Running head: CYBERSECURITY 1

Cybersecurity

Name

Institution Affiliation
CYBERSECURITY 2

Cyber Security

The word “cyber” means related to computer or computer network. Cyber security,

information technology security (IT), or computer security are the techniques or the processes

of providing protection to computers, programs, data, and networks from attacks or other

forms of unauthorized access, that are aimed for causing damages, theft, or exploitation, and

ensuring integrity, availability and confidentiality of information (Gratian et al., 2018). Cyber

security is often confused with information security, although same terms are related to

computer systems. Cyber security focuses on protecting computer system from unauthorised

access or being otherwise damaged or made inaccessible, on the other hand, information

security is a broader category that looks to protect all information access, whether in hard

copy or in digital form. The main objective of cyber security is to control and reduce risk, and

protect information technology assets from malicious attackers. Information security is

designed to ensure the availability, integrity and confidentiality of data.

The major areas covered in cyber security are

 Disaster recovery

 Information Security

 Application security

 Network security

Information security protects data and information against unauthorized access in

order to prevent theft and protect privacy. Key techniques are:

i. Cryptography

ii. Identification, authorization and authentication of user

Disaster recovery planning is a mechanism that involves developing strategies,

performing risk assessment, setting priorities for recovery in the event of a disaster. Foe
CYBERSECURITY 3

businesses to resume normal business operations as quick as possible after a disaster, they

should have a clear disaster recovery plan.

Application security incorporates measures or counter measures that are applied

during the life cycle of growth and development to protect applications from threat that may

occur from defects in the development, maintenance, or design of application. Some of the

common techniques used for application security are

i. Auditing and logging

ii. Input parameter validation

iii. Session management, exception management and parameter manipulation

iv. User/Role Authentication and authorization

Network security involves activities that protect the networks reliability, usability,

safety and integrity. Effective network security targets a variety of threats and prevents them

from entering the network or spreading it (Li, 2018). Network security elements include:

i. Firewall, to block unauthorized access to the network

ii. Anti-virus and anti-spyware

iii. To identify fast spreading threats, such as zero-hour attacks, zero-day, Intrusion

prevention systems (IPS),

iv. Virtual Private Networks (VPNs), to provide secure remote access.

The field of cyber security is increasingly becoming important due to its increased

dependency on computer systems, internet and wireless network standards, such as WI-FI

and Bluetooth, and the growth of smart devices, including televisions, smartphones and the

various devices that make up the Internet.

Why is it Important to have cybersecurity?

Cyber security is one of the most critical challenges facing modern businesses.

Without some sort of wireless network, it is virtually impossible to do business today. It a

CYBERSECURITY 4

technology that attaches computers to each other and enables people to interact with each

other. Unfortunately, it also allows intruders to identify and steal files they're not supposed to

access. The world is dependent more than ever on technology. As a result, the production of

digital data has expanded. Companies and governments now store much of that information

on computers and relay it to other computers through networks (Alnasser, Sun & Jiang,

2019). Devices and their underlying structures have flaws that compromise an organization's

safety and objectives once abused.

Cyber security is also important in collecting, processing and storing unprecedented

amounts of data on computers and other devices by government, military, corporate, financial

and medical organizations. A significant portion of that data may be sensitive and

confidential information, be it intellectual property, financial data, personal information, or

other data forms for which unauthorized access or disclosure may have negative

consequences. Organizations exchange sensitive data in the course of business through

networks and other tools, and cyber security defines the discipline dedicated to protecting that

information and the technologies used to process or store it. As the frequency and complexity

of cyber attacks increase, companies and organizations need to take steps to protect their

confidential business and personal data, particularly those tasked with protecting information

related to national security, health, or financial records (Hasanov, Iskandarov & Sadiyev,

2019). Since early since March 2013, top intelligence officials in the nation have cautioned

that cyber attacks and electronic surveillance are the biggest threat to national security,

overshadowing even terrorism.

A breach of data can have a range of devastating effects on any company. It can

unravel the credibility of a brand by losing confidence in the customer and partner. Loss of

sensitive data, such as source files or intellectual property, may cost the competitive

advantage of a company. Therefore, due to non-compliance with data protection regulations,

CYBERSECURITY 5

a data breach could affect corporate revenues. An average data breach is estimated to cost

$3.6 million to an affected company (Van 2017). With high-profile data breaches making

headlines for media, a strong cybersecurity approach is essential for organizations to adopt

and implement.

