With the internet revolutionizing the world, organizations today are transmitting billions of terabytes of data in minutes. Sensitive data transfer across networks calls for an extensive security need. A dedicated system of protection and security guidelines becomes a must to avoid the infiltration of crime in the digital workplace. In the digital world, ransomware plays out in the same manner as kidnap and pay-off in the real world.
And this is just one type of threat. WannaCry is a malware worm that exploited a vulnerability in old windows systems to encrypt hard drive files and permitted user access only after payment of a ransom in Bitcoins. In 2017, the impact of WannaCry resulted in damages to the tune of over USD 4 billion. The name “WannaCry” is evocative and symbolic of the rampant spread of cybercrime attacks on poorly protected IT systems. Consequently, it also highlights the importance of cybersecurity.
A cyber countermeasure is defined as an action, process, technology, device or system that serves to prevent or mitigate the effects of a cyberattack against a victim, computer, server, network or associated device. (1)
This, in essence, encapsulates the broad parameters of cybersecurity.
Cybersecurity: The Reason Why
Another real-world example that will drive home the point of the importance of cybersecurity even more potently and what we are all currently experiencing is the covid pandemic. Such pandemics are caused by viruses, bacteria and other disease-carrying vectors. In the digital world, correspondingly, we have malicious software or programmes like Bugs, Bots, Trojans, Worms, Spyware, Ransomware, Adware, Rootkits, etc.
While bio-viruses harm our bodies, the malware is designed to compromise computer systems. Additionally, there is now increased usage of sophisticated AI tools and Social Engineering methods like Phishing and Spear Phishing to penetrate systems, manipulate and steal information and data.
Common forms of network attacks include Denial of Service (DoS), Distributed Denial of Service(DDoS), Man-in-the-middle attack, packet sniffing, TCP SYN Flood, ICMP Flood, IP spoofing and even simple web defacement (2)
Defensive Measures & Consequences of Neglect
With the advent of newer technologies like 5 G, Artificial Intelligence, Machine learning, etc. cybercriminals have access to an increasingly sophisticated arsenal. Those at the forefront of tackling the menace also have to acquire the wherewithal to have effective countermeasures in place.
Human diseases are cured or controlled through the use of medicines. Currently, we are taking protective measures like wearing masks, hand washes and sanitization, building up our immunities. The latest is vaccines. Similarly, countermeasures against malware include Anti-virus, Firewalls, and such tools to prevent, isolate and remove malware infections.
Running the risk of not paying adequate attention to cybersecurity can lead to serious repercussions, to the extent of catastrophic terminal damage. Some grave implications include:
- Reputational risks
- Operational Losses
- Revenue Losses
- Customer Aversion and Mistrust
- Legal Actions
- Loss of Proprietary information, Intellectual Property theft and Personal data
The Way Forward
With increased dependence on connected devices (IoT), Cloud technology and Third-party vendors, the scenario appears frightening. But being fearful is not the key. The solution lies in being alert and vigilant.
The following core functions given by the National Institute of Standards and Technology, US Department of Commerce, (NIST Cybersecurity Framework) for US businesses, adapted to specific needs, is a good place to start towards a more secure tech environment:
☆ Identify–Evaluate and Assess Risks
☆Protect–Build Safeguarding Measures
☆Detect–Develop Activities to Identify Occurrence of Security Events
☆Respond–Develop Strategic Reactions to Security Events
☆Recover– Restoration of Data Losses, Impairments and Security breaches.
Similarly, the European Union has the General Data Protection Regulation (GDPR), 2018 which protects data subject’s right to the erasure of personal data.
In India, a National Cyber Security Policy was established in 2013 with a vision statement ” To build a secure and resilient cyberspace for citizens, businesses and Govt.” The Information Technology Act (2000) deals with cybersecurity and the associated cybercrimes. The 2013 one is under revision and the new cybersecurity policy is on the anvil.
It must, however, be remembered that establishing protective systems and protocols do not come cheap. The costs can be overwhelming, more so when the expected outcome is not apparent. A look at India’s sector-wise expenditure on cybersecurity, forecasts the costs to go up from USD 1977 million in 2019 to USD 3053 million by 2022. The data is as under:(3)
(Figs. In USD Mio.)
YEAR BFSI IT/ITeS Govt. Others Tot.
2022 810 713 581 949 3053
2019 518 434 395 631 1977
It is obvious that concerns with cybersecurity prevail across sectors. The over 150% projected increase is a clear pointer that businesses are not willing to take the risk of falling short in protecting their valuable IT resources and information.
However, since cyber-attacks can have disastrous consequences, it is advisable that businesses budget for such expenditure be in readiness for possible breaches.
