Dino Cajic's Cybersecurity Intro

What is Cybersecurity? Easy question with a not-so-straightforward answer. The definition differs based on the person or organization that you ask. A person that needs to safeguard their Instagram account will define Cybersecurity much differently than an organization that deals with patient data, and even that organization will define it differently than a government that’s safeguarding its citizens.

Individuals are mostly concerned with securing their personal data and keeping their accounts protected from hijackers. They want their devices operating efficiently and without prying eyes.

Businesses need not only worry about their intellectual property, they also need to secure customer data. This might include securing web-servers, keeping customer’s personal data secure, and encrypting credit cards, or preferably working with organizations that handle payment processing.

Governments spend billions of dollars on cybersecurity. State actors and individual hackers are always looking at exploiting the government infrastructure. Cyber Defense teams are prevalent. They implement policies and laws aimed at reducing cyber risk. There are federal agencies, like the NSA, that implement cyber defense programs that intercept cyber attacks.

Cybersecurity is just a subset of information security. Information security secures all types of information. Cybersecurity just focuses on the cyber portion of information security. To help differentiate the two, a cybersecurity policy might require that users create a 20 character password and utilize multi-factor authentication (MFA). To remember the password, the user writes it down on a stick-note and puts it on their monitor. The system is fully secured, but the password is still visible. This is now part an infringement of the information security policy that might require that passwords are not written down or if written down stored in a specific place.

Cybersecurity is Constantly Evolving

I know that whenever I pick up a new book on cybersecurity, I check to see when it was published. If it wasn’t published this year, it’s already dated. Even books that were published the current year are already probably already slightly dated due to the length of time it took to write the book.

One example might be the focus on MFA. The standard was that you receive a code via SMS until that stopped being as secure. Then the authenticator apps came. A couple of weeks ago, hackers got into CloudFlare and Twilio via the simplest possible way imaginable:

  • They created a replica of the login.
  • They sent an email to the employees.
  • Employees entered their username and password into the hacker’s website.
  • Hackers entered their credentials into the legitimate website.
  • The legitimate website triggered the authenticator app to generate a code.
  • The user entered the code into the attacker’s website.
  • The attacker entered the code into the legitimate website.

It stinks that Cloudflare has probably stopped millions of attacks, but it takes just one to make the news. Even with all of the cybersecurity policies in place, the weakest link is the user. FIDO2-compliant security keys can prevent attacks like this, until hackers discover new and innovative way to break in.

Look at all of the encryption standards. I remember implementing MD5 hash function since that was the most secure at the time. However, vulnerabilities have been discovered and it became pretty much worthless. How many web-applications are still encrypting user password using MD5 hashes? I’m sure it’s a disturbing amount. This article, published as recently as 2019, states that a “quarter of the major CMS’s use outdated MD5 as the default password hashing scheme.

As new technology roles out, so do new cybersecurity vulnerabilities. Cybersecurity is always trying to catch up, unfortunately. As the pace of technological innovation increases, so does cybersecurity risk.

Convenience

Convenience is a big factor in the evolution of cybersecurity. While individuals used to store sensitive information on their physical drives, that might have been disconnected from the internet altogether, that’s not what’s done anymore. Physical drives used to be locked in safes so that even if someone broke into a business, getting into a safe would be considerably more difficult.

Now, businesses have employees working from home, using their own personal devices, and sharing information within and outside of the organization. It’s become increasingly more of an IT task to secure that communication, implementing information and cybersecurity policies, generating protocols, and locking down the information as tightly as possible.

With personal devices, people use them for both business and personal purposes, like logging into a business bank account and logging into Facebook. Individuals increasingly give away more permissions to applications that they have on their devices, that may actually be there for nefarious reasons, like logging keystrokes.

Everything is Connected

From your computer to your toaster, devices are becoming increasingly more connected to the internet. Internet of Things (IoT) describes physical devices that are connected to the internet and that share information. What happens when most of those devices rely on a particular library that was just exploited? Doesn’t seem like something that could happen, but that’s exactly what happened with the Log4J vulnerability. How are you going to update each device that you have connected to the network? Can you even do it?

The Cybersecurity division of your organization needs to be able to have a plan in place to contact companies that manage the firmware of the devices so that they can update them.

More Information Than Ever Before

People have no idea how much information is available about them online. They share information openly through social media platforms. Their movement is logged whenever they use navigation apps. Users have to actively opt-out of these apps in order to not be tracked.

All of this information makes it much easier for hackers all around the world to construct social engineering attacks. That’s right. It’s not as simple as turning on MFA anymore and hoping that you’re secure.

Why Do People Do It?

Where there is crime to be committed, there will be criminals. Motivations range from political to profitable. Cybercrime tends to pay for those that can get away with it. Luckily, there are agencies that exist that go after these cybercriminals and attempt to limit their exposure.

Unfortunately, there are state-sponsored groups with thousands of individuals that are proactively trying to exploit other governments, including ours. When it gets that large, it’s difficult to understand the true reasoning behind the attacks. It’s just modern warfare without putting troops on the ground. Any nation that can go after another’s infrastructure has the upper hand.

Large data aggregation is also more important than ever before. The more a government can understand about its or another nation’s people, the more leverage they have. With enough data, attacks can be constructed in the most ingenious ways, that may not even seem relevant to the masses. Corporate espionage is high on the list, but we’ll likely not fully understand the reasoning for such aggressive data aggregation until it’s too late. How about election interference? When a nation can place an individual that suits their agenda, seems like science fiction, but is unfortunately a frightening fact.

Even the final result is not financial, when hackers understand individual’s patterns, it opens them up for manipulation. When social media and search engines build profiles on you in order to better serve you ads, what happens when that data is leaked? Programs can be constructed that understand what kind of information you’ll most likely react to, which means that hackers can influence your behavior.

However, most of the time when you see phishing or ransomware attacks, the motivation is money, just like it is for a criminal robbing a bank. It’s just significantly easier to get away with it. How do they get paid? Cryptocurrency has entered the chat. For all the advantages that cryptocurrency promises, it also has one major flaw: it’s difficult to trace. Cybercriminals can now request payment through any of the available cryptocurrencies.

What Does Cybersecurity Look at Protecting?

The easiest way to look at cybersecurity is through the CIA Triad acronym:

  • Confidentiality — keeping information protected.
  • Integrity — ensuring that data is correct and complete.
  • Availability — ensuring timely access to data.

We’ll cover the CIA Triad more extensively in the next article.

Conclusion

Cybersecurity isn’t as simple as turning on 2FA (two-factor authentication) and calling it quits. It’s an evolving field that requires individuals and organizations to stay ever vigilant. It’s not even enough to protect one-self anymore. Providers are frequently targeted and individuals pay the price. Just look at how many opportunities there are when sending a message to someone over the internet.

  • The originator’s device can be infected with malware.
  • The receiver’s device could be infected with malware.
  • The router might have outdated firmware that might have been compromised.
  • The modem could also have been compromised.
  • What about the ISP? An attacker might infect the ISP and read the data.
  • And it goes on and on from there.

The only way to be fully secure is to have never used the internet.

CyberSecurity Series

Continue your learning with these articles

Dino Cajic's Cybersecurity Intro

It’s Time to Take Cybersecurity Seriously

Cybersecurity – P1: Intro

A person that needs to safeguard their Instagram account will define Cybersecurity much differently than an organization that deals with patient data, and even that organization will define it differently than a government that’s safeguarding its citizens.

Leave a Reply