Cyber security objectives-
The main purpose is to ensure data protection. The security community provides a triangle of three related principles to protect data against cyber attacks. This pattern is called the CIA triad. The CIA system is designed to guide policies for an organization's information security infrastructure. When a security vulnerability is discovered, one or more of these standards have been violated.
We can divide the CIA model into three areas: secrecy, integrity, and access. It is really a security thing that helps people to think about different aspects of computer security. Let's consider each part in detail.
Privacy refers to privacy that prevents unauthorized access to information. This includes ensuring that data is accessible to those authorized to use it and restricting access to third parties. It prevents important messages from reaching the wrong people. Encrypted data is a good example of privacy,
This standard ensures that the data is true, accurate and protected from unauthorized changes by malicious actors or accidental changes by the user. If a change occurs, some steps should be taken to protect sensitive data from corruption or loss and recover quickly from such an event. Also, it shows the authenticity of the source of information.
This principle ensures that information is always available and useful for its users. It guarantees that these opportunities are not blocked by system damage or cyber attacks.
Types of cybersecurity threats
A cybersecurity threat is any malicious act by a person or organization that seeks to damage or steal data, network access, or disrupt digital life in general. The cyber community identifies the following threats today:
Malware refers to malicious software, which is the most common cyberattack tool. It is used by cyber criminals or hackers to compromise or compromise legitimate user systems. Here are the main types of malware created by the hacker:
Virus: It is a piece of malicious code that spreads from device to device. It can wipe files and spread through the computer system, infect files, steal information, or damage devices.
Spyware: This is software that secretly records information about users' activities on their systems. For example, spyware can capture credit card details that cyber criminals can use for illegal purchases, withdrawals, etc.
Trojans: These are types of malware or code that appears as legitimate software or files to trick us into downloading and using it. Its purpose is to damage or steal data from our devices or perform other harmful activities on our network.
Ransomware: This is software that encrypts user files and data on devices, making them unusable or deleted. Then, the perpetrators demand ransom money for the withdrawal.
Worms: This is software that spreads its own copies from device to device without human interaction. It does not require them to involve themselves in any program to steal or destroy data.
Adware: This is adware that is used to deliver malware and display advertisements on our devices. It is unethical to install Nwela without an authorized user. The main purpose of this program is to generate income for its developer by displaying ads in his browser.
Botnets: These are collections of malware devices connected to the Internet that allow cybercriminals to control them. It enables cyber criminals to gain credentials, unauthorized access and steal data without user permission.
Phishing is a type of cyber crime in which the sender pretends to be from a real organization such as PayPal, eBay, a financial institution, or friends and colleagues. They contact one or more targets by email, phone or SMS with links to convince them to click on these links. This link will redirect them to a scam website to provide sensitive data such as personal information, bank and credit card information, social security numbers, usernames and passwords. Clicking on the link will also install malware on the target devices that allows hackers to control the devices directly.
Man-in-the-Middle Attacks (MITM)
A man-in-the-middle attack is a type of cyber threat (type of eavesdropping attack) in which a cybercriminal interferes with the communication or transfer of data between two people. Once a cybercriminal puts themselves between two communications, they appear as real participants and can get sensitive information and return different responses. The main purpose of this type of attack is to access the data of our company or our customers. For example, a cybercriminal can intercept data passing between a target device and a network over an unsecured Wi-Fi network.