Poor Cyber Security Awareness

Cyber security awareness is the combination of both knowing and doing something to protect a business’s information assets. When an enterprise’s employees are cyber security aware, it means they understand what cyber threats are, the potential impact a cyber-attack will have on their business and the steps required to reduce risk and prevent cyber-crime infiltrating their online workspace.

Mistakes commonly done due to lack of awareness are:

1. Opening Emails from Unknown People

Email is the preferred form of business communication Opening an unknown email, or an attachment inside an email, can release a virus that gives cybercriminals a backdoor into your company's digital home.

Solutions:

1.      Advise employees not to open emails from people they don't know.

2.      Advise employees to never open unknown attachments or links.

2. Having Weak Login Credentials

Repetitive passwords that use personal information, such as a nickname or street address, are a problem. Cybercriminals have programs that mine public profiles for potential password combinations and plug in possibilities until one hits. They also use dictionary attacks that automatically try different words until they find a match.

Solutions:

1.      Require employees to use unique passwords

2.      Add numbers and symbols to a password for increased security.

3.      Create rules that require employees to create unique, complex passwords of at least 12 characters; and change them if they ever have reason to believe that they have been compromised.

3. Having Access to Everything

In some cases, companies don't compartmentalize data. In other words, everyone from interns to board members can access the same company files. Giving everyone the same access to data increases the number of people who can leak, lose or mishandle information.

Solutions:

1.      Set up tiered levels of access, giving permission only to those who need it on each level.

2.       Limit the number of people who can change system configurations.

3.      Don’t provide employees with admin privileges to their devices unless they really require such set up. Even employees with the admin rights should only use them as needed, not routinely.

4. Lacking Effective Employee Training

Research shows the majority of companies do offer cybersecurity training. However, only 25% of business executives believe the training is effective.

Solutions:

Provide annual cybersecurity awareness training. Topics could include:

·         Reasons for and importance of cybersecurity training

·         Phishing and online scams

·         Locking computers

·         Password management

·         How to manage mobile devices

·         Relevant examples of situations

5. Not Updating Antivirus Software

Antivirus updates are important, should be handled promptly and shouldn't be left to employees.

Solutions:

1.      Set up all system updates to take place after work hours automatically.

2.      Don't let any employee, no matter what their title, opt out of this company policy.

6. Using Unsecured Mobile Devices

Every device should be password protected. If a device is lost or stolen, have a point of contact to report this to and steps taken to deactivate the device remotely.

Use endpoint security solutions to manage mobile devices remotely.

Don’t conduct confidential transactions using untrusted public Wi-Fi.

Unprotected Broadband Communications

Broadband is wide bandwidth data transmission which transports multiple signals at a wide range of frequencies and Internet traffic types that enables messages to be sent simultaneously, used in fast internet connections.

Broadband commonly refers to high-speed Internet access that is always on and faster than the traditional dial-up access. 

Broadband includes several high-speed transmission technologies such as:

    Digital Subscriber Line (DSL)

    Cable Modem

    Fiber

    Wireless

    Satellite

    Broadband over Powerlines (BPL)

Whenever a computer is connected to the Internet, there is risk of unauthorized access. When a dial-up connection is used, the risk is decreased because the duration of the connection is short for most users. For most users dialing into an Internet Service Provider (ISP), the user receives a different IP address with each logon. To penetrate a system connected via dial-up, an intruder would need the host’s current IP address and would have to compromise the host in a relatively short period of time before it was disconnected.

With dedicated broadband connections, a computer is connected to the Internet—and capable  of sending and receiving data Even though a user may be using the  machine only a few hours each day, the machine remains connected to the Internet and therefore vulnerable to attack.

Certain dedicated connections, particularly DSL lines, use dynamic IP addresses, similar to the way dial-up connections operate. While this may reduce the risk of an attacker targeting a specific user, it does not significantly reduce the risk to the average user. Most intruders arbitrarily scan the Internet for vulnerable systems. If a computer is powered on in the morning and powered off at night, the IP address will remain the same during the entire day.

An attacker who finds the machine during a random scan may potentially have several hours to penetrate the system.

An unsecure wireless connection is one you can access without a password. Public networks offered in places like cafes are often open. Although these provide free wireless Internet access, using public Internet comes with dangers.

The two types of public networks are ones that are left open by businesses and ones that are left open by individuals.

An open network from a business allows customers to use the Internet in the establishment -- such as coffee shops.

An open network in a home comes from a router that hasn't been secured.

Risks of using public networks

1. Theft of Personal Information

One of the most serious and common threats is theft of personal information. Personal information comes in many forms:

• Login credentials
• Financial information
• Personal data
• Pictures

If a hacker gets access to your computer or other personal devices through a compromised public WiFi connection, they could have free rein over everything stored. Once hackers obtained your details, they can log in to your personal pages and cause damage to your finances and reputation. If they don't get full access to the data on your computer, they could still intercept information you are sending over the Internet.

2. Man-In-The-Middle Attacks

A man-in-the-middle attack happens when someone "impersonates" a legitimate public WiFi service to trick you into connecting.

3. Unencrypted Connections

When you connect to a website that supports encryption, the data that goes back and forth gets encrypted using a secure key. If someone were to intercept that data without the possession of the key, they wouldn't be able to read it - the data would look like unreadable computer code.

When you are connected to a public WiFi network, anyone within range of your computer can intercept everything you send or receive. If you are connected to an unencrypted website, it will all be fully readable.

4. Packet Sniffing / Eavesdropping

Anyone connected to the same WiFi network as you can eavesdrop on what you send and receive using a tool called a packet analyzer or packet sniffer. These tools provide the possibility to view everything transmitted over the WiFi network, provided it is not encrypted.

5. Malware Distribution

Another threat that can occur while using public WiFi, is the implementation of malware on your device. Malware exists in many forms:

• Viruses
• Worms
• Trojan horses
• Ransomware
• Adware

If someone on the same public WiFi as you has bad intentions, they could plant malware on your computer if it is not protected properly. A suspect WiFi provider could use the hotspot itself to infect your computer with one or more of these threats.

6. Session Hijacking

Session hijacking is another public WiFi security threat. In this case, an attacker intercepts information about your computer and its connection to websites or other services. Once the attacker has that information, he can configure his own computer to match yours and hijack the connection.

Security in unprotected broadband communication

i. Use a Virtual Private Network – the information is encrypted

ii. Choose SSL(Secure Socket Layer) networks

iii. Switch off sharing

iv. Use firewalls to filter data transmission

v. use a security tool.

Weak Authentication

Authentication is the process of verifying the identity of a given user or client.

Weak Authentication refers to any situation in which the authentication mechanism's strength is insufficient in comparison to the importance of the assets being secured. It also covers situations where the authentication function is faulty or insecure.

Most vulnerabilities in authentication mechanisms arise in one of two ways:

• The authentication mechanisms are weak because they fail to adequately protect against brute-force attacks.
• Logic flaws or poor coding in the implementation allow the authentication mechanisms to be bypassed entirely by an attacker. This is sometimes referred to as "broken authentication".

Practices To Avoid Weak Authentication

Practices to Avoid Weak Authentication vulnerabilities include:

• Adopting a strong Password Policy and enforcing it consistently in all applications
• Using Two-Factor or Multi-Factor Authentication.
• Integrating an industry standard authentication framework.
• Adding Risk-based Authentication and escalating challenges as circumstances warrant.
• Ensuring that authentication is a pre-condition to access all application resources.
• Keeping the authentication token secure and limited in lifetime.

Network security architecture

Cybersecurity architecture, also known as  “network security architecture”, is a framework that specifies the organizational structure, standards, policies and functional behavior of a computer network, including both security and network features.

A cybersecurity architecture framework is one component of a system’s overall architecture. It’s designed and built to provide guidance during the design of an entire product/system.

The purpose of cybersecurity architecture is simply to ensure that the main network architecture of a company including sensitive data and critical applications are fully protected against any present or future threats and breaches.

Network Architecture

Network architecture refers to the way network devices and services are structured to serve the connectivity needs of client devices.

Network architecture refers to how network elements are organized in a system, and how tasks are allocated between and across those elements. It is the complete physical and logical design of an organization’s network infrastructure often represented as a map or schematic diagram.

Types of network architectures

The two types of network architectures are used:

• Peer-To-Peer network
• Client/Server network

I. Peer-To-Peer network

• Peer-To-Peer network is a network in which all the computers are linked together with equal privilege and responsibilities for processing the data.
• Peer-To-Peer network is useful for small environments, usually up to 10 computers.
• Peer-To-Peer network has no dedicated server.
• Special permissions are assigned to each computer for sharing the resources, but this can lead to a problem if the computer with the resource is down.

Advantages Of Peer-To-Peer Network:

• It is less costly as it does not contain any dedicated server.
• If one computer stops working but, other computers will not stop working.
• It is easy to set up and maintain as each computer manages itself.

