This document provides an overview of cyber security. It discusses the history and scale of cyber threats, principles of cyber security including confidentiality, integrity and availability. It describes different types of cyber security such as network security, application security and information security. It also outlines common cyber threats like cybercrime, cyberattacks and cyberterrorism. Additionally, it examines malicious actors, types of malware, hackers and cyber security strategies. The document emphasizes the importance of cyber security and provides tips for protecting against cyberattacks.
2. CONTENTS
INTRODUCTION ABOUT CYBER
SECURITY
History of Cyber Security
The Scale of the Cyber Threat
principles of Cyber Security
Types of Cyber Security
Types of cyber threats
malicious actors
Different Types of Malware
Different Types of Hacker
Cyber Security Strategy
ADVANTAGES OF CYBER
SECURITY
DIS ADVANTAGES OF CYBER
CRIMES
How to protect
Conclusion
3. What is Cybersecurity?
defending computers, servers, mobile
devices, electronic systems, networks, and
data from malicious attacks
known as information technology security
or electronic information security
applies in a variety of contexts, from
business to mobile computing
Example- Encryption, Authentication,
Authorization, Network Security etc.
4. History of Cyber Security
1960s: Password protection
1970s: From CREEPER to Reaper
1980s: The internet goes mad
1990s: The rise of firewalls
2000s: Proper punishment
2010s: The era of major breaches
5. The Scale of the Cyber Threat
Illegal online markets $860 Billion
Trade Secret, IP Theft $500 Billion
Data trading $160 Billion
Crime-ware $1 Billion
Ransomware 1Billion
Sales
Illegal online market Trade Secret Data Trading Crime-ware Ransomware
6. What are the principles of Cyber Security?
Confidentiality
Integrity
Availability
7. What is Confidentiality?
Ensure that the information to be secured is only accessible to
authorized users
Prevents the disclosure of information to unauthorized parties
Access can be restricted to users with the right username-password
combination
Most systems also implement confidentiality through data encryption
Decryption of the data requires an individual or system to attempt
access using the requisite key
8. What is Integrity?
Ensure information remains accurate
Consistent and not subject to unauthorized
modification
Communication should not intercepted and
modified by an intruder when it is still in
transit.
9. What is availability
Efforts to secure information in cyberspace should not
hinder its access by an authorized party
Has to provide for redundancy access in case of any
outage
CRM system can implement proxy servers and firewalls as
a security measure against Denial of Service (DoS) attacks
Create system unavailability if successful.
10. Types of Cybersecurity
Network Security
Application Security
Information security
Operational security
Disaster recovery and business
continuity
End-user education
11. What is Network Security?
Aims to protect the usability, integrity, and safety of a
network, associated components, and data shared over
the network
When a network is secured, potential threats gets blocked
from entering or spreading on that network
Examples of Network Security includes Antivirus and
Antispyware programs
Firewall that block unauthorized access to a network
VPNs (Virtual Private Networks) used for secure remote access
12. What is Application Security
Aims to protect software applications from
vulnerabilities .
Encompasses the security considerations .
Involves systems and approaches to protect apps.
increasing vulnerabilities to security threats and
breaches .
Example of Application Security regular testing.
13. What is Information security
Information needs to be protected
Intended to keep data secure
A specific discipline
Example- Passwords, network and host-
based firewalls
14. What is Operational security?
known as procedural security
risk management process
encourages managers to view operations
protect sensitive information from falling into the wrong hands.
FIVE STEPS OF OPERATIONAL SECURITY
Identify your sensitive data
Identify possible threats
Analyze security holes and other vulnerabilities
Appraise the level of risk associated with each vulnerability
Get countermeasures in place
15. What is Disaster recovery and business continuity?
Closely related practices that support an organization's ability
to remain operational after an adverse event.
Minimizing the effects of outages and disruptions on business
operations
Reduce the risk of data loss and reputational harm
Improve operations while decreasing the chance of emergencies
16. What is End-user education?
cybersecurity initiatives
first line of defense against cybersecurity attacks
Implement a cybersecurity policy and procedure document
Build your cybersecurity strategy
Have cybersecurity tools in place to help prevent the potential for
compromise
17. Types of cyber threats
Cybercrime
Cyber-attack
Cyberterrorism
18. What is Cybercrime?
a crime that involves a computer and a network
buy and sell malware online (generally on the dark web)
cybercriminals range from individuals to criminal organizations to state-
sponsored actors.
Top 5 Popular Cybercrimes
• Phishing
• Identity Theft
• Online Harassment
• Cyberstalking
• Invasion of privacy
19. What is cyber Attacks?
type of offensive action that targets computer information systems
using various methods to steal, alter or destroy data or information
systems.
Example- DDoS attacks, MitM attacks, Password attack, etc.
20. How do malicious actors gain control of
computer systems?
