Cyber security has become one of the most attractive industry as a career choice in the recent past. This magnifies even further with the severe shortage of trained professionals in the Industry. About 50% of currently posted cyber security opening remain vacant. The cyber security industry is growing by 12.1% CAGR globally with a current market size of USD 112.01 Billion .
“Protection of internet connected systems, including hardware, software and data from unauthorized access”. The unauthorized access may compromise one or more of the following.
Integrity of data or information stored
Availability of service e.g. where you can’t access a website etc.
The First Ever Cyber Attack: Creeper
IT was written by Robert Thomas without a malicious intent. The virus was designed for an experiment on the Tenex operating system. The virus was intend to replicate itself and display “ Catch me if you can”, instead the virus would remove itself from the machine and travel to the next tenex system.
Cyber Threat Statistics
Cybercrime damage to hit $6 Trillion by 2021
Average cost of data breach: $3.86 million
48% of the business in U.K identified atleast one cyber attack monthly
74% of the breaches in Q1 2019 are due to passwords being exposed in public
56% of the cyber breaches took one month to discover
Basic Security Framework
Types of Security Attacks
Types of hackers
Cyber security as opposed to popular belief is more than hacking, its encompasses the following three aspects:
People: This is as simple as using a strong password with numeric, special characters and not related to the user name. How many times do people keep password as : Password@1234 or rajnish@121. This is where the maximum mistakes happen, hence awareness and best practices used by people is of critical importance for a strong cyber security preparedness.
Process: According to a report 43% of the cyber breaches happened with small business. The data is not surprising, since these small business will lack process in three fronts largely Monitoring, Respond, Mitigate. A simple process flaw could be as simple as deactivation of company email id’s after the employee has exited, a two days delay could damage big data losses for the company.
Technology: Given that people and process is in place, technology can aid in levelling up the cyber defense for an organisation. Some of the technology includes Firewalls, DNS Filtering, malware protection, antivirus software and email security
Types of Cyber Attack
Malware is a term used to describe malicious software, including spyware, ransomware, viruses, and worms.
Malware breaches a network through a vulnerability, typically when a user clicks a dangerous link or email attachment that then installs risky software
Once inside the system, malware can do the following:
Access to key components of the network (ransom ware)
Installs malware or additional harmful software covertly obtains information by transmitting data from the hard drive (spyware)
Disrupts certain components and renders the system inoperable
Practice of sending fraudulent communications that appear to come from a reputable source, usually through email. The goal is to steal sensitive data like credit card and login information or to install malware on the victim’s machine. Phishing is an increasingly common cyberthreat.
Man in the Middle
Also known as eavesdropping attacks, occur when attackers insert themselves into a two- party transaction. Once the attackers interrupt the traffic, they can filter and steal data.
A denial-of-service attack floods systems, servers, or networks with traffic to exhaust resources and bandwidth. As a result, the system is unable to fulfill legitimate requests. Attackers can also use multiple compromised devices to launch this attack. This is known as a distributed-denial-of-service (DDoS) attack
Zero Day Exploit
A zero-day exploit hits after a network vulnerability is announced but before a patch or solution is implemented. Attackers target the disclosed vulnerability during this window of time. Zero-day vulnerability threat detection requires constant awareness.
Types of Hackers
Cyber Security Process
To put it in a simple analogy, consider the Covid situation. You need a overall policy first on handling a crisis and a response strategy in the event of a health crisis- which is done by cyber security managers and architects. While in the ground there is a team which continuously monitors travellers coming from various countries and making sure they can pick up any imminent infected people. Next step is in assessing the situation scale on continuous basis, analysing the data of infected people and identifying the root cause of the virus infection. The next step is to mitigate on finding solutions to contain the virus using either by developing medication or consider in our case a lock down. Once the entire situation comes under control you continuously audit the entire process to find inefficiency or loopholes.
Roles and Functions in Cyber Security
Designations and Career Path in Cyber Security:
Based on which function you choose to pursue in cyber security, following is a brief picture of various designation available. However, it also designations might overlap depending on the size of the organisation.
Cyber security specialist
Cyber security Analyst
Cyber Security Manager
Cyber Security Engineer| Architect
Pay by Experience level for a Cyber Security Analyst