Disadvantages Of Peer-To-Peer Network:

• In the case of Peer-To-Peer network, it does not contain the centralized system . Therefore, it cannot back up the data as the data is different in different locations.
• It has a security issue as the device is managed itself.

 

II. Client/Server Network

• Client/Server network is a network model designed for the end users called clients, to access the resources such as songs, video, etc. from a central computer known as Server.
• The central controller is known as a server while all other computers in the network are called clients.
• A server performs all the major operations such as security and network management.
• A server is responsible for managing all the resources such as files, directories, printer, etc.
• All the clients communicate with each other through a server. For example, if client1 wants to send some data to client 2, then it first sends the request to the server for the permission. The server sends the response to the client 1 to initiate its communication with the client 2.

Advantages Of Client/Server network:

• A Client/Server network contains the centralized system. Therefore we can back up the data easily.
• A Client/Server network has a dedicated server that improves the overall performance of the whole system.
• Security is better in Client/Server network as a single server administers the shared resources.
• It also increases the speed of the sharing resources.

Disadvantages Of Client/Server network:

• Client/Server network is expensive as it requires the server with large memory.
• A server has a Network Operating System (NOS) to provide the resources to the clients, but the cost of NOS is very high.
• It requires a dedicated network administrator to manage all the resources.

System administration

System administrators(sysadmins) are information technology (IT) professionals who make sure an organization’s computer systems are functioning and meet the needs of the organization. Sysadmins support, troubleshoot, and maintain computer servers and networks.

A system administrator’s job description might include: 

• Managing different operating system(Windows,Linux,Mac) systems
• Upgrading, installing, and configuring application software and computer hardware
• Troubleshooting and providing technical support to employees
• Creating and managing system permissions and user accounts
• Performing regular security tests and security monitoring
• Maintaining networks and network file systems

Sysadmins are ultimately responsible for the upkeep, configuration and reliable operation of computer systems, especially those with multiple users like servers. They aim to ensure that the uptime, performance, resources, and security of the system they manage meets the users’ needs within their company’s budget.

Skills you need as a system administrator

• In-depth knowledge of operating systems: Whether it’s Windows, Linux, or Mac, hiring managers generally look for competency in administering the operating system used in their company. Windows and Linux operating systems have been widely embraced and are good systems to start with, though it’s a good idea to check if your industry favors one over others.

• Familiarity with hardware: Working physical devices—such as servers or printers—will be an important part of a system administrator's job. 

• Cloud computing skills: Familiarity with cloud applications like Office365, Google Cloud Platform, and AWS can give you a boost in the hiring process.

• Knowledge of networks: Being able to set up and maintain Local Area Networks (LAN) and Wide Area Networks (WAN), in addition to setting up network security features like firewalls, are often expected of system administrators. This might often be the case at smaller companies, where IT professionals are expected to wear many hats.

• Communication and interpersonal skills: In addition to working on a team, sysadmins will often be expected to help other employees that don’t have the same technical knowledge, through help desk support or other means. Being able to communicate well will be a key part of a system administrator’s successful day-to-day tasks.

 Role and responsibilities of Security systems administrator

Security systems administrator are responsible for desktop, mobile, and network security, and are also responsible for installing, administering and troubleshooting an organization’s security solutions.

A security systems administrator is someone who gives expert advice to companies regarding their internal security procedures and can also help to detect any weaknesses in a company's computer network that may make them vulnerable to cyber attacks.

Security systems administrators are a company’s first step in monitoring suspicious activity either within the local network or from outside internet traffic.

Security systems administrators are in charge of the daily operation of security systems, and can handle things like systems monitoring and running regular backups; setting up, deleting and maintaining individual user accounts; and developing organizational security procedures.

Security systems administrators train staff on proper protocols, monitor network traffic for any suspicious activity, perform risk assessment, audit machines and their software, update software on the latest security patches, and ensure that each network resource has the proper defenses.

They can even defend against zero-day malware and in some cases, may provide evidence of a cyber attack to prosecute individuals for breaching security.

A security systems administrator's responsibilities may include the following:

• Defending systems against unauthorized access
• Performing vulnerability and penetration tests
• Monitoring traffic for suspicious activity
• Configuring and supporting security tools (firewalls, antivirus, and IDS/IPS software)
• Implementing network security policies
• Analyzing and establishing security requirements
• Identifying threats and working on steps to defend against them
• Training employees in security awareness/procedures
• Developing and updating disaster recovery protocols
• Conducting security audits
• Making policy recommendations
• Providing technical security advice
• Consulting with staff, managers and executives on best security practices

Software Vulnerability

A software vulnerability is a defect in software that could allow an attacker to gain control of a system. These defects can be because of the way the software is designed, or because of a flaw in the way that it’s coded.

