Contents

Introductory part
Part I: Cyber security. Historical background
Part II: Common threats
Part III: Countermeasures
Summary
References
Introduction
Computer security, cybersecurity, or information technology security (IT
security) is the protection of computer systems and networks from information
disclosure, theft of, or damage to their hardware, software, or electronic data, as
well as from the disruption or misdirection of the services they provide.
The field has become significant due to the expanded reliance on computer
systems, the Internet, and wireless network standards such as Bluetooth and Wi-
Fi, and due to the growth of "smart" devices, including smartphones, televisions,
and the various devices that constitute the Internet of things (IoT). Cybersecurity
is also one of the significant challenges in the contemporary world, due to its
complexity, both in terms of political usage and technology. Its primary goal is to
ensure the system's dependability, integrity, and data privacy.
Part I: Cyber security. Historical background
Since the Internet's arrival and with the digital transformation initiated in recent
years, the notion of cybersecurity has become a familiar subject in both our
professional and personal lives. Cybersecurity and cyber threats have been
consistently present for the last 50 years of technological change. In the 1970s
and 1980s, computer security was mainly limited to academia until the
conception of the Internet, where, with increased connectivity, computer viruses
and network intrusions began to take off. After the spread of viruses in the 1990s,
the 2000s marked the institutionalization of cyber threats and cybersecurity.
Finally, from the 2010s, large-scale attacks and government regulations started
emerging.
The April 1967 session organized by Willis Ware at the Spring Joint Computer
Conference, and the later publication of the Ware Report, were foundational
moments in the history of the field of computer security. Ware's work straddled
the intersection of material, cultural, political, and social concerns.
A 1977 NIST publication introduced the "CIA triad" of Confidentiality, Integrity,
and Availability as a clear and simple way to describe key security goals. While
still relevant, many more elaborate frameworks have since been proposed.
However, in the 1970s and 1980s there were no grave computer threats because
computers and the internet were still developing, and security threats were easily
identifiable. Most often, threats came from malicious insiders who gained
unauthorized access to sensitive documents and files. Although malware and
network breaches existed during the early years, they did not use them for
financial gain. However, by the second half of the 1970s, established computer
firms like IBM started offering commercial access control systems and computer
security software products.
It started with Creeper in 1971. Creeper was an experimental computer program
written by Bob Thomas at BBN. It is considered the first computer worm.
In 1972, the first anti-virus software was created, called Reaper. It was created by
Ray Tomlinson to move across the ARPANET and delete the Creeper worm.
Between September 1986 and June 1987, a group of German hackers performed
the first documented case of cyber espionage. The group hacked into American
defense contractors, universities, and military bases' networks and sold gathered
information to the Soviet KGB. The group was led by Markus Hess, who was
arrested on 29 June 1987. He was convicted of espionage (along with two co-
conspirators) on 15 Feb 1990.
In 1988, one of the first computer worms, called the Morris worm, was
distributed via the Internet. It gained significant mainstream media attention.
In 1993, Netscape started developing the protocol SSL, shortly after the National
Center for Supercomputing Applications (NCSA) launched Mosaic 1.0, the first
web browser, in 1993. Netscape had SSL version 1.0 ready in 1994, but it was
never released to the public due to many serious security vulnerabilities. These
weaknesses included replay attacks and a vulnerability that allowed hackers to
alter unencrypted communications sent by users. However, in February 1995,
Netscape launched the Version 2.0.
Protecting information systems includes evaluating software, identifying security
flaws, and taking steps to correct the flaws, which is a defensive action.
Collecting intelligence includes exploiting security flaws to extract information,
which is an offensive action.
The agency analyzes commonly used software in order to find security flaws,
which it reserves for offensive purposes against competitors. The agency seldom
takes defensive action by reporting the flaws to software producers so that they
can eliminate them.

Part II: Common threats

A vulnerability is a weakness in design, implementation, operation, or internal
control. Most of the vulnerabilities that have been discovered are documented in
the Common Vulnerabilities and Exposures (CVE) database. An exploitable
vulnerability is one for which at least one working attack or "exploit" exists.
