What started off as an innovation to quench curiosity has today turned out to be the threat of all times to all internet users, businesses, and individuals alike. In November 1988 at Cornell University in the U.S. New York state, a computer science student put in much effort and sleepless nights into a project that would create the first computer worm. What Robert Morris did not know is that, contrary to his good intentions, the self-replicating program gone wrong that he released onto the internet would turn out into a denial of service (DoS) that spread to about 10% of the computers in the ARPANET network, the internet network at the time. This represented about 60,000 computers and as such, was regarded as a massive attack worth $10-$100 million dollars in recovery costs.
To date, the number of data breaches has gone up every year. From stealing customer banking data to hacking government websites to leak information, it seems that there is a stronger resolve by dubious groups and individuals to cause harm. While this single event might have inspired the awareness and introduction to cybersecurity, cybersecurity has become a great concern for businesses in the digital era.
What is cybersecurity?
Cybersecurity, also known as electronic information or information technology security, refers to the deliberate protection of the internet-connected networks and ensuring that all systems within the networks and the data contained in them are safe from both internal and external attacks. Within a network are computers, servers, systems and applications, information, mobile devices, and others.
Cybersecurity comprises tools and technologies, processes and procedures, and best practices that are employed to ensure that the network is secured from threats. Cyber threats come in many versions, including unauthorized access, alteration, deletion, destruction, disablement, disruption, and extortion of an organization’s systems, information, and ultimately its operations. Thus a good cybersecurity strategy is one that enhances the integrity and confidentiality of a business’ information systems and data.
Why is cybersecurity important?
In years to come, it has been estimated that cybercrime will cost the world trillions of dollars. Businesses have suffered massive setbacks, and some even shut down as a result of cyberattacks. Owing to this, every organization should accord cybersecurity utmost priority to prevent loss of finances, clientele, and on the whole, loss of business.
Firstly, there is wider access to the internet, and massive volumes of data are being generated now more than ever. To cyberpunks, this presents an opportunity to reinvent their tactics to become smarter at their game. This calls for a proactive, comprehensive approach to cybersecurity.
Secondly, cybersecurity safeguards the personal information of users and customers as well as the systems used to transmit such information. Government agencies, healthcare, financial, and retail industries are some of the biggest custodians of sensitive data, including personal data, financial data, intellectual property, and more that are usually the target of cyberattacks.
Top 5 of cybersecurity threats
Cyberthreats come in several forms. To address the cybersecurity concerns holistically, it is important to be aware of the different types of threats that exist. However, before looking at the types of cyberthreats, let’s first understand the difference between a cyberattack, a cybercrime, and cyberterrorism.
A cyberattack refers to malicious access to a network, computer system, or other connected devices with the aim of disrupting, disabling, exposing, destroying, or stealing information. Many times cyberwars and cyberterrorism started off as a cyberattack.
A cybercrime, on the other hand, is a criminal activity carried out online through a computer, connected device, or network.
Cyberterrorism, usually politically initiated, is the use of information systems or technology to cause grave disruptions or panic in society.
Here are different types of cybersecurity threats.
- Malware: Short for Malicious software is a program aimed at disrupting or harming a computer user. This could include viruses, spyware, ransomware, and Trojans usually transmitted as email attachments that users download to their computers.
In June 2010, the 500-kb Stuxnet malware infected around 14 industrial sites in Iran in a three-phase attack. From Microsoft OS computers and networks, then to Siemens Step 7 systems used for programming industrial control systems, and on to logic controllers. Stuxnet is reported to have destroyed many centrifuges in the Natanz uranium enrichment facility in Iran.
- Social engineering attack is an attack that targets social interaction to gain unauthorized access to valuable information by tricking victims into taking certain actions. Social engineering attacks broadly cover a number of threats. The most common form of social engineering attack is phishing which in 2020 alone accounted for up to 90% of enterprise breaches. Others include
- Quid pro quo
In 2019, Toyota Boshoku Corporation suffered losses to the tune of $37 million after falling victim to a business email compromise that swayed its finance executive to update a new bank account information for its recipient account.
- Distributed denial of service attack (DDoS). Cybercriminals use this technique when they intend to deny legitimate users of a system, network, or online service by overloading them with more traffic than they can handle. This prevents normal operations of the systems, ultimately stopping an organization from delivering services.
- A man-in-the-middle attack is a type of attack that intercepts data transmission or communication between two terminals pretending to be legitimate participants with the aim of obtaining the data being transferred.
- SQL injection is a type of attack that targets databases and is common in this era of big data. Attackers gain control of and/or steal data from databases by taking advantage of their vulnerabilities.
Steps to developing a solid cybersecurity strategy
A good cybersecurity strategy will help organizations prevent damage costs associated with cyberattacks. Certainly, the damages as a result of these attacks go far beyond financial loss to loss of customer trust and reduced business economic value.
Organizations can take the following steps to mitigate cybersecurity risks.
It may not be enough to have policies and good practices. Part of implementing a good cybersecurity strategy is creating awareness of risks and of the measures put in place to mitigate the risks. Also, training and educating all employees and system users about following the policies is essential. This ensures that the policies put in place are not merely a set of rules but a culture and best practices that everyone can identify with. Training should be practical and include simulations for them to be effective.
Risk management encompasses asset management, identity management, threat management, access management, and security controls. Running risk assessments from time to time helps identify risks and vulnerabilities within the systems, networks, servers, and others while also projecting the impact of such risks occurring. Risk assessments include vulnerability scans and penetration testing.
Effective data management involves identifying and organizing all data under the custody of the organization, evaluating access and access rights for different groups of people or individuals, and establishing proper access controls.
- Incident management and disaster recovery
Incident management refers to the policies and procedures put in place to respond to risks whenever they occur. This should come with measures that can be taken to ensure business recovery and continuity in the event of a cybersecurity incident. This final step requires proper planning and involvement of the right stakeholders.