Cyber Security Awareness is essential for the survival in a world dominated by computers and internet.In this article we will discuss about the importance and impact Cyber Security Awareness and potential ways to protect ourselves from cyber attacks.Let’s learn
A cyber attack is malicious attempt by cyber-criminals to steal data,log in credentials,debit card,credit card details or use a breached computer as a launch point for another series of attacks.Cyber-criminals use one or more computers against a single or multiple computers or networks of any individual,organisation or government agencies.
- Software supply chain attacks: Malicious code is installed into verified and widely used software by modifying and infecting the basic source code of the software.
- Phishing attacks: Phishing attack is one of the most common cyber attack technique. It is done through email, instant message, or text message.The recipient is sent a mail,text message or push message containing a malicious link.On clicking the link the malware is installed in the targeted device.
- Clouds under attack:The cloud is the servers which stores all the database.This database can be accessed over the Internet.Resources and sensitive data of cloud is under threat now-a-days.Cyber-criminals use the configuration and poor management of cloud resources to evade basic cloud security.
- IP Spoofing: IP spoofing is technique where an attacker tricks by sending a packet with the IP source address of a known, trusted host so that the host behaves as it is communicating with a known and trusted entity.
- Password attack: It is an effective attack approach to authenticate unauthorized users.This is done by unencrypted passwords, using social engineering or gaining access to a password database in a same network.
- SQL injection attack: It is an attack on database-driven websites. SQL commands are maliciously inserted into data-plane input in order to run established SQL commands. SQL injection can exploit any database-driven website as it enables attackers to read sensitive data and even to modify.
- Malware attack: Malware is the Malicious software that can be installed on targeted device without user’s consent.Malware can be installed remotely and tracking the source of malware is very difficult.
- Adware: Adware displays lucrative ads on users computer.It is the least dangerous Malware.
- Spyware: Spyware is malware that spies on users, tracks the internet activities like browsing habits to send targeted Adwares.
- Stalkerware: It’s working principal is same as spyware apps. It also gives access of the location of the user’s device to the hacker.
- Virus: A virus is a program or code that that can infect other programs by modifying them.
- Spam: Spams are Electronic junk emails which are sent as commercial advertisements through email.
- Worm: A program that is capable to replicate by itself in a hosted device and deletes data and files on the computer until the drive become empty.
- Trojan: A Trojan horse is a type of malware that is often disguised as legitimate software and creates a backdoor for hackers so that they can have full access to the particular device or network.
- Hoax: A warning e-mail is received by the user citing that certain system that is harming the computer. The email also instructs the user to run a procedure (most often in the form of a download) to recover the system.When this program is run, it captures the system’s database.
- Rootkit: Very hard Malware to detect and remove. Once installed, the software gives the hacker the full access of the device.
- Keyloggers: Keyloggers are designed to record everything the user type in the device.Log-in names, passwords, and other sensitive information are recorded and sent to the source of the keylogging program.
- Ransomware: This type of Malware are found in form of legitimate software.Once installed all files of the device are encrypted and the malware demands money or bitcoin transaction in order to recover the files. A text file is placed in every folder to display further instruction.
- Browser Hijacker: It is a type of Malware that redirects a user from his normal search activity and produce the results the developers want the user to see.
- Financial losses and fines to an individual or organisation.
- Brand and business damage and loss of sales.
- Loss of revenue due to denial of service.
- Loss of intellectual property or valuable data.
- Discontinuity of service.
- Can manipulate social networking messages to create unrest,riots,political unrest etc.
- Social or political image of any individual can be harmed.
Cyber security awareness is the education and awareness on how to protect a business’s database and other assets.Cyber security awareness enables the individual user or an institution to know about potential impact a cyber-attack. It also empowers users to reduce risk and prevent cyber-crime infiltrating their online workspace.
- Threats like WannaCry are emerging more frequently and in large scale.The biggest ransomware attack to date.
- Phishing scams are the most common and successful technique of cyber attack.Data breach can happen due to human negligence.
- Awareness on types and pattern of cyber attacks is necessary to prevent the potential cyber threats.
- Awareness on sensitive information like passwords, account numbers, PINs, and access codes is required for overall security of an individual or an organization.
- Regular Data Backup enables users to restore the last well configured and safe data and minimize data loss.
- User need to be vigilant while using certain file extensions like “.exe” or “. Zip” or during downloading various files, application software, attachments etc.
- User should avoid clicking links from unknown emails,text or whatsapp messages.
- Rules in Intrusion Prevention Software (IPS) should be created to disallow the opening of files with extension “.exe” from local App data folders.
- Regular patch and upgrades is must to prevent leaks or vulnerabilities in software.These patches and upgrades should always be downloaded from official websites of the software itself.
- Anti-malware software and updated firewall software should be installed.
- Operating systems should be kept up to date with essential security patches.
- National Cyber Security Policy 2013: Indian Government enacted National Cyber Security Policy to create a guideline for comprehensive, collaborative and collective response to combat the issues of cyber security in the country.
- Computer Emergency Response Team (CERT-In) has been established as an umbrella organisation for coordination in crisis management efforts including early warning and post crisis scenario.
- Cyber Swachhta Kendra: The “Cyber Swachhta Kendra” is a Botnet Cleaning and Malware Analysis Centre (BCMAC), operated under the Indian Computer Emergency Response Team (CERT-In)
Many countries around the world are engaging in digital war and cyber-criminals are targeting reputed business organisations and government projects.New cyber challenges are being originated every day. Misuse of social media platforms are increasing at global scale.In this context,data protection or privacy protection law has gained importance than never before.India needs an enhanced and comprehensive cyber-security guidelines to keep a check on cyber vulnerabilities and cyber threats.
Mounting a good defense requires understanding the offense.So the understanding of cyber threats helps to protect from unauthorized access to critical and sensitive data.Cyber security has become an integral part of cyptocurrency transactions.So in the ecosystem of growing cyber attacks,Indian Government should enact the updated and strong privacy protection law in an urgent basis.Cyber Security Awareness campaign in regular basis on various social media platform,would be very useful steps to make the nation digitally safe and sound.