Common types of cyber security

Cyber Security safeguards the security of computer-connected networks, equipment,

code and data from cyber attacks. Hackers can access your computer system and misuse your

personal information, customer information, business intelligence, and much more without a

security plan in place. Almost everything now depends n computer and internet –

communication, entertainment, medicine, transportation, shopping, banking, etc. With such

high technology dependence, neglecting the possibility of cybercrime in your company is

extremely risky and potentially harmful business, employees and customers. Some of

different types of cyber security that can be helpful in building a solid foundation for strong

security strategy are:

(i) Cloud security - Cloud protection is a security mechanism focused on code that

protects the information in cloud assets and tracks them. Cloud providers are constantly

developing and implementing new security tools to help business users protect their data

better. Cloud computing data protection is similar to traditional on-site data centers only

without the time and cost of maintaining huge data facilities and there is minimal risk of

security breaches.

(ii) Application security - Applications security are much more available across

networks, making it an important aspect of the project to implement security measures during

the development phase. It helps to ensure that unauthorized access is avoided. Organizations

can also identify and secure sensitive data resources by specific processes of application
CYBERSECURITY 6

security added to these data sets. Types of application securities are encryption programs,

firewalls, and antivirus programs.

(iii) Network security - As cyber security is concerned with external threats, network

security guards against unauthorized intrusion of your internal networks attributable to

malicious intent. Network security maintains that by securing and inhibiting access to the

infrastructure, internal networks are secure. Security teams are now using machine learning to

flag abnormal traffic and alert to threats in real time to help better manage network security

monitoring. Network administrators are beginning to enforce policies and procedures to

prevent unauthorized network access, alteration and use. Examples of network security are;

new passwords, extra logins, and application security.

(iv) Internet of things (IoT) security - IoT applies to a wide range of critical and non-

critical physical cyber networks, including computers, sensors, televisions, wifi routers,

printers, and security cameras. The core technology of the IoT industry is the IoT data center,

analytics, consumer devices, networks, legacy embedded systems and connectors. IoT

devices are often sent in vulnerable condition and provide little or no safety patching. For all

applications, it poses special security challenges.

(v) Data Loss Prevention (DLP) – Protects information by focusing on the

monitoring, location, classification of data in motion, in use and at rest.

Benefits of managing cybersecurity

The benefits of implementing cybersecurity initiatives include;

 Results to improved information security

 Provides protection of end users and their personally identifiable information

 Provides protection to networks and data from any unauthorized access

 Avails a faster recovery times in the event of a breach

 Helps improve confidence in an organization

CYBERSECURITY 7

 Causes an improvement in company credentials with the correct security controls in

place.

Limitations of cybersecurity

Some of the disadvantages and limitations o cyber security are

 Makes the system slower after their installations

 Could be costly for average user

 Incorrect configurations to firewall may at times block user from performing certain

actions to the entire internet, until when the firewall is configured correctly

 Firewalls can be difficult to configure correctly

 Need to keep updating to the new software in order to keep the security up to date.

Cybersecurity Challenges

Hackers, data loss, confidentiality, risk management and changing cybersecurity

approaches are constantly challenging cybersecurity. There is currently nothing to indicate

that cyberattacks are going to decline. In addition, with more entry points for attacks, there is

a need for more approaches to secure digital assets to protect networks and phones. One of

cybersecurity's most troublesome aspects is the ever-evolving existence of security risks.

With the emergence of new technology and the use of existing technologies in new or

different ways, new methods of attack are also being created. It can be difficult for companies

to keep up with these continuing developments and advancements in threats and upgrading

procedures to defend against data thefts (Karlsson, 2016). This also includes making sure that

all cybersecurity components are constantly changed and reviewed to protect against possible

vulnerabilities. With smaller organizations, this can be particularly challenging. In fact, there

are many possible information today that a company can obtain on individuals who engage in

one of its programs.

CYBERSECURITY 8

With more data being gathered, another concern is the likelihood of a cybercriminal

seeking to steal PII. An enterprise that stores PII in the cloud, for instance, can suffer a

ransomware attack and should do what it can to avoid a data breach. Cybersecurity should

also tackle end-user training, as employees on their work computer, laptop or smartphone can

accidentally carry a virus to a workplace. The workforce shortage is another major challenge

for cybersecurity. When business data growth becomes more relevant, there is a growing

need for more cybersecurity personnel with the right skills required to evaluate, manage and

respond to incidents. Worldwide, there are projected to be 2 million unfilled cyber security

jobs. Cybersecurity Ventures has predicted that up to 3.5 million unfulfilled cybersecurity

jobs will be in place by 2021.

