With the internet revolutionizing the world, organizations today are transmitting billions of terabytes of data in minutes. Sensitive data transfer across networks calls for an extensive security need. A dedicated system of protection and security guidelines becomes a must to avoid the infiltration of crime in the digital workplace. In the digital world, ransomware plays out in the same manner as kidnap and pay-off in the real world.
And this is just one type of threat. WannaCry is a malware worm that exploited a vulnerability in old windows systems to encrypt hard drive files and permitted user access only after payment of a ransom in Bitcoins. In 2017, the impact of WannaCry resulted in damages to the tune of over USD 4 billion. The name “WannaCry” is evocative and symbolic of the rampant spread of cybercrime attacks on poorly protected IT systems. Consequently, it also highlights the importance of cybersecurity.
Check out our free courses to get an edge over the competition
A cyber countermeasure is defined as an action, process, technology, device or system that serves to prevent or mitigate the effects of a cyberattack against a victim, computer, server, network or associated device. (1)
This, in essence, encapsulates the broad parameters of cybersecurity.
Cybersecurity: The Reason Why
Another real-world example that will drive home the point of the importance of cybersecurity even more potently and what we are all currently experiencing is the covid pandemic. Such pandemics are caused by viruses, bacteria and other disease-carrying vectors. In the digital world, correspondingly, we have malicious software or programmes like Bugs, Bots, Trojans, Worms, Spyware, Ransomware, Adware, Rootkits, etc.
While bio-viruses harm our bodies, the malware is designed for compromising computer systems. Additionally, there is now increased usage of sophisticated AI tools and Social Engineering methods like Phishing and Spear Phishing to penetrate systems and manipulate and steal information and data.
Check out upGrad’s Advanced Certification in DevOps
Common forms of network attacks include Denial of Service (DoS), Distributed Denial of Service(DDoS), Man-in-the-middle attack, packet sniffing, TCP SYN Flood, ICMP Flood, IP spoofing and even simple web defacement (2)
Defensive Measures & Consequences of Neglect
With the advent of newer technologies like 5 G, Artificial Intelligence, Machine learning, etc. cybercriminals have access to an increasingly sophisticated arsenal. Those at the forefront of tackling the menace also have to acquire the wherewithal to have effective countermeasures in place.
Human diseases are cured or controlled through the use of medicines. Currently, we are taking protective measures like wearing masks, hand washes and sanitization, and building up our immunities. The latest is vaccines. Similarly, countermeasures against malware include Anti-virus, Firewalls, and such tools to prevent, isolate and remove malware infections.
Check out upGrad’s Full Stack Development Bootcamp (JS/MERN)
Running the risk of not paying adequate attention to cybersecurity can lead to serious repercussions, to the extent of catastrophic terminal damage. Some grave implications include the following:
- Reputational risks
- Operational Losses
- Revenue Losses
- Customer Aversion and Mistrust
- Legal Actions
- Loss of Proprietary information, Intellectual Property theft and Personal data
The Way Forward
With increased dependence on connected devices (IoT), Cloud technology and Third-party vendors, the scenario appears frightening. But being fearful is not the key. The solution lies in being alert and vigilant.
The following core functions given by the National Institute of Standards and Technology, US Department of Commerce, (NIST Cybersecurity Framework) for US businesses, adapted to specific needs, is a good place to start towards a more secure tech environment:
☆ Identify–Evaluate and Assess Risks
☆Protect–Build Safeguarding Measures
☆Detect–Develop Activities to Identify Occurrence of Security Events
☆Respond–Develop Strategic Reactions to Security Events
☆Recover– Restoration of Data Losses, Impairments and Security breaches.
Similarly, the European Union has the General Data Protection Regulation (GDPR), 2018 which protects data subject’s right to the erasure of personal data.
In India, a National Cyber Security Policy was established in 2013 with a vision statement ” To build a secure and resilient cyberspace for citizens, businesses and Govt.” The Information Technology Act (2000) deals with cybersecurity and the associated cybercrimes. The 2013 one is under revision and the new cybersecurity policy is on the anvil.
