Cyber-security

 What is Cybersecurity and Why It is Important?

 ETHIOPIAN DEFENCE UNIVERSITY
COLLEGE OF ENGINEERING
DEPARTMENT OF COPUTER
SCINCE AND ENGINEERING

EMRGING TECHNOLOGY Group assignment

Group 2 sub-group 1
 Table of Contents
• Introduction to cyber-security
• What is Cyber Security?
• Why is Cybersecurity Important?
• How Does Cyber Security Work and Types?
• What is Cybercrime and Types of Cyber Threats
• The Advantages of Cyber Security
• The Benefits of Cyber Security
• Cybersecurity Myths
• Key Cybersecurity Technologies and Best Practices
• Cyber Safety Tips
• CIA Triad
  Introduction to Cybersecurity
• In today's digital age, cybersecurity has become a vital component
of our technological landscape. As organizations and individuals
increasingly rely on digital platforms for communication,
commerce, and data storage, the importance of protecting this
information from cyber threats has never been greater.
• Cybersecurity encompasses a wide range of practices, processes,
and technologies designed to safeguard systems, networks, and
data from unauthorized access, damage, or theft. It involves not
only technical measures but also policies and educational
initiatives aimed at promoting safe online behaviors.
• The growing sophistication of cyber threats—from malware and
phishing attacks to ransomware and data breaches—underscores
the need for robust cybersecurity measures. Organizations face
significant risks, including financial losses, reputational damage,
and legal repercussions, making it imperative to implement
effective security strategies.
 Continuous……
• Cybersecurity is not just a concern for IT
professionals; it is a shared responsibility that
involves everyone—from executives to end-users.
With the rise of remote work and the proliferation
of Internet of Things (IoT) devices, the attack
surface for potential threats has expanded, making
cybersecurity a top priority for all.
• As we delve deeper into the realm of
cybersecurity, we will explore its definition, various
types, essential measures, benefits, and the major
vendors that provide solutions in this critical field.
Understanding these elements is essential for
anyone looking to navigate the complexities of the
digital world safely and securely
  What is Cyber Security?
 Definition:-
 Cyber security is a discipline that covers how to defend devices
and services from electronic attacks by nefarious actors such as
hackers, spammers, and cybercriminals. While some components of
cyber security are designed to strike first, most of today's
professionals focus more on determining the best way to defend all
assets, from computers and smartphones to networks and
databases, from attacks.
 It is the protection of computer systems from the theft of or damage
to their hardware, software, or electronic data, as well as from the
disruption or misdirection of the services they provide.
 Cybersecurity is often confused with information security but it
focuses on protecting computer systems from unauthorized access
or being otherwise damaged or made inaccessible. Information
security is a broader category that looks to protect all information
assets, whether in hard copy or in digital form.
  Why is Cybersecurity
important?
In today’s digital world, one cannot ignore
cybersecurity. One single security breach
can lead to exposing the personal information
of millions of people. These breaches have a
strong financial impact on the companies and
also loss of the trust of customers. Hence,
cyber security is very essential to protect
businesses and individuals from spammers
and cyber criminals.
  Cybersecurity measures:-
The following are some security measures to be taken
to prevent cybercrimes:
1) Staff awareness training: - Human error is the leading
cause of data breaches, so you need to equip staff with the
knowledge to deal with the threats they face. Training
