Major attacks of Cyber Security

Cyber security can be defined as the protectiveness of the Internet connected computers that solely include software, data and hardware from the cyber attacks (Von Solms & Van Niekerk, 2013). This security even consists of the physical security as well as cyber security and these two types of security are utilized by the companies for the protection against the unauthenticated accesses to the data centres or any other computerized system. The information security that is being designed for the perfect maintenance of confidentiality, availability as well as integrity of data, is the significant subset of cyber security. The major elements of the cyber security for any particular information system are application security, network security, operational security and many others (Wang & Lu, 2013). The following essay outlines a brief discussion on the cyber security for any information system. The various attacks related to cyber security, with their mitigation techniques will be given in this report.  

Definition of Cyber Security

Cyber security major refers to the various preventative methodologies that are utilized for the protection of confidential information or data from getting stolen, attacked or even compromised (Hahn et al., 2013). There is a major requirement of the knowledge of various information related threats like malicious codes or viruses. These levels mainly include governmental, corporate and personal networks and devices. The passwords are the tools for cyber security, which the individuals would be encountering regularly (Amin et al., 2013). The other significant tools for cyber security majorly involve software for antivirus or anti malware, firewalls, two factor authentications and encryption. The proper plan for the cyber security is extremely important for all organizations.

Probable Attacks to Computer Systems

There are some of the major and the most significant attacks that are vulnerable for any computer system (Buczak & Guven, 2016). These attacks are listed below:

i) Backdoor: The backdoor within a specific computer system, an algorithm or even a cryptosystem is the subsequent secret methodology for bypassing the various security controls or normal authentication. These types of systems eventually exist for several reasons, which include poor configuration or original designing (Ning, Liu & Yang, 2013). The legitimate access is being blocked by the attacker and this is done for various malicious reasons.

ii) Denial of Service Attacks: The next significant attack that is extremely vulnerable for the cyber security is the denial of service attack. This type of attack is eventually designed for the purpose of making the network resource as well as machine completely unavailable for the respective intended users (Elmaghraby & Losavio, 2014). The attackers could easily deny the services to the specific victims like deliberately entering of wrong passwords for significantly causing the accounts of the victims to be locked. The capabilities of the network and machine are overloaded and then the users are subsequently blocked. The network attack from the single IP address could be easily blocked by the addition of new firewall rules.

iii) Direct Access Attacks: The unauthorized user, who could easily gain the physical access to any system, has the core ability for copying data from this system. These unauthorized users even compromise of security by simply making certain modifications of operating systems, installation of software worms, covert the listening devices and many more (Dunn Cavelty, 2013). The trusted platform module as well as disk encryption are eventually designed for the proper prevention of these attacks.

Mitigation Techniques for Cyber Security Attacks

iv) Eavesdropping: Another important and significant attack on the cyber security is eavesdropping. It is the specific act of surreptitiously or secretly listening to any private conversation within two distinct hosts over a specific network (Sou, Sandberg & Johansson, 2013). Eavesdropping is extremely dangerous for any type of confidential data or information. Although, the attacker does not usually change the content of the confidential data; but knows all of it. Hence, the confidentiality of the data is eventually lost.

v)  Phishing: The fifth significant type of attack for the cyber security is phishing. It is the typical fraudulent attempt for the purpose of acquiring any sensitive information like passwords, usernames or other credentials from the users (Wells et al., 2014). This type of attack is generally carries out by instant messaging or email spoofing.

vi) Social Engineering: Another popular and noteworthy cyber security threat is social engineering. This threat has the objective for convincing the authenticated users to disclose their personal information like card numbers or passwords to access the respective bank account details.

vii) Spoofing: This is the basic act to masquerade as the authenticated entity by simply falsifying the sensitive information. Spoofing is done for gaining the resources or information and using them with wrong intentions (Von Solms & Van Niekerk, 2013). Email spoofing and biometric spoofing are the most common forms of spoofing.

viii) Tampering: This describes the malicious modifications of products. The various security services that are planted for surveillance capabilities within the routers is one of the popular example of tampering.