It must, however, be remembered that establishing protective systems and protocols do not come cheap. The costs can be overwhelming, more so when the expected outcome is not apparent. A look at India’s sector-wise expenditure on cybersecurity, forecasts the costs to go up from USD 1977 million in 2019 to USD 3053 million by 2022. The data is as under:(3)
(Figs. In USD Mio.)
YEAR BFSI IT/ITeS Govt. Others Tot.
2022 810 713 581 949 3053
2019 518 434 395 631 1977
It is obvious that concerns with cybersecurity prevail across sectors. The over 150% projected increase is a clear pointer that businesses are not willing to take the risk of falling short in protecting their valuable IT resources and information.
However, since cyber-attacks can have disastrous consequences, it is advisable that businesses budget for such expenditures in readiness for possible breaches.
Some Telling Instances
In an exponentially growing digital world, it is understandable that cybersecurity should find a central place. No sector of the economy, be it businesses, governments, institutions, or individuals is untouched by technology. In an interconnected world, cyberattacks will impact each and every one. Once such an event occurs, millions get affected, and services shut down; restoration is time-consuming and costly.
In the US, one such ransomware attack labelled SamSam brought the city of Atlanta to a halt for 5 days.
In Iran, a malicious cyber worm Stuxnet ruined their nuclear plants.
Nearer home, India too witnessed its share of cyberattacks. In 2018, UIDAI revealed that 210 Govt. websites were instrumental in the leakage of Aadhar data. In another instance, Cosmos Cooperative Bank, Pune, incurred a loss of nearly Rs 950 million to hackers.
Checkout: Cyber Security Salary in India
The Vulnerable Individual
While corporates and governments are better equipped to deal with their needs for cybersecurity, individuals are still vulnerable. They are soft targets. How often one comes across news of individuals falling prey to internet scams? Visit a site and a warning of serious virus infection of the mobile pops up. These messages appear so real that genuineness is rarely questioned. People in the know, however, realize that it is just a means of infecting the device and an attempt to access personal information.
Individuals also need to be wary and alert about Identity Theft. Equipping oneself with the requisite knowledge, questioning seemingly trustworthy information, visiting protected and trusted sites, not readily disclosing one’s personal data etc. are some measures that need to be taken by individuals.
Governments and Institutions need to spread awareness amongst the general public about the benefits of cybersecurity. Laws that protect the citizens and steps from being taken by the people under adverse events must be amplified and propagated on a larger scale. Such actions will also serve as warnings to potential cybercriminals that their path will not be easy.
Why is cybersecurity important?
With the increase in digital media, the need for cybersecurity is also increasing. Individuals are turning to social media and growth is seen in the exchange of information digitally. This has led to a lot of information being at the disposal of people who might not use it ethically.
One single misuse or breach of information can lead to the exposure of personal information to millions of people. These security breaches can have financial impacts on organisations. And this answers why is information security important much essential for both organisations and individuals.
How does cybersecurity works –
Cybersecurity aims to work together with various technologies, processes, and methods to defend the data. There are various sub-domains of cyber security, such as
- Application Security– Apply various defense measures in the organisation’s software and services. Cybersecurity workers write various codes, design various application architectures, and more.
- Cloud Security– The method creates secure cloud architectures for organisations to use.
- Identity management and Data security– The function authorises and authenticates the access to individuals to the organisation’s information system.
- Mobile security– This subdomain helps in protecting the organisational and personal information that is stored on mobile phones, tablets, laptops, etc.
- Network security– It helps in protecting the network and infrastructure from unauthorised access, disruptions, and other abuses.
Why is network security important?
Network security keeps information and sensitive data safe from threats like unauthorised access, cyber-attacks, etc. Network security ensures that the network stays workable and trustworthy.
The nine elements of network security are –
- SD-WAN security
- Network firewalls
- Intrusion prevention systems
- Unified threat management
- Advanced network threat prevention
- Network access control
- Cloud access security brokers
- DDoS mitigation
- Network behaviour anomaly detection
Questions to consider when choosing a cybersecurity partner –
- Are they system experts on security systems?