Vulnerabilities can be researched, reverse-engineered, hunted, or exploited using
automated tools or customized scripts. To secure a computer system, it is
important to understand the attacks that can be made against it, and these threats
can typically be classified into one of these categories below:
Backdoor
A backdoor in a computer system, a cryptosystem or an algorithm, is any secret
method of bypassing normal authentication or security controls. They may exist
for many reasons, including by original design or poor configuration. They may
have been added by an authorized party to allow some legitimate access, or by an
attacker for malicious reasons; but regardless of the motives for their existence,
they create a vulnerability. Backdoors can be very hard to detect, and detection of
backdoors is usually discovered by someone who has access to application
source code or intimate knowledge of the operating system of the computer.
Denial-of-service attack
Denial of service attacks (DoS) are designed to make a machine or network
resource unavailable to its intended users. Attackers can deny service to
individual victims, such as by deliberately entering a wrong password enough
consecutive times to cause the victim's account to be locked, or they may
overload the capabilities of a machine or network and block all users at once.
While a network attack from a single IP address can be blocked by adding a new
firewall rule, many forms of Distributed denial of service (DDoS) attacks are
possible, where the attack comes from a large number of points – and defending
is much more difficult. Such attacks can originate from the zombie computers of
a botnet or from a range of other possible techniques, including reflection and
amplification attacks, where innocent systems are fooled into sending traffic to
the victim.
Direct-access attacks
An unauthorized user gaining physical access to a computer is most likely able to
directly copy data from it. They may also compromise security by making
operating system modifications, installing software worms, keyloggers, covert
listening devices or using wireless microphones. Even when the system is
protected by standard security measures, these may be bypassed by booting
another operating system or tool from a CD-ROM or other bootable media. Disk
encryption and Trusted Platform Module are designed to prevent these attacks.
Eavesdropping
Eavesdropping is the act of surreptitiously listening to a private computer
"conversation" (communication), typically between hosts on a network. For
instance, programs such as Carnivore and NarusInSight have been used by the
FBI and NSA to eavesdrop on the systems of internet service providers. Even
machines that operate as a closed system (i.e., with no contact to the outside
world) can be eavesdropped upon via monitoring the faint electromagnetic
transmissions generated by the hardware.
Multi-vector, polymorphic attacks
Surfacing in 2017, a new class of multi-vector, polymorphic cyber threats
combined several types of attacks and changed form to avoid cybersecurity
controls as they spread.
Phishing
Phishing is the attempt of acquiring sensitive information such as usernames,
passwords, and credit card details directly from users by deceiving the users.
Phishing is typically carried out by email spoofing or instant messaging, and it
often directs users to enter details at a fake website whose "look" and "feel" are
almost identical to the legitimate one. The fake website often asks for personal
information, such as log-in details and passwords. This information can then be
used to gain access to the individual's real account on the real website. Preying
on a victim's trust, phishing can be classified as a form of social engineering.
Attackers are using creative ways to gain access to real accounts. A common
scam is for attackers to send fake electronic invoices. to individuals showing that
they recently purchased music, apps, or others, and instructing them to click on a
link if the purchases were not authorized.
Privilege escalation
Privilege escalation describes a situation where an attacker with some level of
restricted access is able to, without authorization, elevate their privileges or
access level. For example, a standard computer user may be able to exploit a
vulnerability in the system to gain access to restricted data; or even become
"root" and have full unrestricted access to a system.
Reverse engineering
Reverse engineering is the process by which a man-made object is deconstructed
to reveal its designs, code, architecture, or to extract knowledge from the object;
similar to scientific research, the only difference being that scientific research is
about a natural phenomenon.
Side-channel attack
Any computational system affects its environment in some form. This effect it
has on its environment, includes a wide range of criteria, which can range from
electromagnetic radiation, to residual effect on RAM cells which as a consequent
make a Cold boot attack possible, to hardware implementation faults which allow
for access and or guessing of other values that normally should be inaccessible.
In Side-channel attack scenarios the attacker would gather such information
about a system or network to guess its internal state, and as a result access the
information which is assumed by the victim to be secure.
Social engineering
Social engineering, in the context of computer security, aims to convince a user
to disclose secrets such as passwords, card numbers, etc. or grant physical access
by, for example, impersonating a senior executive, bank, a contractor, or a
customer. This generally involves exploiting peoples trust, and relying on their
cognitive biases. A common scam involves emails sent to accounting and finance
department personnel, impersonating their CEO and urgently requesting some
action.
