Cyber Security refers to an array of systems and strategies that secure companies network, information, and applications from potential cyber attacks. It also involves preventing, detecting, and responding appropriately to such attacks. Cyber security is often defined as an application and procedure designed to restrict or inhibit an unauthorized party from compromising or abuse the resources of a network. It is a part of information assurance and includes various mechanisms for blocking the access to and distributing information. In the electronic realm such measures are applied to prevent or deter hackers and other persons with malicious intent from intruding on networks and exposing company secrets or damaging confidential information.
There are two major purposes of cyber security: protecting end-users from malware that might harm their computers; and protecting critical data from being compromised by hackers or malicious external elements. End-users are usually not targeted when using online software or file sharing. Rather, they are protected by the end-user’s anti-virus, firewalls, and related technologies. The same technology prevents an employee from exploiting a computer system through malware or a cyber threat. However, a critical data storage system (SCS) may be targeted by attackers if the data resides on-site and is not protected by an off-site SCS. In this case an off-site system would not be considered a cyber threat because the threat is not to the user’s computer but to the confidentiality of the data and the organization’s data storage system.
One method of mitigating cyber security risk is through identification of the right network interfaces, patches, and firewalls. It is also important to review the latest software and hardware releases. Often new features are added to computer systems which increase the attack surface of potential malware and security threats. In addition, organizations should implement policies and procedures for updating and maintaining their on-site networks.
Another way to reduce the impact of a cyber threat is to remove or limit the access of unauthorized sites and software to prevent infiltration of harmful programs. Policies should also be put into place for blocking email attachments that could carry malicious code. Malicious code can be hidden within an email attachment and delivered to the recipient with the unsuspecting user clicking the “forward” button in an email. Only opening emails from trusted sources or removing attachments in emails can minimize the risks of a cyber security threat.
Some attacks do not require direct interaction with the user. These can include application vulnerabilities, where a hacker can remotely control the operating system, files, and other functionality of a system. In some cases, attackers can use a so-called “zero day” vulnerability to bypass typical security controls such as antivirus software and firewall systems and gain remote access to a host system. The zero day allows an attacker complete control of a system. To protect against these attacks, information security measures should involve blocking applications that are known to be vulnerable to attacks, and installing additional firewalls to protect against remote access.
When it comes to protecting oneself from the cyber threats, one has to take preventive measures as well as take action once a cyber threat has already taken place. People should consider changing their passwords regularly to one they are sure and certain that they won’t share to others. When changing a password, make sure it is a complex one that includes uppercase and lowercase letters, numbers, special characters, and at least one special character. If possible, change it by using different passwords. Creating a new password for different accounts might seem like an inconvenience, but this will help reduce the possibility of forgetting it during the course of the day and allow people to recover their lost data in the case of a severe computer attack. Most importantly, be very careful with online banking and other personal information transactions, especially when dealing with large amounts of cash.