In today’s world where all information is digitized, we must always be aware of the challenge of how to protect information. Cyber security is one of the threats to maintaining the reliability of the information. We will explain what cyber security is in the first place while checking the differences between information security and specific examples of cyber attacks, the latest trends in cyber security measures, and specific measures in an easy-to-understand manner.
What is cyber security?
Cyber security is a means of preventing the falsification and leakage of digitized information.
The information must always be reliable. However, digitized information is easy to carry, and in the present age when ICT has become widespread, it is possible to access information from remote locations. Digital information is convenient, but the accuracy and reliability of information are constantly under threat. Cybersecurity is responsible for addressing the causes of this threat.
Information security and cyber security differences
Security needs to be roughly divided into two. Cyber security & Information security.
The relationship between the two can be easily understood by imagining the concept of cyber security in the big group of information security.
Let’s see the difference between information security and cyber security.
Information security concept
Information is improved in accuracy and reliability by maintaining the three elements of “confidentiality”, “integrity”, and “availability”. These three elements are called “CIA”. In information security, we will consider how to handle information in order to protect this “CIA” state.
For example, information security is a measure of how to handle the information to prevent information leakage and data corruption, and how to keep information available at all times. In addition, “CIA” is explained in detail in “Information security 3 elements and 7 elements, from the definition of CIA to 4 new elements”, so please refer to it.
Cyber security concept
Cyber security is the idea of dealing with the “threatening causes” of the “CIA,” which is the three elements of information security.
This includes security against analog threats, including human errors such as information being taken out from the inside, as well as threats executed from the outside over the network. In recent years, “Zero Trust Security” has been attracting attention because of the awareness that we must be vigilant about access to information without distinguishing between inside and outside the company.
So what is the cause of threatening the “CIA”, which are the three elements of information security?
The following are typical threats that are familiar to us.
- Computer virus
- Unauthorized access from the outside
- Unauthorized access from inside
- Software vulnerabilities
- Network security vulnerabilities
- ID/password leak
- Taking out information by employees, etc.
For each of these cybersecurity threats, it is necessary to consider countermeasures from the three perspectives of the “CIA.”
Specific examples of cyber attacks
Cyber Attacks
New methods are being created every day for cyberattacks that cyber security should prevent. The act of destroying the internal system mainly via the network and the act of falsifying data are performed by various methods.
Specifically, there are the following cyber attacks.
Guidance to fake sites
Phishing: A method of stealing information by directing you to a fake site and having you enter your credit card or account information.
Business email fraud: A method of stealing confidential information and money by pretending to be a business email from a customer of a business partner or the owner of the company.
Unauthorized access
Brute force attack: A method of trying all combinations of ID/password.
Password spray attack: A method of trying to log in to multiple accounts with the same password at the same time. (This is a type of brute force attack, but it is a more difficult attack method to detect.)
Attack on vulnerabilities
SQL injection attack: A method of falsifying data or stealing information by executing malicious SQL.
Buffer overflow attack: A method of sending malicious data that exceeds the processing capacity of the target computer and causes the computer to malfunction.
Ransom demand-type
Ransomware: A method of arbitrarily encrypting and restricting data in a computer to make it inoperable and requesting a ransom to lift the restriction. A type of malware.
Eavesdropping: Man-in-the-middle attack: A method of illegally intercepting two-way communication via wireless LAN or a vulnerable application.
The latest trends in cyber security
As new threats are created every day, we should be aware of the latest cybersecurity trends. You can check the damage and methods of cyber attacks in IT-related news. In particular, information from IPA (Information-technology Promotion Agency) and NISC (Cabinet Cyber Security Center) under the jurisdiction of the Ministry of Economy, Trade, and Industry will be able to collect highly reliable information.
For example, on the top page of NISC, “Cyber attacks by ransomware [Caution]” dated November 26, 2020, and “Multiple vulnerabilities affecting many devices” dated June 24, 2020. “recommendation information about copulating ” Ripple 20 “etc. are posted. In addition, reports from working groups on security are also posted, which is useful for checking the latest trends in cyber security.
Specific measures for cyber security
Specific measures for cyber security include technical measures that are supported by software, human measures that thoroughly enforce rules such as data handling for employees, and physical measures that record access to information storage locations. There are various measures.
In other words, cyber security needs to be divided into three categories: “technical,” “human,” and “physical.”
Technical measures
As a technical measure, IT technology protects the devices and applications you are using from threats.
Specifically, the following Technical measures
- Unify the hardware and software used for business to avoid complicated management
- Install security software on all devices (PCs, smartphones, etc.)
- update the latest version
- Thoroughly manage access rights to systems and data
- Manage system access logs
- Introduce IDS (Intrusion Detection System)
- Introduce IPS (Intrusion Prevention System)
Human measures
Human measures mean that everyone who uses or creates IT / ICT is aware of cyber security.
Specifically, the following measures
- Restricting the bringing in and taking out of information
- Do not bring your own device
- Educate employees about cyber attacks
- Rule out change operations such as important data and systems
- Share the rules for dealing with cyberattacks
Physical measures
Physical measures ensure thorough control of device theft, vandalism, and physical access to where information is stored.
Specifically, the following measures
- Thorough office entry/exit management
- Thorough office lock management
- Install surveillance cameras and security cameras
- Thorough fall prevention and earthquake resistance
Visit: Best SSD Solid State Drive for gaming (Laptop-Mac-ps5-ps4)
Summary
Cyber security is to deal with the causes that threaten the three elements of information security, including the CIA. There are various methods of attacks that pose a threat, and it is necessary to take measures into consideration of the latest trends. Since the methods of cyber attacks are evolving day by day, it is difficult to always take comprehensive measures. However, just checking basic cyber security has a security effect. If it is difficult or uneasy to deal with cyber security by yourself, you can use the security check service provided by the ICT company or information security that is generally required for system construction support companies with knowledge. One option is to incorporate the perspective of a third party, such as requesting settings that include countermeasures.