An attacker first finds out if a system has a software vulnerability by scanning it.  The scan can tell the attacker what types of software are on the system, are they up to date, and whether any of the software packages are vulnerable.  When the attacker finds that out, he or she will have a better idea of what types of attacks to launch against the system.  A successful attack would result in the attacker being able to run malicious commands on the target system.

An attacker can exploit a software vulnerability to steal or manipulate sensitive data, join a system to a botnet, install a backdoor, or plant other types of malware.  Also, after penetrating into one network host, the attacker could use that host to break into other hosts on the same network.

I. Causes a Software Vulnerability

There are two main things that can cause a software vulnerability. 

i. A flaw in the program’s design, such as in the login function, could introduce a vulnerability.  

ii. Even if the design is perfect, there could still be a vulnerability if there’s a mistake in the program source code.

Coding errors could introduce several types of vulnerabilities, which include the following:

Buffer overflows – These allow someone to put more data into an input field than what the field is supposed to allow.  An attacker can take advantage of this by placing malicious commands into the overflow portion of the data field, which would then execute.

SQL Injection – This could allow an attacker to inject malicious commands into the database of a web application.  The attacker can do this by entering specially-crafted Structured Query Language commands into either a data field of a web application form, or into the URL of the web application.  If the attack is successful, the unauthorized and unauthenticated attacker would be able to retrieve or manipulate data from the database.

Third-party libraries – Many programmers use third-party code libraries, rather than try to write all software from scratch.  This can be a real time-saver, but it can also be dangerous if the library has any vulnerabilities.  Before using any of these libraries, developers need to verify that they don’t have vulnerabilities.

Application Programming Interfaces – An API, which allows software programs to communicate with each other, could also introduce a software vulnerability.  Many APIs are not set up with strict security policies, which could allow an unauthenticated attacker to gain entry into a system.

Prevention:

The best way to deal with a software vulnerability is to prevent it from happening in the first place.  Software developers need to learn secure coding practices, and automatic security testing must be built into the entire software development process.

Software developers are responsible to continually monitor for publications of new vulnerabilities that affect software they sold. Once such a vulnerability is discovered they must patch it as quickly as possible and send an update to the users.

End users have the responsibility of keeping their systems up-to-date, especially with installing security-related software patches.

Types of Vulnerabilities

The most common types of cyber security vulnerabilities:

System Misconfigurations

Network assets that have disparate security controls or vulnerable settings can result in system misconfigurations. Cybercriminals commonly probe networks for system misconfigurations and gaps that look exploitable. Due to the rapid digital transformation, network misconfigurations are on the rise. Therefore, it is important to work with experienced security experts during the implementation of new technologies.

Out-of-date or Unpatched Software

Similar to system misconfigurations, hackers tend to probe networks for unpatched systems that are easy targets. These unpatched vulnerabilities can be exploited by attackers to steal sensitive information. To minimize these kinds of risks, it is essential to establish a patch management schedule so that all the latest system patches are implemented as soon as they are released.

Missing or Weak Authorization Credentials

A common tactic that attackers use is to gain access to systems and networks through brute force like guessing employee credentials. That is why it is crucial that employees be educated on the best practices of cybersecurity so that their login credentials are not easily exploited.

Malicious Insider Threats

Either with malicious intent or unintentionally, employees with access to critical systems sometimes end up sharing information that helps cyber criminals breach the network. Insider threats can be really difficult to trace as all actions will appear legitimate. To help fight against these types of threats, one should invest in network access control solutions, and segment the network according to employee seniority and expertise.

Missing or Poor Data Encryption

It’s easier for attackers to intercept communication between systems and breach a network if it has poor or missing encryption. When there is poor or unencrypted information, cyber adversaries can extract critical information and inject false information onto a server. This can seriously undermine an organization’s efforts towards cyber security compliance and lead to fines from regulatory bodies.

Zero-day Vulnerabilities

Zero-day vulnerabilities are specific software vulnerabilities that the attackers have caught wind of but have not yet been discovered by an organization or user.

There are no available fixes or solutions since the vulnerability is not yet detected or notified by the system vendor. These are especially dangerous as there is no defense against such vulnerabilities until after the attack has happened. Hence, it is important to remain cautious and continuously monitor systems for vulnerabilities to minimize zero-day attacks.

