This post provides some information on the concept of security, the concept of security in the network, the concept of security threats and their types.

 

 

Security Risk 

A computer security risk is the potential for loss, damage or destruction of an asset as a result of a threat exploiting a vulnerability. In other words, a computer security risk is really anything on your computer that may damage or steal your data or allow someone else to access your computer, without your knowledge or consent. Examples of risk include financial losses, loss of privacy, reputational damage, legal implications, and even loss of life.

There are a lot of different things that can create a computer risk, including malware. Here is an article about malware.

The concept of risk security is closely related to issues such as assets, threats and vulnerabilities.

Source: study.com  and  threatanalysis.com

 

Asset 

What’s asset? Anything that is valuable. Asset can includes People, property, and information.

  • People may include employees and customers.
  • Property assets consist of both tangible and intangible
  • Information may include databases, software code, critical company records, and many other intangible items.

In generally, an asset is an economic resource that can be owned by an individual, company, or country. We can say that an asset is what we’re trying to protect.

 

Threat 

What’s threat? A threat, in the context of computer security, refers to anything that has the potential to cause serious harm to a computer system. In other words, a threat is what we’re trying to protect against. A threat is something that may or may not happen, but has the potential to cause serious damage. And finally, threat is anything that can exploit a vulnerability, intentionally or accidentally, and obtain, damage, or destroy an asset.

 

Computer Vulnerability

What’s vulnerability? A computer vulnerability is a cybersecurity term that refers to a defect in a system that can leave it open to attack. In other words, a vulnerability is Weaknesses or gaps in a security program that can be exploited by threats to gain unauthorized access to an asset.

Computer security vulnerabilities can be divided into numerous types based on different criteria. Some broad categories of these vulnerability types include:

  • Network Vulnerabilities: Like insecure Wi-Fi access points or poorly-configured firewalls
  • Operating System Vulnerabilities: Like default administrator accounts
  • Human Vulnerabilities: The weakest link in many cybersecurity architectures is the human element
  • Process Vulnerabilities: Like use of weak passwords

We can now provide a computational definition of security risk:

Security Risk= Asset + Threat + Vulnerability

In fact, it can be concluded that: Every asset is potentially a security risk.

Source: enterprise.comodo.com  and  study.com

 

 

Security Threat 

A little while ago, you learned about the concept of threat and its relationship to vulnerabilities and security risk. Now let’s discuss a little more about the threat.

These days, all businesses be targets for criminals looking to steal data, disrupt operations or just wreak havoc. All malware, all cyber-attacks, and all possible misuse of a computer or computer network can be considered subsets of the threat.

Dealing with security threats involves several steps:

  1. We must know all the threats well. We need to know the characteristics of each. We must to know what the mechanism of each threat is.
  2. Based on our knowledge, we should design, implement and manage all necessary measures and policies to protect computers and networks from threats.
  3. However, it may always that a threat penetrated and successfully implemented. As a result, one or more devices on the network may become infected. In this case, we need to be able to quickly identify the source of the infection and the devices that have been infected. We must quickly disconnect them from other network computers. Then we should clear the source of the contamination and finally clear the other victims.
  4. This step actually completes the third step. After resolving the crisis, we must investigate how the threat succeeded. We must identify vulnerabilities in computer and network security. All findings and actions must will clearly document.

Steps three and four together form the theme of disaster recovery and business continuity. Read here about it.

Here are seven of the most common issues, and what to do about them:

  1. Malware (include virus, worm. Trojan, ransomware, spyware, rootkit and etc)
  2. Phishing Attacks
  3. DoS / DDoS Attacks
  4. SQL Injection (SQLi) Attacks
  5. Data Breach
  6. Zero Day Attacks
  7. Employees of organization

 

Malware 

Malware is software that typically consists of program or code and which is developed by cyber attackers. We’ve covered the malware (such as virus, Trojan, ransomware, spyware, worm) in detail here.

 

Phishing Attacks 

Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers.

