We live in an era in which computers are no longer the only devices connected to the Internet; smartphones, IoT (Internet of things) devices etc are another series of devices connected to the network, which multiplies the risks of being victims of cyber criminals.
What is Cyber security?
Cyber security deals with an area in computer science and telematics that focuses on the protection of the computer infrastructure and everything related to it, including data contained in the system and data circulating through computer networks. For this, there are a series of standards, protocols, methods, rules, tools and laws designed to minimize possible risks to infrastructure and information.
Threats to computer security
Talking about threats to computer security, we are not just looking at threats that arise from the programming and operation of a storage; non-computing circumstances on the system or device must also be taken into account. Many are often unpredictable or unavoidable, so the only possible protections are redundancies and decentralization, for example through certain network structures in the case of communications or clustered servers for availability.
Threats can be caused by:
UsersUsers are one of the biggest problems linked to the security of a computer system. In some cases their actions cause security problems, although in most cases it is because they allow numerous permissions, they have not been restricted by unnecessary actions, etc.
Malicious programsThis refers to programs designed to harm or make illicit use of system resources. It is installed on the computer, thereby opening the door to intruders or modifying the system data. These programs can be in form of computer viruses, worms, Trojans, logic bombs, spywares, generally known as malware.
Programming errorsMost programming errors can be considered a computer threat; this is because, they can be used as exploits by hackers, although there are cases where poor development is, in itself, a threat. Updating patches of operating systems and applications allows to avoid these types of threats.
IntrudersPeople who get access to data or programs to which they are not authorized (hackers, defacers, script kiddies, etc).
Internal technical staffThis include the likes of stem technicians, database administrators, development technicians, etc. The reasons they are among the habitual threats are: internal disputes, labor problems, dismissals, lucrative aims, espionage , etc.
Trends in Cyber security
Until recently, attacks on computers captured all the attention of cyber security. Today, the existence of mobile devices, the Internet of Things (IoT), the cloud, etc, has caused cyber criminals to expand their horizon, making these devices their main targets, alongside personal computers.
When smartphones took the center stage in the world of science and technology, it was assured that these devices, unlike others, were completely safe and free of computer viruses, therefore, they were not subject to attacks. But presently, as a result of the increased use of both smartphones and tablets, cyber criminals have developed ways to penetrate their defences, making the initial security assurance seem like a myth. Cyber attacks on mobile phones are very possible, and they are increasing day by day. These can be caused by mobile malwares , breaches in the security of companies or by using public Wi-Fi networks that do not have passwords.
Experts manage to detect over 150,000 vulnerable networks daily and sometimes peaks of 400,000 networks are reached. In recent years, analysis show that attacks on mobile devices have been climbing rapidly compared to what it used to be in the past. This shows that we need to take basic security measures in our equipment and devices that are connected in the network, to ensure that our data is not exposed.
Here are some recommendations in order to avoid cyber attacks on your mobile:
- Protect the device by means of an access code associated with the blocking screen.
- Use the native encryption capabilities of the mobile device.
- Ensure that operating systems and all applications are always updated.
- Do not connect the mobile device to unknown USB ports.
- Disable all wireless communications of the mobile device that are not being used or that are not used permanently.
- Do not connect the mobile device to open public Wi-Fi networks.
- Do not install apps that come from unknown or unofficial sources.
- Do not grant unnecessary or excessive permissions to your apps.
- Whenever possible, the HTTPS protocol should be used.
- Perform regular backups.
By performing these actions, the chances of your device being affected by cyber criminals will be greatly reduced.
Internet of things (IoT)
Under the premise of its definition, referred to as the digital interconnection of everyday objects on the Internet , nothing on the network is 100% safe. We must be aware that cyber criminals will focus their efforts on all types of devices that are connected, such as printers. In addition, we must bear in mind that most manufacturers do not take into account the safety of the device before launching it on the market.
Therefore, it will be very important to be up-to-date, and to make use of the updates that the manufacturers send to ensure their devices are not exposed or give room for security breaches.
All efforts to position your website strategically online, increase search ranking, gain relevance and prestige will go up in smoke if your website is attacked by cyber criminals.
We devote a large number of resources to attract visitors to our various sites, interest them, keep them updated etc, but most people fail to realise the importance of investing in cyber security.
Your main objective should be to guarantee the integrity of your website and its availability. Therefore, different protection, analysis and security tools to achieve such goals should be looked at. Such include:
- Detection and analysis of changes in the file system: real-time monitoring of file system.
- Web application Firewall: interception of html transactions between web servers and php engines.
- SQL transaction monitor
- SSL secure browsing: encryption of data exchange
Industrial or business devices or computers are the most vulnerable to cyber attacks and those that are targeted by hackers or cyber criminals. This is due to the fact that they contain the most privileged or confidential information.
For this reason, enterprises and institutions must implement threat prevention solutions to prevent the theft of confidential information and data. In order to avoid an increase in security breaches, it is advised that new cyber security technologies be invested in, to offer protection throughout the life cycle of the threat.
Numerous companies and institutions use the cloud to manage data or share documents. It is true that this system is convenient and easy, since it allows several people to work simultaneously on the same document and can instantly see the changes. With the use of these systems, what we are doing unconsciously is facilitating the work of cyber criminals, because we are opening doors for them to have access to the system and make it fall. In case the system is interrupted or one of the main suppliers of the cloud falls, this could affect all our clients and their data.
Experts in cyber security recommend that when it comes to documents or confidential data, it is better not to use the cloud, but programs with much higher and controlled cyber security.
Improving the critical structures of cyber attacks
When we speak of critical structures, we refer to all the systems and networks that were built before the malware was a real danger, therefore, it does not contemplate the basic principles of cyber security. It is very important to detect these systems and networks in order to adapt them to current cyber security structures.
We must be aware that most cyber attacks have a close relationship with the so-called social engineering, whose purpose is deception to reveal passwords, personal data, credentials, or the mere sending of images or data to practice extortion. With this data, cyber criminals could access all types of business data, corporate networks, personal data, etc. Therefore, solutions must be directed as the most important element in awareness raising, making use of good practices that avoid unnecessary risks.
With the growing proliferation of information and communication technologies and the greatest opportunity for exchange without borders and in real time, cyber security is a complex transnational problem that requires global cooperation to ensure a secure Internet.
Undoubtedly, we will continue to get reports about stolen data from individuals, large companies, mobile phones from which compromising photos have been obtained, malicious software, etc. Cyber criminals are, and will continue to focus their attention on the most used devices, such as mobile phones, the IoT, the cloud, etc.
Therefore, we must channel a great deal of investment to cyber security and above all, focus on proper awareness. This is the weakest link in the chain and if people do not know that attacks can be made on their devices, they tend to be lackadaisical about security, thereby creating more room for cyber criminals to operate.