Cybersecurity is a word you will be hearing more of. In essence, there has always been cybersecurity awareness, however it’s only now that it has become more prominent, as we truly are reaching into the new AI age, where we see that Internet usage is inevitable in the future, and we need to make it a secure & safe place for everyone. Just like in the real world, if we look back in time, the streets were not as safe as they appear to be today. The internet is exactly the same as so, another world, where crime is open for business and there is no policing it. That said, while there is no internet police, you can be more informed and have the necessary, knowledge & tools to secure your network operations.
I am starting my career in Cybersecurity, and I thought it would be a great place to write articles on subjects which my immediate friends & family tend to have issue with. I think its safe to say, these recommendations can apply to the general non-technical population.
We will be starting off by understanding ten cybersecurity threats are just some of the many risks that individuals and businesses face in today’s digital landscape. These types of threads are common, and they keep getting more sophisticated. By staying informed and taking proactive steps to protect our systems and data, individuals and businesses can help mitigate the risks and reduce the likelihood of a successful cyberattack.
Before you continue, it is important to know that in the world of Cybersecurity there is 1 rule. Trust no one. If someone is trying to “hack” you, most of the time, they will be successful because of your errors (user error). User error is the leading cause of IT problems.
Malware
Malware is a type of software designed to harm a computer system, network, or device. Malware can take many forms, including viruses, worms, Trojans, and ransomware. Malware can be distributed via email attachments, websites, and downloads, and can cause significant damage to the system it infects. To protect against malware, individuals and businesses should use reputable antivirus software, keep their software updated, and be cautious when opening email attachments or downloading files from untrusted sources.
Phishing
Phishing is a type of social engineering attack where the attacker tries to trick the victim into providing sensitive information, such as passwords or credit card numbers. Phishing attacks can take many forms, including emails, SMS messages, and phone calls. Attackers often create realistic-looking emails or websites to trick victims into entering their sensitive information. To protect against phishing, individuals and businesses should be wary of unsolicited messages, verify the sender’s identity, and avoid clicking on links in emails or texts. Always think twice before entering any of your information, be it your name, address, location. Phishing scams can be interconnected, meaning websites could be harvesting your data from multiple sites, creating a central repository about you, and planning to steal your identity.
Password attacks
Password attacks are attempts to gain unauthorized access to a system by guessing or cracking passwords. Common types of password attacks include brute force attacks, dictionary attacks, and phishing attacks. To protect against password attacks, individuals and businesses should use strong, unique passwords, enable two-factor authentication whenever possible, and avoid using the same password for multiple accounts. This brings back the issue of user-error, many people use the same password on multiple sites, or passwords with a common dictionary word followed by a few digits. Remember, there are many password managers which can help you store all your passwords if they are hard to remember. Take a look at my password security recommendations.
Social engineering
Social engineering is the use of psychological manipulation to trick people into giving up sensitive information or performing an action that benefits the attacker. Common types of social engineering attacks include pretexting, baiting, and quid pro quo. To protect against social engineering attacks, individuals and businesses should be cautious of unsolicited requests for information, verify requests through official channels, and train employees to recognize and report suspicious activity. Essentially, people will be using your habits against you, for example, a new lottery may be in town, they will try their luck in assuming you play the lottery and then target you with fake SMS texts pretending to be the lottery company indicating you have won.
Thats why, if you do not know how a company gets in touch with you, do not accept their calls or texts nor emails – unless its from a verified source. The best course of action to double check is to dial yourself the numbers or write an email from the contact information you get from their official website.
Insider threats
Insider threats are security risks that originate from within an organization, such as employees or contractors with access to sensitive information or systems. Insider threats can be caused by both negligent and malicious behavior. To protect against insider threats, organizations should implement access controls, monitor employee activity, and have clear policies and procedures for handling sensitive information.
Advanced persistent threats (APTs)
APTs are sophisticated, long-term cyber attacks that are designed to gain access to a target system or network over an extended period of time. APTs often use spear-phishing or watering hole attacks to gain initial access and then use stealthy tactics to maintain access and gather sensitive information. To protect against APTs, organizations should implement network segmentation, monitor for suspicious activity, and educate employees on best practices for cybersecurity.
IoT attacks
IoT attacks are attacks on internet-connected devices, such as smart home appliances or industrial control systems. I will be honest, most of IoT devices have no security measure what to ever. The app you use to control them may, but the device itself is an open device for experienced hackers. IoT attacks can take many forms, including botnets, firmware attacks, and man-in-the-middle attacks. For example, someone may not be able to hijack the Xiaomi App on your phone, but will be able to scann your network for a Xiaomi camera and able to hack into it & use it for malicious gains.
To protect against IoT attacks, individuals and businesses should keep their firmware updated, segment IoT devices from their main network, and use reputable vendors for their IoT devices.
Supply chain attacks
Supply chain attacks are attacks that target a company’s supply chain, such as their software or hardware suppliers. These attacks can be difficult to detect and can have far-reaching consequences. To protect against supply chain attacks, organizations should vet their suppliers, monitor for suspicious activity, and have contingency plans in place in case of a supply chain breach.
Essentially, make sure the company or person you are dealing with is knowledgeable enough to be providing you with IT assistance.
Unsecured networks
Unsecured networks, such as public Wi-Fi hotspots, can pose significant security risks. Attackers can use these networks to intercept sensitive information or gain unauthorized access to a device. As a matter of fact, all Public Wifi you connect to, you are obliged to accept a clause which tells you are unprotected & to avoid sending sensitive data across.
To protect against unsecured networks, individuals and businesses should use virtual private networks (VPNs), avoid using public Wi-Fi whenever possible, and use secure browsing practices such as HTTPS and SSL.
DDoS attacks
DDoS (Distributed Denial of Service) attacks are attacks that flood a network or website with traffic in order to overwhelm it and cause it to shut down. DDoS attacks can be launched using botnets or other means, and can be difficult to defend against. These attacks require multiple devices to carry out coordinated attacks. If we look back into IoT, nowadays, hackers have a plethora of devices where they can upload a small bot to perform a certain way & you will have no clue of being part of this attack. Similarly, viruses, malwars, etc can be downloaded into your computers, and or network devices to be used in the attack.
There is no preventing an attack, you can only protect against one. Regular folks will not be able to do much against a DDoS attack but to disconnect their internet, organizations, on the other hand, should implement anti-DDoS services like firewalls, have redundant servers, and implement traffic shaping and rate-limiting policies.
Keeping safe from the threats
The first step in protecting yourself is being aware of the problem. The second step is taking ownership & managing your online presence with security. While you may think, “i just browse tiktok” your phone if vulnerable is a sitting time bomb waiting to explode against you or be used in a targeted event elsewhere. The best course of action is to trust no application/person, and ensure you have up-to-date systems, secure passwords & surf through secure means like VPN when on public networks. If you enjoyed this article on cybersecurity, I would suggest you to have a look at our cybersecurity section.
