company data, from self-employed and SMEs to multinationals. Knowing the basics of cybersecurity terminology and knowing how to prevent and react correctly is essential to protect our information.
If your intention is to learn everything about cybersecurity, then you will meet all your expectations here. Good reading!
What is Cybersecurity?
Cybersecurity is the area of a company or organization focused on computing and telematic processes to protect all physical and digital infrastructure related to computing technology — in simple words, it can also be defined as the protection layer for digital information files.
Based on this practice, processes and protocols are established to protect files and prevent any type of threat from putting data at risk when being transported, transferred or stored for any reason.
The cybersecurity concept encompasses a large number of techniques and procedures to implement such protection. Thanks to the tools that are available, theft of valuable information or any cyber attack can be avoided.
For companies, especially today, it is vitally important to equip themselves with the necessary equipment and software to guarantee the best levels of protection. Of course, it is essential to bear in mind that it is an area in constant evolution and it is necessary to keep updated.
Basics Of Cybersecurity:
The first thing you need to do to protect yourself from a threat is to understand it as thoroughly as possible.
That is, it is necessary to understand who embodies the threat, what are his motivations, his objectives and with what methods he usually acts. Thinking in this way helps to build a profile of the attacker that also takes into account how he acts (alone, in groups) and the limits that this places on his own action.
This is the approach that follows those who — by profession — are dedicated to fighting cyberthreats, but following this type of reasoning in a simplified form is useful for everyone to better understand the dynamics hidden behind what we notice simply by interacting with our PC.
Cyber threats can be classified into two types, internal and external.
- Internal threats: Internal ones are those that come from within the organization.
- External threats: The external ones are those that originate outside the network, in which the attacker will look for possible vulnerabilities to exploit.
A cybercriminal moves with set goals that we can summarize as follows:
- steal data or information.
- render computer systems unusable.
- cause damage to people, things or intellectual property.
- damage the reputation of others.
The main reason is to obtain an economic gain or, in any case, an advantage of another nature through:
- the resale of data or information.
- the request for a ransom in exchange for restoring the operation of the systems “taken hostage”.
- blackmail based on the threat to disclose previously stolen information.
The way a threat typically acts also defines the resources available to carry out an attack and the skill level required. Threats can:
- act individually with limited resources and no minimum level of skill.
- interact on a social basis (eg: activists who are not connected to each other exchanging information and suggestions on a blog) with little personal interest in the specific objective, limited resources and minimum level of skill.
- carry out a real race that results in a short-term attack, perhaps only for the thrill or prestige of seeing who first manages to violate a specific goal, which ends when the participants have reached that goal; a medium skill level is required for this type of activity.
- act in a formally organized group with a leader, typically motivated by a specific goal and organized around that goal; the group persists over the long term and generally operates within a single geographic area and requires a medium skill level.
- be equipped with a larger organization and better resources; usually operates in multiple geographic areas and persists over the long term; a high level of skill is required.
Attack Vectors And Attack Techniques Used By Threats
The second thing to understand is which attack vectors and attack techniques are most commonly used by threats. Be careful because it is very easy to confuse the concept of an attack vector and the concept of an attack technique used by a vector.
For example, malware is an attack technique that can be carried out using a vector which in most cases is a phishing email and so on. The attackers managed to break into “closed” systems by leaving a USB stick lying around containing malware. In that case, the attack vector was the USB stick. A malicious app is an attack vector, while social engineering is a refined technique that can help increase the likelihood of success of an attack delivered, for example, via phishing. A botnet is an attack vector while attempting to exploit a known vulnerability through a series of operations (exploit) is an attack technique.
Attack techniques can be grouped into two broad categories: Malware and Exploitation of vulnerabilities exposed on the internet.
Malware is myriad, they replicate and mutate quickly and it’s impossible to keep up with their dynamics. This is why for some years we have been trying to prevent malware by trying to identify the first moves towards the target, that is, the prey. This strategy is based on the fact that there are many malware and each with many variants, but the tactics they use to infect our devices are, fortunately, much less.
Being able to intercept suspicious movements inside (for example) our PCs and being able to trace them to a specific malware and — consequently – adopt the appropriate countermeasures, is now in many cases, a reality that is beginning to consolidate.
Exploitation of vulnerabilities exposed on the internet
The case history is vast, and it is not possible to attempt to list it even briefly. What can be said is that for attackers, the hunt for exposed vulnerabilities is the first step in an attacking activity that can be very long and very complex. Once a vulnerability has been identified, the attacker studies it and tries to exploit it in the best way according to his objectives.
Different Types Of Attack Techniques:
Phishing is a cybernetic attack that spreads via email, which makes its spread very fast: it consists of sending emails very similar to reliable systems such as banks or lotteries.
A simple email informs the recipient that they have won something or that they need relevant information to complete a process or to continue with a certain process that does not exist.
Typically, they provide a link that directs people to an illegitimate landing page similar to the real one. Once inside, by filling in the data we are actually giving it to the cybercriminal, who can enter our system and do his own thing.
Denial of services (DOS)
The modus operandi is for attackers to make multiple requests to the server until it is unable to serve them, eventually collapsing and, therefore, becoming inoperative. This can cause serious economic and organizational damage. There are two ways to do it:
- Denial of service or DoS: A single computer or IP address is used that consecutively launches innumerable connections to the attacked server.
- Denial of service or DDoS: It uses different computers or IP addresses that make many requests to the server until it is blocked.
Its literal meaning is data hijacking. It is very harmful software that totally or partially restricts access to certain key areas of the Operating System.
Once it locks these items, it prohibits the user from using the device: for this reason, ransomware is said to hijack the computer, and to fix the problem, a ransom must be paid to free it.