courses will show staff how security threats affect them and
help them apply best-practice advice to real-world situations.
2) Application security: - Web application vulnerabilities are
a common point of intrusion for cybercriminals. As
applications play an increasingly critical role in business, it is
vital to focus on web application security.
3) Network security: - Network security is the process of
protecting the usability and integrity of your network and
data. This is achieved by conducting a network penetration
4) Leadership commitment: - Leadership
commitment is the key to cyber resilience. Without it,
it is very difficult to establish or enforce effective
processes. Top management must be prepared to
invest in appropriate cybersecurity resources, such
as awareness training.
5) Password management: - Almost half of the UK
population uses ‘password’, ‘123456’ or ‘qwerty’ as
their password. You should implement a password
management policy that provides guidance to ensure
staff create strong passwords and keep them secure.
  How Does Cyber Security Work?
 Cyber security encompasses technologies, processes, and methods
to defend computer systems, data, and networks from attacks. To
best answer the question “what is cyber security” and how cyber
security works, we must divide it into a series of subdomains:
1. Application Security:- Application security covers the
implementation of different defenses in an organization’s software
and services against a diverse range of threats. This sub-domain
requires cyber security experts to write secure code, design secure
application architectures, implement robust data input validation,
and more, to minimize the chance of unauthorized access or
modification of application resources.
2. Cloud Security:- Cloud Security relates to creating secure cloud
architectures and applications for companies that use cloud service
providers like Amazon Web Services, Google, Azure, Rackspace, etc.
3. Identity Management and Data Security
• This subdomain covers activities, frameworks, and processes that
enable authorization and authentication of legitimate individuals
to an organization’s information systems. These measures
involve implementing powerful information storage mechanisms
that secure the data, whether in transition or residing on a server
or computer. In addition, this sub-domain makes greater use of
authentication protocols, whether two-factor or multi-factor.
4. Mobile Security
• Mobile security is a big deal today as more people rely on mobile
devices. This subdomain protects organizational and personal
information stored on mobile devices like tablets, cell phones,
and laptops from different threats like unauthorized access,
device loss or theft, malware, viruses, etc. In addition, mobile
security employs authentication and education to help amplify
security.
5. Network security:- Network security covers
hardware and software mechanisms that protect the network
and infrastructure from disruptions, unauthorized access,
and other abuses. Effective network security protects
organizational assets against a wide range of threats from
within or outside the organization.
6. Disaster Recovery and Business Continuity
Planning
• Not all threats are human-based. The DR BC subdomain covers
processes, alerts, monitoring, and plans designed to help
organizations prepare for keeping their business-critical systems
running during and after any sort of incident (massive power
outages, fires, natural disasters), and resuming and recovering lost
operations and systems in the incident’s aftermath.
7. User Education Knowledge is power, and staff awareness of
cyber threats is valuable in the cyber security puzzle. Giving business
staff training on the fundamentals of computer security is critical in
 What is Cyber-crime and Types of Cyber Threats?