Cyber Security Vulnerabilities

In cyber security, vulnerability is a weakness that can be exploited by cybercriminals to gain unauthorized access to a computer system. After exploiting vulnerability, a cyber attack can run malicious code, install malware and even steal sensitive data.

Vulnerabilities can be exploited by a variety of methods including SQL injection, buffer overflows, cross-site scripting (XSS) and open-source exploit kits that look for known vulnerabilities and security weaknesses in web applications.

I. Causes of Vulnerabilities

There are many causes of vulnerabilities including:

Complexity

‍Complex systems increase the probability of a flaw, misconfigurations or unintended access.

Familiarity

‍Common code, software, operating systems and hardware increase the probability that an attacker can find or has information about known vulnerabilities.

Connectivity

‍The more connected a device is the higher the chance of a vulnerability.

Poor Password Management

‍Weak passwords can be broken with brute force and reusing passwords can result in one data breach becoming many.

Operating System Flaws

‍Like any software, operating systems can have flaws. Operating systems that are insecure by default and allow any user to gain access and potentially inject viruses and malware.‍

Internet Usage

‍The Internet is full of spyware and adware that can be installed automatically on computers.

Software Bugs

‍Programmers can accidentally or deliberately leave an exploitable bug in software. Sometimes end users fail to update their software leaving them unpatched and vulnerable to exploitation.

Unchecked User Input

‍If your website or software assumes all input is safe it may execute unintended SQL commands.

People

‍The biggest vulnerability in any organization is the human at the end of the system. Social engineering is the biggest threat to the majority of organizations.

II. Vulnerabilities Classification

Vulnerabilities can be classified into six broad categories

1. Hardware

Susceptibility to humidity, dust, soiling, natural disaster, poor encryption or firmware vulnerability.

2. Software

‍Insufficient testing, lack of audit trail, design flaws, memory safety violations (buffer overflows, over-reads, dangling pointers), input validation errors (code injection, cross-site scripting (XSS), directory traversal, email injection, format string attacks, HTTP header injection, HTTP response splitting, SQL injection), privilege-confusion bugs (clickjacking, cross-site request forgery, FTP bounce attack), race conditions (symlink races, time-of-check-to-time-of-use bugs), side channel attacks, timing attacks and user interface failures (blaming the victim, race conditions, warning fatigue).

3. Network

Unprotected communication lines, man-in-the-middle attacks, insecure network architecture, lack of authentication or default authentication.

4. Personnel

Poor recruiting policy, lack of security awareness and training, poor adherence to security training, poor password management or downloading malware via email attachments.

5. Physical site

‍Area subject to natural disaster, unreliable power source or no keycard access.

6. Organizational

‍Lack of audit, continuity plan, security or incident response plan.

National Cyber Security Policy 2013

The National Cyber Security Policy 2013 aims at

(1) facilitating the creation of secure computing environment

(2) enabling adequate trust and confidence in electronic transactions and

(3) guiding stakeholders actions for the protection of cyberspace.

National Cyber Security Policy is a policy framework by Department of Electronics and Information Technology.

The National Cyber Security Policy document outlines a roadmap to create a framework for comprehensive, collaborative and collective response to deal with the issue of cyber security at all levels within the country.

The “National Cyber Security Policy” has been prepared in consultation with all relevant stakeholders, user entities and public.

The policy recognises the need for objectives and strategies that need to be adopted both at the national level as well as international level.

VISION

To build a secure and resilient cyberspace for citizens, business, government and also to protect anyone from intervening in user's privacy.

MISSION

To protect information and information infrastructure in cyberspace, build capabilities to prevent and respond to cyber threat, reduce vulnerabilities and minimize damage from cyber incidents through a combination of institutional structures, people, processes, technology, and cooperation.

Ministry of Communications and Information Technology (India) define objectives as follows:

1. To create a secure cyber ecosystem in the country, generate adequate trust and confidence in IT system and transactions in cyberspace and thereby enhance adoption of IT in all sectors of the economy.

2. To create an assurance framework for the design of security policies and promotion and enabling actions for compliance to global security standards and best practices by way of conformity assessment (Product, process, technology & people).

3. To strengthen the Regulatory Framework for ensuring a SECURE CYBERSPACE ECOSYSTEM.

4. To enhance and create National and Sectoral level 24X7 mechanism for obtaining strategic information regarding threats to ICT infrastructure, creating scenarios for response, resolution and crisis management through effective predictive, preventive, protective response and recovery actions.