Spoofing
Spoofing is an act of masquerading as a valid entity through falsification of data
(such as an IP address or username), in order to gain access to information or
resources that one is otherwise unauthorized to obtain. There are several types of
spoofing, including:
Email spoofing, is where an attacker forges the sending (From, or source) address
of an email.
IP address spoofing, where an attacker alters the source IP address in a network
packet to hide their identity or impersonate another computing system.
MAC spoofing, where an attacker modifies the Media Access Control (MAC)
address of their network interface controller to obscure their identity, or to pose
as another.
Biometric spoofing, where an attacker produces a fake biometric sample to pose
as another user.
Tampering
Tampering describes a malicious modification or alteration of data. So-called
Evil Maid attacks and security services planting of surveillance capability into
routers are examples.
Malware
Malicious software (malware) installed on a computer can leak personal
information, can give control of the system to the attacker and can delete data
permanently.
Systems at risk
The growth in the number of computer systems and the increasing reliance upon
them by individuals, businesses, industries, and governments means that there are
an increasing number of systems at risk.
Financial systems
The computer systems of financial regulators and financial institutions like the
investment banks, and commercial banks are prominent hacking targets for
cybercriminals interested in manipulating markets and making illicit gains.
Websites and apps that accept or store credit card numbers, brokerage accounts,
and bank account information are also prominent hacking targets, because of the
potential for immediate financial gain from transferring money, making
purchases, or selling the information on the black market. In-store payment
systems and ATMs have also been tampered with in order to gather customer
account data and PINs.
Utilities and industrial equipment
Computers control functions at many utilities, including coordination of
telecommunications, the power grid, nuclear power plants, and valve opening
and closing in water and gas networks. The Internet is a potential attack vector
for such machines if connected, but the Stuxnet worm demonstrated that even
equipment controlled by computers not connected to the Internet can be
vulnerable.
Aviation
The aviation industry is very reliant on a series of complex systems which could
be attacked. A simple power outage at one airport can cause repercussions
worldwide, much of the system relies on radio transmissions which could be
disrupted, and controlling aircraft over oceans is especially dangerous because
radar surveillance only extends 175 to 225 miles offshore. There is also potential
for attack from within an aircraft.
The consequences of a successful attack range from loss of confidentiality to loss
of system integrity, air traffic control outages, loss of aircraft, and even loss of
life.
Consumer devices
Desktop computers and laptops are commonly targeted to gather passwords or
financial account information, or to construct a botnet to attack another target.
Smartphones, tablet computers, smart watches, and other mobile devices such as
quantified self-devices like activity trackers have sensors such as cameras,
microphones, GPS receivers, compasses, and accelerometers which could be
exploited, and may collect personal information, including sensitive health
information. Wi-Fi, Bluetooth, and cell phone networks on any of these devices
could be used as attack vectors, and sensors might be remotely activated after a
successful breach.
The increasing number of home automation devices such as the Nest thermostat
are also potential targets.
Large corporations
Large corporations are common targets. In many cases attacks are aimed at
financial gain through identity theft and involve data breaches.
Medical records have been targeted in general identify theft, health insurance
fraud, and impersonating patients to obtain prescription drugs for recreational
purposes or resale. Although cyber threats continue to increase, 62% of all
organizations did not increase security training for their business.
Automobiles
Vehicles are increasingly computerized, with engine timing, cruise control, anti-
lock brakes, seat belt tensioners, door locks, airbags and advanced driver-
assistance systems on many models. Additionally, connected cars may use WiFi
and Bluetooth to communicate with onboard consumer devices and the cell
phone network. Self-driving cars are expected to be even more complex. All of
these systems carry some security risk, and such issues have gained wide
attention.
Simple examples of risk include a malicious compact disc being used as an attack
vector, and the car's onboard microphones being used for eavesdropping.
However, if access is gained to a car's internal controller area network, the
danger is much greater – hackers remotely carjacked a vehicle from 10 miles
away and drove it into a ditch.
Government
Government and military computer systems are commonly attacked by activists
and foreign powers. Local and regional government infrastructure such as traffic
light controls, police and intelligence agency communications, personnel records,
student records, and financial systems are also potential targets as they are now
all largely computerized. Passports and government ID cards that control access
to facilities which use RFID can be vulnerable to cloning.