Types of cybersecurity threats

There are various forms of cyber threats such as malicious application, malware

exploit kits and phishing. Typically, these types of cyber security attacks attempt to reach,

erase and alter the user's sensitive data. There is therefore a great need for active

cybersecurity methodology to be introduced in the network. Cybersecurity is an important

issue to be discussed (Housen-Couriel, 2016). An effective cyber security approach has

various layers of protection across the network, programs and computers, or data that one

wants to keep safe, as in the current scenario, everyone benefits from advanced cyber defense

programs. There are different types of cyber security threats as discussed below;

(i) Malware

It is a software program designed to gain unauthorized access to harm the system.

Ransomware can be ransomware or just malware to access or destroy the files of the client.

There are various malware types that can and cannot duplicate themselves. And some

malware needs host computing while host computing is not required by the other styles. For a

long time, malware has been around and continues to plague computers to this day. Malware
CYBERSECURITY 9

is a catch-all word for any computer or computer system damage software. In 1999, the first

widely distributed malware, known as the Melissa Virus, was unleased. Eighteen years later,

malware continues to be a dangerous weapon used by cyber criminals to gather information,

commit fraud, or simply cause mayhem. Some of the common malware are viruses, trojans,

worms, rasomware, and spyware.

(ii) Phishing

Phishing attacks are incredibly common and they involve sending massive amounts of

fraudulent emails to unsuspecting users, disguised as coming from a reliable source.

Fraudulent emails often appear to be legitimate, but link the recipient to a malicious file or

script designed to allow attackers to access your device to control or recover it, install

malicious scripts / files, or extract data such as user information, financial information, and

more. Phishing attacks can also take place with hidden intent through social networks and

other online communities, through direct messages from other users (Schneidewind, 2011).

Phishers also use social engineering and other sources of public information to gather

information about your job, preferences, and activities — giving an advantage to attackers to

persuade you they're not who they claim. Many forms of phishing attacks exist, including;

pharming, spear phishing, and whaling.

(iii) Ransomware

It is a kind of malicious software programmed to extortion of money by preventing

the user from accessing data in the computer system until the owner pays the ransom and

paying the ransom does not guarantee that the files will be recovered or that the system will

be restored. There are many cases in which ransomware are filed. A person should take

certain steps to prevent hacking of their data. If necessary, it’s advisable no to pay ransom.

(iv) Trojan Horse Attack

CYBERSECURITY 10

It is the form of attack that depends heavily on human communication and often

involves trying to manipulate the user to break normal security procedures and providing best

practices to allow user access to system, physical location, and network. Applications are

made enticing and the client is fooled into using or opening this file. As soon as the file is

opened, the malware will be activated and the data damage process will begin. Such files or

viruses are sent to the client as an message, audio, or email file or video or image file, etc.

Such types of links or files should not be opened by the user as they can be dangerous

malware and thereby damage the data / files to your device.

(v) Social engineering

Social engineering is a technique used by attackers to trick the user into revealing

confidential information. They will request a monetary payment or have access to your

confidential information. In order to make you more likely to click on links, install malware,

or trust a malicious source, social engineering can be combined with any of the above

described risks.

In conclusion, having an effective cyber security reduces the risk of multiple cyber

threats and attacks, and provides protection to individuals and organizations from

unauthorized exploitation of the technology, network, and technology. There are three threats

to cyber-security: which often involves data collection and is politically motivated; cyberwar

cyber-terrorism, which aims to undermine fear-causing electronic systems, and cybercrime,

which includes single or group of actors to target financial gain systems.

CYBERSECURITY 11

References

Alnasser, A., Sun, H., & Jiang, J. (2019). Cyber security challenges and solutions for V2X

communications: A survey. Computer Networks, 151, 52-67.

Gratian, M., Bandi, S., Cukier, M., Dykstra, J., & Ginther, A. (2018). Correlating human

traits and cyber security behavior intentions. Computers & Security, 73, 345-358.

Hasanov, A., Iskandarov, K., & Sadiyev, S. (2019). THE EVOLUTION OF NATO’S

CYBERSECURITY POLICY AND FUTURE PROSPECTS. Journal of Defense

Resources Management (JoDRM), 10(1), 94-106.

Housen-Couriel, D. (2016). Cybersecurity threats to satellite communications: Towards a

typology of state actor responses. Acta Astronautica, 128, 409-415.

Karlsson, J. (2016). A citizen perspective of phishing in Hong Kong.

Schneidewind, N. (2010). Metrics for mitigating cybersecurity threats to networks. IEEE

Internet Computing, 14(1), 64-71.

Li, J. (2018). Cyber security meets artificial intelligence: A survey. Frontiers of Information

Technology & Electronic Engineering, 19(12), 1462-1474.

Van Schaik, P., Jeske, D., Onibokun, J., Coventry, L., Jansen, J., & Kusev, P. (2017). Risk

perceptions of cyber-security and precautionary behaviour. Computers in Human

Behavior, 75, 547-559.