In a phishing email attack, an attacker sends phishing emails to your email that looks like it came from your bank and they are asked to provide your personal information. The message contains a link, which redirects you to another vulnerable website to steal your information. In this way, the attacker has been able to access valuable information. It is also possible that the attack was designed in such a way that after taking you to a fake website, other side effects will occur. Measures such as installation of malware on your computer, the freezing of the system as part of a ransomware attack or the revealing of sensitive information.

We’ve covered the malware in detail here.

Source:  malwarebytes.com   and  imperva.com  and   csoonline.com

 

Denial-of-Service (DoS) Attacks 

Denial-of-Service is an attack that shut down a machine or network or making it inaccessible to the users. The disruption of these network resources usually causes significant financial losses to the targeted company, and there are few appropriate mitigation strategies. DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash.

The most common target for a DoS attack is an online service such as a website, though attacks can also be launched against networks, machines or even a single program.

There are two general methods of DoS attacks:

  • Flooding services attack: These Attacks occur when the system receives too much traffic for the server to buffer, causing them to slow down and eventually stop.
  • Crashing services attack: These attacks simply exploit vulnerabilities that cause the target system or service to crash.

Popular DoS attacks include

  • Buffer overflow: This attack sends more traffic to a network address than the programmers have built the system to handle.
  • ICMP flood (smurf attack or ping of death): This attack Leverages misconfigured network devices by sending spoofed packets that ping every computer on the targeted network, instead of just one specific machine. The network is then triggered to amplify the traffic.
  • SYN flood: This attack sends a request to connect to a server, but never fully authenticates the connection. This attack continues until all open ports are saturated with requests and none are available for legitimate users to connect to.

An additional type of DoS attack is the Distributed Denial of Service (DDoS) attack. A DDoS attack occurs when multiple systems orchestrate a synchronized DoS attack to a single target.

Learn more about Dos and DDoS attacks.

Source: paloaltonetworks.com

 

SQL Injection (SQLi) Attacks 

This attack is type of an injection attack and one of the most common web hacking techniques that allows attacker to control the back end database to change or delete data, causing persistent changes to the application’s content or behavior.

In fact, attacker includes the malicious code in SQL statements, via web page input. The impact SQL injection can have on a business is far-reaching. A successful attack may result in the unauthorized viewing of user lists, the deletion of entire tables and, in certain cases, the attacker gaining administrative rights to a database.

You can read more about SQLi attacks here.

Source: hindawi.com

 

Data Breach 

A data breach is a security threat that exposes confidential or protected information and the information is accessed from a system without authorization of the system’s owner. The files in a data breach are viewed and/or shared without permission. A data breach can be intentional or accidental. A cybercriminal may hack the database of a company where you’ve shared your personal information. Also an employee at that company may accidentally expose information on the Internet.

FBI recently released a report on cybercrime in 2019 (you can read the report here) and it in this report states that about 38,000 individuals and 1,800 organizations have been victims of the threat. According to the report, persons about $ 120 million and organizations have lost about $ 53 million. (Pages 19 and 20 of this report).

Learn detailed information about this threat here.

Source: lifelock.com

 

Zero Day Attacks 

Zero day attack is the application based cyber security threats which is unknown security vulnerability in a computer software or application. This attack occur when the patch has not been released or the software developers were unaware of or did not have sufficient time to fix the vulnerability of the application. Zero day attacks can be any type of malware. (For example virus, worm or Trojan)

Zero-day attacks occur during the vulnerability window that exists in the time between when vulnerability is first exploited and when software developers start to develop and publish a counter to that threat. Zero day attacks are capable of devastating a network by exploiting the vulnerabilities of the applications involved. Read more about this here.

 

Employees of Organization 

Employees are the greatest security risk for any organization, because they know everything of the organizations such as where the sensitive information is stored and how to access it.

  • Employees can carry out attack to organization. (Dissatisfied and angry employees)
  • Employees can be abused by an attacker (Negligent employees, careless employees, employees who are unaware of security threats)
  • Employees can directly damage the organization (Careless employees, employees who are unable to perform their organizational duties well)

 

 

———————————

Sources:

study.com

malwarebytes.com

 imperva.com

csoonline.com

hindawi.com

enterprise.comodo.com

paloaltonetworks.com

threatanalysis.com