Internet of things and physical vulnerabilities
The Internet of things (IoT) is the network of physical objects such as devices,
vehicles, and buildings that are embedded with electronics, software, sensors, and
network connectivity that enables them to collect and exchange data. Concerns
have been raised that this is being developed without appropriate consideration of
the security challenges involved.
While the IoT creates opportunities for more direct integration of the physical
world into computer-based systems, it also provides opportunities for misuse. In
particular, as the Internet of Things spreads widely, cyberattacks are likely to
become an increasingly physical (rather than simply virtual) threat. If a front
door's lock is connected to the Internet, and can be locked/unlocked from a
phone, then a criminal could enter the home at the press of a button from a stolen
or hacked phone. People could stand to lose much more than their credit card
numbers in a world controlled by IoT-enabled devices. Thieves have also used
electronic means to circumvent non-Internet-connected hotel door locks.
An attack that targets physical infrastructure and/or human lives is sometimes
referred to as a cyber-kinetic attack. As IoT devices and appliances gain
currency, cyber-kinetic attacks can become pervasive and significantly
damaging.
Medical systems
Medical devices have either been successfully attacked or had potentially deadly
vulnerabilities demonstrated, including both in-hospital diagnostic equipment
and implanted devices including pacemakers and insulin pumps. There are many
reports of hospitals and hospital organizations getting hacked, including
ransomware attacks, Windows XP exploits, viruses, and data breaches of
sensitive data stored on hospital servers.
Energy sector
In distributed generation systems, the risk of a cyber-attack is real. An attack
could cause a loss of power in a large area for a long period of time, and such an
attack could have just as severe consequences as a natural disaster.
Part III: Countermeasures
Employee behavior can have a big impact on information security in
organizations. Cultural concepts can help different segments of the organization
work effectively or work against effectiveness towards information security
within an organization. Information security culture is the totality of patterns of
behavior in an organization that contributes to the protection of information of all
kinds:
 Pre-evaluation: To identify the awareness of information security within
employees and to analyze the current security policies.
 Strategic planning: To come up with a better awareness program, clear targets
need to be set. Assembling a team of skilled professionals is helpful to achieve
it.
 Operative planning: A good security culture can be established based on
internal communication, management-buy-in, security awareness and a
training program.
 Implementation: Four stages should be used to implement the information
security culture. They are:
1. Commitment of the management
2. Communication with organizational members
3. Courses for all organizational members
4. Commitment of the employees
 Post-evaluation: To assess the success of the planning and implementation,
and to identify unresolved areas of concern.
In computer security, a countermeasure is an action, device, procedure or
technique that reduces a threat, a vulnerability, or an attack by eliminating or
preventing it, by minimizing the harm it can cause, or by discovering and
reporting it so that corrective action can be taken.
Some common countermeasures are listed in the following sections:
Security by design
Security by design, or alternately secure by design, means that the software has
been designed from the ground up to be secure. In this case, security is
considered as a main feature.
Some of the techniques in this approach include:
 The principle of least privilege, where each part of the system has only the
privileges that are needed for its function. That way, even if an attacker gains
access to that part, they only have limited access to the whole system.
 Automated theorem proving to prove the correctness of crucial software
subsystems.
 Code reviews and unit testing, approaches to make modules more secure
where formal correctness proofs are not possible.
 Defense in depth, where the design is such that more than one subsystem
needs to be violated to compromise the integrity of the system and the
information it holds.
 Default secure settings, and design to "fail secure" rather than "fail insecure"
(see fail-safe for the equivalent in safety engineering). Ideally, a secure system
should require a deliberate, conscious, knowledgeable and free decision on the
part of legitimate authorities in order to make it insecure.
 Audit trails track system activity so that when a security breach occurs, the
mechanism and extent of the breach can be determined. Storing audit trails
remotely, where they can only be appended to, can keep intruders from
covering their tracks.
 Full disclosure of all vulnerabilities, to ensure that the "window of
vulnerability" is kept as short as possible when bugs are discovered.
Security architecture
The Open Security Architecture organization defines IT security architecture as
"the design artifacts that describe how the security controls (security
countermeasures) are positioned, and how they relate to the overall information
technology architecture. These controls serve the purpose to maintain the
system's quality attributes: confidentiality, integrity, availability, accountability
and assurance services".
