How Technology Is Changing How We Treat cyber security?

Introduction

Cybersecurity is the process by which people and organizations lower their vulnerability to cyberattacks. Cyber security's core function is to protect the devices we all use (smartphones, laptops, tablets, and computers) and the services we access - both online and at work - from theft or damage.

Preventing unauthorized access to the enormous volumes of personal data we keep on these devices and online is another goal.

Firstly, we need to know about Cybercrimes.

Cybercrime is defined as criminal activity that targets or utilizes a computer, computer network, or networked device. The vast majority of cybercrime is committed by profit-driven hackers or cybercriminals. Sometimes, though, cybercrime seeks to harm networks or computers for purposes other than financial gain. These could be personal or political.

Organizations or individuals can commit cybercrime. Some cybercriminals are highly organized, technically skilled, and use innovative techniques. Some are not experienced hackers.

Cybercrime types include:

• Fraud using email and the internet.

• Identity fraud is the theft and use of personal data.

• Theft of card payment or financial information.

• Theft and commercial data sales.

• Demanding money to stop a threatened assault is known as cyber extortion.

• Attacks using ransomware, a form of cyber extortion.

• The practice of hackers mining cryptocurrency with resources they do not control is known as "cryptojacking."

• Hackers gaining access to government or corporate data is known as cyber espionage.

• Disrupting systems in a way that puts a network at risk.

• Copyright infringement.

• Unlawful gaming.

• Selling illicit goods on the internet.

• Either requesting, creating, or having child pornography.

Cyber attack

An intentional and malevolent attempt by one person or group to compromise the information system of another person or group is known as a cyberattack. The attacker typically wants to gain something by interfering with the victim's network.

Types of Attacks

Active attacks

Active attacks are those in which the attacker makes an attempt to alter or modify the messages' content. Active attacks threaten integrity as well as availability. The system is constantly harmed by active attacks, and its resources can be altered. The most crucial aspect of an active attack is that the victim is made aware of it.

Passive attacks

Attacks that include the attacker observing or copying the content of messages are known as passive attacks. Confidentiality is at risk from passive attacks. The system is unharmed because of the passive attack. The most crucial aspect of a passive attack is that the victim is not made aware of it. 

DOS and DDOS attacks

A distributed denial-of-service (DDoS) assault is a DoS attack that employs numerous sources, whereas a denial-of-service (DoS) attack uses a single source to bombard a target with traffic. Because DDoS attacks originate from various sources, they are more challenging to identify and prevent than DoS attacks. 

DOS Attack

A DOS (Denial of Service) assault is a kind of cyberattack in which a computer connected to the internet overloads another computer with traffic, particularly a server, in an attempt to cause it to crash. It consistently overloads the server with requests, resulting in either a server crash or the website becoming inaccessible to users. Specifically, denial-of-service (DoS) assaults can render a website inaccessible, causing a significant disruption to online services.

DDOS Attack

A denial of service This is a condensed version of a Distributed Denial of Service attack. It functions similarly to a DOS attack but is more complex because it is initiated with the assistance of multiple systems spread across various locations. These systems, which are frequently referred to as "bots" or "ge fringe computers," work in tandem to increase the volume of traffic to a point where it is considerably more challenging for the target to counter. One inherent benefit of a dispersed assault is that it is challenging to identify its source and, as a result, prevent it.

Let’s talk about cyberspace.

American science fiction author William Gibson coined the word "cyberspace" in his book Neuromancer at the beginning of the 1980s. It describes the virtual world made up of interconnected computer and electronic systems. In other words, cyberspace is the environment where digital interactions, data exchange, and online communication occur.

Cyberspace is extremely important in practically every facet of life in today's interconnected society. It is the one platform that enables technical innovation, facilitates international communication, propels economic activity, and maintains vital infrastructures. The modern world as we know it would effectively end without cyberspace.

Cybersecurity Objectives

Preventing information from being stolen, compromised, or attacked is the aim of cybersecurity. At least one of three objectives can be used to gauge cybersecurity:

• Preserve data confidentiality.

• Maintain the data's integrity.

• Encourage data accessibility for authorized users.

These objectives make up the CIA trinity, which is the cornerstone of all security initiatives. The CIA trio is a security paradigm intended to direct information security practices inside a business or organization. To prevent confusion with the Central Intelligence Agency, this paradigm is often known as the AIC (Availability, Integrity, and Confidentiality) triad. The three most important aspects of security are said to be the triad's components.

1. Privacy

Confidentiality prevents information from being disclosed without authorization and is approximately comparable to privacy. It entails safeguarding data by granting access to those who are permitted to view it while preventing others from discovering anything about its contents. It ensures that the correct individuals can receive important information while preventing it from getting to the wrong people. One effective way to guarantee confidentiality is through data encryption.

2. Honesty

The techniques used to guarantee that data is authentic, correct, and protected against unauthorized user alteration are referred to as integrity. It is the characteristic that the information's source is authentic and that it hasn't been altered without authorization.

3. Accessibility

The capacity of information to be quickly and easily accessed and altered by people with the right authority is known as availability. It is the assurance that authorized individuals will always have dependable access to our private information.

Availability Tools

• Physical Defenses

• Redundancies in Computation

India's Cyber Laws

Cybercrime, to put it simply, is any illegal activity in which a computer is used as a tool, a target, or both. Traditional criminal offenses covered by the Indian Penal Code, including theft, fraud, forgery, defamation, and harm, can also be included in cybercrimes. The Information Technology Act of 2000 addresses a variety of new-age offenses that have been brought about by computer abuse.

Cybercrimes can be divided into two categories.

• The Computer as a Target: Attacking other computers using a computer.

Such as DOS attacks, virus/worm attacks, and hacking.

• Using a computer to perpetrate crimes in the real world is known as "computer as a weapon."

Such as pornography, credit card fraud, EFT fraud, IPR violations, and cyberterrorism.

The term "cyber law," often known as "cyberlaw," refers to the legal concerns surrounding the use of communications technology, namely "cyberspace" or the Internet. Since it is the nexus of numerous legal domains, including intellectual property, privacy, freedom of expression, and jurisdiction, it is less of a separate area of law than property or contracts. Cyber law is essentially an effort to combine the legal frameworks of the physical world with the issues posed by human behavior on the Internet.

Policies for Cyber Security

A corporation issues security policies as a formal set of recommendations to make sure that users who are permitted access to corporate technology and information assets follow the rules and regulations about information security. It is an organizational document that outlines how to safeguard the organization from dangers and deal with them when they arise. According to this definition, a security policy is a "living document" that is constantly updated to reflect changes in personnel and technological requirements.

The Best Advice for Maintaining Internet Security

• The best advice for being safe online.

• Make sure your email password is distinct and strong.

• Install the most recent app and software updates.

• Activate two-step verification (2SV).

• Using browsers and apps to securely store your credentials is known as password management.

• Making a data backup.