Cybercrime is defined as any unauthorized activity

involving a computer, device, or network.
There are three generally recognized classifications of
cybercrime:
A. computer-assisted crimes.
B. crimes where the computer itself is a target, and
C. crimes where the computer is incidental to the
crime rather than directly related.
  Here is a list of common cyber threats:
1) Cyberterrorism: This threat is a politically-based
attack on computers and information technology to
cause harm and create widespread social disruption.
2) malware: This threat encompasses ransomware,
spyware, viruses, and worms. It can install harmful
software, block access to your computer resources,
disrupt the system, or covertly transmit information
from your data storage.
3) Trojans: Like the legendary Trojan Horse of
mythology, this attack tricks users into thinking they're
 Continued………
4) Botnets: This especially hideous attack involves large-scale
cyberattacks conducted by remotely controlled malware-infected
devices. Think of it as a string of computers under the control of one
coordinating cybercriminal. What’s worse, compromised computers
become part of the botnet system.
5) Adware: This threat is a form of malware. It's often called
advertisement-supported software. The adware virus is a potentially
unwanted program (PUP) installed without your permission and
automatically generates unwanted online advertisements.
6) SQL injection: A Structured Query Language attack inserts
malicious code into a SQL-using server.
 Continued………
7) Phishing: Hackers use false communications, especially e-
mail, to fool the recipient into opening it and following
instructions that typically ask for personal information. Some
phishing attacks also install malware.
8) Man-in-the-middle attack: MITM attacks involve hackers
inserting themselves into a two-person online transaction. Once
in, the hackers can filter and steal desired data. MITM attacks
often happen on unsecured public Wi-Fi networks.
9) Man-in-the-middle attack: MITM attacks involve hackers
inserting themselves into a two-person online transaction. Once
in, the hackers can filter and steal desired data. MITM attacks
often happen on unsecure public Wi-Fi networks.
 Continued………
10) Denial of Service: DoS is a cyber attack that floods a
network or computer with an overwhelming amount of
“handshake” processes, effectively overloading the system and
making it incapable of responding to user requests.
11) Ransomware: - It is a type of malicious software. It is
designed to extort money by blocking access to files or the
computer system until the ransom is paid. Paying the ransom
does not guarantee that the files will be recovered or the
system restored. 135
12) Social engineering: - it is a tactic that adversaries use to
trick you into revealing sensitive information. They can solicit a
monetary payment or gain access to your confidential data.
Social engineering can be combined with any of the threats
listed above to make you more likely to click on links, download
malware, or trust a malicious source.
  The Advantages of Cyber Security
• Today's cyber security industry is primarily focused on protecting
devices and systems from attackers. While the bits and bytes
behind these efforts can be hard to visualize, it's much easier to
consider the effects. Without cyber security professionals
working tirelessly, many websites would be nearly impossible to
enjoy due to ever-present denial-of-service attack attempts.
Imagine not having access to Simplilearn's community of experts
and certified professionals — no more tips, tricks, and advice to
help you achieve your professional goals!
• Without solid cyber security defenses, it would be easy to
destroy modern-day essentials like the power grids and water
treatment facilities that keep the world running smoothly.
• Simply put, cyber security is critically important because it helps
to preserve the lifestyles we have come to know and enjoy.
  Benefits of cybersecurity
Benefits of utilizing cybersecurity include:
A. Business protection against malware,
ransomware, phishing, and social engineering.
B. Protection for data and networks.
C. Prevention of unauthorized users.
D.Improves recovery time after a breach.
E. Protection for end-users.
F. Improved confidence in the product for both
developers and customers.
  Cybersecurity Myths
We are well aware that cyberattacks are continuing to grow.
In today’s technology era, organizations and individuals must
protect themselves against most types of threats.
Unfortunately, there is a handful of cybersecurity
misconceptions that are still holding too many people back
from taking the necessary action to safeguard personal
sensitive information.
Here are some common cybersecurity myths one
should know.
1) Passwords alone are enough to protect you: one should not
solely rely on passwords to keep the data safe. While strong
passwords are essential, cybercriminals may still find ways
to hack them. Hence it is necessary to implement robust
cybersecurity measures, to have a multilayered defense.
 Continued………
3)Encryption solutions are not worth it: Some
organizations retain the opinion that
encryption software is something they can
do without. It is a misconception that
encryption will avoid data breaches.
Encryption plays a vital role in defending
against cybercriminals and ransomware
attacks.
4)Small and Medium-sized businesses are not
targeted: It is a myth that only big
companies are not secure, only those
  Key Cybersecurity Technologies and Best
Practices
Here is a given best 6) Enable two-factor
practices list one should authentication
follow: 7) Double-check the HTTPS on
1) Use VPN to privatize your websites
connections 8) Remove adware from the
2) Before clicking on links check computer
the links 9) Disable Bluetooth connection
3) Do not be lethargic with your when you are not using it.
passwords 10)Avoid using public networks
4) Scan external devices for 11)Invest in security upgrades
viruses
12)Employ white hat hacker
5) Store sensitive information in
a secure place
  Cyber Safety Tips
Here is a list of top sharing solution to
cybersecurity tips to encrypt data.
implement is given 5. Use strong passwords
below:
6. Backup your data
1. Keep software up-to-date
7. Be cautious of phishing
2. Avoid opening suspicious scams
emails
8. Use password manager
3. Use Antivirus and
Antimalware software on 9. Use two-factor
the electronic devices authentication
4. Use a security file- 10.Don’t reuse passwords
  CIA Triad
The security of any organization starts with three
principles:
1. Confidentiality: The principles of confidentiality assert
that only authorized parties can access sensitive
information and functions. Example: military secrets.
2. Integrity: The principles of integrity assert that only
authorized people and means can alter, add, or remove
sensitive information and functions. Example: a user
entering incorrect data into the database.
3. Availability: The principles of availability assert that
systems, functions, and data must be available on-
demand according to agreed-upon parameters based
on levels of service.
 Figures of
CIA
• This is called as CIA, which has served as the industry
standard for computer security since the time of first
mainframes.