Techopedia defines security architecture as "a unified security design that
addresses the necessities and potential risks involved in a certain scenario or
environment. It also specifies when and where to apply security controls. The
design process is generally reproducible." The key attributes of security
architecture are:
 the relationship of different components and how they depend on each
other.
  determination of controls based on risk assessment, good practices,
finances, and legal matters.
 the standardization of controls.
Practicing security architecture provides the right foundation to systematically
address business, IT and security concerns in an organization.
Security measures
A state of computer "security" is the conceptual ideal, attained by the use of the
three processes: threat prevention, detection, and response. These processes are
based on various policies and system components, which include the following:
User account access controls and cryptography can protect systems files and data,
respectively.
Firewalls are by far the most common prevention systems from a network
security perspective as they can (if properly configured) shield access to internal
network services, and block certain kinds of attacks through packet filtering.
Firewalls can be both hardware and software-based.
Intrusion Detection System (IDS) products are designed to detect network attacks
in-progress and assist in post-attack forensics, while audit trails and logs serve a
similar function for individual systems.
"Response" is necessarily defined by the assessed security requirements of an
individual system and may cover the range from simple upgrade of protections to
notification of legal authorities, counter-attacks, and the like. In some special
cases, the complete destruction of the compromised system is favored, as it may
happen that not all the compromised resources are detected.
Today, computer security consists mainly of "preventive" measures, like
firewalls or an exit procedure. A firewall can be defined as a way of filtering
network data between a host or a network and another network, such as the
Internet, and can be implemented as software running on the machine, hooking
into the network stack (or, in the case of most UNIX-based operating systems
such as Linux, built into the operating system kernel) to provide real-time
filtering and blocking. Another implementation is a so-called "physical firewall",
which consists of a separate machine filtering network traffic. Firewalls are
common amongst machines that are permanently connected to the Internet.
Some organizations are turning to big data platforms, such as Apache Hadoop, to
extend data accessibility and machine learning to detect advanced persistent
threats.
However, relatively few organizations maintain computer systems with effective
detection systems, and fewer still have organized response mechanisms in place.
As a result, companies for the first time report they are losing more through
electronic theft of data than physical stealing of assets. The primary obstacle to
effective eradication of cybercrime could be traced to excessive reliance on
firewalls and other automated "detection" systems. Yet it is basic evidence
gathering by using packet capture appliances that puts criminals behind bars.
In order to ensure adequate security, the confidentiality, integrity and availability
of a network, better known as the CIA triad, must be protected and is considered
the foundation to information security. To achieve those objectives,
administrative, physical and technical security measures should be employed.
The amount of security afforded to an asset can only be determined when its
value is known.
Vulnerability management
Vulnerability management is the cycle of identifying, remediating or mitigating
vulnerabilities, especially in software and firmware. Vulnerability management is
integral to computer security and network security.
Vulnerabilities can be discovered with a vulnerability scanner, which analyzes a
computer system in search of known vulnerabilities, such as open ports, insecure
software configuration, and susceptibility to malware. In order for these tools to
be effective, they must be kept up to date with every new update the vendor
release. Typically, these updates will scan for the new vulnerabilities that were
introduced recently.
Beyond vulnerability scanning, many organizations contract outside security
auditors to run regular penetration tests against their systems to identify
vulnerabilities. In some sectors, this is a contractual requirement.
Reducing vulnerabilities
While formal verification of the correctness of computer systems is possible it is
not yet common. Operating systems formally verified include seL4, and
SYSGO's PikeOS – but these make up a very small percentage of the market.
Two factor authentication is a method for mitigating unauthorized access to a
system or sensitive information. It requires "something you know"; a password or
PIN, and "something you have"; a card, dongle, cellphone, or another piece of
hardware. This increases security as an unauthorized person needs both of these
to gain access.
Social engineering and direct computer access (physical) attacks can only be
prevented by non-computer means, which can be difficult to enforce, relative to
the sensitivity of the information. Training is often involved to help mitigate this
risk, but even in highly disciplined environments (e.g., military organizations),
social engineering attacks can still be difficult to foresee and prevent.
Inoculation, derived from inoculation theory, seeks to prevent social engineering
and other fraudulent tricks or traps by instilling a resistance to persuasion
attempts through exposure to similar or related attempts.
