Today the information and communication technologies are crucial for securing the usual access to the vital resources and services for the people today, such as water, power, health care, transport and infrastructure. The easy access to these information and communication technologies and the low price of devices and machines allow a significant number of people to become potential information abusers, and the information itself – a strategic resource.
Increasing the cyber security level is a topic that concerns the entire society as it becomes more and more dependent on the global information and communication infrastructure. As every common benefit the cyber space is proven to be used also for malpractices, and this calls for the need of appropriate protection.
On its essence the cyber security is an aggregation of policies and practices that protect the computers, networks, programs or systems against cyber-attacks, which in combination with multiple attack directions may cause significant damages.
Every one of us, who relies on the digital infrastructure, irrespective of where they are located, could be affected. The consequences could have wide range of impact – from causing small problems to such resulting in fatal losses – material, financial, human.
Every analysis of the cyber space and the threats on security is not a concern only to governments and state authorities, companies or private entities.
Cyber security concerns us all, moreover when the cyber space is a new world that is still not well known and understood.
For most of the people the cyber security is related to actions and contra-actions to “some invisible” attacks.
Based on our current practice we could summarize that there are attacks (techniques using the vulnerabilities of o system without authorization), divided in several categories:
- Attacks affecting the physical security
- Software-based attacks
- Social engineering
- Web applications-based attacks
- Network-based attacks, including wireless networks
Many of these attacks involve and use techniques like:
- Ransomware– malicious software for files encrypting or wholes disks in order to request financial consideration about their decrypting
- Data manipulation– process of data amendment in the available databases in order to obtain specific information
Rogue software – malicious software that is masked as legal and crucial for the system security, however it damages the operating system it is installed on. The aim is to extract and misuse sensible information. - Phishing– this is the most popular e-mail-based attack belonging to the social engineering, etc.
Depending on the volume, significance and damages cause the cyber-attacks can be defined in the following categories:
- Cyber terrorism– use of current technologies with destructive purpose for achieving political or ideological idea of the terrorist groups. The attackers usually aim to compromise networks, computer systems and telecommunication equipment.
- Cyber-espionage– attacks aiming to illegally acquire secret information stored in digital form. Cyber-espionage is most often used for gaining political, economic, or military advantage and is usually directed to governments and other organizations that keep confidential data.
- Cyber warfare– most frequently used politically based weapon aiming to enter into the information networks of their countries and government, and protection of political and economic disturbance together with serious damages.
These are very well coordinated attacks and made usually by hackers having strategic or military purposes, or cyber-espionage.
As a result of fast developing artificial intelligence and new technologies, the cybercrimes are becoming more organized and difficult to detect. Many of the devices we are using, can be manipulated and transformed into cyber weapons, without our knowledge or even doubts about it, and thus leading to significant and in some cases fatal consequences. The more we are communicating through Internet pushed by the idea about IoT (Internet of Things), the more we put ourselves at risk of attacks and allow the existence of cyber warfare in the virtual battlefield without the need of physical proximity.
The challenges related to the wide development of IoT are now everywhere, and the protection is more than necessary. Therefore, it is highly required to follow several main contractions for mitigating and avoiding the risk of undesired invasion:
- Preventive controls or measures helping to prevent threats or attacks to detected/ found vulnerabilities in the communication environment – for example, well considered and implemented physical security – locking, access restriction or implemented software/ hardware system for protection against unauthorized external interference.
- Measures and controls for finding system or environment vulnerabilities, which includes the mandatory for ever environment system monitoring, access control, video supervision.
- Corrective controls that help for mitigating the consequences from threats or attacks with unfavourable impact. These are adopted and well understood and followed specific steps and policies applied for improving the physical and logical security.
However, each one of use is a potential weak unit in the cyber space and understanding this is the first, important steps towards the protection.
If you would like to check whether your company is under a potential risk of cyber-attack, you can make a self-assessment right now by answering the below questions, which are not comprehensive, but will show you where to aim your focus. If you answer with YES to more than two questions, then your company is under a risk.
- Is there a free Internet access in your company, incl. WiFi?
Yes/ No
- Is it possible that your employees use personal devices (computers, tablets, phones) for access to corporate information, incl. e-mail?
Yes/ No
- Have your employees the right to install on their own application from Internet?
Yes/ No
If you fall into the risk group, our experts would be glad to consult you on how to eliminate possible threats. Contact us - mail: sales@kontrax.bg by giving a reference to this article, or by phone - 02/960 97 08, where we will provide a personal consultation.
Be sure not miss our next articles about the cyber security, where you will have the chance to receive a free analysis of the security in your organization. If don’t want to miss it, please subscribe at kontrax.bg.
