Cyber Security Awareness is essential for survival in a world dominated by computers and the internet. In this article, we will discuss the importance and impact of Cyber Security Awareness and potential ways to protect ourselves from cyber-attacks. Let’s learn
A cyber attack is a malicious attempt by cyber-criminals to steal data, login credentials, debit cards, credit card details or use a breached computer as a launch point for another series of attacks. Cyber-criminals use one or more computers against single or multiple computers or networks of any individual, organisation or government agency.
- Software supply chain attacks: Malicious code is installed into verified and widely used software by modifying and infecting the basic source code of the software.
- Phishing attacks: Phishing attack is one of the most common cyber-attack techniques. It is done through email, instant message, or text message. The recipient is sent a mail, text message or pushes message containing a malicious link. On clicking the link the malware is installed in the targeted device.
- Clouds under attack: The cloud is the server that stores all the databases. This database can be accessed over the Internet. Resources and sensitive data of the cloud is under threat nowadays. Cyber-criminals use the configuration and poor management of cloud resources to evade basic cloud security.
- IP Spoofing: IP spoofing is a technique where an attacker tricks by sending a packet with the IP source address of a known, trusted host so that the host behaves as it is communicating with a known and trusted entity.
- Password attack: It is an effective attack approach to authenticate unauthorized users. This is done by unencrypted passwords, using social engineering or gaining access to a password database in the same network.
- SQL injection attack: It is an attack on database-driven websites. SQL commands are maliciously inserted into data-plane input in order to run established SQL commands. SQL injection can exploit any database-driven website as it enables attackers to read sensitive data and even modify it.
- Malware attack: Malware is malicious software that can be installed on a targeted device without the user’s consent. Malware can be installed remotely and tracking the source of malware is very difficult.
- Adware: Adware displays lucrative ads on the user’s computers. It is the least dangerous Malware.
- Spyware: Spyware is malware that spies on users, track the internet activities like browsing habits to send targeted Adwares.
- Stalkerware: Its working principle is the same as spyware apps. It also gives access to the location of the user’s device to the hacker.
- Virus: A virus is a program or code that can infect other programs by modifying them.
- Spam: Spams are Electronic junk emails that are sent as commercial advertisements through email.
- Worm: A program that is capable to replicate by itself in a hosted device and deletes data and files on the computer until the drive become empty.
- Trojan: A Trojan horse is a type of malware that is often disguised as legitimate software and creates a backdoor for hackers so that they can have full access to the particular device or network.
- Hoax: A warning e-mail is received by the user citing that a certain system is harming the computer. The email also instructs the user to run a procedure (most often in the form of a download) to recover the system. When this program is run, it captures the system’s database.
- Rootkit: Very hard Malware to detect and remove. Once installed, the software gives the hacker full access to the device.
- Keyloggers: Keyloggers are designed to record everything the user type in the device. Log-in names, passwords, and other sensitive information are recorded and sent to the source of the keylogging program.
- Ransomware: This type of Malware are found in form of legitimate software. Once installed all files of the device are encrypted and the malware demands money or bitcoin transactions in order to recover the files. A text file is placed in every folder to display further instruction.
- Browser Hijacker: It is a type of Malware that redirects a user from his normal search activity and produce the results the developers want the user to see.
- Financial losses and fines to an individual or organisation.
- Brand and business damage and loss of sales.
- Loss of revenue due to denial of service.
- Loss of intellectual property or valuable data.
- Discontinuity of service.
- Can manipulate social networking messages to create unrest, riots, political unrest etc.
- The social or political image of any individual can be harmed.
Cybersecurity awareness is the education and awareness on how to protect a business’s database and other assets. Cybersecurity awareness enables the individual user or an institution to know about the potential impact of a cyber-attack. It also empowers users to reduce risk and prevent cyber-crime from infiltrating their online workspace.
- Threats like WannaCry are emerging more frequently and on a large scale. The biggest ransomware attack to date.
- Phishing scams are the most common and successful technique of cyber attack. A data breach can happen due to human negligence.
- Awareness of the types and patterns of cyberattacks is necessary to prevent potential cyber threats.
- Awareness of sensitive information like passwords, account numbers, PINs, and access codes is required for the overall security of an individual or an organization.
- Regular Data Backup enables users to restore the last well configured and safe data and minimize data loss.
- Users need to be vigilant while using certain file extensions like “.exe” or “. Zip” or during downloading various files, application software, attachments etc.
- Users should avoid clicking links from unknown emails, text or WhatsApp messages.
- Rules in Intrusion Prevention Software (IPS) should be created to disallow the opening of files with extension “.exe” from local App data folders.
- Regular patches and upgrades are must prevent leaks or vulnerabilities in software. These patches and upgrades should always be downloaded from the official websites of the software itself.
- Anti-malware software and updated firewall software should be installed.
- Operating systems should be kept up to date with essential security patches.
- National Cyber Security Policy 2013: Indian Government enacted National Cyber Security Policy to create a guideline for a comprehensive, collaborative and collective response to combat the issues of cyber security in the country.
- Computer Emergency Response Team (CERT-In) has been established as an umbrella organisation for coordination in crisis management efforts including early warning and post-crisis scenarios.
- Cyber Swachhta Kendra: The “Cyber Swachhta Kendra” is a Botnet Cleaning and Malware Analysis Centre (BCMAC), operated under the Indian Computer Emergency Response Team (CERT-In)
Many countries around the world are engaging in digital war and cyber-criminals are targeting reputed business organisations and government projects. New cyber challenges are being originated every day. Misuse of social media platforms is increasing a global scale. In this context, data protection or privacy protection law has gained more importance than ever before. India needs enhanced and comprehensive cyber-security guidelines to keep a check on cyber vulnerabilities and cyber threats.
Mounting a good defence requires understanding the offence. So the understanding of cyber threats helps to protect from unauthorized access to critical and sensitive data. Cyber security has become an integral part of cryptocurrency transactions. So in the ecosystem of growing cyber-attacks, the Indian Government should enact an updated and strong privacy protection law on an urgent basis. Cyber Security Awareness campaigns on a regular basis on various social media platforms, would be very useful steps to make the nation digitally safe and sound.