Cybersecurity Overview

What is Cybersecurity?
Cybersecurity is the branch of security that focuses on protecting computers, networks, data, and
systems from unauthorized access, modification, or destruction. Cybersecurity became very
important nowadays since it is approximated that 1 million potential cyberattack occur every
day. The need to develop cyber defense to protect our systems has never been more important
because cyberthreats have become increasingly more innovative.

Cybersecurity Fundamentals
The CIA Triad
- Confidentiality: preventing access of data to unauthorized parties and ensuring that the
identity of authorized parties is kept private and anonymous. Countermeasures to
confidentiality are:
o Data encryption
o 2FA
o Biometric verification
o Security tokens
- Integrity: this refers to the ability to protect the data that is being transferred across the
system from being captured, modified, or deleted by unauthorized parties.
Countermeasures to integrity are:
o Data backups
o File permission
o Uninterrupted power supply
o Cryptographic checksums
- Availability: the ability to ensure that authorized users can access the system and its
services whenever needed. Countermeasures to availability:
o Back up data to external drives.
o Implementing firewalls
o Having backup power supplies
o Data redundancy
o Network monitoring

The Basic Layered Cybersecurity Approach

- Mission critical assets: systems, applications, and data whose failure can cause a crisis.
- Physical security: concerned with the security of the organization itself whether breached
due to a natural disaster or human vandalism.
- Data security: security controls in charge of storing and transferring data.
- Application security: protects access to the application, the application’s access to the
mission critical assets, and the internal security of the application.
 - Endpoint security: ensures that the connection between endpoints of user devices and the
network are protected from breaches.
- Network security: protection against unauthorized access to the network and all the traffic
passing through it.
- Human security: we need to ensure that the human resources inside the organization are
taking the necessary security control to protect the assts from a variety of threats.
Types of Cyberattacks
- What is a cyberattack?
o A cyberattack can be defined as any attempt to gain unauthorized access to a
system, application, or network.
- System-based attacks – attacks that attempt to gain access over a system or a network
o Virus: a self-replicating script that spreads all over the system once executed.
o Worm: similar to a virus but replicated itself.
o Trojan Horse: it seems like a legitimate software but when opened it executes
malicious code that gives access to cybercriminals.
o Ransomware: application that runs on the computer and gives access to the
cybercriminal full access to the computer’s data. After which, the intruder
encrypts the data and demands money to decrypt it.
o Bots: a script that automates tasks to replace human intervention. Some bots
execute automatically while others execute commands when they receive specific
input.
o Backdoors: a form of trojan that facilitates remote unauthorized access to a user’s
computer system or network. Sometimes backdoors have legitimate use like
granting access for troubleshooting.
- Web-based attacks – the attacks that occur on a web application
o Injection Attacks: allows an attacker to inject malicious code into a network and
fetch data from the database to the attacker.
o DNS Spoofing: a type of network security hacking in which the intruder changes
the IP address returned by the DNS server to his/her own address. This type of
attack can be held for a long period of time before detected.
o Phishing: phishing is a type of attack where an attacker tries to trick the users by
disguising himself/herself as a trustworthy entity and attempts to steal sensitive
information.
o Session Hijacking: a type of cyberattack where an attacker takes over a user
session over a protected network. An attacker steals web cookies to have access to
user data collected from sessions.
o Brute Force: a trial-and-error method of cyberattack in which the attacker
attempts to keep guessing until he/she obtains actual data about the users.
o DoS: an attack meant to crash the system by flooding the targeted traffic with a
lot of requests to attempt to access the system. This type of attack uses a single
system and a single internet connection to initiate the attack unlike DDoS.
  Different classifications of DoS attack:
 Volume-based attacks: has a goal of saturating the bandwidth of
the target site and measured in bits/second.
 Protocol Attacks: has a goal of consuming the actual server and is
measured in packets/second
 Application layer attack: the goal of such an attack is to crash the
web server and it’s measured in requests/second.
o Dictionary attacks: contains a dictionary of the most commonly used passwords
and uses it to crack the original password.
o URL Interpretation: gain access to pages you’re unauthorized to use by changing
certain parts of the URL.
o File Inclusion Attacks: a type of attack that allows an attacker to access
unauthorized files that are available on the server or to execute a malicious file on
the web server.
o Man in the Middle Attack: a type of attack that allows an intruder to intercept the
connection between sender and receiver. Then, the attacker can either view any
packet sent, delete, manipulate, or insert a message.
Important Terms:
- Vulnerability: a flow or error in the system that might cause a threat to be exploited
against the system.
o Types of vulnerabilities:
 SQL injection
 Command injection
 XSS
 Server misconfiguration
o Vulnerabilities can also be categorized according to the following:
 Slow or unavailable data  affects availability
 Corrupt  affects integrity
 Leaky  affects confidentiality
- Threat: an incident that can have a negative impact on the organization.
- Risk: the possibility of a threat multiplied by the potential loss.

Cyber Attacks
A cyber attack is a threat that have been carried out in one of 2 categories:
- Passive: not detected because the attacker doesn’t manipulate the data.
- Active: can be detected because the attacker can steal someone’s identity, manipulate
data, delete data, or insert data.
Cyber attacks are caused by one of 2 parties:
 - Insider: initiated from inside the organization.
- Outsider: initiated from outside the organization.
Cybercrime
Cybercrime is the act of gaining access to a computer or other devices that are either standalone
or part of a network and use it as a tool or a target for criminal activity.
Cyber security risks that cause cybercrime arise from different types of actions:
- Inadvertent action: usually done by insiders by accident which means that they didn’t
have any malicious intent.
- Deliberate action: done by insiders and outsiders and this time they do have malicious
intent and a will to harm.
- Inaction: done by insiders because they failed to defend the system during a certain data
breach or attack on the system due to lack of appropriate skills, knowledge, guidance, or
availability of the suitable person to take action.
To be able to understand cyber criminals, first of all you need to understand their motives behind
initiating a cyberattack:
- Political motivations
- Economical motivations
- Socio-cultural motivations

Cybersecurity Tips
- Using a firewall
- Get a good antivirus
- Use anti-spyware solutions
- Update tools automatically
- Use a password manager
- Backup your system and sensitive information
- Encrypt your online traffic using multiple tools
- Stay up-to-date in cybersecurity tools