It is possible to reduce an attacker's chances by keeping systems up to date with
security patches and updates, using a security scanner and/or hiring people with
expertise in security, though none of these guarantee the prevention of an attack.
The effects of data loss/damage can be reduced by careful backing up and
insurance.
Hardware protection mechanisms
While hardware may be a source of insecurity, such as with microchip
vulnerabilities maliciously introduced during the manufacturing process,
hardware-based or assisted computer security also offers an alternative to
software-only computer security. Using devices and methods such as dongles,
trusted platform modules, intrusion-aware cases, drive locks, disabling USB
ports, and mobile-enabled access may be considered more secure due to the
physical access (or sophisticated backdoor access) required in order to be
compromised. Each of these is covered in more detail below.
 USB dongles are typically used in software licensing schemes to unlock
software capabilities, but they can also be seen as a way to prevent
unauthorized access to a computer or other device's software. The dongle, or
key, essentially creates a secure encrypted tunnel between the software
application and the key. The principle is that an encryption scheme on the
dongle, such as Advanced Encryption Standard (AES) provides a stronger
measure of security since it is harder to hack and replicate the dongle than to
simply copy the native software to another machine and use it. Another
security application for dongles is to use them for accessing web-based
content such as cloud software or Virtual Private Networks (VPNs). In
addition, a USB dongle can be configured to lock or unlock a computer.
 Trusted platform modules (TPMs) secure devices by integrating cryptographic
capabilities onto access devices, through the use of microprocessors, or so-
called computers-on-a-chip. TPMs used in conjunction with server-side
 software offer a way to detect and authenticate hardware devices, preventing
unauthorized network and data access.
 Computer case intrusion detection refers to a device, typically a push-button
switch, which detects when a computer case is opened. The firmware or BIOS
is programmed to show an alert to the operator when the computer is booted
up the next time.
 Drive locks are essentially software tools to encrypt hard drives, making them
inaccessible to thieves. Tools exist specifically for encrypting external drives
as well.
 Disabling USB ports is a security option for preventing unauthorized and
malicious access to an otherwise secure computer. Infected USB dongles
connected to a network from a computer inside the firewall are considered by
the magazine Network World as the most common hardware threat facing
computer networks.
 Disconnecting or disabling peripheral devices (like camera, GPS, removable
storage etc.), that are not in use.
 Mobile-enabled access devices are growing in popularity due to the ubiquitous
nature of cell phones. Built-in capabilities such as Bluetooth, the newer
Bluetooth low energy (LE), Near field communication (NFC) on non-iOS
devices and biometric validation such as thumbprint readers, as well as QR
code reader software designed for mobile devices, offer new, secure ways for
mobile phones to connect to access control systems. These control systems
provide computer security and can also be used for controlling access to
secure buildings.
Secure coding
In software engineering, secure coding aims to guard against the accidental
introduction of security vulnerabilities. It is also possible to create software
designed from the ground up to be secure. Such systems are "secure by design".
Beyond this, formal verification aims to prove the correctness of the algorithms
underlying a system; important for cryptographic protocols for example.
Capabilities and access control lists
Within computer systems, two of the main security models capable of enforcing
privilege separation are access control lists (ACLs) and role-based access control
(RBAC). An access-control list (ACL), with respect to a computer file system, is
a list of permissions associated with an object. An ACL specifies which users or
system processes are granted access to objects, as well as what operations are
allowed on given objects.
Role-based access control is an approach to restricting system access to
authorized users, used by the majority of enterprises with more than 500
employees, and can implement mandatory access control (MAC) or discretionary
access control (DAC).
A further approach, capability-based security has been mostly restricted to
research operating systems. Capabilities can, however, also be implemented at
the language level, leading to a style of programming that is essentially a
refinement of standard object-oriented design. An open-source project in the area
is the E language.
End user security training
The end-user is widely recognized as the weakest link in the security chain and it
is estimated that more than 90% of security incidents and breaches involve some
kind of human error. Among the most commonly recorded forms of errors and
misjudgment are poor password management, sending emails containing
sensitive data and attachments to the wrong recipient, the inability to recognize
misleading URLs and to identify fake websites and dangerous email attachments.
A common mistake that users make is saving their user id/password in their
browsers to make it easier to log in to banking sites. This is a gift to attackers
who have obtained access to a machine by some means. The risk may be
mitigated by the use of two-factor authentication.