- What examples can they give solutions to?
- How can they constantly update their knowledge to keep up with the latest trends?
- What is their approach toward unusual problems?
- What is their approach to solving a problem? Do they work collaboratively or not?
- Can they explain the problem to the team using layman’s language?
What are the tools for cybersecurity?
Some of the tools for cybersecurity are –
- Antivirus software
- PKI services
- MDR services
- Penetration testing
- Staff training
- Network security tools
- Encryption tools
- Web vulnerability tools
- Network defense wireless tools
Explore Our Software Development Free Courses
The Security Mantra
In an ever-shrinking non-digital world, cybercriminals are using innovative technological tools to breach IT security. The importance of cybersecurity can be gauged just by the massive numbers involved. By the end of 2019, the estimated cost of global cybercrime stood around USD 2 trillion and the volume is growing. It is a race in perpetuity with no finish line. There are no winners, but it is enough to keep pace with the perpetrators or, even better, be a step ahead. Lag and you will certainly be a loser with a hefty price to pay.
Explore our Popular Software Engineering Courses
upGrad’s PG Certification in Cybersecurity will teach you all the necessary skills and subjects you need to become a professional. You’ll get to learn directly from industry experts through live video sessions. The course gives you IIIT Bangalore alumni status and access to work class faculty members.
Learn Software Development Courses online from the World’s top Universities. Earn Executive PG Programs, Advanced Certificate Programs or Masters Programs to fast-track your career.
In-Demand Software Development Skills
(1)Coleman, Kevin(2009)-Cyber Attacks on Supply Chain Systems.
(2)Odom, Wendell (2008). CCENT/CCNA ICND1(2nd ed.)
(3)https://Statistics.com/Cyber Crime & Security—PwC;DSCI
What is Phishing? How do you defend against it?
Phishing is when someone pretends to be a trustworthy person or organization in order to obtain your personal information, such as your username, password, or credit card number. The most straightforward approach to protect yourself from phishing is to be aware of the most frequent methods used by scammers and never to give out personal information unless you are sure that the person or organization is legitimate. You may also use a password manager to set unique passwords for each of your accounts, ensuring that even if one of them is compromised, the rest of your accounts remain secure. Similarly, you may protect your credit card number and other sensitive information by using a credit monitoring service. But, in the end, the best method to avoid phishing is to be cautious and suspicious of any unsolicited demands for personal information.
What precautions must you take against malware?
Malware is any software that is created with the intent of causing harm to a computer system. Viruses, spyware, and ransomware are examples of this. They can create various issues, including data loss, information theft, and even computer system destruction. You can help safeguard your computer against viruses by doing a few things. To begin, make sure that all of your software, including your operating system, web browser, and antivirus software, is up to date. Install software only from reputable sources, and be cautious about what you disclose on the internet. Also, make sure your firewall is turned on.
How to identify vulnerabilities?
A vulnerability scan is the most popular method of identifying vulnerabilities. A vulnerability scan is a procedure that involves scanning a system for known flaws. These flaws can be identified in the software, hardware, or configuration of the system. Examining the system's logs is another technique to find vulnerabilities. The logs can be used to detect successful assaults as well as those that were tried but failed. The logs can also be used to detect systems and services that are susceptible. Examining the system's configuration is another technique to find vulnerabilities. The configuration can assist in identifying vulnerable settings, such as default passwords or passwords that are easily guessed. Insecure services, such as open ports can also be identified using this configuration.
What is the defensive measure?
The defensive measure is identified as the procedure, action, device, technique or any other measure that is applied to an information system or information stored in the systems that helps in the mitigation of threats.
What are the three types of cyber defence?
The three types of cyber defence are Critical infrastructure security, Application security , Network security.
What are the benefits of cyber security?
Some of the benefits of cyber security are - It helps in the protection of sensitive personal information, The protection of organisational and personal data, It helps in improving productivity, It improves the overall security of the organisation.
What are the three principles of cyber defence?
The three principles of cyber defence are Confidentiality, Integrity and Availability.