Proper Mitigation Techniques of Attacks

The various mitigation techniques for the above mentioned attacks are as follows:

i) Mitigation forBackdoor: The most significant mitigation methodology for the cyber threat of backdoor is encryption technique (Wang & Lu, 2013). Encryption is the most effective and efficient method to stop these attacks since it encodes the confidential data or message in an encrypted format.

ii) Mitigation for DoS Attacks: These types of attacks could be easily with the help of few techniques such as filtering, network traffic inspection and proper detection. The network traffic is eventually passed by the high capacity networks with certain filters of traffic scrubbing.

iii) Mitigation for Direct Access Attacks: The direct access attacks could be eventually stopped by taking the help of cloud computing (Hahn et al., 2013). The data management is extremely easier for any organization and hence cyber security is maintained. The insider attacks are also mitigated with this technology of cloud.

iv) Mitigation for Eavesdropping: This type of attack is eventually mitigated with the help of encryption technique. There are two types of algorithms present in encryption technique, which are symmetric algorithm and asymmetric algorithm. Asymmetric algorithm is the most effective encryption algorithm for this cyber threat.

v) Mitigation for Phishing: Anti phishing technique is the best technology for mitigating phishing cyber threat in any information system (Ning, Liu & Yang, 2013). This particular technique helps to stop this type of fraudulent attempt of obtaining personal information to a greater level.

Benefits of Cyber Security

vi) Mitigation for Social Engineering: This type of attack can be easily mitigated by hiding the information as well as other assets. Good awareness training is also important for the mitigation of social engineering attack.

vii) Mitigation for Spoofing: Packet filtering and spoofing detection software is the most efficient mitigation techniques for spoofing (Dunn Cavelty, 2013). Moreover, protocols of cryptographic network are also effective for this.

viii) Mitigation for Tampering: The improvement of data visibility is the basic way for mitigating tampering attack. AI is also effective in this case.

Conclusion

Therefore, from the above discussion, it can be concluded that cyber security is the specific protection of various systems from damage or theft to the software, hardware as well as electronic data. Moreover, the misdirection or disruption of services by the information systems is also checked with the help of cyber security. The reliance or dependency on the Internet connection and computer systems have increased significantly and the several wireless networks like the wireless fidelity or Bluetooth are well protected with the help of cyber security. These types of security issues have risen due to the development of the smart devices like smart phones, smart televisions and many others, which comprise of the Internet of Things. The most significant and dangerous attacks on the cyber security of any information system or smart device are denial of service attacks, eavesdropping, phishing, spoofing, tampering and many more. The above essay has clearly outlined a brief discussion on cyber security and the attacks.

The main benefits of cyber security are as follows:

i) Cyber security helps in improving security of the cyberspace.

ii) The second benefit is that it protects resources and networks (Hahn et al., 2013).

iii) It even protects computers and systems against virus, malware, spyware and worms.

iv) Cyber security protects individual private data.

The negative aspects of cyber security are as follows:

i) Cyber security is extremely expensive.

ii) The configuration is extremely difficult for cyber security (Von Solms & Van Niekerk, 201).

iii) The cyber security often makes the system slower.

iv) Regular up gradation of the software is required for cyber security.

The future developments of cyber security are as follows:

i) Machine Learning: Arms race is the new advancement of machine learning, which helps in cyber security (Dunn Cavelty, 2013).

ii) Resolving Ransomware: The attacks of ransomware are reduced eventually.

iii) Serverless Applications: The serverless applications are the next future developments of cyber security.

References

Amin, S., Litrico, X., Sastry, S., & Bayen, A. M. (2013). Cyber security of water SCADA systems—Part I: Analysis and experimentation of stealthy deception attacks. IEEE Transactions on Control Systems Technology, 21(5), 1963-1970.

Buczak, A. L., & Guven, E. (2016). A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Communications Surveys & Tutorials, 18(2), 1153-1176.

Dunn Cavelty, M. (2013). From cyber-bombs to political fallout: Threat representations with an impact in the cyber-security discourse. International Studies Review, 15(1), 105-122.

Elmaghraby, A. S., & Losavio, M. M. (2014). Cyber security challenges in Smart Cities: Safety, security and privacy. Journal of advanced research, 5(4), 491-497.

Hahn, A., Ashok, A., Sridhar, S., & Govindarasu, M. (2013). Cyber-physical security testbeds: Architecture, application, and evaluation for smart grid. IEEE Transactions on Smart Grid, 4(2), 847-855.

Ning, H., Liu, H., & Yang, L. (2013). Cyber-entity security in the Internet of things. Computer, 1.

Sou, K. C., Sandberg, H., & Johansson, K. H. (2013). On the exact solution to a smart grid cyber-security analysis problem. IEEE Transactions on Smart Grid, 4(2), 856-865.

Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber security. computers & security, 38, 97-102.