As the human component of cyber risk is particularly relevant in determining the
global cyber risk an organization is facing, security awareness training, at all
levels, not only provides formal compliance with regulatory and industry
mandates but is considered essential in reducing cyber risk and protecting
individuals and companies from the great majority of cyber threats.
The focus on the end-user represents a profound cultural change for many
security practitioners, who have traditionally approached cybersecurity
exclusively from a technical perspective, and moves along the lines suggested by
major security centers to develop a culture of cyber awareness within the
organization, recognizing that a security-aware user provides an important line of
defense against cyber-attacks.
Digital hygiene
Related to end-user training, digital hygiene or cyber hygiene is a fundamental
principle relating to information security and, as the analogy with personal
hygiene shows, is the equivalent of establishing simple routine measures to
minimize the risks from cyber threats. The assumption is that good cyber hygiene
practices can give networked users another layer of protection, reducing the risk
that one vulnerable node will be used to either mount attacks or compromise
another node or network, especially from common cyberattacks. Cyber hygiene
should also not be mistaken for proactive cyber-defense, a military term.
As opposed to a purely technology-based defense against threats, cyber hygiene
mostly regards routine measures that are technically simple to implement and
mostly dependent on discipline or education. It can be thought of as an abstract
list of tips or measures that have been demonstrated as having a positive effect on
personal and/or collective digital security. As such, these measures can be
performed by laypeople, not just security experts.
Cyber hygiene relates to personal hygiene as computer viruses relate to
biological viruses (or pathogens). However, while the term computer virus was
coined almost simultaneously with the creation of the first working computer
viruses, the term cyber hygiene is a much later invention.
Response to breaches
Responding to attempted security breaches is often very difficult for a variety of
reasons, including:
 Identifying attackers is difficult, as they may operate through proxies,
temporary anonymous dial-up accounts, wireless connections, and other
anonymizing procedures which make back-tracing difficult - and are often
located in another jurisdiction. If they successfully breach security, they
have also often gained enough administrative access to enable them to
delete logs to cover their tracks.
 The sheer number of attempted attacks, often by automated vulnerability
scanners and computer worms, is so large that organizations cannot spend
time pursuing each.
 Law enforcement officers often lack the skills, interest or budget to pursue
attackers. In addition, the identification of attackers across a network may
require logs from various points in the network and in many countries,
which may be difficult or time-consuming to obtain.
Where an attack succeeds and a breach occurs, many jurisdictions now have in
place mandatory security breach notification laws.
Summary
Cyber security is how individuals and organizations reduce the risk of cyber-
attack.
Cyber security's core function is to protect the devices we all use (smartphones,
laptops, tablets and computers), and the services we access - both online and at
work - from theft or damage.
It's also about preventing unauthorized access to the vast amounts of personal
information we store on these devices, and online.
Cyber security is important because smartphones, computers and the internet are
now such a fundamental part of modern life, that it's difficult to imagine how
we'd function without them. From online banking and shopping, to email and
social media, it's more important than ever to take steps that can prevent cyber
criminals getting hold of our accounts, data, and devices.
Cyber security has been used as a catch-all term in the media to describe the
process of protection against every form of cybercrime, from identity theft to
international digital weapons. These labels are valid, but they fail to capture the
true nature of cyber security for those without a computer science degree or
experience in the digital industry.
Today's cyber security industry is primarily focused on protecting devices and
systems from attackers. While the bits and bytes behind these efforts can be hard
to visualize, it's much easier to consider the effects. Without cyber security
professionals working tirelessly, many websites would be nearly impossible to
enjoy due to ever-present denial-of-service attack attempts.
Without solid cyber security defenses, it would be easy to destroy modern-day
essentials like the power grids and water treatment facilities that keep the world
running smoothly.
Cyber security is critically important because it helps to preserve the lifestyles we
have come to know and enjoy.
References
Schatz, Daniel; Bashroush, Rabih; Wall, Julie (2017). "Towards a More
Representative Definition of Cyber Security"
Kianpour, Mazaher; Kowalski, Stewart; Øverby, Harald (2021). "Systematically
Understanding Cybersecurity Economics
Yost, Jeffrey R. (April 2015). "The Origin and Early History of the Computer
Security Software
https://en.wikipedia.org/wiki/Computer_security