Internet and technologies lie at the heart of every industry today. It made a revolutionary mark at the world’s economy and cultural institutions. But they have brought along several risks in the form of cyber attacks. The escalation of Internet among the population is getting deep day by-day. This is not only increasing the scope of e-governance and e-commerce in the area of healthcare, banking, power distribution, etc. but also exposing these sectors to cyber threats like hacking, credential thefts, data tempering, account hijacking, etc. A word that become popular in public awareness ‘cyber’ is now ingrained in our language and mindset, by the virtue of fact that today our society is totally depends on technology.
According to the report of 2019, there were around 62,189 cyber security cases which mainly originated from US, Europe, Brazil, Turkey, China, Pakistan, Bangladesh, Algeria and the UAE countries in the period of Jan-May. And around 10,000 Indian government sites were compromised in this period. According to a report, India needs around one million cyber security professionals to deal with cyber threats effectively.
What is CYBERSECURITY?
Cyber security is a set of strategies, techniques, and controls to reduce risk and ensure that your data assets are protected. Implementing cybersecurity measures is like someone need lock their door knowing that something bad can happen – like someone like a stranger can get access to your personal space.
A software company gave some other definition on cybersecurity: Cybersecurity refers to the use of network architecture, software and other technologies to protect organizations and individuals from cyber attacks. The objectives o cybersecurity is to prevent or mitigate harm to or destruction of computer networks, applications, devices and data. According to this software company (Check Point), there are some benefits of advocating cybersecurity into the system like:
I. It can boost innovation by ensuring safer collaboration across all environment including cloud storage and mobile.
II. It can scale intelligently and securely
III. Avoid data breaches and other cyber attacks that can drive down the value or your business (Verizon bought Yahoo at $350 million less than it’s original price because of its data breaches).
What is cybersecurity risk?
According to the Oxford Dictionary definition of cyber threat, “The possibility of a malicious attempt to damage or disrupt a computer network or system.” But to dig in more insights, Check Point gave a possible definition to it. A cyber attack is an assault launched by cybercriminals using one or more computers against a single or multiple computers or networks. A cyber attack can maliciously disable computers, steal data, or use a breached computer as a launch point for other attacks. According to them, Cybercriminals use a variety of methods to launch a cyber attack, including malware, phishing, ransomware, denial of service, among other methods.
What are the types of cyber threat?
Cyber threats typically consist of one or more of the following types of attacks but below mentioned are the most common types of cyber threat:
· Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks
· Man-in-the-middle (MitM) attack
· Phishing attacks
· Drive-by attack
· Password attack
· SQL injection attack
· Cross-site scripting (XSS) attack
· Eavesdropping attack
· Ransom ware Attack
· Al- Powered Attacks
1. Denial of service--- A denial of service attack is a brute force method to try stop some online service from working properly. An attacker might infiltrate severe traffick to a website or so many requests to a database that it overwhelms that system ability to function and make them inaccessible to anybody. A Distributed denial of service (DDoS) attack uses an army of computers, usually compromised by malware and under the control of cybercriminals, to funnel the traffic towards the targets.
2. Man in the middle---MITM is method of cyber attack where the criminals manage to interpose themselves secretly between the user and the official website where they are going to plant their access. An attacker might setup a Wi-Fi network with a login screen designed to mimic a hotel network. Once the user login to that and give their personal information like banking passwords, the attacker can harvest to that information.
3. Phishing Attack--- It is a technique by which cybercriminals craft links or forms to fool a target into taking some harmful action. The recipient might be tricked into downloading malware that disguised like an important document, for instance, or urged to click on a link that takes them to a fake website where they’ll be asked for sensitive information like bank usernames, Id, passwords, m-pin etc. Thus cybercriminals get access to the useful information and banking of the target.
4. Drive by Attack --- Drive-by attacks are security threats that download unwanted materials from a website. It is also one of the most common ways of spreading malware. All the hacker has to do is to plant code on the page. You have probably seen a few pop-ups that do not relate in any way to what you are searching on the internet. Such pop-ups are drive-by attacks.
5. Password Attack --- As its name signifies, password attack is an attempt to steal passwords from the user. Since passwords are the most common authentication means, attackers are always on the lookout for ways to use this cyber-attack.
6. SQL injection--- It is a method by which an attacker can hack and get the access to someone’s database. Many databases are designed to obey commands written in the Structured Query Language (SQL) and many websites that take information from users send that data to SQL database. In a SQL injection attack, a hacker will, for instance write some SQL commands into a web form that’s asking for name and address information. If the website and database aren’t programmed correctly, the database might try to execute those commands.
7. Cross-site scripting (XSS) Attack --- it is a cyber-attack where an attacker sends malicious code to a reputable website. It is an attack that can happen only when a website allows a code to attach to its own code. The attacker bundles together two scripts and send to the victim. As soon as the script executes, the attacker receives a cookie. With this type of cyber-attack, hackers can collect sensitive data and monitor the activities of the victim.
8. Eavesdropping attack --- It is also known as snooping, network security threat, or sniffing. It is very similar to the man-in-the-middle attack, but it does not allow a secure connection between the user and a server. Theft of data and information happened only after you send them out, so they do not get across to the server. Unsecured and weak network transmissions allow this security breach to thrive. Any device within the network is susceptible to an eavesdropping attack from hackers.