Malware
Hacker
SQL injection
Phishing
Man-in-the-middle attack
Denial-of-service attack
Dridex malware
Emotet malware
End-user protection
21. Different Types of Malware
Virus
Trojans
Spyware
Ransomware
Adware
Botnets
22. What is Computer Virus?
Characteristics
The virus can infect many
records of infected computer
Can be Polymorphic
They may be resident in
memory or not
Can be furtive
The virus can bring other
viruses
How To Protect
Run anti-virus software
Replace the files
Restart from a healthy
disk
Run a diagnostic utility
and disk repair
Reformat your hard disk
23. What is Trojans?
Characteristics
Trojan is similar to remote control
it doesn’t have concealment
Trojan has strong fraudulence
Trojan can open terminal automatically
Trojan has the ability of self-repair
How To Protect
use anti-virus software or anti-spyware
software
Use a firewall
must observe caution when opening
email attachments
Update security patches for operating
system
24. What is Spyware?
Characteristics
Usually it aims to track and sell your
internet usage data
Tracking cookies
System monitors
monitors internet activity
gathers personal information and relays
it to advertisers
How To Protect
Make a spyware protection company
policy
Use more than one anti-spyware
application
Aim for a centrally-managed anti-
spyware solution
Use a layered-defense
Lock down your systems
25. What is Ransomware?
Characteristics
effectively holds a user's
computer hostage until a
"ransom" fee is paid
Most ransomware
attacks are the result of
clicking on an infected
email attachment
How To Protect
entering Windows' Safe
Mode and running an on-
demand virus scanner
such as Malwarebytes
lock-screen viruses
typically do
26. What is Adware?
Characteristics
unwanted software designed to
throw advertisements up on
your screen
most often within a web
browser.
uses an underhanded method
to either disguise itself as
legitimate
How To Protect
Back up your files
Download or update necessary
tools
Uninstall unnecessary programs
Run a scan with an adware and
PUPs removal program
27. What is Botnets?
Characteristics
A number of Internet-connected devices, each
of which is running one or more bots
Used to perform distributed denial-of-service
attack (DDoS attack)
Steal data, send spam, and allows the attacker
to access the device and its connection.
How To Protect
Install a Windows Firewall
Disable Auto Run
Provide Least Privilege
Install Host-Based Intrusion
Prevention
Enhance Monitoring
28. What is SQL injection?
Characteristics
SQL injection is a code injection
technique that might destroy
your database
SQL injection is one of the most
common web hacking
techniques
SQL injection is the placement
of malicious code in SQL
statements, via web page input.
How To Protect
Trust no one
Don't use dynamic SQL – don't
construct queries with user
input
Update and patch
Firewall
Reduce your attack surface
Keep your secrets secret
29. What is SQL Phishing?
Characteristics
uses malicious SQL code for backend
database manipulation to access
information that was not intended to be
displayed
including sensitive company data, user
lists or private customer details.
A successful attack may result in the
unauthorized viewing of user lists
Example, the above-mentioned input
How To Protect
Trust no one
Don't use dynamic SQL – don't
construct queries with user input
Update and patch
Firewall
Reduce your attack surface
Keep your secrets secret
30. What is SQL Man-in-the-middle attack?
Characteristics
a hacker inserts itself
between the
communications of a
client and a server
Example- Session
hijacking
How To Protect
Strong WEP/WAP Encryption
on Access Points
Strong Router Login
Credentials
Virtual Private Network
Force HTTPS
Public Key Pair Based
Authentication
31. What is Denial-of-service attack?
Characteristics
overwhelms a system’s resources so that
it cannot respond to service requests
launched from a large number of other
host machines
malicious software controlled by the
attacker.
Example- session hijacking
How To Protect
Buy more bandwidth
Build redundancy into your infrastructure
Configure your network hardware
against DDoS attacks
Deploy anti-DDoS hardware and software
modules
Deploy a DDoS protection appliance
Protect your DNS servers
32. Different Types of Hacker
White Hat Hacker
Gray hat Hacker
Black Hat Hacker
33. What is White Hat Hacker ?
Roles and Responsibilities
Scanning ports to identify
flaws
Examine patch installations
Social engineering methods
Dodge honeypots, IDS, or
other systems
Sniffing
34. What is Gray hat Hacker?
Roles and Responsibilities
Gray hats fall into the middle
ground
Gray hats sell or disclose their
zero-day vulnerabilities not to
criminals
Gray hats can be individual
hackers or researchers
35. What is Black hat Hacker?
Roles and Responsibilities
breaking into computer
networks and bypassing security
protocols
responsible for writing malware
motivation is usually for
personal or financial gain
experienced hackers that aim to
steal data
36. Cyber Security Strategy – Bangladesh
Security Policy, Legal Framework
– ICT Act, 2006. – Digital Security Act 2016(Amendment) Bill, 2016
– Data Protection & Computer crimes
Capacity building
– Skill & Competence development
Research and Development
– Cyber Monitoring
– Network Security
37. ADVANTAGES OF CYBER SECURITY
PROTECTS THE COMPUTERS AGAINST VIRUS,WORMS AND
MALWARE.
PROTECTS AGAINST THE DATA FROM THEFT
INCREASE IN CYBER DEFENSE
INCREASES THE SECURITY
WE CAN BROWSE THE SAFE WEBSITE
INCREASE IN CYBER SPEED
PROTECTS NETWORKS AND RESOURCES
38. DIS ADVANTAGES OF CYBER CRIMES
MAKES THE SYSTEM SLOWER THAN BEFORE.
FIREWALLS WOULD BE DIFFICULT TO CONFIGURE CORRECTLY.
HUGE AMOUNT OF LOSS IN MONEY FOR THE BANKS,COMPANIES
ETC
HUGE AMOUNT OF DATA LOSS OCCURS IN THE DATABASE
39. How to protect yourself against cyberattacks
Update your software and operating system
Use anti-virus software
Use strong passwords
Do not open email attachments from unknown senders
Do not click on links in emails from unknown senders or
unfamiliar websites
Avoid using unsecure Wi-Fi networks in public places
40. Conclusion
The only system which is truly secure is one which is
switched off and unplugged.
So , only way to be safe is Pay attention and Act smart.