How does it spread? Through Trojans or worms that take advantage of any vulnerability in the OS or by receiving emails with an unknown file.
The objective of spyware is to attack a foreign computer to steal information. Once the possession of the data is finalized, these are transmitted to an external entity without the consent or knowledge of the owner.
The question here is to profit from the sale of the stolen goods: if we take into account that we live in the era of big data, we can understand that it is a disastrous virus that can weaken — and even collapse — the structure of any company.
Technique aimed at hitting web applications that rely on databases programmed with SQL language, through the exploitation of vulnerabilities such as the inefficiency of controls on the data received in input and the insertion of malicious code in the queries. Such attacks allow access to system administration functions as well as steal or alter data.
Cross-Site Scripting (XSS)
Cross-Site Scripting is a vulnerability affecting dynamic websites that employ insufficient input checking in forms. An XSS allows a hacker to insert or execute client-side code in order to carry out a varied set of attacks such as, for example, the collection, manipulation and redirection of confidential information, viewing and modification of data on servers, altering the dynamic behavior of web pages, etc.
It is a software dedicated to displaying advertising to attract user clicks. However, it can also be inconvenient for businesses. On this occasion, information is obtained from the advertisements that internet users consult out of curiosity.
The exploitation of a flaw, a design or configuration error of an application software or an operating system in order to acquire control of machine resources normally closed to a user or an application. An application with greater permissions than those provided by the original development or set by the system administrator can, of course, implement unexpected and unauthorized actions.
The art of psychologically manipulating people to perform certain actions or reveal confidential information, such as access credentials to computer systems.
Common Mistakes Put Your Cybersecurity At Risk
We already know what types of cyberattacks can compromise our cybersecurity; now we must know in detail some of the most common errors that put us in danger.
The first and foremost step in the basics of cybersecurity is to know how to create a strong and secure password.
Does the password “123456” ring a bell? If so, you will understand that it is not very difficult to decipher it. Therefore, you should also prevent using:
- own names.
- consecutive keyboard letters, for example, “asdfghjk”.
- telephone numbers.
- any special date.
- You don’t have to use dictionary words either!
Free is expensive!
It is common for us to install free antivirus on our computer, which is the worst! If hackers manage to find our keys, we will lose much more than what we are saving by not paying for quality service.
Do not update equipment
It is essential to keep our equipment updated. Both Windows and Apple, for example, are constantly developing to deal with digital threats.
Don’t connect via VPN
Any remote connection to a worker’s corporate network without the use of a VPN runs the risk of elements harmful to your digital security connecting to your network.
A Virtual Private Network or “VPN”, for its acronym in English, is a service that allows remote access to the company’s internal network and to different business resources, such as email, presenters, and desktop applications such as the CRM or ERP, among others.
This private network represents a secure access through the internet, allowing the same mobility to the worker, as well as the interconnection of geographically separated offices.
The VPN creates a secure encryption tunnel that, in this way, makes it possible to access all the services and documents enabled by the organization from anywhere.
Not having a firewall
Having a good antivirus is not enough! Having a firewall is essential within the cybersecurity strategy, as it is responsible for analyzing and inspecting what happens inside and outside our network, detecting whether the traffic is legitimate or not. In this way, you will prevent external threats from entering our system.
There are different types of cybersecurity systems you should know while learning the basics of cybersecurity which are defined according to the type of protection that needs to be applied and the area where it corresponds. In short, they are grouped into three sectors:
They are computer programs that use various protocols and encryption to provide data security against malicious hacker attacks and leaks to the central data system.
This type of security must be present both in the computers — of each of the members who have access to or store important information — and in the processes of identification, access, visualization, modification and transfer of data.
Within these systems, we can find:
- Firewalls: Traffic monitoring tool
- Email security: Programs responsible for reading, studying and encrypting unencrypted passwords to prevent phishing or computer identity theft.
- Pop-up blocker: Software to stop and remove threats from unauthorized windows. They are made especially to act as a complement to browsers.
These are some of the programs used during cybersecurity processes, all with the aim of providing guarantees to users and companies so that they can enjoy secure information transactions.
There are various procedures and techniques to provide ease of use, reliability, and security of the entire network system, including the data that travels within them.
This type of security can be applied to protect network circuits within a company or to protect devices and information connected to a wireless network.
The most common types of network security:
- IDS (Intrusion Detection System): Refers to the tools and mechanisms that analyze traffic within a network to identify abnormalities or suspicious processes to reduce the risk of intruders.
- IPS (Intrusion Prevention System): They are hardware and software devices responsible for reviewing traffic to identify and respond to possible threats or attacks.
- VPN (Virtual Private Networks): VPNs are capable of authenticating the identity of users and prohibiting access to those who are not previously authorized.
- Finally, there are those physical devices that help protect all systems and guarantee the integrity of the data within them.
They are all devices that, when connected to the central network of a company or home, guarantee threat detection and data protection.
In this type of cybersecurity system, we find two devices in particular:
- Hardware firewall: It is a unit that connects between the network and the Internet provider device to analyze, filter, and manages the traffic between the computers and the aforementioned network.
- Proxy servers: It is a team dedicated to an intermediation process between computer devices and a server that is in use by third parties. Its objective is to protect the data and the IP address of other devices connected to the same server.
Cybersecurity is an aspect that is imperative to take into account, especially in countries where government regulations are still recent, which is an opportunity for malicious people and organizations to get hold of confidential information. There are many types of equipment, technologies, and processes that can help you and your company to guarantee data protection.
Educate yourself about the importance of cybersecurity in this modern world.