Why is cyber security important?
Cyber security is important because it encompasses everything that relates to protecting our data from cyber attackers who want to steal this information and use it to cause harm. This can be sensitive data, governmental and industry information, personal information, personally identifiable information (PII), intellectual property, and protected health information (PHI).
Having advanced cyber defense programs and mechanisms in place to protect this data is crucial and in everyone’s interest. Everyone in society relies on critical infrastructure such as hospitals and other healthcare institutions, financial service programs, and power plants. We need these to keep our society running.
At an individual level, cyber security attacks can lead to identity theft and extortion attempts, which can do serious damage to that individual’s life.
We all rely on the safety of our data and personal information. For example, when logging into an application or when filling in more sensitive data in digital healthcare systems. If these systems, networks, and infrastructures don’t have the right protection in place, our data might fall into the wrong hands. In this sense, we’re talking about protection in the form of technology and policies.
The same goes for organizations and businesses, governments, the military, and other socially critical organizations. They store enormous amounts of data in data warehouses, on computers, and other devices. Much of this data includes sensitive information. Exposure of this information can in many cases be very harmful — to citizen trust in institutions, to business competitiveness, personal reputations, and consumer trust in companies.
Cyber Attacks, Network Attacks.
Malware
Malware is a term that describes malicious software, including spyware, ransomware, viruses, and worms. Malware breaches a network through a vulnerability, typically when a user clicks a dangerous link or email attachment that then installs risky software.
Phishing
Phishing is the method of sending fraudulent communications that seems to come from a reputable source, usually through email. The goal is to steal or get sensitive data like credit card and login information or to install malware on the victim’s machine. Phishing is an increasingly common cyberthreat.
Man-in-the-middle attack
Man-in-the-middle (MitM) attacks, also called eavesdropping attacks, occur when attackers insert themselves into a two-party transaction. Once the attackers interrupt the traffic, they can filter and steal data.
Two common points of entry for MitM attacks:
- On unsecure public Wi-Fi, attackers can insert themselves between a visitor’s device and the network. Without knowing, the visitor passes all information through the attacker.
- Once malware has breached a device; an attacker can install software to process all of the victim’s information.
Denial-of-service attack
A denial-of-service attack fills systems, servers, or networks with traffic that exhaust resources and bandwidth. That makes the system incapable to fulfill legitimate requests. Attackers also use multiple compromised devices to launch this attack. This is known as a distributed-denial-of-service (DDoS) attack.
SQL injection
A Structured Query Language (SQL) injection happens when an attacker inserts malicious code into a server that uses SQL and forces the server to reveal information it normally would not. An attacker could carry out a SQL injection simply by submitting malicious code into a vulnerable website search box.
Zero-day exploit
A zero-day exploit hits after a network vulnerability is announced but before a patch or solution is implemented. Attackers target the disclosed vulnerability during this window of time. Zero-day vulnerability threat detection requires constant awareness.
DNS Tunneling
DNS tunneling utilizes the DNS protocol to communicate non-DNS traffic over port 53. It sends HTTP and other protocol traffic over DNS. There are various, legitimate reasons to utilize DNS tunneling. However, there are also malicious reasons to use DNS Tunneling VPN services. They can be used to disguise outbound traffic as DNS, concealing data that is typically shared through an internet connection. For malicious use, DNS requests are manipulated to exfiltrate data from a compromised system to the attacker’s infrastructure. It can also be used for command and control callbacks from the attacker’s infrastructure to a compromised system.
