Log in

“Cyber Security”- the need of the hour.

By: Sanjenbam Jugeshwor Singh.

Computer  security,  Cyber  security  or  information  technology  security  (IT  security)  is  the protection of computer system from theft or damage to their hardware, software or electronic data as well as from disruption or misdirection of the services they provide. The field is growing importance due to increasing reliance on computer system, the Internet and wireless networks such as Bluetooth and Wi-Fi and due to the growth of smart devices including smart phones, television and various tiny devices that constitute the Internet of things. Due to its complexity both  in  terms  of  politics  and  technology,  it  is  also  one  of  the  major  challenges  of  the contemporary world.  
       A vulnerability is a weakness in design, implementation, operation or internal control. Most of the vulnerabilities that have been discovered are documented in the common vulnerabilities and exposure (CVE) database. An exploitable vulnerability is one for which at least one working attack or exploit exist. Vulnerabilities are often hunted or exploited with the aid of automated tools or manually using customized scripts. To secure a computer system ,it is important to understand the attacks that can be made against it, and these threats can typically classified as(i)  Backdoor  in  computer  system  ,a  cryptosystem  or  an  algorithm  is  any  secrete  method  of bypassing  normal  authentication  or  security  control  (ii)  Denial  –of-service  attacks(DoS)are designed  to  make  a  machine  or  network  resource  unavailable  to  its  intended  users(iii) Direct-access attacks, which is an unauthorized user gaining physical access to a computer is most likely able to directly copy  data  from  it.(iv)  Eavesdropping  is  the  act  of  surreptitiously  listening  to  a  private conversation  ,typically  between  hosts  on  a  network.(v)  Multivector,  polymorphic  attacks ,surfacing in 2017 ,a new class of multivector, polymorphic cyber threats .(vi) Phishing is the attempt to acquire sensitive information such as usernames, passwords and credit card details directly from users.(vii) Privilege escalation describes a situation where an attacker with some level of restricted access is able to without authorization ,elevate their privilege or access level.(viii) Social Engineering aims to convince a user to disclose secrets such as passwords ,card number etc.(ix) Spoofing is the act of masquerading as a valid entity through falsification of data such as IP address or username in order to gain access to information or resources that one is authorized to obtain.(x) Tampering describe a malicious modification of product.  
       Many people think of cybersecurity as a highly technical challenge, one that consumes the brain power of technical experts, however the general public plays a vital role in cybersecurity. If cybersecurity & cybercrime deterrence are not treated as priorities, the rate at which system and data are abused will continue to rise, further undermining the public’s trust in technology. The growth in the number of computer systems and the increasing reliance upon them of individuals ,businesses ,industries and government means that there are an increasing number of system at risk, which may be financial system, utilities and industrial equipment, Aviation, Consumer devices  ,Large  corporations,  Automobiles  ,  Government,  Internet  of  things  and  physical vulnerabilities, medical systems, energy sector etc. Serious financial damage has been caused by security breaches but because there is no standard model for estimating the cost of an incident, the data available is that which is made public by the organization involved. As with physical security, the motivations for breaches of computer security vary between attackers.

       In  computer  security  a  countermeasure  is  an  action,  device,  procedure  or  technique  that reduces a threat, a vulnerability or an attack by eliminating or preventing it by minimizing the harm it can cause or by discovering and reporting it so that corrective action can be taken. Some  common  countermeasure  are:  Security  by  design,  security  architecture,  Security  measures, Vulnerability management, reducing vulnerabilities, Hardware protection mechanisms ,Secure operating systems, secure coding ,capabilities and access control lists, end user security training, response to breaches. Incident response is an organized approach to addressing and managing the aftermath of a computer security incident or compromise with the goal of preventing a breach or thwarting a cyber-attack.  Incident response planning allows an organization to establish a series of best practices to stop an intrusion before it causes damage. Four key components of computer security incident response plan are: preparation, detection & analysis, containment, eradication & recovery and post incident activity.  Some  of  the  important components of Network security are- Anti-virus and anti-spyware, Firewall to block unauthorized access to your network, intrusion prevention system (IPS) to identify fast-spreading threats  such as  zero day or zero hour attacks and Virtual Private networks((VPNs) to provide secure remote access.  
       International legal issues of cyber-attacks are complicated in nature. There is no global base of common rules to judge and eventually punish, cybercrimes and cybercriminals and cyber security firms or agencies do locate the cybercriminals behind the creation of a particular piece of malware or form of cyber-attack ,often the local authorities cannot take action due to lack of laws  under  which  to  prosecute.  The role of government is to make regulations to force companies and organizations to protect their systems, infrastructure and information from any cyber- attacks but also to protect its own national infrastructure such as the national power grid. In India some  provisions  for  cyber  security  have  been  incorporated  into  rules  framed  under  the  Information  Technology  Act  2000.The  National  Cyber  Security  policy  2013  is  a  policy framework by Ministry of Electronics and Information Technology (MeitY) which aims to protect the public and  private  infrastructure  from  cyber-attack  and  safeguard  information  such  as  personal  information  (of  web  user),  financial  and  banking  information  and  sovereign  data. CERT-In  is  the  nodal  agency  which  monitors  the  cyber  threats  in  the  country.  The Indian Companies Act 2013 has also introduced cyber law and cyber security obligations on the part of Indian directors. Some provisions for cyber security have been incorporated into rules framed under the Information Technology Act 2000 updated in 2013.On the top of all these legality, what we can do simply is  educate yourself and others on the preventive measures you can take in order to protect yourself as an individual or as a business. 

Some of the important tips about cyber security that we common  people  can  do    are: become  vigilant  when  browsing websites,  flag  and  report suspicious e-mails, never click on unfamiliar links or ads, use a VPN whenever possible, ensure websites are safe before entering credentials, keep antivirus/ application system up to date,  use strong passwords with 14+ characters.

Last modified onWednesday, 10 April 2019 17:40

Leave a comment

Please do not post Hate Speech, derogatory, racist, obscene, spam comments.