What is The Role of Cyber Security in today's Digital world?
CYBER SECURITY – REDUCING FRAUDS AND INCREASING AWARENESS:
Introduction :- If the ancestors of human beings were to wake up today after their long sleep of centuries, they would be amazed to see the revolutionized and digitalized world of contemporary times. The advent of digitalization has affected every sphere of human lives to a considerable extent. However, information technology use has been proving to be a double-edged sword as cyber crime and threats have increased dramatically. As India is moving towards more and more digitalization in all spheres,cyberspace has become a serious concern for national economy as well as as national security.
Cyber Security is the technique of protecting computers,networks, programs and data from unauthorized access or attacks that are aimed for exploitation of cyber-physical systems and critical information infrastructure. Cyber-physical systems integrate sensing, computation, control and networking into physical objects and infrastructure, connecting them to the Internet and to each other.
Examples: Industrial control systems, water systems, robotics systems, smart grid etc.
“Cyber-Security is much more than a matter of IT” – Stephane Nappo
Critical Information Infrastructure:- The Information TechnologyAct of 2000 defines Critical Information Infrastructure as a computer resource, the incapacitation or destruction of which shall have debilitating impact on national security, economy, public health or safety.
Cyber-Threats: - Malware,Viruses, Trojans, Spywares, Backdoors,which allow remote access.Nowadays you would have encountered new terms like Cyber-Terrorism Cyber-Crime and Cyber-War.
Cyber-Terrorism: Cyber-terrorism is the convergence of cyberspace and terrorism. It refers to unlawful attacks and threats of attacks against computers, networks and the information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives.
Cyber-Crimes: - Cybercrime is unlawful acts wherein the computer is either a tool or a target or both. Cybercrimes can involve criminal activities that are traditional in nature such as theft, fraud, forgery, defamation and mischief etc.
Cyber-Wars: Cyber war is an organized effort by a nation state to Conduct operations in cyberspace against foreign nations. Included in this category is the Internet's use for intelligence gathering purposes and for propaganda as we have seen recently in ongoing Russia-Ukraine war.
The ways of Cyber-attacks:
Malware: - Malware is a form of application that performs nefarious activities. Some types of malware are designed to create access to networks, some to spy on credentials while others are simply used to cause disruption Malwares can be used for extortion as well. An example of it can be found in Ransomware attacks of 2017 where a program was designed to encrypt the victim’s files and then ask them to pay a ransom in order to get the decryption key.
Phishing :In Phishing, an attacker tricks an unsuspecting target into handing over valuable information, such as passwords, credit card details, etc.
An example of this is a message regarding One-Time Passwords(OTP). A hacker using a phishing method will send a clickable link where a user can submit their OTPs. Once the link is clicked a hacker will have access to the users personal information.Phishing is the common form of cyber-attack due to its effectiveness and simplistic execution pattern.
Man-in-the-middle attack (MITM) : A man-in-the-middle attack(MITM) consists of a message interception between two parties in an attempt to spy on the targets.
Due to the advent of end-to-end encryption, MITM attacks have taken a dip in frequency of attacks. Such encryptions prevent third parties in intercepting or tampering data transmitted in the network. Whether the network is secure or not is hardly a factor.
Distributed Denial-of-Service (DDoS) attack : In a DDoS attack, an attacker floods a target server with traffic that will disrupt it.
Since most servers cannot handle it, it may lead to services slowing down on the website and if it eventually crashes.
Unlike standard denial-of-service attacks, DDoS uses multiple compromised devices to bombard the target server, which sophisticated firewalls cannot respond to or are unable to.
SQL Injection : This type of cyber- attack targets specific SQL databases. These databases use SQL statements for data query.
In case permissions are not set properly, a hacker can manipulate SQL queries into changing the data if not deleting them altogether.
Zero-day Exploit : When cyber-criminals learn of a vulnerability in a frequently used software application they target users and
institutions using the software to exploit it until a fix is available. This is called a Zero-day exploit.
DNS Tunnelling : A DNS Tunnelling provides attackers with a stable and consistent line of communication to the given target.The malware used will gather information as long as the DNS tunnelling is active. Chances are that firewalls won’t be able detect such an attack.
Business Email Compromise (BEC)
In a BEC attack, hackers target employees who have specific authority to finalize business transactions. They trick them into transferring money into an account belonging to the hacker.BEC attacks are the most common, if not one of the most damaging attacks for a business firm.
Crypto-jacking : - Crypto-jacking is used to target a computer in order to mine crypto currencies such as bitcoin. The hackers will be able to get all the crypto currency they can instead of the original owners. Crypto-jacking is not so widely known but its severity cannot be underestimated.
Drive-by Attack:- A website is loaded with a malware, and when a visitor happens to come across such a website their device is infected with the malware. The malware will steal valuable data or crash the system.
Steps taken by the Government:-
Indian National Security Council: - To shape the ecosystem related to cyber policy.
National Cyber Security Strategy:- To focus on security in the early stages of design in all digitisation initiatives.
Computer Emergency Response Team (CERT-In):- For alerts regarding cybersecurity breaches and issues.
Indian Cyber Crime Coordination Centre (I4C):- To handle several issues regarding cybercrime in a comprehensive and coordinated manner.
Cyber Swachhta Kendra: - To create a secure cyberspace by detecting botnet infections in India.
Centre-State Nexus Towards Secure Cyberspace:- With police and public order being in the State List, the primary objective to check crime and create the necessary cyberinfrastructure lies with States.
Legislative Provisions :- Information Technology Act has been enacted in 2000 to provide legal recognition to the electronic commerce transactions and electronic exchange of information.
The important sections of the act are – Section 66- Punishes for unauthorized access to computer source and electronic media.
Section 69 :- Allow electronic surveillance of any computer source in national intrest. Chines apps are banned by the Government under section 69A.
Section 79 :- Safeguard available to microblogging site like twitter, facebook and whats up etc. Under this the Government can ban these sites if they are not in compliance with the law of the land.
Conclusion:- It is finally the human resource behind every act, so everyone need to be aware, alert as cyber security is everybody responsibility.
Comments
Post a Comment