Some Telling Instances
In an exponentially growing digital world, it is understandable that cybersecurity should find a central place. No sector of the economy, be it businesses, governments, institutions, or individuals is untouched by technology. In an interconnected world, cyberattacks will impact each and every one. Once such an event occurs, millions get affected, services shut down; restoration is time-consuming and costly.
In the US, one such ransomware attack labelled SamSam brought the city of Atlanta to a halt for 5 days.
In Iran, a malicious cyber worm Stuxnet ruined their nuclear plants.
Nearer home, India too witnessed its share of cyberattacks. In 2018, UIDAI revealed that 210 Govt. websites were instrumental in the leakage of Aadhar data. In another instance, Cosmos Cooperative Bank, Pune, incurred a loss of nearly Rs 950 million to hackers.
Checkout: Cyber Security Salary in India
The Vulnerable Individual
While corporates and governments are better equipped to deal with their needs for cybersecurity, individuals are still vulnerable. They are soft targets. How often one comes across news of individuals falling prey to internet scams? Visit a site and a warning of serious virus infection of the mobile pops up. These messages appear so real that genuineness is rarely questioned. People in the know, however, realize that it is just a means of infecting the device and an attempt at accessing personal information.
Individuals also need to be wary and alert about Identity Theft. Equipping oneself with the requisite knowledge, questioning seemingly trustworthy information, visiting protected and trusted sites, not readily disclosing one’s personal data etc. are some measures that need to be taken by individuals.
Governments and Institutions to need to spread awareness amongst the general public about the benefits of cybersecurity. Laws that protect the citizens and steps to be taken by the people under adverse events must be amplified and propagated on a larger scale. Such actions will also serve as warnings to potential cybercriminals that their path will not be easy.
The Security Mantra
With an ever-shrinking non-digital world, cybercriminals are using innovative technological tools to breach IT security. The importance of cybersecurity can be gauged just by the massive numbers involved. By the end of 2019, the estimated cost of global cybercrime stood around USD 2 trillion and the volume is growing. It is a race in perpetuity with no finish line. There are no winners, but it is enough to keep pace with the perpetrators or, even better, be a step ahead. Lag and you will certainly be a loser with a hefty price to pay.
upGrad’s PG Certification in Cybersecurity and PG Diploma in Cybersecurity will teach you all the necessary skills and subjects you need to become a professional. You’ll get to learn directly from industry experts through live video sessions. The course gives you IIIT Bangalore alumni status and access to work class faculty members.
Learn Software Development Courses online from the World’s top Universities. Earn Executive PG Programs, Advanced Certificate Programs or Masters Programs to fast-track your career.
(1)Coleman, Kevin(2009)-Cyber Attacks on Supply Chain Systems.
(2)Odom, Wendell (2008). CCENT/CCNA ICND1(2nd ed.)
(3)https://Statistics.com/Cyber Crime & Security—PwC;DSCI
What is Phishing? How do you defend against it?
Phishing is when someone pretends to be a trustworthy person or organization in order to obtain your personal information, such as your username, password, or credit card number. The most straightforward approach to protect yourself from phishing is to be aware of the most frequent methods used by scammers and never to give out personal information unless you are sure that the person or organization is legitimate. You may also use a password manager to set unique passwords for each of your accounts, ensuring that even if one of them is compromised, the rest of your accounts remain secure. Similarly, you may protect your credit card number and other sensitive information by using a credit monitoring service. But, in the end, the best method to avoid phishing is to be cautious and suspicious of any unsolicited demands for personal information.
What precautions must you take against malware?
Malware is any software that is created with the intent of causing harm to a computer system. Viruses, spyware, and ransomware are examples of this. They can create various issues, including data loss, information theft, and even computer system destruction. You can help safeguard your computer against viruses by doing a few things. To begin, make sure that all of your software, including your operating system, web browser, and antivirus software, is up to date. Install software only from reputable sources, and be cautious about what you disclose on the internet. Also, make sure your firewall is turned on.
How to identify vulnerabilities?
A vulnerability scan is the most popular method of identifying vulnerabilities. A vulnerability scan is a procedure that involves scanning a system for known flaws. These flaws can be identified in the software, hardware, or configuration of the system. Examining the system's logs is another technique to find vulnerabilities. The logs can be used to detect successful assaults as well as those that were tried but failed. The logs can also be used to detect systems and services that are susceptible. Examining the system's configuration is another technique to find vulnerabilities. The configuration can assist in identifying vulnerable settings, such as default passwords or passwords that are easily guessed. Insecure services, such as open ports can also be identified using this configuration.