9. Ransom ware Attack --- It is a form of malware that encrypts a victim's useful personal files. The attacker then demands a ransom from the victim to restore access to the data upon payment. The cost can range from few hundred dollars to thousands, and typically payable to cyber criminals in crypto currency.
10. Al-Powered Attack --- Artificial intelligence (AI) has been making ground-breaking success in recent years. Almost every gadget has some application of AI in it, which heightens the scare of an AI-powered cyber-attack. Such security threats will have the most devastating effects as autonomous cars, drones, and computer systems can be hacked by artificial intelligence. AI can also shut down power supplies, national security systems, and hospitals
Cyber Security Risk Analysis:
Risk analysis refers to the review of risks involved in particular action or event. The risk analysis is refers to information technology, projects, security issues and other event where risks may be analyzed on quantitative and qualitative basis. Risks are part of every IT project and business organizations. The analysis of risk occurred on a regularly basis and updated to identify new potential threats. The strategic risk analysis helps to minimize the future risk probability and damages. Enterprise and organization used risk analysis:
· To reduce the effect of harmful results occurred from adverse events.
· To plan the technology or equipment failure or loss from adverse events include both natural and human-caused.
· To evaluate the potential risks of a project and balanced the decision process.
· To identify the impact and prepare for changes in the organizational environment.
Steps in the risk analysis process
The basic steps followed by a risk analysis process are:
· Conduct a risk assessment survey:
Getting the input from management and department heads is critical to the risk assessment process. The risk assessment survey refers to begin documenting the specific risks or threats within each department.
· Identify the risks:
This step is used to evaluate an IT system or other aspects of an organization to identify the risk related to software, hardware, data, and IT employees. It identifies the possible adverse events that could occur in an organization such as human error, flooding, fire, or earthquakes.
· Analyse the risks:
Once the risks are evaluated and identified, the risk analysis process should analyse each risk that will occur, as well as determine the consequences linked with each risk. It also determines how they might affect the objectives of an IT project.
· Develop a risk management plan:
After analysis of the Risk that provides an idea about which assets are valuable and which threats will probably affect the IT assets negatively, we would develop a plan for risk management to produce control recommendations that can be used to mitigate, transfer, accept or avoid the risk.
· Implement the risk management plan:
The primary goal of this step is to implement the measures to remove or reduce the analyses risks. We can remove or reduce the risk from starting with the highest priority and resolve or at least mitigate each risk so that it is no longer a threat.
· Monitor the risks:
This step is responsible for monitoring the security risk on a regular basis for identifying, treating and managing risks that should be an essential part of any risk analysis process
Statistics of cybercrime in India:
Cybersecurity breach is becoming a day-to-day struggle for business. From recent trends and cybersecurity statistics reveal a huge increase in hacked and breached data from sources that are increasingly common in the workplace, like mobile and IoT (Internet of Things) devices. Some important cybersecurity facts and stats are as follows:
Ø Worldwide spending on cybersecurity is forecasted to reach $133.7 billion in 2022. (Gartner)
Ø 62% of businesses experienced phishing and social engineering attacks in 2018. (Cybint Solutions)
Ø 68% of business leaders feel their cybersecurity risks are increasing. (Accenture)
Cyber security Forecast and Market Estimates:
Cyber security now dominates the priorities of every organization as each adapts to a post-COVID 19 world. Remote workers identities’ and devices are the new security perimeter. This is what Zero Trust Security was designed for, and the post-pandemic world is its acid test and crucible. Cyber attackers are quick to attack new unprotected threat surfaces created when tens of millions of employees started working from home. In a post-COVID-19 world, cyber security is as critical as Internet access itself.
Key insights from the series of cyber security market forecasts and market estimates include the following:
· The global cyber security market is currently worth $173B in 2020, growing to $270B by 2026.
· Network, data, and endpoint security are the three leading use cases of A.I. in cyber security today, according to I.T. executives.
· The global cyber security market is predicted to grow from $167.1B in 2019 to $248.26B by 2023, attaining a 10.4% CAGR, according to Statistic.
· There has been a 667% increase in spear-fishing e-mail attacks related to COVID-19 since the end of February alone.
· Fraud detection, malware detection, intrusion detection, scoring risk in a network, and user/machine behavioral analysis are the five highest A.I. use cases for improving cyber security.
· The average total cost of a data breach in the U.S. for the companies studied has grown from $3.54M in 2006 to $8.19M in 2019, a 130% increase over 14 years.
· The global cyber security market will be worth $300B by 2024, according to Global Insights.
· On average, an enterprise has six incidents of fraud in the last 24 months, with Financial Services firms being the primary target.
· Enterprises who lead their industries in cyber resilience rely in A.I. to reduce the number of successful attacks and deliver a more consistent quality of response.
· 71% of UK-based business decision makers believe the shift to 100% remote working during the COVID-19 crisis has increased the likelihood of a cyber-breach.
One of the best ways to protect your sensitive information and online business from cybercriminals is protect your system by making use of unfathomable security that uses a unified system of software and hardware. People can use strong passwords and keep updating that. People can keep their software updated. People can manage their social media settings by keeping them locked down. People can teach their children about safe internet surfing and be cautious about clicking any unprotected links.If somebody become the victim of cyber attack, first they need to alert the local police, in some cases FBI and the Federal Trade Commission. Victims can take the help of lawsuits. There are government sites where anyone can report cybercrime like National Cyber Crime Reporting Portal. Overall people need to know the importance of education about the types of scam that exist on the internet and how to turn away them.