Cybersecurity

“It takes 20 years to build a reputation and few minutes of cyber-incident to ruin it.” 
― Stephane Nappo

Cybersecurity, a word that has gained a lot of significance in the last two decades. With the growing perimeter of digital information, there is a greater need for security professionals in many domains. From IT companies to hospitals, the demand for security has been on a high as a lot of information is requiring confidentiality, integrity and availability. Cybersecurity is like an ocean with multiple disciplines. These areas include cyber threat intelligence, security architecture, security operations, risk assessment, framework and governance. Each specialty has a pivotal role to play in cybersecurity.

While you can’t put a physical padlock on a desktop computer and expect information to be secure, the field of cybersecurity fills in the expectation. In other words, if your data is stored physically or digitally, you need to be sure you have all the right physical access controls in place to prevent unauthorized individuals from gaining access. This section covers various cybercrimes, knowledge base, certifications and the latest news in the cybersecurity world.

Can security be 100%?

In the recent past since the COVID-19 pandemic, there has been huge dependency on the Work From Home environment. As per the statistics in this year 2020, a lot of users have been exposed to phishing fraud, identity theft and unreported records of usernames and passwords being stolen.

NBC news reported to have discovered more than 500,000 Zoom credentials have been stolen and sold on the dark web. This has stirred a lot of concerns with individuals who aren’t computer savvy or find it difficult to point the difference between a fake email and a genuine one.

An individual or an entity can do everything in the power to safeguard information but security can never be 100%.

“Computer security can simply be protecting your equipment and files from disgruntled employees, spies, and anything that goes bump in the night, but there is much more. Computer security helps ensure that your computers, networks, and peripherals work as expected all the time, and that your data is safe in the event of hard disk crash or a power failure resulting from an electrical storm. Computer security also makes sure no damage is done to your data and that no one is able to read it unless you want them to” ― Bruce Schneier.

“There are risks and costs to a program of action — but they are far less than the long range cost of comfortable inaction.” – John F. Kennedy

“What we should actually be doing is thinking about what are our key controls that will mitigate the risks. How do we have those funneled and controlled through the team that we have, how do we work through that in a well formatted, formulated process and pay attention to those controls we have chosen? Not a continual, add more, add more, add more.”  — Dr. Chris Pierson, CEO, Binary Sun Cyber Risk Advisors, at SecureWorld Charlotte

How can I stay safe?

Password

“Passwords are like underwear: make them personal, make them exotic, and change them on a regular basis.”  — overheard at SecureWorld Atlanta

Passwords have become very common in use ranging from an regular email password to banking transactions. Some of the important things to remember while creating a new password are as follows:

  • Do not use common passwords like animal name, your pet name or personal name.
  • Do not reuse the same password.
  • Use 2 factor authentication wherever available.
  • Ensure that the password is long preferrably 10-16 characters mixing up letters, symbols and numbers.
  • These are some important pointers to remember

Browsing

Browsing has been one of the biggest platforms to derive information about an individual. Every website is loaded with trackers that can derive the most basic information which is the browser that is being used to the operating system of the machine.

The data derived through cookies helps companies like Google and Facebook to provide efficient services based on preferences at the cost of privacy.

I started my browsing experience with Internet Explorer as it was the only go to option but after the use of browser/search Engine called Duckduckgo I could see the amount of trackers emded in every website that I visited. DuckDuckgo helps in anonymous browsing not only limited to the PC/MAC but also on portable devices.

The highlight is it enables to delete the entire cookies and browsing data every time you exit the app which makes it difficult for trackers to obtain more information.

Digital Hygience

In April 2020, I was reading through one of the interesting articles published by Forbes which highlighted the need to understand and implement digital hygiene. Like this year has taught us to wash hands for 20 seconds to keep infections away, there are some basic things that can be followed to ensure we stay off cyberattacks.

Not connecting to an open Wi-Fi is one of the most important factor, sharing your handheld devices to a random person

Do not click on any links that you haven’t seen before. Before opening an email check the email address which was used to send it

Never ever ever update/provide any sort of banking related information on any email or a telephone call.

We can take certain precautions which will help us to a great extent but without them, you are at utmost risk of either losing valuables or becoming a victim of a cyberattack.

Knowledge base, tools & certifications

Cybersecurity is a field of study that requires a combination of various facets. Theoretical knowledge, practical experience or hands-on, report writing and finally certifications. I have added a knowledge base section as I believe it is quintessential to understand the various domains within cybersecurity as the functioning of these domains are interlinked. The tools that has been covered here are basic tools based off Linux and some complex software like Intrusion Detection System or IDS, Intrusion Prevention System or IPS.

Knowledge Base

  • Security Operations
  • Security architecture
  • Risk Management
  • Frameworks & Standards
  • Governance
  • Threat intelligence
  • Forensics

Tools

  • Network monitoring
  • Penetration testing
  • Kali Linux tools
  • Email security
  • Application security
  • Password audit
  • Packet sniffers
  • Network security
  • Cryptography
  • Forensics

Certifications

  • ISACA
  • CompTIA
  • SANS
  • EC-Council
  • GIAC
  • EnCE

Cybersecurity news

Check out the latest news section for the latest happenings around cybersecurity

For more Interesting articles and research, check this space

Some of my favourite cybersecurity podcasts

SN 807: Dependency Confusion – SHAREit's Security Update, Solorigate, Brave's "Private Window With Tor" Security Now (Audio)

  1. SN 807: Dependency Confusion – SHAREit's Security Update, Solorigate, Brave's "Private Window With Tor"
  2. SN 806: C.O.M.B. – Florida Water Supply Hack Update, Major Patch Tuesday, Android SHAREit Vulnerability
  3. SN 805: SCADA Scandal – Defender Thinks Chrome is Malware, Plex Media Servers in DDoS Attacks

Risky Biz Soap Box: ExtraHop CTO and co-founder Jesse Rothstein Risky Business

  1. Risky Biz Soap Box: ExtraHop CTO and co-founder Jesse Rothstein
  2. Risky Business #615 — Dependency confusion is, uh, pretty bad
  3. Risky Biz Feature Podcast: A primer on Microsoft cloud security
  4. Risky Business #614 — So was it Florida Man or an Iranian APT?
  1. Defensive Security Podcast Episode 253
  2. Defensive Security Podcast Episode 252
  3. Defensive Security Podcast Episode 251
  4. Defensive Security Podcast Episode 250
%d bloggers like this: