▪ NOTES ON CYBER SECURITY ENGINEERING:- ▪ Cyber Security Policies: 5.

▪ Cyber Security Policies: 5. Train Employees: After the policy has been developed, it needs to be disseminated through the
Types of Cyber Security Policies organization. Also, employees will need to be trained on these policies to follow their requirements.

An organization may implement various cyber security policies. Some of the most common ones include the 6. Regularly Update the Policy: Policies can go out of date, and their requirements may change. They

Notes Prepared by- following: should be regularly reviewed and updated to keep them up-to-date.

• The top-10 domains of cyber security

1. IT Security Policy: An organization’s IT security policy defines the rules and procedures for protecting
the organization against cyber threats. Some of the aspects of an IT security policy include acceptable use The top-10 domains of cyber security encompass different areas that need to be addressed to ensure a strong
security posture. These domains are:
of corporate assets, incident response plans, business continuity strategies, and the organization’s plan for
achieving and maintaining regulatory compliance. 1. Network Security: Implementing advanced measures such as intrusion detection and prevention systems,
firewalls, and secure network architecture to protect against unauthorized access and threats to network
2. Email Security Policy: An email security policy defines the acceptable use of corporate email systems to infrastructure.
Sayan Kar help protect the organization against spam, phishing, and malware (such as ransomware) and to prevent
2. Application Security: Focusing on securing software and applications through secure coding practices,
misuse of corporate email. This type of policy may include general rules for how corporate email can and application penetration testing, and application vulnerability management.
should be used, as well as specific guidance on how to handle suspicious links and email attachments.
3. Vulnerability Management: Systematically identifying, assessing, and remediating software
vulnerabilities, using tools like vulnerability scanners and implementing patch management strategies.
3. BYOD Policy: A BYOD policy defines rules for personal devices that are used for work. These policies
commonly define security requirements for these devices, such as the use of an endpoint security solution, 4. Security Information and Event Management (SIEM): Utilizing SIEM technologies for real-time
strong passwords, and a virtual private network (VPN) when connecting to corporate networks and IT analysis and monitoring of security alerts generated by applications and network hardware, enhancing
▪ NOTES FOR B.TECH 8TH SEM ECE SYLLABUS. detection and response capabilities.
assets via an untrusted network.
5. Endpoint Security: Protecting endpoints such as desktops, laptops, and mobile devices from threats using
• How to Create a Cyber Security Policy antivirus software, endpoint detection and response (EDR) solutions, and secure configuration practices.

1. Determine the Threat Surface: Different policies are designed to address different threats and risks 6. Identity and Access Management (IAM): Managing user identities, access controls, and authentication
mechanisms to ensure that only authorized individuals access certain data or systems.
to the organization. The first step in writing a policy is to gain a clear understanding of the systems
and processes to be regulated, such as the use of personal devices for business. 7. Data Protection and Privacy: Implementing data encryption, data loss prevention (DLP) strategies, and
adhering to privacy laws and regulations to safeguard sensitive information.
2. Identify Applicable Requirements: Corporate cyber security policies may have both internal and
8. Cyber Incident Response and Forensics: Developing incident response plans and capabilities, including
external drivers, such as corporate security goals and regulatory requirements (HIPAA, PCI DSS, etc.). digital forensics, to effectively manage and mitigate the impacts of cybersecurity incidents.
To develop a cyber security policy, the next step is to define the requirements that the policy should
fulfill. 9. Cyber Risk Assessment and Quantification: Employing methodologies like threat modeling and risk
assessments to evaluate potential cyber threats and their impacts on the organization.
3. Draft the Policy: After identifying requirements, the next step is to draft the policy. This should be 10. Regulatory Compliance and Auditing: Ensuring compliance with cybersecurity laws and standards such
accomplished by a team with stakeholders from IT, legal, HR, and management. as GDPR, HIPAA, or PCI-DSS, and conducting regular cybersecurity audits.

4. Solicit Feedback: A cyber security policy is most effective if it is clear and comprehensible to • Letter of the Law
Laws are the products of written statutes, passed by either the U.S. Congress or state legislatures. The legislatures
employees. Soliciting feedback from employees outside the policy group can help to avoid
create bills that, when passed by a vote, become statutory law.
misunderstandings and similar issues.
▪ Unit 1

For example, in response to the stock market crash of 1929, Congress passed the Securities and Exchange Act of
range of employment options. Some popular fields in IT operations include the following: IT operations also facilitates collaboration among other IT teams by providing visibility into complex systems
1934 in an effort to curb securities fraud and insider trading. The Act is codified in the United States Code as
Title 15, Section 78a, and, among other things, prohibits the disclosure of false or misleading information related and performance metrics. Comprehensive monitoring tools give stakeholders across departments access to real-
to securities transactions. The Securities and Exchange Act also created the Securities and Exchange Commission, • System management. System management involves administering IT systems within an enterprise time insights into system performance and help them make better decisions. This improves efficiency and ensures
tasked with enforcing federal securities laws.
network or data center. everyone is on the same page when it comes to system maintenance and use.

• Rules of Regulations • Network management. Network management encompasses the applications, tools and processes for
The primary goal of IT operations is to ensure the smooth functioning of IT services and infrastructure, supporting
Regulations, on the other hand, are standards and rules adopted by administrative agencies that govern how laws provisioning, operating, securing and maintaining a network infrastructure.
will be enforced. So an agency like the SEC can have its own regulations for enforcing major securities laws. For the day-to-day operations of an organization.
instance, while the Securities and Exchange Act prohibits using insider or nonpublic information to make trades, • Cloud computing. Cloud computing enables businesses to transition from on-premises to the cloud.
the SEC can have its own rules on how it will investigate charges of insider trading.
• Database management. Database management entails controlling and manipulating data to provide
Like laws, regulations are codified and published so that parties are on notice regarding what is and isn't legal.
secure and efficient access as required by the business.
And regulations often have the same force as laws, since, without them, regulatory agencies wouldn't be able to IT ops vs. DevOps
enforce laws.
• Data center management. Data center management involves IT teams fulfilling the daily operational
IT operations and DevOps overlap in key areas, so it's important to understand what each does and how they
If you need legal help with a regulatory question, you may want to talk to an experienced government agencies needs of running a data center.
and programs attorney near you. differ. IT ops is the management of operations related to the development, maintenance and support of IT systems.
IT ops vs. IT infrastructure This includes activities such as monitoring and management of networks and servers, system upgrades, patches
• An enterprise information security policy is a set of rules that people with access to the organization’s IT operations and IT infrastructure are two key parts of any IT organization that must work in tandem. IT ops and security updates, user account maintenance and service desk support. The ops team oversees all daily IT tasks
data, assets, networks, and other IT resources must follow to minimize cyber risk exposure. The ensures the smooth running of IT systems and services. IT infrastructure encompasses the physical and virtual with the goal of maintaining existing infrastructure.
cornerstone of cybersecurity resilience, ISPs ideally cover all elements of an enterprise IT ecosystem,
components and software that enable IT systems.
from hardware and software to employees and the company’s extended vendor network.
1. In other words, an ISP is your first line of defense against the damage, loss, or misuse of your DevOps combines both software development and IT operations activities to create an efficient, streamlined
organization’s data assets. The purpose of the information security policy is to define your overall IT infrastructure product and service delivery process. DevOps uses automation and continuous system monitoring to increase
approach to cybersecurity, offer users clear and relevant guidance on security and incident dos and don’ts, speed, agility and reliability in the product development and delivery process.
and break down the roles and responsibilities for effective and secure information governance. IT infrastructure is all the hardware and software that comprise an organization's IT environment. This includes
2. The CIA triad, aka the three main principles of information security PCs, servers, networks, storage devices, virtual technologies and all the software that makes the hardware run and
3. Albeit fitting, the term ‘CIA triad’ has nothing to do with the well-known US government agency but that runs on the hardware. DevOps uses Agile methodology for software development to ensure changes can be executed fast without
everything to do with the three pillars of a robust corporate information security model; that is, affecting an organization's operational stability or performance. Similar to IT ops, it encourages collaboration
confidentiality, integrity, and availability.
4. Confidentiality refers to an organization’s ability to protect information against disclosure attacks, such as Infrastructure management involves oversight of these components, as well as documenting hardware among different departments and facilitates better communication among teams. Automation and continuous
network reconnaissance or electronic eavesdropping. Confidentiality measures, e.g., encryption, are put configurations, setting up new configurations and monitoring and measuring the performance of the IT integration processes simplify product deployment. Both DevOps and IT ops ensure faster resolution of issues
in place to ensure that authorized users have the necessary privileges to access specific assets while through feedback loops that detect problems earlier in the system's lifecycle.
infrastructure.
unauthorized users are actively prevented from accessing them.
5. Integrity is about ensuring that information is not tampered with during or after submission. Data integrity
IT operations Difference between Policies and Strategy
can be compromised by accident, through human error, faulty data transfer, or device failure, and on
purpose, by evading intrusion detection or changing file configurations to allow unwanted access.
Techniques to preserve data integrity include encryption, hashing as well as digital certificates and IT operations encompass the design, setup, configuration, deployment and maintenance of the IT infrastructure
Basis Policies Strategy
signatures. that supports business operations. It ensures an organization's systems are available when needed and can respond
6. Availability requires organizations to have up-and-running systems, networks, and applications to to changing needs. Ops teams use automated processes and comprehensive monitoring tools to respond to
guarantee authorized users access to information without any interruption or waiting. It means resilience Strategies are unified, structured, and
Policies are general statements that
against all kinds of disruption in data availability, including cyber threats, human error, hardware and technical and security issues as they arise and before they become major problems. IT ops teams also ensure IT integrated plans that are designed to
Meaning guide thinking and channel energy
software failures, natural disasters, and power outages. Countermeasures range from regular system achieve specific objectives of an
systems can scale to meet future and growing needs. toward a particular direction.
organization.
upgrades and backups to denial-of-service protection solutions.

Basis Policies Strategy When you hear the word “hacker”, you probably think of a mysterious individual sitting alone in a dark room, limited. However, people were starting to think about security. A 1975 paper titled The Protection of Information
in Computer Systems presented principles and concepts that would become critical to cybersecurity in the future.
watching information scroll by on multiple windows as they conduct nefarious deeds
Its main aim is to prepare organizations
Its main aim is to deal with repetitive
Aim against unforeseen events or challenges of The 1980’s
issues. The media often takes creative liberties when depicting hackers. It may surprise you to learn that the origin of the
the business environment.
‘modern hacker’ was a counterculture of people tinkering with technology or finding new ways of sharing
The 1980s were a chaotic time; the Internet was formed in 1983, and the adoption of the Internet Protocol Suite
They remain valid for situations or information. Hacking is not innately tied to breaking into computers. In fact, an early instance of hacking in 1963
Validity They are useful for specific purposes. by ARPANET and other networks added more potential targets and attackers to the mix. The first “real” malware
events which are recurring in nature.
involved hacking a phone system to make long-distance calls for free. Hacking is the act of working within the
emerged during this time, as did the public panic around The Cold War. Tools and techniques developed during
confines of a system to produce unintended behavior. That behavior ranges from cracking passwords to saving a
Role of They are generally not made on the They are made after considering the moves this era would become common in modern cybersecurity; dictionary attacks used stolen lists of passwords and
competitors move of competitors. of the competitors. spaceship’s air system using spare parts.
exploited weak default credentials, while decoy computer systems trapped attackers.

They have a lower place in the They have a higher place in the hierarchy of
Hierarchy of plans hierarchy of plans and are generally plans and are generally considered to be The late 80’s gave two major events.
considered to be supportive. superior.
The 1960’s
• The first was the discovery that a hacker working for the KGB gained access to sensitive documents from
Mc Donald’s and Burger King are giant fast
Organizations have policies for a the U.S. military.
Example food chains, which make their strategies The more connected we are, the more important cybersecurity is, and the widespread adoption of time-sharing in
proper code of conduct.
considering each other.
the 60s was a big increase in connectivity. Computers of the era were expensive and bulky; timesharing let
• The second was the creation of the world’s truly serious piece of malware: the Morris Worm. It was
multiple people use a single large computer at the same time, which meant that precautions were needed to prevent
originally written to map the size of the internet but quickly grew out of control, choking computers with
The Evolution of Cybersecurity unauthorized access to files and to the computer itself. Computing time was expensive in those days! The solution
multiple copies of itself, and clogging the network as it kept replicating.
of protecting accounts with passwords has persisted to modern times.
Codecademy Team
These incidences exploited unsecured default settings; default passwords like “admin” ensured a system or piece
The 1970’s
Share of software was easily exploitable
The creation of ARPANET, the earliest form of the internet, gave hackers a lot to think about and explore.
In this article, you'll explore the evolution of hacking and cybersecurity.
ARPANET was a testing ground for new technologies, and the hacker and technical communities busied The 1990’s

When ENIAC, the first modern computer, was brought online in 1945, cybersecurity wasn’t a word you could themselves with developing and prototyping new technologies, including email. There were a few adventures into
the development of malware (short for malicious software), including Creeper and Reaper, the first computer The 1990s are widely considered to be the era of viruses. Computers that connected to the internet became more
find in the dictionary. The only way to interact with the building-sized computers of the era was to be physically
worms, but these were academic exercises more than anything else. common in households and this increased access. This led to unskilled script kiddies — individuals who
present, so virtual threats weren’t a risk, and access control was a matter of physical security.
download a piece of code and run it without having to write any code themselves. They can use that code to
I'M THE CREEPER; CATCH ME IF YOU CAN launch attacks they don’t understand in order to vandalize or destroy targets for fun.
Cybersecurity developed as a distinct field throughout the 1960s and 70s and exploded into the public
consciousness in the late 1980s, after a series of events that highlighted just how dangerous a lack of security
The message you would have seen if you received a visit from Creeper! The unfocused, scattered attacks of the era led to the rise of the anti-malware industry, evolving from a curiosity
could be. Continuing to grow throughout the 90s, cybersecurity is now a core part of modern life. Let’s explore
to a core part of modern cybersecurity. Cybersecurity, as a whole, started to be taken much more seriously. Large
the brief history of this field!
In this era of rapid development and experimentation, the security of the technology being developed was not a companies made public pushes to improve the security of their products. Household computers were often
concern. The widespread view of ARPANET as a cooperative academic endeavor and the absence of well- targeted by the rampant malware of the era, demonstrating the consequences of poor cybersecurity to their owners.
Origins
established best practices meant that the motivation and means to design secure systems and software were
The 2000’s manipulation and social engineering are powerful tools, used by hackers to gain access to secure systems. Many
of the systems we rely on run on computers, and the stakes for protecting them have never been higher. Attacks
More and more data became digitized — particularly monetary transactions. As the script kiddies of the 90s grew on those computers can disrupt transportation, power, economy, healthcare, communication, and even lives.
up and gained more experience, the scale of threats shifted, and attackers started having larger targets beyond
vandalism and destruction. Credit-card breaches, hacktivism, and holding corporations’ systems for ransom With computers so integrated into our lives, it’s crucial that we protect them. In cybersecurity, we must learn
became increasingly common, as malicious hackers realized there was real money to be made from cybercrime. from our mistakes, applying the lessons learned in the past to prevent attacks in the future. This is the domain of
security researchers and ethical hackers: Finding and fixing vulnerabilities before they can be exploited, and
Hundreds of millions of sets of credit card data were breached over the course of the decade. helping to make us and our computers as safe as possible.

The threats of data breaches and ransomware attacks forced large businesses to improve their cybersecurity What is ecommerce?
programs. Being hacked was no longer just a matter of vandalism; it could lead to extended downtime, loss of
Ecommerce or "electronic commerce" is the trading of goods and services online. The internet allows individuals
customer loyalty, lawsuits, and fines from regulatory bodies.
and businesses to buy and sell an increasing amount of physical goods, digital goods, and services electronically.
Some businesses sell exclusively online or use ecommerce to expand the reach of their other distribution channels.
The 2010’s What types of ecommerce are there?
Either way, ecommerce is thriving and can be a profitable venture. Let’s dive into the details of how ecommerce
During the 2010s, the scale of threats continued to grow: Attacks by nation-states increased in frequency, and works and find out if it’s right for you. Ecommerce takes as many different forms as there are various ways to interact with online channels. For example,
they carried out infiltration and surveillance campaigns and deployed cyberweapons to attack strategic objectives. sellers and buyers exchange goods and services through m-commerce, enterprise commerce, and social selling
How does ecommerce work?
Malicious hacker groups targeted major corporations and government organizations, stealing data and launching destinations.
ransomware attacks, and the growing number of smart devices in circulation gave these groups an entirely new Ecommerce works by connecting sellers with customers and allowing exchanges to take place online. It can work
type of target. A few common business models are:
in many different ways and take many forms. Here’s a general overview of how the process can look:

• B2C: Businesses sell to individual consumers, sometimes called the “end customer.”
The most dangerous of these new threat actors are known as APTs: Advanced Persistent Threats. Often funded 1. The seller chooses online selling channels, like a website or social media, and promotes products or
• B2B: Businesses sell to other businesses. Often the buyer resells products to the consumer.
by nation-states, APTs possess resources and determination far beyond what smaller threat actors might have services for sale.
• C2B: Consumers sell to businesses. C2B businesses allow customers to sell to other companies.
access to. While lesser threat actors might be capable of launching cyber attacks against a target, APTs are capable 2. Customers find the products or services and place orders.
• C2C: Consumers sell to other consumers. Businesses create online shopping destinations to connect
of running entire cyber-campaigns, attempting to infiltrate their target across multiple domains simultaneously. 3. A payment processor enables the exchange of the goods or services electronically via payment options
customers.
like credit cards or digital currencies.
• B2G: Businesses sell to governments or government agencies.
Large-scale cybersecurity incidents became more and more common: WannaCry and NotPetya caused global 4. The customer receives a confirmation email or SMS along with a printable receipt.
• C2G: Consumers sell to governments or government agencies.
damage, the [Equifax) and Yahoo! breaches revealed hundreds of millions of pieces of personal information, and 5. If the transaction is for goods, the seller ships the products and sends the customer a tracking number via
• G2B: Governments or government agencies sell to businesses.
countless companies and organizations were hit by ransomware attacks, bringing their operations grinding to a email or SMS. If the transaction is for a service, the service provider can reach out to schedule and
• G2C: Governments or government agencies sell to consumers.
halt. complete the service.

What is a botnet?
The present Along the way, many ecommerce tools and technologies work together to help make online purchases possible.
On the technical side, the transaction can depend on data, logistics, warehousing, supply chains, and other systems
First things first: a bot is an automated software program that is designed to perform a specific task over the
With the world as connected as it is, cybersecurity is about protecting people as much as it is about protecting and processes.
internet. A content scraping bot, for example, is designed just to save content on many different web pages.
computers. People are fallible, and, like computers, we have vulnerabilities that can be exploited: Emotional

A botnet is a network or cluster of such bots, typically using a group of computers (or other devices) that have Simply put, a botnet attack is any malicious activity attempted by a hacker or cybercriminal using the botnet. 2. IRC: or, Internet Relay Chat. This type of botnet focuses on using low bandwidth and simpler
been infected by malware and are now under the control of the malware owner. These botnets are being used to communication (like mIRC) to mask its identity and avoid detection.
The most common form of botnet attack is the DDoS (Distributed Denial of Service) attack. The hacker will use
attack (and often infect) other computers and devices. 3. Telnet: in this type of botnet control, all devices in the botnet are connected to the main command server,
the botnet to send a massive amount of requests and/or traffic to a website or web server to overwhelm it, which
so it is a subtype of C&C. The main difference is that new computers are added to the botnet via a scanning
Typically, hackers will do all they can to ensure that the victims aren’t aware of the infection, which will allow prevents it from serving its real users (hence, denial of service).
script that runs on an external server. Once login is found by the scanner, it is then infected with malware
them to exploit the botnet for as long as possible.
via SSH.
However, there are also other forms of malicious attacks that can be performed by botnets, including but not
4. Domains: an infected device accesses web pages or domains that distribute commands. The botnet owner
How are botnets created? limited to:
can update the code from time to time.
To create a botnet, hackers begin by creating a piece of malware (or getting a ready-to-use malware that can be • Spam attacks: when a web server with SMTP or POP3 is turned into a part of a botnet, it can be used to 5. P2P: In this type, the botnets are not connected to a central server but instead are connected peer to peer.
modified) that can be used to remotely control an infected host computer or other device. send spam and fraud emails in an attempt to fraud the recipient, infect the device with malware, and other Each infected device in the botnet acts as both a server and a client.
means.
A notable thing about a botnet is that after a computer has been compromised, it can then infect other devices it Challenges in stopping and preventing botnet attacks
• Cryptocurrency mining: a common type of cybersecurity threat in recent years, the botnet is hijacked to
interacts with, for example by automatically sending spam emails. With this method, hackers can get hundreds,
mine cryptocurrency for the attacker’s financial gain
With so many botnets circulating on the internet today, protection is essential—but it’s not easy. Botnets are
thousands, and even millions of computers under their control.
• Fraud traffic: generate fake web traffic or fraud-clicking ads to drive revenue
continuously mutating to take advantage of vulnerabilities and security flaws. Thus, each botnet can be
• Ransom: infect devices with ransomware and ask for money to ‘release’ the device, or coerce payment
The malware in question is often Trojan-type viruses, which disguise themselves as harmless files, tricking users significantly different from the others.
from users to remove their device from the botnet
into clicking the executable file. For example:
• Spyware: the botnet spies for user’s activities like passwords, credit card information, and other sensitive Botnet operators know that the more IP addresses and devices they use in their attacks, the harder it is for bot
• A seemingly harmless email attachment like an attractive image, seemingly important document (invoice, data, and then reports it to the botnet’s owner. The attacker can then sell this sensitive data on the defense technologies to confidently screen out bad requests for access to websites and APIs, and to confidently
special offer), and so on. Clicking to download the attachment will trigger the malware’s installation illegal market. allow access to valid requests from customers or partners.
• Software (or .exe file) downloaded from an untrustworthy source, which might be a botnet malware
Also, the botnet can be sold or rented out to other hackers. The explosion of IP-addressable IoT devices has made it easier than ever for botnets to spread their tentacles. IoT
• Pop-up advertising or notification, where clicking on the ad will download an executable file
devices are typically more vulnerable than personal computers, with weaker protective measures. Infected IoT
Different types of botnets
It’s also important to note that botnet malware isn’t only infecting personal computers and laptops, but also devices make it easy for attackers to stage low and slow attacks, where vast numbers of IP addresses make only
smartphones and even IoT devices like surveillance cameras, gaming consoles, and so on. a few requests. This type of botnet attack is exceptionally difficult to screen and protect against at the IP or
We can differentiate various types of botnets based on how they are controlled by the attacker. There are actually
network behavior level.
various methods the hacker can use to command and control the botnet; some are more sophisticated than other
Botnets can ‘spread’, that is, infect other devices, in both active and passive ways:
methods.
Simply put, preventing and stopping bot attacks requires sophisticated detection capabilities.
1. Active: the botnet can spread itself without needing any user intervention. Typically an active botnet has
Typically for a bigger botnet, a main ‘herder’ or owner can control the whole botnet from a central server, while
a designed mechanism to find other potential hosts on the internet (i.e. computers with known How to stop and prevent botnet attacks
other, smaller herders can control a smaller portion of the botnet.
vulnerabilities) and will infect them when possible.
1. Keep your software up to date
2. Passive: the botnet can only infect other devices with the help of human intervention. For example, the
While there are various different types of botnets, here are some of the most common ones:
botnet may run a phishing or social engineering attack to infect other devices.
New viruses and malware are created every single day, so it’s very important to ensure your whole system is also
1. Command and Control (or C&C): in this type, all devices in the botnet communicate with one central
up-to-date to prevent botnet attacks.
What is a botnet attack? herder or server

A lot of botnet attacks are designed to exploit vulnerabilities in apps or software, a lot of them have potentially DataDome pools data from thousands of sites, analyzes billions of requests every day, and uses advanced machine Use of a Cybersecurity Metric:
been fixed in the form of security updates or patches. So, make a habit of updating your software and OS regularly. learning to continuously update the algorithm. In this way, the botnet prevention solution can detect both familiar
A Cybersecurity metric assists the organization in the following ways:
You wouldn’t want to get infected by malware or any other types of cybersecurity threats just because you botnets and new threats in real time.
neglected to update software.
• It facilitates decision-making and improves overall performance and accountability.
Best of all, DataDome requires no active botnet mitigation or other daily intervention on your part. Just set up
• It helps in setting quantifiable measures based on objective data in the metric.
2. Closely monitor your network your allow list of trusted partner bots, then DataDome will take care of all your unwanted traffic while you focus
• It helps in making corrections in an efficient way.
on more valuable projects.
Closely monitor your network for unusual activities. This will be much more effective if you have a better • It brings together all the factors like finance, regulation, and organization to measure security.
understanding of your typical traffic and how everything typically behaves ordinarily. • It maintains the log of every individual system that has been tested over the years.

24-hour monitoring of the network should be the policy if possible, by using analytics and data-collection Some Cybersecurity Metrics:
solutions that can automatically detect anomalous behavior, such as botnet attacks.
Here is a list of some important cybersecurity metrics that portray the current threat scenario really well.
3. Monitor failed login attempts
• A number of systems have vulnerabilities: A very important cybersecurity metric is to know where
One of the biggest threats to online companies is account takeover, or ATO. Botnets are often used to test large your assets lag. This helps in determining risks along with the improvements that must be taken. This
volumes of stolen username and password combinations in order to gain unauthorized access to user accounts. way the vulnerabilities can be worked upon before anyone exploits them.
• Mean detection and response time: The sooner a cybersecurity breach is detected and responded to,
Monitoring your usual rate of failed login attempts will help you establish a baseline, so that you can set up alerts
the lesser will be the loss. It is important to have systems that reduce the mean detection and response
to inform you of any spikes in failed logins, which may be a sign of a botnet attack. Do note that “low and slow”
• Unit 2 Cyber security objectives and guidance time.
attacks coming from vast numbers of different IP addresses may not trigger these botnet attack alerts.
• Data volume over a corporate network: Employees having unrestricted access to the company’s
Cyber Security Metrics internet may turn out into a disaster. If they use the company’s resources to download anything, it might
lead to the invasion of malware.
Last Updated : 23 Feb, 2022
• Incorrectly configured SSL certificates: Company’s digital identity can be used to extract critical
• information if proper authentication measures are not in place. Thus, it is important to keep track of SSL
• certificates that are not correctly configured.
• • Deactivation time of credentials of a former employee: The employees no longer a part of the
4. Implement an advanced botnet detection solution
organization must not be given access to the company’s resources. Moreover, their previous rights must
Metrics are tools to facilitate decision-making and improve performance and accountability. A cybersecurity be immediately terminated otherwise sensitive information might be put at risk.
The best approach to protecting your website and web server from botnet attacks is to invest in an advanced botnet
metric contains the number of reported incidents, any fluctuations in these numbers as well as the • The number of users having higher access levels: There are individuals that have a wider range of
detection software like DataDome, that can perform real-time botnet detection and employ top-level bot
identification time and cost of an attack. Thus, it provides stats that can be used to ensure the security of the data access as compared to others. However, this all must be efficiently monitored by the company.
mitigation methods.
current application. Also, unnecessary access should be minimized.
While botnet operators are now very sophisticated in masking the botnet’s identity, DataDome’s AI-powered • Open communication ports during a time period: Communication occurs both ways. The ports for
Organizations get the overall view of threats in terms of time, severity, and number. It is important today
solution can perform real-time behavioral analysis to detect botnet traffic and block all botnet activities before inbound and outbound traffic must be individually monitored. NetBIOS must be avoided in inbound
when this data keeps fluctuating. This way the organizations can maximize protection from threats in the
they even reach your web server. Implementing bot management and protection can even improve your initial traffic and SSL should be rightly monitored in outbound traffic. Also, ports that allow protocols for
future. Cybersecurity metric is the optimal way to monitor applications for cybersecurity.
server response time. remote sessions must be monitored for a period of time.
 The CIA triad are-
• Access to systems by third parties: Some systems of a company are more critical to others. For the
S.No. Good Metric Bad Metric
critical ones, proper mapping of third parties using them should be monitored.
• Review of frequency of third party access: Third parties might have to access the network of a
01. Percentage of AV/EPP events. Frequency of security issues.
company to complete any project or activity. Thus, monitoring their access is important to identify any
suspicious activity that might be undergoing at their end.
02. Cost of event control. Frequency of closed risks.
• Partners with effective cybersecurity: A company may have full control over its cybersecurity policies
but you never know if the other business partners are as conscious as you. Thus, the higher the number
03. Malware instances. Closed security tickets.
of partners with strict cybersecurity policies, the lesser the chances of cyberattacks.

Why use a Metric? 04. Re-returning vulnerabilities. Log management.

Here is a list of the main three reasons that validate the advantage of using metrics. 05. CIS score per head. AV detection.

• For learning: To figure out different information pertaining to a system, we have to start by asking • Cyber Security Goals
questions. These questions will lead us to answers and then in turn to information. This becomes easier
The objective of Cybersecurity is to protect information from being stolen, compromised or attacked.
with the help of a metric and thus the understanding of cybersecurity risks improves. Cybersecurity can be measured by at least one of three goals-
• For Decision Making: When we use a metric to gain information about a system, we can extend its use 1. Protect the
even further by gaining insight into previous decisions. This way, we can better manage the decisions confidentiality
that have to be taken with respect to current cybersecurity risks. of data.
• For Implementation of Plans: After analyzing the loopholes in the system and making decisions on 2. Preserve the
how to go about rectifying them, it is time to take action. This implementation can be supported further integrity of
by referring to previous records and assessments in the cybersecurity metric. data.
1. Confidentiality
3. Promote the
Metric: Good or Bad? Confidentiality is roughly equivalent to privacy and avoids the unauthorized disclosure of information. It involves
availability of
the protection of data, providing access for those who are allowed to see it while disallowing others from learning
data for anything about its content. It prevents essential information from reaching the wrong people while making sure
A good metric is: that the right people can get it. Data encryption is a good example to ensure confidentiality.
authorized
users.
• Definable Tools for Confidentiality
• Comprehensive These goals form the confidentiality, integrity, availability (CIA) triad, the basis of all security programs. The
• Has room for comparison CIA triad is a security model that is designed to guide policies for information security within the premises of an
organization or company. This model is also referred to as the AIC (Availability, Integrity, and
Confidentiality) triad to avoid the confusion with the Central Intelligence Agency. The elements of the triad are
With that being said, it is also important to not waste time over things that are ever fluctuating or those that considered the three most crucial components of security.
never change for that matter. Here are a few examples of a good and a bad metric:
The CIA criteria are one that most of the organizations and companies use when they have installed a new
application, creates a database or when guaranteeing access to some data. For data to be completely secure, all of
these security goals must come into effect. These are security policies that all work together, and therefore it can
be wrong to overlook one policy.

Authentication is the necessity of every organizations because it enables organizations to keep their networks Backup is the periodic archiving of data. It is a process of making copies of data or data files to use in the event
secure by permitting only authenticated users to access its protected resources. These resources may include when the original data or data files are lost or destroyed. It is also used to make copies for historical purposes,
computer systems, networks, databases, websites and other network-based applications or services. such as for longitudinal studies, statistics or for historical records or to meet the requirements of a data retention
policy. Many applications especially in a Windows environment, produce backup files using the .BAK file
Authorization extension.

Authorization is a security mechanism which gives permission to do or have something. It is used to determine a Checksums
person or system is allowed access to resources, based on an access control policy, including computer programs,
files, services, data and application features. It is normally preceded by authentication for user identity A checksum is a numerical value used to verify the integrity of a file or a data transfer. In other words, it is the
verification. System administrators are typically assigned permission levels covering all system and user computation of a function that maps the contents of a file to a numerical value. They are typically used to compare
resources. During authorization, a system verifies an authenticated user's access rules and either grants or refuses two sets of data to make sure that they are the same. A checksum function depends on the entire contents of a file.
resource access. It is designed in a way that even a small change to the input file (such as flipping a single bit) likely to results in
different output value.
Physical Security
Data Correcting Codes
Physical security describes measures designed to deny the unauthorized access of IT assets like facilities,
equipment, personnel, resources and other properties from damage. It protects these assets from physical threats It is a method for storing data in such a way that small changes can be easily detected and automatically corrected.
including theft, vandalism, fire and natural disasters.

3. Availability
2. Integrity
Availability is the property in which information is accessible and modifiable in a timely fashion by those
Integrity refers to the methods for ensuring that data is real, accurate and safeguarded from unauthorized user authorized to do so. It is the guarantee of reliable and constant access to our sensitive data by authorized people.
modification. It is the property that information has not be altered in an unauthorized way, and that source of the
Encryption
information is genuine. Tools for Availability
Encryption is a method of transforming information to make it unreadable for unauthorized users by using an o Physical Protections
algorithm. The transformation of data uses a secret key (an encryption key) so that the transformed data can only Tools for Integrity
be read by using another secret key (decryption key). It protects sensitive data such as credit card numbers by o Computational Redundancies
encoding and transforming data into unreadable cipher text. This encrypted data can only be read by decrypting
it. Asymmetric-key and symmetric-key are the two primary types of encryption. Physical Protections

Access control Physical safeguard means to keep information available even in the event of physical challenges. It ensure
sensitive information and critical information technology are housed in secure areas.
Access control defines rules and policies for limiting access to a system or to physical or virtual resources. It is a
process by which users are granted access and certain privileges to systems, resources or information. In access Computational redundancies
control systems, users need to present credentials before they can be granted access such as a person's name or a
computer's serial number. In physical systems, these credentials may come in many forms, but credentials that It is applied as fault tolerant against accidental faults. It protects computers and storage devices that serve as
can't be transferred provide the most security. fallbacks in the case of failures.

Authentication • Top 8 Cyber Security Vulnerabilities

An authentication is a process that ensures and confirms a user's identity or role that someone has. It can be done
in a number of different ways, but it is usually based on a combination of- Vulnerabilities come in various forms, but some of the most common types include the following:

o something the person has (like a smart card or a radio key for storing secret keys),
#1. Zero Day
o something the person knows (like a password),
o something the person is (like a human with a fingerprint). Backups

With a framework in place that follows common cybersecurity standards, it becomes much easier to define
A zero-day vulnerability is one that was discovered by cybercriminals and exploited before a patch was #8. Vulnerable APIs
the processes and procedures that your organization must take to assess, monitor, and mitigate cybersecurity
available. Zero-day vulnerabilities like Log4j are often the most famous and damaging vulnerabilities risk.
Often, web security strategies focus on web applications, which are the more visible components of a
because attackers have the opportunity to exploit them before they can be fixed.
corporate digital attack surface. However, APIs can be even more damaging if not properly secured against
Let’s take a look at seven common cybersecurity frameworks and standards.
#2. Remote Code Execution (RCE) unauthorized access or exploitation.

An RCE vulnerability allows an attacker to execute malicious code on the vulnerable system. This code How to Protect Against Vulnerabilities 1. NIST Cybersecurity Framework
execution can allow the attacker to steal sensitive data, deploy malware, or take other malicious actions on 2. ISO 27001 and ISO 27002
Some of the ways that companies can help protect themselves against attack include the following: 3. SOC2
the system.
4. NERC-CIP
• Vulnerability Scanning: A vulnerability scanner can automatically identify many of the vulnerabilities
#3. Poor Data Sanitization 5. HIPAA
in an organization’s systems. Performing a vulnerability scan provides insight into the issues that need 6. GDPR
Many attacks — such as SQL injection and buffer overflows — involve an attacker submitting invalid data correction and where the company is most likely to be attacked. 7. FISMA
to an application. A failure to properly validate data before processing leaves these applications vulnerable • Access Control: Many vulnerabilities arise from weak authentication and access control.
NIST Cybersecurity Framework 2.0
to attack. Implementing least privilege and deploying multi-factor authentication (MFA) can help to limit the risk
of account takeover attacks. The NIST Cybersecurity Framework was established in response to an executive order by former President
#4. Unpatched Software Obama — Improving Critical Infrastructure Cybersecurity — which called for greater collaboration
• Validate User Input: Many exploits take advantage of poor input validation. Applications should be
between the public and private sector for identifying, assessing, and managing cyber risk.
designed to fully validate input before trusting and processing it.
Software vulnerabilities are common, and they are corrected by applying patches or updates that fix the
• Automate Security Monitoring: Many companies have sprawling IT architectures, making it difficult
issue. A failure to properly patch out-of-date software leaves it vulnerable to exploitation. While compliance is voluntary, NIST has become the gold standard for assessing cybersecurity maturity,
or impossible to manually track configuration settings and cyber defenses. Automating security identifying security gaps, and meeting cybersecurity regulations.
#5. Unauthorized Access monitoring and management enables security teams to scale and quickly remediate issues.
• Deploy Security Solutions: Many common types of attacks can be identified and blocked by
It is common for companies to assign employees and contractors more access and privileges than they need. cybersecurity solutions such as firewalls or endpoint security tools. Deploying a comprehensive,
These additional permissions create security risks if an employee abuses their access or their account is integrated security architecture can reduce the risks posed by vulnerabilities.
compromised by an attacker.
Secure Your Business from Vulnerabilities with Check Point
#6. Misconfiguration
Companies face a variety of cybersecurity threats, and understanding these risks is vital to protect against
Software commonly has various configuration settings that enable or disable different features, including them. To learn more about the current state of the cyber threat landscape, check out Check Point’s 2022
security functionality. A failure to configure applications securely is a common problem, especially in cloud Cybersecurity Report.
environments.
Check Point can help you identify the vulnerabilities in your applications and help identify solutions. To
#7. Credential Theft start, sign up for a free Security Checkup to identify the main threats in your organization’s IT environment.

Cybercriminals have different means of stealing user credentials, including phishing, malware, • What is a cybersecurity framework?
and credential stuffing attacks. An attacker with access to a legitimate user’s account can use this access to
A cybersecurity framework provides a common language and set of standards for security leaders across
Source: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.29.pdf
attack an organization and its systems. countries and industries to understand their security postures and those of their vendors.
In 2024, NIST unveiled the Cybersecurity Framework 2.0 (CSF 2.0), marking its most significant update SOC2 GDPR
since the release of CSF 1.1 in 2018.
Service Organization Control (SOC) Type 2 is a trust-based cybersecurity framework and auditing standard The General Data Protection Regulation (GDPR) was adopted in 2016 to strengthen data protection
developed by the American Institute of Certified Public Accountants (AICPA) to help verify that vendors procedures and practices for citizens of the European Union (EU). The GDPR impacts all organizations that
CSF 2.0 extends its reach beyond critical infrastructure cybersecurity, targeting a wider array of and partners are securely managing client data. are established in the EU or any business that collects and stores the private data of EU citizens — including
organizations including small schools, nonprofits, large agencies, and corporations, regardless of their U.S. businesses.
cybersecurity expertise.
SOC2 specifies more than 60 compliance requirements and extensive auditing processes for third -party
systems and controls. Audits can take a year to complete. At that point, a report is issued which attests to a The security framework includes 99 articles pertaining to a company’s compliance responsibilities including
A notable addition in this update is the emphasis on cybersecurity governance, recognizing cybersecurity as vendors’ cybersecurity posture. a consumer’s data access rights, data protection policies and procedures, data breach notification
a key component of enterprise risk management alongside financial and reputational risks. requirements (companies must notify their national regulator within 72 hours of breach discovery), and
more.
Because of its comprehensiveness, SOC2 is one of the toughest security frameworks to implement —
The cybersecurity framework now encompasses six core functions — 1. Identify, 2. Protect, 3. Detect, 4. especially for organizations in the finance or banking sector who face a higher standard for compliance than
Respond, 5. Recover, and 6. Govern — providing a holistic approach to managing cybersecurity risk. other sectors. Fines for non-compliance are high; up to €20,000,000 or 4% of global revenue, and the EU is not shy about
enforcing them.

NIST has also introduced a suite of resources to facilitate the security framework's adoption. These include Nevertheless, it’s an important security framework that should be central to any third-party risk
quick-start guides tailored for various audiences, success stories from organizations that have implemented management program. Read the Risk Managers Guide to the GDPR to learn more about developing a GDPR strategy and
the CSF, and a searchable catalog of informative references to align existing practices with the framework’s maintaining ongoing compliance.
guidance.
NERC-CIP
FISMA
Furthermore, the CSF 2.0 is designed to align with international standards, supporting global cybersecurity Introduced to mitigate the rise in attacks on U.S. critical infrastructure and growing third-party risk,
resilience efforts. the North American Electric Reliability Corporation - Critical Infrastructure Protection (NERC CIP) is a set The Federal Information Security Management Act (FISMA) is a comprehensive cybersecurity framework
of cybersecurity standards designed to help those in the utility and power sector reduce cyber risk and ensure that protects federal government information and systems against cyber threats.
the reliability of bulk electric systems.
The journey from CSF 1.1 to CSF 2.0 represents NIST's commitment to evolving the security framework in
response to the changing cybersecurity challenges and the needs of its users. Organizations are encouraged FISMA also extends to third parties and vendors who work on behalf of federal agencies.
to customize the CSF to their specific contexts and share their experiences to benefit the broader community. The NERC-CIP security framework requires impacted organizations to identify and mitigate third-party
cyber risks in their supply chain.
The FISMA security framework is aligned closely with NIST cybersecurity standards and requires agencies
ISO 27001 and ISO 27002 and third parties to maintain an inventory of their digital assets and identify any integrations between
NERC-SIP stipulates a range of controls including categorizing systems and critical assets, training networks and systems.
Created by the International Organization for Standardization (ISO), ISO 27001 and ISO 27002 personnel, incident response and planning, recovery plans for critical cyber assets, vulnerability
certifications are considered the international cybersecurity standard for validating a cybersecurity program assessments, and more. Read more about effective strategies for achieving NERC-CIP compliance.
— internally and across third parties. Sensitive information must be categorized according to risk and security controls must meet minimum
HIPAA security standards as defined by FIPS and NIST 800 guidelines.

With an ISO certification, companies can demonstrate to the board, customers, partners, and shareholders The Health Insurance Portability and Accountability Act (HIPAA) is a cybersecurity framework that
that they are doing the right things with cyber risk management. requires healthcare organizations to implement controls for securing and protecting the privacy of electronic Impacted organizations must also conduct cybersecurity risk assessments, annual security reviews,
health information. and continuously monitor their IT infrastructure.

Likewise, if a vendor is ISO 27001/2 certified, it’s a good indicator ( although not the only one) that they
have mature cybersecurity practices and controls in place. Per HIPAA, in addition to demonstrating compliance against cyber risk best practices — such as training A cybersecurity framework can be a vital guidepost
employees — companies in the sector must also conduct risk assessments to manage and identify emerging
risk. Cybersecurity frameworks provide a useful (and often mandated) foundation for integrating cyber security
The downside is that the process requires time and resources; organizations should only proceed if there is risk management into your security performance management and third-party risk management strategy.
a true benefit, such as the ability to win new business. The certification is also a point -in-time exercise and
could miss evolving risks that continuous monitoring can detect. HIPAA compliance remains a keen challenge for healthcare organizations, as Bitsight research suggests.

With a security framework as your guidepost, you’ll gain vital insight into where your highest security risk
is and feel confident communicating to the rest of the organization that you’re committed to security control system. In lieu of within the production process, a
excellence workers having to travel long DCS is able to reduce the impact
distances to perform tasks or of a single fault on the overall
gather data, a SCADA system is system.
able to automate this task. Field
devices control local operations A DCS is also commonly used
such as opening or closing of in industries such as
• Industrial Control System valves and breakers, collecting manufacturing, electric power
data from the sensor systems, generation, chemical
Industrial control system (ICS) is a collective term used to describe different types of control systems and and monitoring the local manufacturing, oil refineries,
associated instrumentation, which include the devices, systems, networks, and controls used to operate and/or environment for alarm and water and wastewater
automate industrial processes. Depending on the industry, each ICS functions differently and are built to conditions. treatment.
electronically manage tasks efficiently. Today the devices and protocols used in an ICS are used in nearly every
industrial sector and critical infrastructure such as the manufacturing, transportation, energy, and water SCADA systems are commonly
treatment industries. used in industries involving Actual ICS implementation
pipeline monitoring and control, Implementing an ICS
There are several types of ICSs, the most common of which are Supervisory Control and Data Acquisition water treatment centers and environment may often be a
(SCADA) systems, Distributed Control Systems (DCS), Local operations are often controlled by so- distribution, and electrical hybrid of DCS and SCADA
called Field Devices that receive supervisory commands from remote stations. power transmission and wherein attributes from both
distribution. systems are incorporated.

Types of Industrial Control Systems

Distributed Control System (DCS)
This is a system that is used to
control production systems that Components of an Industrial Control System (ICS) Environment
Supervisory Control and Data Acquisition (SCADA) are found in one location. In a
SCADA is not a system that can
provide full control. Instead its DCS, a setpoint is sent to the
capabilities are focused on controller that is capable of
instructing valves, or even an IT and OT
providing control at the Operational Technology (OT)
supervisory level. SCADA actuator, to operate in such a variables include the hardware
systems are composed of way that the desired setpoint is and software systems that
devices (generally maintained. Data from the field monitors and controls physical
Programmable Logic can either be stored for future devices in the field. OT tasks vary
Controllers (PLC) or other reference, used for simple with every industry. Devices that
commercial hardware modules) process control, or even used for monitor temperature in industrial
that are distributed in various advanced control strategies with environments are examples of OT
locations. SCADA systems can data from another part of the devices
acquire and transmit data, and plant.
are integrated with a Human The convergence of IT and OT
Machine Interface (HMI) that Each DCS uses a centralized provides enterprises greater
provides centralized monitoring supervisory control loop to integration and visibility of the
and control for numerous manage multiple local supply chain– which include their
process inputs and outputs. controllers or devices that are critical assets, logistics, plans,
part of the overall production and operation processes. Having a
The primary purpose of using process. This gives industries good view of the supply chain
SCADA is for long distance the ability to quickly access helps organizations remain
monitoring and control of field production and operation data. competitive. On the flip side,
sites through a centralized And by using multiple devices however, the convergence of OT

and IT allows easier access to to carry out a task and/or local level to be done
these two components that are complete a process. automatically.
targets of cybercriminals. In
many organizations OT
infrastructure is at best poorly Human Machine Interface (HMI) Data Historian
protected against cyber attacks. A graphical user interface (GUI) A data historian is a centralized
application that allows interaction database for logging all process
between the human operator and information within an ICS
Programmable Logic Controller (PLC) the controller hardware. It can environment and then exporting
This is a type of hardware that is also display status information data to the corporate IS. The data
used in both DCS and SCADA and historical data gathered by gathered is then used for process
systems as a control component the devices in the ICS analysis, statistical process
of an overall system. It also environment. It is also used to control, and enterprise level
provides local management of monitor and configure setpoints, planning.
processes being run through control algorithms, and adjust and
feedback control devices such as establish parameters in the
sensors and actuators. controllers.

In SCADA, a PLC provides the

same functionality as Remote Remote Diagnostics and Maintenance What is an ICS System?
Terminal Units (RTU). In DCS, This is a term used to identify,
PLCs are used as local controllers prevent, and recover from
within a supervisory control abnormal operations or failures.
scheme. PLCs are also
implemented as primary
components in smaller control
Control Server
system configurations.
A control server hosts the DCS or
PLC supervisory control software
and communicates with lower-
Remote Terminal Unit (RTU) level control devices.
An RTU is a microprocessor-
controlled field device that
receives commands and sends
SCADA Server or Master Terminal Unit (MTU)
information back to the MTU.
This is a device that issues
commands to RTUs in the field.
Control Loop
Every control loop consists of
Intelligent Electronic Device (IED)
hardware such as PLCs and
A smart device capable of
actuators. The control loop
acquiring data, communicating
interprets signals from sensors,
with other devices, and
control valves, breakers,
performing local processing and
switches, motors, and other
control. The use of IEDs in
similar devices. The variables
control systems like SCADA and What function does a SCADA system fulfill
measured by these sensors are
DCS allows for controls at the
then transmitted to the controller
 However, there are some protocols that only work if the protocols and equipment come from the same
manufacturer. The ICS protocols that are commonly found include: Windows® operating system family
(OLE, COM, and DCOM).

Process Field Bus (PROFIBUS)

PROFIBUS uses RTU to MTU, MTU Building Automation and Control Networks (BACnet)
to MTU, and RTU to RTU This is a communication protocol that
communications in the field. There are is designed to control heating,
two available variants: Profibus DP ventilating, and air-conditioning
(decentralized peripherals), which is control (HVAC); lighting; building
used to operate sensors and actuators access; and fire detection.
through a central controller, and
Profibus PA (process automation),
which is used to monitor measuring Common Industrial Protocol (CIP)
equipment through a process control
A CIP is a set of services and
system. messages for control, security,
synchronization, configuration,
information, and so forth. The ICP can
Distributed Network Protocol (DNP3) be integrated into Ethernet networks
This is a protocol with three layers and the internet. CIP has a number of
operating at the data link, application, adaptations providing
and transport layers. This protocol is intercommunication and integration
widely used in electricity and/or water for different types of networks.
and wastewater treatment plants.

Ethernet for Control Automation Technology (EtherCAT)

Modbus An open-source communications
Since its introduction in 1979, the protocol used to incorporate Ethernet
Modbus is considered one of the into industrial environments.
oldest ICS protocols. Modbus uses EtherCAT is used in automation
serial communications with the PLCs applications with short updating
and has been the de facto cycles (≤ 100μs) and with jitter ≤ 1μs.
communications protocol in an ICS
environment. There are two types of
Modbus implementations: Serial
Modbus – which uses the high-level
data link control (HDLC) standard for
data transmission, and Modbus-TCP – Common Threats to Industrial Control Systems
which uses the TCP/IP protocol stack
to transmit data. In order to improve system functions and productivity, every ICS constantly incorporates new technologies and
software in both IT and OT. With IT and OT merged, they become bigger targets for cybercriminals. One of the
common flaws of security solutions used in OT infrastructure is its inability to protect legacy control systems
Open Platform Communication (OPC) such as SCADA. In addition to that, organizations also have to face the rise of security challenges in new and
Communication within ICS Systems The OPC is a series of standards and emerging technologies, such as cloud computing, big data analytics, and the internet of things (IoT).
specifications for industrial Centralization introduces new and unknown vulnerabilities into the cyber ecosystem.
Devices and control modules in ICS systems relay information through communication protocols. There are communications. The OPC
several communication protocols used through various ICS environments. Most of these protocols are designed specification is based on technologies Attacks on ICS systems are often targeted attacks that use the ICS entry path to gain a foothold inside a system
for specific purposes such as process automation, building automation, power systems automation, and many developed by Microsoft® for the which will allow them to laterally move into the organization. Among the most high-profile cases are
more. These protocols were also developed to ensure interoperability between different manufacturers. the Stuxnet worm, which was used to manipulate centrifuges inside nuclear facilities in Iran, and BlackEnergy,

which affected power generation facilities in Ukraine. Despite most of the attacks focusing on data theft and/or
industrial espionage, both of the aforementioned cases demonstrated how malware had a kinetic effect. The
Trend Micro whitepaper titled Cyber Threats to the Mining Industry explores how the mining industry is
increasingly becoming a target of cyber espionage campaigns. These cyber espionage campaigns are designed How does Mobile Device Security work? 1. Avoid public Wi-Fi A mobile device is only as secure as the network through which it transmits data.
to gain the latest technical knowledge and intelligence that will help some interest groups thrive and maintain Companies need to educate employees about the dangers of using public Wi-Fi networks, which are
competitive advantage. Securing mobile devices requires a multi-layered approach and investment in enterprise solutions. While there
vulnerable to attacks from hackers who can easily breach a device, access the network, and steal data.
are key elements to mobile device security, each organization needs to find what best fits its network.
• What is Mobile Device Security? The best defense is to encourage smart user behavior and prohibit the use of open Wi-Fi networks, no
matter the convenience.
To get started, here are some mobile security best practices: Establish, share, and enforce clear policies and
Mobile Device Security refers to the measures designed to protect sensitive information stored on and
processes Mobile device rules are only as effective as a company’s ability to properly communicate those
transmitted by laptops, smartphones, tablets, wearables, and other portable devices. At the root of mobile
policies to employees. Mobile device security should include clear rules about:
device security is the goal of keeping unauthorized users from accessing the enterprise network. It is one
2. Beware of apps Malicious apps are some of the fastest growing threats to mobile devices. When an
aspect of a complete enterprise security plan. What devices can be used
employee unknowingly downloads one, either for work or personal reasons, it provides unauthorized

Why is Mobile Device Security important? access to the company’s network and data. To combat this rising threat, companies have two options:
Allowed OS levels
instruct employees about the dangers of downloading unapproved apps, or ban employees from
With more than half of business PCs now mobile, portable devices present distinct challenges to network What the company can and cannot access on a personal phone downloading certain apps on their phones altogether.
security, which must account for all of the locations and uses that employees require of the company network.
Potential threats to devices include malicious mobile apps, phishing scams, data leakage, spyware, and Whether IT can remote wipe a device
unsecure Wi-Fi networks. On top of that, enterprises have to account for the possibility of an employee losing
Password requirements and frequency for updating passwords 3. Mobile device encryption: Most mobile devices are bundled with a built-in encryption feature. Users
a mobile device or the device being stolen. To avoid a security breach, companies should take clear,
need to locate this feature on their device and enter a password to encrypt their device. With this
preventative steps to reduce the risk. Password protection method, data is converted into a code that can only be accessed by authorized users. This is important
in case of theft, and it prevents unauthorized access.
One of the most basic ways to prevent unauthorized access to a mobile device is to create a strong password,
and yet weak passwords are still a persistent problem that contributes to the majority of data hacks. Another
What are the benefits of Mobile Device Security?
common security problem is workers using the same password for their mobile device, email, and every work-
Mobile device security, or mobile device management, provides the following: related account. It is critical that employees create strong, unique passwords (of at least eight characters) and
create different passwords for different accounts.
1. Regulatory compliance
2. Security policy enforcement
3. Support of “bring your own device” (BYOD)
4. Remote control of device updates
5. Application control Leverage biometrics Instead of relying on traditional methods of mobile access security, such as passwords,
6. Automated device registration • What are the different types of Mobile Device Security? There are many aspects to a complete security
some companies are looking to biometrics as a safer alternative. Biometric authentication is when a computer
7. Data backup plan. Common elements of a mobile security solution include the following:
uses measurable biological characteristics, such as face, fingerprint, voice, or iris recognition for identification
and access. Multiple biometric authentication methods are now available on smartphones and are easy for
Above all, mobile device security protects an enterprise from unknown or malicious outsiders being able to
workers to set up and use.
access sensitive company data.

The policy framework lays out a mandatory consultation and approval path for each category of policy
1. Enterprise Mobile Management platform: In addition to setting up internal device policies that protect Management tone in any endeavor exists whether policy is formally established or not, and management
instrument and for each type of policy instrument within a category. The Policy Office is responsible for
against unauthorized access, it’s equally important to have an Enterprise Mobile Management (EMM) tone is not the same as formal policy establishment. In the domain of cyber security, policy is a documented determining the categorization of each policy instrument.
platform that enables IT to gather real-time insights to catch potential threats. enterprise agreement on cyber security goals and objectives, and tone is the level of commitment that
If you are working on a policy instrument and you are not sure which category applies, we have developed a
2. Email security: Email is the most popular way for hackers to spread ransomware and other malware. management has toward that documented policy and corresponding enforcement measures.There is no tool to help determine the policy instrument category. Try the interactive tool or view an image.
To combat such attacks, it’s critical for businesses to be armed with advanced email security that can single right way for a decision maker to make sure people are really understanding and following cyber
Contact policy@ontariotechu.ca if you have a policy instrument in need of categorization.
detect, block, and address threats faster; prevent any data loss; and protect important information in security policy. But consciously or unconsciously, every good leader has a method of getting important
transit with end-to-end encryption. messages across (Bayuk 2010). For example, one manager will make it a practice to always be at the same
3. Endpoint protection: This approach protects enterprise networks that are remotely accessed by mobile level of calm in order to get maximum value out of showing emotion with respect to an important issue.
• Cyber Security Goals
devices. Endpoint security protects companies by ensuring that portable devices follow security Another .
standards and by quickly alerting security teams of detected threats before they can do damage. The objective of Cybersecurity is to protect information from being stolen, compromised or attacked.
Cybersecurity can be measured by at least one of three goals-
Endpoint protection also allows IT administrators to monitor operation functions and data backup
strategies.
• Starting a policy project
4. VPN: A virtual private network, or VPN, extends a private network across a public network. This Protect the confidentiality of data.
enables users to send and receive data across shared or public networks as if their computing devices A policy project will arise from an identified policy gap. This means a question, a process, or a responsibility
that is not addressed by any existing policy instrument. Preserve the integrity of data.
were directly connected to the private network. VPNs’ encryption technology allows remote users and
branch offices to securely access corporate applications and resources. A project could take many forms: Promote the availability of data for authorized users.
5. Secure web gateway: A secure web gateway protects against online security threats by enforcing
• Editorial amendments to an existing policy (e.g. changing contact information in a policy) These goals form the confidentiality, integrity, availability (CIA) triad, the basis of all security programs. The
company security policies and defending against phishing and malware in real-time. This is especially • Substantive amendments to an existing policy CIA triad is a security model that is designed to guide policies for information security within the premises of
important for cloud security as this type of protection can identify an attack on one location and • Developing new procedures to support an existing policy an organization or company. This model is also referred to as the AIC (Availability, Integrity, and
• Developing a new policy with supporting procedures Confidentiality) triad to avoid the confusion with the Central Intelligence Agency. The elements of the triad are
immediately stop it at other branches. considered the three most crucial components of security.
6. Cloud access security broker: A cloud access security broker (CASB) is a tool that sits between cloud You should contact policy@ontariotechu.ca when you identify a policy gap for help in deciding the best
approach. The CIA criteria are one that most of the organizations and companies use when they have installed a new
service consumers and cloud service providers to enforce security, compliance, and governance application, creates a database or when guaranteeing access to some data. For data to be completely secure, all
policies for cloud applications. CASBs help organizations extend the security controls of their on- Drafting policy instruments of these security goals must come into effect. These are security policies that all work together, and therefore it
can be wrong to overlook one policy.
premises infrastructure to the cloud. If you are amending an existing policy instrument, contact policy@ontariotechu.ca for the latest approved
version to work from. If an existing policy instrument has not been amended in a long time, the Policy Office • Cybersecurity Taxonomy
• Guidance for Decision Makers will advise if edits are needed to update to the current template. If you are drafting from scratch, you
can retrieve policy instrument templates from our website. The JRC Cybersecurity Taxonomy

Tone at the Top A common taxonomy aligns cybersecurity definitions and terminologies to enable the categorisation of existing
Getting a policy instrument approved institutions and expertise across Europe. This categorisation is crucial to facilitate the potential collaboration
among these institutions and consequently to foster the establishment of the Competence Centre and Network.
Chapter 3 made a brief comparison between the accounting profession and the cyber security profession. The guide to approval path and mandatory consultation steps lays out the mandatory steps for each category and
One reason why this comparison is informative is because many of today’s information security controls type of policy instrument.

were first established as standards by the Electronic Data Processing Auditor’s Association (EDPAA, now Contact policy@ontariotechu.ca for assistance in planning the consultation and approval of a policy instrument. The taxonomy created by the European Commission Joint Research Centre (JRC) is based on a comprehensive
set of standards, regulations and best practices, and it has been validated by different EU cybersecurity
the Information Systems Audit and Control Association, ISACA) (Bayuk 2005). A key take away from that
stakeholders, such as the European Cyber Security Organization (ECSO). It was further enhanced based on
comparison is that the accounting profession’s mantra concerning the integrity of financial management feedback provided by the four cybersecurity research and competence network pilot projects (CONCORDIA,
applies across the board to cyber security management. That is: “the tone is set at the top” (COSO 2009). Determining category and type of policy instrument
ECHO, SPARTA and CyberSec4Europe), which embrace over 160 partners including companies, SMEs, CISA oversees information security policies and practices for Federal Civilian Executive Branch (FCEB)
universities and research institutes. Agencies. CISA develops and oversees information security parameters, works with federal partners to
This affects the other service provider and disturbs the founding principle of net neutrality which says every
bolster their cybersecurity and incident response postures, and safeguards the networks that support our
traffic on a website should be treated equally and should be given a level-playing field and one should not
nation’s essential operations.
be discriminated at the cost of the others. Also, it also throws the very possibility of the Internet of Things
A similar knowledgebase, if integrated with other existing databases (e.g., patents, European projects, research
(IoT) concept to a certain extent
production, scientific profiles), will be also extremely relevant in the assessment of the R&D cybersecurity
position of Europe. This would provide useful information to identify weaknesses and where and how to act to Cybersecurity Directives
reach a homogeneous development of the cybersecurity domain.
CISA develops and oversees the implementation of “binding operational directives” and “emergency • The Indian Registry for Internet Names and Numbers (IRINN) and the Internet Corporation for
directives,” which require action on the part of certain federal agencies in the civilian Executive Branch. Assigned Names and Numbers (ICANN) are both organizations that manage internet names and
numbers:
• Net Neutrality is a principle, which states that all traffic on the internet should be treated equally and
• IRINN
there should be no discrimination by Telecommunication companies/Internet Service Providers. The
• India's national internet registry, IRINN is a non-profit organization that allocates and registers IP
service providers should not differentiate this service with different forms and categories of traffic on
addresses and Autonomous System (AS) numbers. IRINN also coordinates IP address allocation
the internet.
with other internet resource management functions at the national level. IRINN's website provides
information about its services, affiliates, training, education, policy, and events.
• ICANN
With the recent Telecom Regulatory Authority of India’s (TRAI) decision on net neutrality recently, let’s
take a look at the Net Neutrality debate. • A global, non-government, non-profit corporation based in the United States, ICANN manages
internet names and numbers to ensure the internet's stable and secure operation. ICANN's
How can Net Neutrality be categorised? responsibilities include:
All the data on the internet flows in the form of bits of zeroes and ones. • Allocating IP address space
• Assigning protocol parameters
The components of net neutrality say that all these bits of traffic are equal, so internet service providers • Managing the domain name system (DNS)
(ISPs) should not differentiate these bits of data based on their content; usage, the users, or based on the • Managing the root server system
website. • Maintaining and coordinating procedures for several databases related to the internet's namespaces
Which means there should not be any discrimination from the service providers by differentiating one set of and numerical spaces
data or one set of bits and pieces from the other. • Email
• Dating back all the way to the birth of home computing in the 70s, email is a true veteran. Its
What does net neutrality stand for? instantly recognizable “letter writing” format has made it both familiar and accessible to everyone,
and with an estimated 2.9 billion email users worldwide as of 2019, its appeal spans from the
The system of net neutrality is in place since the beginning of the internet and is followed in time and in
• Cyber governance issues unit 3 different parts of the world. It stands for:
personal to the professional. Email is great for sharing files and provides a written record of
• Cybersecurity Governance communications which can be particularly important in a business setting. The main difference
between email and instant messaging, however, is generally the speed of communication and
Cybersecurity governance is a comprehensive cybersecurity strategy that integrates with organizational susceptibility to junk and spam mail.
operations and prevents the interruption of activities due to cyber threats or attacks. Features of Equal access to all sites •
cybersecurity governance include: Same data cost to access a site(there should be no price differential ) •
•
No zero-rating (Read about it below) PROS CONS
Accountability frameworks What is Zero-rating? EASY ACCESS — ANYONE WITH A Speed— unlike instant messaging or instant chat, email
Decision-making hierarchies Zero-rating (also called toll-free data or sponsored data) is the practice of mobile network operators (MNO), COMPUTER OR SMARTPHONE CAN SIGN relies on the recipient retrieving the message from the
mobile virtual network operators (MVNO), and Internet Service Providers (ISP) not to charge end UP FOR A UNIQUE EMAIL ADDRESS FROM mail server. This means that you don’t really know when
Defined risks related to business objectives ANY PROVIDER. THEY ARE USUALLY the recipient has viewed the message.
customers for data used by specific applications or internet services through their network, in limited or
Mitigation plans and strategies FREE AND CAN BE USED TO CONTACT
metered data plans. Ex: Some service providers build bulk websites, bulk content and application allows
ANY OTHER EMAIL ADDRESS
Oversight processes and procedures users to access for free of cost but when the other service provider charges to get access to the same data REGARDLESS OF PROVIDER.
then it is obvious that users will opt the service that is available for free of cost.
How does CISA support Cybersecurity Governance?

GROUP MESSAGES— PARTICULARLY Junk & Spam — the deluge of junk and spam mail is a • It is clear then, that the email vs instant messaging debate places the two mediums into different
USEFUL FOR BUSINESS daily nightmare. In fact, the billions of spam messages camps. As a general rule, email lends itself towards business communications whereas instant
COMMUNICATIONS, GROUP MESSAGING sent everyday are seriously impacting productivity. messaging is better for informal chat..
ALLOWS YOU TO SEND A SINGLE MAIL
TO A LARGE NUMBER OF RECIPIENTS.
EACH RECIPIENT CAN THEN
PARTICIPATE IN THE GROUP.

ARCHIVING— EMAIL ALLOWS EASY Malware— email is particularly susceptible to malware

ARCHIVING AND ENSURES YOU HAVE A and viruses. Attachments and links sent through email
WRITTEN RECORD OF PREVIOUS can easily catch anyone off guard, and a variety of
MESSAGES, THREADS, AND viruses can be spread this way.
ATTACHMENTS.

•
•

• Instant Messaging
• When comparing email vs instant messaging, it’s interesting to look at the history behind them both.
Instant messaging is a relative newcomer but has been gradually growing in popularity. Today, there
are billions of active users spread across popular chat alternatives such as WhatsApp, Facebook
Messenger, and Skype to name but a few. It is fast, responsive, and very easy to use, however, it
lacks the gravitas of email and is generally considered suitable only for informal messaging.
•
What is Malvertising?
•
Cyber attacks are extremely dangerous attacks executed on the Internet. Cyber attacks give unauthorized access
PROS CONS
to hackers/ cyber criminals of the users or the organizations of the computer system. Modern times have recorded
a huge increase in cyber attacks conducted every second. Cyber attacks are very dangerous in nature because the
Instant— messages are received on the device Intrusive— unlike email, it’s hard to ignore the data which the cyber criminals aim for attacking is important to the user/ organization and confidential data has • Malvertising is a new form of attack adopted by cyber attackers that makes use of online
instantly whenever the recipient is online. constant notifications and, if you turn alerts off, you been stored on the computer systems for performing certain operations. advertisements for spreading malicious software into computer systems.
Notifications ensure that received messages are risk negating the benefits of its instant nature. • Malvertising is the synonym for malware advertising. The mechanism of malvertising includes the
acknowledged. injection of harmful malware/malicious code through advertisements that users unknowingly click.
The click of the user then directs them to dangerous, malicious websites.
• Online advertisements that are authenticated by computer systems become dangerous when
Responsive— unlike email, instant messaging tends Proprietary— when communicating through chat malvertising is a part of them.
to elicit a response much faster. People are alternatives, both parties must use the same chat
generally more willing to reply immediately. service. Working:

• Malvertising attacks can be complex in nature and use many other techniques to execute the attack.
Brief— the difference between email and instant Lack of Archiving— it may be difficult, or even Typically, attackers first compromise a third-party server that allows cybercriminals to inject
messaging is that the latter is usually brief and to impossible to archive your chats and refer back to malicious code into display ads or their elements, such as Banner ads, creative images, or video
the point. Instant messaging follows a stream of shared information at a later date. content.
consciousness type format follows the informal • Once a website visitor clicks on it, the broken code in the ad installs malware (malware) or adware
rules of a casual chat. on the user’s computer. Attackers can also redirect users to malicious websites and use deception
or social engineering techniques to facilitate attacks.
• Malvertising attacks can also run exploit kits, a form of malware designed to scan a system and
exploit vulnerabilities or holes in it.

Example: Arkady Bukh recently published a story on the geography of cybercrime. In the article he points to the Enigma
Software study that ranks the USA as #1 in multiple categories: Share of malicious computer activity, malicious
• Angler Exploit Kit: This malvertising attack is an example of drive-by downloads. It automatically code rank, phishing websites hosted, attack origin rank. Unfortunately, the site does not say when or how often Cybercrime that compromises privacy
redirects visitors to malicious websites, and exploit kits can exploit vulnerabilities in popular web the report is updated. It's interesting to note that most people, even those in the cybersecurity field, would not
extensions such as Adobe Flash, Microsoft Silverlight, and Oracle Java. correctly guess the rest of the list (aside from China at #2). One metric not available in the report is the financial
• RoughTed: RoughTed used the Amazon cloud, Content Delivery Network, and an ad exchange impact of these crimes.
network to advertise through a changing URL campaign. This campaign was able to get past ad- Cybercrime violates individuals' privacy and the security of their data, particularly hacking, malware, identity
blockers and many antivirus solutions. The cybercriminals behind RoughTed used this campaign to As noted Mr. Bukh, Russia comes in at only #12 on this list but is well known to be the source of some of the theft, financial fraud, medical fraud, and certain offences against persons that involve the revealing of personal
steal information from victims. highest quality and most costly cybercrimes in history. In 2013, Reuters produced a similar piece on the topic, information, messages, images, and video and audio recordings without individuals' consent or permission (e.g.,
• KS Clean: It is a malvertising campaign targeting malvertising in mobile applications. Once reaching some of the same conclusions. cyberstalking, cyberharassment, and cyberbullying discussed in Module 12 on Interpersonal Cybercrime).
downloaded, the malware triggers in-app notifications, alerting users to security concerns and
prompting them to update the app. However, if the user agrees to the upgrade, the installation It's very interesting to compare these cybercrime statistics with a geographic distribution of antivirus vendors:
process does complete and the cybercriminal is granted administrative rights to their mobile device.
Data is considered a commodity online and offline by both legal and illegal actors (Maras, 2016). For this reason,
data is a primary target of cybercriminals. Data also plays an integral role in the commission of many cybercrimes,
• Impersonation is the act of pretending to be someone else to deceive, defraud, or harm others. It primarily because it is not adequately protected and can be illicitly accessed and obtained. Data breaches have
can be used for legitimate purposes, such as changing a user's permissions without changing Identity resulted from lost or stolen encrypted flash drives and other storage devices (mainly laptop and smartphones),
and Access Management (IAM) policies. For example, impersonation can be used to: poor system and data security, unauthorized access to the database or the exceeding of authorized access to a
1. Temporarily grant a user elevated access database, and accidental disclosure, release or publication of data. Some notable examples of data breaches
2. Test if a specific set of permissions is enough for a task include:
3. Develop applications that can only run as a service account
4. Authenticate applications that run outside of Google Cloud
However, impersonation can also be used for malicious purposes, such as phishing, identity theft, account India's national centralized government ID database (Aadhaar), which stores the biometric data (i.e., thumbprints
takeover, and in-person impersonation. Impersonators can use various mediums, such as social media, email, or and iris scans) and identity data of 1.2 billion Indians, and is used to verify nationals' identities for financial,
phone calls, to manipulate their targets for personal gain. For example, email impersonation attacks are a type of government, utilities, and others services, was subjected to a database breach in 2018, resulting in the compromise
phishing attack where the attacker impersonates a legitimate sender to trick the recipient into clicking on a of identity data, such as access names, twelve-digit identity number, phone numbers, email addresses, and postal
codes, but not the biometric data (Safi, 2018; Doshi, 2018).
malicious link or attachment. These attacks can be used to steal sensitive information, deliver malware, or dupe
an employee into transferring money to a fraudulent account.
The information of approximately 30 million South Africans was leaked online in 2017, including their names,
genders, income, employment history, identity numbers, phone numbers, and home addresses, because of a data
breach suffered by one of the top real estate companies in the country, Jigsaw Holdings (Fihlani, 2017; Gous,
The highest density of antivirus vendors is in the former USSR, China, and the USA. In general, these groupings 2017).
align with the geographic sources of malware. One could assume that the conditions that foster the creation of
malware may also foster the growth of anti-malware companies. Over three billion Yahoo users' data were compromised in 2013, including names, email addresses, passwords
(with encryption that could be easily bypassed) and birth dates (Newman, 2017).
Since the 20th century, the Made in America moniker has been associated with higher quality goods when To maximize their protection, consumers and businesses should take advantage of antivirus scanning from at least
compared to imported alternatives, at least when these goods are targeted at the American consumer. For three main geographic regions. Scanning high-risk files with an anti-malware engine from the USA, Russia or Deloitte, a global consulting firm was accessed through an unsecured account compromising the usernames,
manufactured or assembled products, it's hard to know when this label indicates that the product was actually Eastern Europe, and from China can provide increased rate of detection especially for new or unknown malware. passwords, among other information, of approximately 350 clients (Hopkins, 2017).
made in the United States. For cyber-attacks, which carry no label, it's even more difficult to track their origin. This is due in part to the nature of signature-based detection and whether malware sample sharing between anti-
This happens for many reasons, the most obvious one being this: Cybercriminals strive to remain anonymous, malware companies takes place. The personal data (i.e., national identifier, name, gender, parents' names, home address, date of birth, and city of
and their 'products' rarely carry telltale signs of their origin. birth) of over 49 million Turkish citizens was made available in 2016, through an online searchable database
OPSWAT offers multiple free products that make this type of scanning easy. Metascan Online can be used for (Greenberg, 2016).
The topic of geolocating cybercriminals has been elevated to international politics with the Obama scanning files on demand and is also available as a browser plugin. Gears, for Windows and Mac, is a tool that
administration's decision to impose sanctions on North Korea in response to the Sony Pictures hacking incident. uses Metascan Online to perform a quick daily system scan. Gears is free for up to 25 devices. The personal and biometric data of over 55 million voters in the Philippines were compromised in 2016, after
Hopefully, the FBI's assessment is accurate, because as recent as February 4th, it is still unclear that North Korea black hat hackers (for information on the distinction between black, white, and grey hat hackers, see Module 2
was the sole culprit. on General Types of Cybercrime; see also Radziwill et al., 2015; Chatelain, 2018b) gained unauthorized access
to the Commission of Election (COMELEC) website (Tan, 2016)..
 • Patented material – Patents are given to inventors in order to protect their inventions. In most cases, • Political strategies, affiliations and communications
patents are valid for 20 years from filing with the US Government. Business owners and individuals • Military intelligence
What is Intellectual Property Theft and why is protecting your IP so important? seek patents so that others are unable to take their ideas and claim them for themselves. In some cases
this can be a bit tricky as people can reverse engineer inventions and tweak them, therefore avoiding
intellectual property theft.
• Trademarks – Trademarks are “words, phrases, symbols, or designs, or a combination thereof, that
With the online space becoming more crowded, cloud computing becoming the mainstream, and just about identifies and distinguishes the source of the goods of one party from those of the others” according to
everything located on the internet, stealing intellectual property has become easier than ever before. the USPTO. For example, trademarks often relate to images, colors, logos, mottos or slogans, etc.
• Trade secrets – Trade secrets are confidential pieces of information that give a business a competitive
advantage. For example, a recipe for a specific type of food or drink or even a work method, distribution
Intellectual property can be movies, music, content on the web, software and more. You can think of IP as system, strategies, etc. This is why companies make people sign non-disclosure agreements and list
creations and not necessarily physical products. But, this doesn’t mean that the damage is less than other types trade secrets in contracts in advance to confirm that their information is considered secret and therefore,
of theft. IP theft damage is estimated at hundreds of billions of dollars a year according to the Commission of protected.
the Theft of American Intellectual Property.
What does IP threat mean and how can you protect yourself? This piece will look at intellectual property theft
and how to manage your IP to stay safe. What is Cyber Espionage?

Cyber espionage, or cyber spying, is a type of cyberattack in which an unauthorized user attempts to access
What is Intellectual Property Theft?
sensitive or classified data or intellectual property (IP) for economic gain, competitive advantage or political
reasons.
Intellectual property theft is one someone steals an idea, creative expression, or invention from an individual or
a company. IP theft can refer to someone stealing patents, copyrights, trademarks, or trade secrets. This includes Why Is Cyber Espionage Used?
names, logos, symbols, inventions, client lists, and more. Intellectual property theft cases are exceptionally
common and require smart intellectual property management software in order to be avoided. Cyber espionage is primarily used as a means to gather sensitive or classified data, trade secrets or other forms of
Is intellectual property theft a crime? IP that can be used by the aggressor to create a competitive advantage or sold for financial gain. In some cases,
the breach is simply intended to cause reputational harm to the victim by exposing private information or
Yes! Most intellectual property theft cases are considered federal cases (therefore federal crimes). Companies or questionable business practices.
individuals that can identify who stole their IP can bring them to court and in some cases, serious penalties can
be given to the criminals. These include fines, imprisonment, civil charges, suspension of licenses, etc. Cyber espionage attacks can be motivated by monetary gain; they may also be deployed in conjunction with
military operations or as an act of cyber terrorism or cyber warfare. The impact of cyber espionage, particularly
when it is part of a broader military or political campaign, can lead to disruption of public services and
The history of intellectual property theft infrastructure, as well as loss of life.
Common Cyber Espionage Tactics
IP theft is not a new phenomenon. The idea of intellectual property dates back to the 1700s (British Statute of Cyber Espionage Targets
Anne-1710) when the idea of patents and copyrights were coming into place and the term intellectual property Most cyber espionage activity is categorized as an advanced persistent threat (APT). An APT is a sophisticated,
was born. Over time, the concept of IP theft has changed drastically, especially with the introduction of new The most common targets of cyber espionage include large corporations, government agencies, academic sustained cyberattack in which an intruder establishes an undetected presence in a network in order to steal
technologies. From manufacturing processes and ideas in the industrial revolution to cybersecurity attacks and institutions, think tanks or other organizations that possess valuable IP and technical data that can create a sensitive data over a prolonged period of time. An APT attack is carefully planned and designed to infiltrate a
threats in the 21st century, IP theft has changed its face multiple times over the years. competitive advantage for another organization or government. Targeted campaigns can also be waged against specific organization and evade existing security measures for long periods of time.
individuals, such as prominent political leaders and government officials, business executives and even
celebrities.
What are the four types of intellectual property? Executing an APT attack requires a higher degree of customization and sophistication than a traditional attack.
Cyber spies most commonly attempt to access the following assets: Adversaries are typically well-funded, experienced teams of cybercriminals that target high-value organizations.
When discussing intellectual property and IP theft, we usually break IP down into four different categories. They’ve spent significant time and resources researching and identifying vulnerabilities within the organization.
• Research & Development data and activity
• Academic research data
• IP, such as product formulas or blueprints
• Copyrighted material – Things that are copyrighted are usually creative expressions and may include Most cyber espionage attacks also involve some form of social engineering to spur activity or gather needed
• Salaries, bonus structures and other sensitive information regarding organizational finances and
poems, books, paintings, and software. Individuals, as well as businesses, may copyright their work in information from the target in order to advance the attack. These methods often exploit human emotions such as
expenditures
order to protect it from being used by others without explicit permission. excitement, curiosity, empathy or fear to act quickly or rashly. In doing so, cybercriminals trick their victims
• Client or customer lists and payment structures
• Business goals, strategic plans and marketing tactics into giving up personal information, clicking malicious links, downloading malware or paying a ransom.

critical website used by citizens, military personnel, safety personnel, scientists, or others to disrupt critical management, establishing that no user or workload is trusted by default. It requires all users, devices, and
operations or systems. application instances to prove they are who or what they present themselves to be and that they are authorized
Electrical power grid to access the resources they seek.
Hacking the electrical power grid could give an attacker the ability to disable critical systems, crippling
infrastructure and causing the deaths of thousands. Further, an attack on the electrical power grid could disrupt
• Cyber Sabotage is yet another new wrinkle in the emerging threats from cyber space. Whether communications, making it impossible to use services like text messaging or telecommunication.
delivered over the internet or purposefully installed during the manufacturing process, contaminated Propaganda
Propaganda attacks involve trying to control the minds or hearts of the people living in or fighting for the Training employees on password and credential security also plays a significant role in protecting IT
hardware or software is now a concern. Sabotage is defined as deliberate and malicious acts that infrastructure. Often, the human element can be the weakest link in an organization’s security strategy, and the
result in the disruption of the normal processes and functions or the destruction or damage of targeted country. Propaganda can be used to expose embarrassing truths or to spread lies that cause people to
lose faith in their country—or even sympathize with the enemy. relentless pace of intrusion attempts means even a brief and seemingly minor lapse in the security perimeter can
equipment or information. cause significant damage.
Economic disruption
The Department of Defense operates and estimated 3.5 million PCs and 100,000 local-area networks at 1,500 Most modern economic systems depend on computers to function. Attacking the computer networks of
sites in 65 countries. In one study a common piece of network equipment sold by a US company was found to economic facilities like stock markets, payment systems, or banks can give hackers access to funds or prevent
have nearly 70 percent of the components produced by foreign suppliers. This equipment is critical to our their targets from getting the money they need to live or engage in cyber or other warfare.
security as well as our economy. If we cannot trust the computer equipment out of the box, then where are we? Surprise cyberattack And because new types of threats can arise at any time, or disasters can have greater-than-anticipated effects, a
These refer to the kinds of cyberattacks that would have an effect similar to Pearl Harbor or 9/11—massive
At this point it would be impractical to validate each and every computer before we place it into operations. robust and frequent backup strategy provides a vital safety net for business continuity. With data volumes
strikes that catch the enemy off guard, weakening their defenses. They could be used to weaken the opponent in
steadily growing, enterprises should look for a data protection solution that ensures continuous availability via
preparation for a physical attack as a form of hybrid warfare.
Cyberwarfare Definition and Nature simple, fast recovery from disruptions, globally consistent operations, and seamless app and data mobility
Cyberwarfare is a series of strategic cyber attacks against a nation-state, causing it significant across multiple clouds.
harm. This harm could include disruption of vital computer systems up to the loss of life. Cyberwarfare is .
typically defined as a set of actions by a nation or organization to attack countries or institutions' computer
network systems with the intention of disrupting, damaging, or destroying infrastructure by computer • Cyber infrastructure issues Unit 4
viruses or denial-of-service attacks. And the hope is that effective cyber threat intellegence tools can
reduce the harms done by these attacks. Why is infrastructure security important?
What Does Cyberwarfare Look Like? Common security threats to IT infrastructure
Cyberwarfare can take many forms, but all of them involve either the destabilization or destruction of critical As more business is done digitally and enterprises increasingly rely on data to inform critical business
systems. The objective is to weaken the target country by compromising its core systems. Cyber threats to technology infrastructure range from phishing attempts and ransomware attacks to distributed decisions, protecting the resources that make these activities possible takes on greater importance. And with
This means cyber warfare may take several different shapes: denial of service (DDoS) exploits and Internet of Things (IoT) botnets. Physical dangers include natural more devices having access to corporate networks, more users accessing valuable enterprise intellectual
1. Attacks on financial infrastructure disasters such as fires and floods, civil unrest, utility outages, and theft or vandalism of hardware assets. Any of property (IP) using unsecured public networks in locations around the world, and more data being generated
2. Attacks on public infrastructure like dams or electrical systems these have the potential to cause business disruption, damage an organization’s public reputation, and have and consumed across edges and clouds, many organizations have an expanding attack surface vulnerable to
3. Attacks on safety infrastructure like traffic signals or early warning systems significant financial consequences. threats.
4. Attacks against military resources or organizations
Cyberwarfare vs. Cyber War
Options for securing IT infrastructure
Cyberwarfare is different from cyber war in that cyberwarfare typically refers to the techniques used while
engaging in cyber war. For example, a state-sponsored hacker may try to hack into the Bank of England as an
act of cyber warfare while engaging in a cyberwar against England and its allies. Typical elements of physical protection include access control, surveillance systems, security guards, and Criminals, hacktivists, hostile national-state actors, terrorists, and others are using increasingly sophisticated
perimeter security. To protect their digital perimeter, organizations will implement firewalls, penetration testing, methods to target organizations of all sizes around the world and across industry sectors. And not all security
What Are the Types of Cyberwarfare? network monitoring, virtual private networks (VPNs), encryption technologies, and training programs to teach threats have malicious intent; human error and natural disasters can also pose dangers to the integrity of an
Espionage employees how to identify and respond to phishing emails and other attempts to steal their network credentials. organization’s technology infrastructure. To safeguard business continuity, having a strategy in place to address
Espionage refers to spying on another country to steal secrets. In cyberwarfare, this may involve using both cyber and physical security across all key systems and assets, including those at the edge and in the cloud,
a botnet or spear-fishing attack to gain a foothold in a computer before extracting sensitive information. is a critical requirement to operate in today’s digitally connected world.
Sabotage
With sensitive information identified, organizations then need to determine the potential threats presented to
Best practices for infrastructure security
this data. This includes third parties that may want to steal the data, competitors that could gain an advantage by
stealing information, and insider threats or malicious insiders like disgruntled workers or negligent employees
Increased interconnectivity and the increased adoption of cloud services, microservices, and software What are the different levels of infrastructure security?
Denial-of-Service attack
A denial-of-service (DoS) attack involves flooding a website with fake requests, forcing the site to process components across different cloud platforms and at corporate network edges make securing technology
those requests, thereby making it unavailable for legitimate users. This kind of attack could be used to cripple a infrastructure both more complex and more important than ever. Adopting zero-trust security architectures is Many enterprise IT infrastructure security frameworks will address four types, or levels, of security.
one way enterprises are addressing this challenge. Zero trust is a philosophical approach to identity and access

Today, the assessment that a major cyberattack poses a threat to financial stability is axiomatic— not a question
of if, but when. Yet the world’s governments and companies continue to struggle to contain the threat because it
Data remains unclear who is responsible for protecting the system. Increasingly concerned, key voices are sounding
the alarm. In February 2020, Christine Lagarde, president of the European Central Bank and former head of the
As more data is generated and stored in more locations (core data centers, colocations, multiple clouds, and International Monetary Fund, warned that a cyberattack could trigger a serious financial crisis. In April 2020,
edges), protecting this data becomes more complex. The increasing number of devices connect to enterprise the Financial Stability Board (FSB) warned that “a major cyber incident, if not properly contained, could
networks due to bring-your-own-device (BYOD) policies, IoT adoption, and more, meaning that a growing seriously disrupt financial systems, including critical financial infrastructure, leading to broader financial
number of endpoints, or entry points into enterprise networks, must be protected. Some common enterprise stability implications.” The potential economic costs of such events can be immense and the damage to public
endpoint security measures include URL filtering, anti-virus tools, sandboxing, secure email gateways, and trust and confidence significant.
endpoint detection and response (EDR) tools. Data encryption technologies also help protect data by encoding it
so that only users with the correct decryption key may access it. Two ongoing trends exacerbate this risk. First, the global financial system is going through an unprecedented
digital transformation, which is being accelerated by the COVID-19 pandemic. Banks compete with technology
companies; technology companies compete with banks. Meanwhile, the pandemic has heightened demand for
online financial services and made work-from-home arrangements the norm. Central banks around the globe are
considering throwing their weight behind digital currencies and modernizing payment systems. In this time of
Application transformation, when an incident could easily undermine trust and derail such innovations, cybersecurity is
more essential than ever.
Outdated software can contain vulnerabilities that cyber attackers can exploit to gain access to IT systems.
Ensuring software and firmware updates are distributed and applied across the enterprise network, known as Second, malicious actors are taking advantage of this digital transformation and pose a growing threat to the
patching, helps close security holes as well as provide new functionality, performance improvements, and bug global financial system, financial stability, and confidence in the integrity of the system. The pandemic has even
fixes for enterprise applications. supplied fresh targets for hackers. The financial sector is experiencing the second-largest share of COVID-19–
related cyberattacks, behind only the health sector, according to the Bank for International Settlements.
Who is behind the threat?
More dangerous attacks and ensuing shocks should be expected in the future. Most worrisome are incidents that
Network
corrupt the integrity of financial data, such as records, algorithms, and transactions; few technical solutions are
currently available for such attacks, which have the potential to undermine trust and confidence more broadly.
A firewall typically provides the first line of defense in network security. It serves as a barrier between an The malicious actors behind these attacks include not only increasingly daring criminals—such as the Carbanak
enterprise’s trusted network and other untrusted networks, such as public Wi-Fi. By monitoring incoming and group, which targeted financial institutions to steal more than $1 billion during 2013–18—but also states and
outgoing network traffic based on a set of rules, it only allows network traffic that has been defined in the
state-sponsored attackers (see table). North Korea, for example, has stolen some $2 billion from at least 38
security policy to access resources on the trusted network. Multi-factor authentication (MFA) also protects the
enterprise network by requiring two or more forms of verification before allowing access to network resources. countries in the past five years.

Physical

The most robust cyber protection cannot protect your technology assets from physical theft, vandalism, or
natural disasters. Data recovery plans that incorporate offsite backups located in different geographies are also a
part of a physical security strategy.

This is a global problem. While cyberattacks in high-income countries tend to make headlines, less attention is
Cyber threats to the financial system are growing, and the global community must cooperate to protect it paid to the growing number of attacks on softer targets in low- and lower-middle-income countries. Yet it is in
In February 2016, hackers targeted the central bank of Bangladesh and exploited vulnerabilities in SWIFT, the those countries where the push toward greater financial inclusion has been most pronounced, leading many to
global financial system’s main electronic payment messaging system, trying to steal $1 billion. While most leapfrog to digital financial services such as mobile payment systems. Although they do advance financial
transactions were blocked, $101 million still disappeared. The heist was a wake-up call for the finance world inclusion, digital financial services also offer a target-rich environment for hackers. The October 2020 hack of
that systemic cyber risks in the financial system had been severely underestimated.
Uganda’s largest mobile money networks, MTN and Airtel, for example, resulted in a major four-day disruption PHI data has high value on the black market. The value of PHI to threat actors is high, due to the richness of • Enterprises may also be liable for the damage caused by the loss or theft of third-party data. A cyber
of service transactions. personal information that these records contain that can be used for identity theft, healthcare insurance fraud insurance policy can protect the enterprise against cyber events, including acts of cyber terrorism,
and other malicious activities. Therefore, each medical record can fetch hundreds of dollars on the black market and help with the remediation of security incidents.
— a lot more than a stolen credit card number, for example.
The responsibility gap • For example, hackers breached Sony’s PlayStation Network in 2011 and exposed the data of 77
Breaches cause material damage (hence, victims’ greater willingness to pay attackers to free themselves from
million users. The attack also prevented PlayStation Network users from accessing the service for 23
Despite the global financial system’s increasing reliance on digital infrastructure, it is unclear who is ransomware). Disruption in the work of healthcare facilities and inaccessibility of patient data that may be
days. Sony incurred costs of over $171 million that could have been covered by cyber insurance.
responsible for protecting the system against cyberattacks. In part, this is because the environment is changing required to perform critical procedures can, literally, cost lives. Plus, privacy regulations like HIPAA impose
However, it did not have a policy, so it had to shoulder the total costs of the cyber damage.
so quickly. Without dedicated action, the global financial system will only become more vulnerable as massive fines for PHI disclosure. Penalties for HIPAA violations related to “privacy, security, breach
innovation, competition, and the pandemic further fuel the digital revolution. Although many threat actors are notification and electronic health care transactions” can reach $1.81 million per calendar year.
focused on making money, the number of purely disruptive and destructive attacks has been increasing;
Types of Attacks • Global Threat Landscape Report 2H 2023
furthermore, those who learn how to steal also learn about the financial system’s networks and operations,
which allows them to launch more disruptive or destructive attacks in the future (or sell such knowledge and According to HHS Office of Information Security’s “2020: A Retrospective Look at Healthcare Cybersecurity,”
capabilities to others). This rapid evolution of the risk landscape is taxing the responsiveness of an otherwise ransomware attacks accounted for almost 50% of all healthcare data breaches. In 2021, threat actors extorted • FortiGuard Labs Global Threat Landscape Report 2H 2023 shows Cybercriminals Exploiting New
mature and well-regulated system. from healthcare organizations ransomware payments averaging $910,335, per BakerHostetler’s 2021 Data Industry Vulnerabilities 43% Faster than 1H 2023.
Security Incident Response Report.
• What is Healthcare Cybersecurity? • Download Now
• How Does Cyber Insurance Work?
Healthcare cybersecurity is a strategic imperative for any organization in the medical industry — from
In respect of specific attack types, the 2021 Verizon Data Breach Investigations Report states that 86% of • The cybersecurity insurance process works in a similar way to other forms of insurance. Policies are
healthcare providers to insurers to pharmaceutical, biotechnology and medical device companies. It involves a
covered healthcare breaches were caused by: sold by many suppliers that provide other forms of business insurance, such as errors and omissions
variety of measures to protect organizations from external and internal cyber attacks and ensure availability of
insurance, liability insurance, and property insurance. Cyber insurance policies will often include
medical services, proper operation of medical systems and equipment, preservation of confidentiality and
first-party coverage, which means losses that directly impact an enterprise, and third-party coverage,
integrity of patient data, and compliance with industry regulations.
1. Errors (including mis-delivery) which means losses suffered by other enterprises due to having a business relationship with the
2. Web application attacks affected organization.
An Industry Under Attack 3. System intrusions, including those involving credential theft
• A cyber insurance policy helps an organization pay for any financial losses they may incur in the
The healthcare industry has historically been a primary target of cyber attacks. As of January 7, 2022, the Office event of a cyberattack or data breach. It also helps them cover any costs related to the remediation
for Civil Rights of the U.S. Department of Health and Human Services (HHS) was investigating 860 data process, such as paying for the investigation, crisis communication, legal services, and refunds to
breaches reported in the preceding 24 months; each breach exposed protected health information (PHI) of 500 customers.
or more individuals. One hundred nineteen (or 13.8%) of these breaches involved “Business Associates”— • What Is Cyber Insurance?
vendors and other third parties who had access to sensitive patient data — with the largest breach affecting 3.25 • Cybersecurity insurance (cyber insurance) is a product that enables businesses to mitigate the risk of • What risks does cyber insurance cover?
million people. According to the 2021 Cost of a Data Breach Report by IBM and Ponemon Institute, the average cyber crime activity like cyberattacks and data breaches. It protects organizations from the cost of • Insurance for cybersecurity typically includes first-party coverage of losses incurred through data
cost of a healthcare breach was $9.23 million, more than twice the $4.24 million average for all industries. internet-based threats affecting IT infrastructure, information governance, and information policy, destruction, hacking, data extortion, and data theft. Policies may also provide coverage for legal
which often are not covered by commercial liability policies and traditional insurance products. expenses and related costs. Although policies may vary by provider and plan, the main areas that
cyber insurance covers include:
Threat actors view healthcare organizations as attractive targets for at least three reasons: • Cyber insurance coverage works the same way as businesses would purchase insurance against
physical risks and natural disasters. It covers the losses an enterprise may suffer as a result of a • Customer notifications: Enterprises are usually required to notify their customers of a data breach,
cyberattack. especially if it involves the loss or theft of personally identifiable information (PII). Cyber insurance
Healthcare organizations have an extensive and often unprotected attack surface. In addition to attack vectors often helps businesses cover the cost of this process.
common to all enterprises, healthcare organizations deal with a wide range of connected medical devices • Why Is Cyber Insurance Important? • Recovering personal identities: Cybersecurity insurance coverage helps organizations restore the
(Internet of Medical Things, IoMT), usage of personal endpoints that may lack adequate endpoint security at • Cyber insurance is increasingly becoming essential for all companies as the risk of cyberattacks personal identities of their affected customers.
healthcare facilities (BYOD), and numerous third parties having access to sensitive patient data and critical against applications, devices, networks, and users grows. That is because the compromise, loss, or • Data breaches: incidents where personal information is stolen or accessed without proper
assets in hospital settings. Further, the proliferation of home working and virtual doctor’s visits (telehealth) theft of data can significantly impact a business, from losing customers to the loss of reputation and authorization.
prompted by COVID-19 and the rapidly rolled out but not always properly secured supporting IT infrastructure revenue. • Data recovery: A cyber liability insurance policy usually enables businesses to pay for the recovery
have created even more opportunities for attackers. of any data compromised by an attack.

• System damage repair: The cost of repairing computer systems damaged by a cyberattack will also documentation courtesy of an approved assessment tool. The information accrued from an audit will intellectual property, business disruption and the potential to destabilise the economy. With the proliferation of
be covered by a cyber insurance policy. guide the type of insurance policy the provider can offer and the cost of any premiums. dark web access, terrorism has become more decentralised, hence more problematic to police.
• Ransom demands: Ransomware attacks often see attackers demand a fee from their victims to
In order to combat and prevent such a prevalent risk, the Australian government is encouraging education
unlock or retrieve compromised data. Cyber insurance coverage can help organizations cover the
providers to include more cyber security courses in order to equip more people with cyber security
costs of meeting such extortion demands, although some government agencies advise against paying • Policies often vary between different providers. Therefore, it is best to review any details carefully to countermeasures. Cyber security countermeasures include designing a secure system that prevents cyber
ransoms as doing so only makes these attacks profitable for criminals. ensure the required protections and provisions are covered by the proposed policy. The policy also attacks because the system is impenetrable and solid. Similar strategies used in international relations apply
• Attack remediation: A cyber insurance policy will help an enterprise pay for legal fees incurred needs to provide protection against currently known and emerging cyber threat vectors and profiles.
in cyber security countermeasures such as deterrence as a means of intimidation.
through violating various privacy policies or regulations. It will also help them hire security or
computer forensic experts who will enable them to remediate the attack or recover compromised How to upskill to cyber security with a non-technical background
data. • Three Steps To Reduce Cyber Risk
• Liability for losses incurred by business partners with access to business data. • Cyber risk is a significant concern for companies of all sizes and across all industries. Organizations
• Cyber risks excluded from cyber insurance coverage need to take decisive action to strengthen their cyber defenses and manage their cyber risk through The beauty of humanities and liberal arts degrees is the focus on having an analytical mindset and sharp critical
• A cybersecurity insurance policy will often exclude issues that were preventable or caused by human the combination of cyber insurance, secure devices, domain expertise, and technology. thinking skills. Cyber security is all about problem-solving, thinking a step ahead of the attacker and an ethical
error or negligence, such as: desire to protect our society from cybercrime. Cyber security suits people who are passionate about
deconstructing ideas in order to construct a policy report that adheres to compliance. Subject matter experts that
• Poor security processes: If an attack occurred as a result of an organization having poor • Step 1—Assess: The first step in reducing cyber risk is to assess cyber readiness with a respected have worked at think tanks would be a perfect match for a cyber security role.
configuration management or ineffective security processes in place professional services organization. This process includes carrying out a security audit before The best method to gain cyber security skills is to upskill to a practical skills training program with an industry-
• Prior breaches: Breaches or events that occurred before an organization purchased a policy providing appropriate cyber insurance. focused curriculum. This method will ensure that you are complimenting your existing skillset with in-demand
• Human error: Any cyberattack caused by human error by an organization’s employees • Step 2—Implement: The next step is to implement technology that protects the elements an capabilities and accelerating your career in a resourceful manner. The Institute of Data’s cyber security
• Insider attacks: The loss or theft of data due to an insider attack, which means an employee was organization intends to take out cyber insurance against. This can include an anti-malware solution program is a timely option to gain cyber security skills that will supplement your non-technical background.
responsible for the incident to protect the enterprise against the threat of malicious software.
• The career paths for professionals with a mixed skillset of cyber security and politics
• Preexisting vulnerabilities: If an organization suffers a data breach as a result of failing to address or Step 3—Insurance: The first two steps enable an organization to prove they have the necessary
correct a previously known vulnerability processes and technologies in place to qualify for cyber insurance from a provider. A mixed skillset of cyber security and humanities is in demand because you have a combination of highly
• Technology system improvements: Any costs related to improving technology systems, such as sought after technical skills as well as an international relations perspective. Below are two sectors you can find
hardening applications and networks a variety of roles with the aforementioned mixed skillset.
• Does Cyber Insurance Mean Cyber Defense • The role of cyber security in international relations Governance and policy
• Cyber insurance should not be considered in place of effective and robust cyber risk management.
All companies need to purchase cyber insurance but should only consider it to mitigate the damage For those of you that enjoy research and proposing policy to combat cybercrime with effective cyber security
caused by a potential cyberattack. Their cyber insurance policy needs to complement the security Cyber security plays a crucial role in international relations and it will remain a significant element countermeasures, the governance and policy sector is a great sector for you. This field requires a lot of writing
processes and technologies they implement as part of their risk management plan. in government policy. As many companies and organisations take their business online to boost the economy, so a passion for words is essential. You will be spending a lot of time researching terms and conditions
their network is at risk to cyber criminals looking to infiltrate the system for their own benefit. Cyber attacks are regarding cyber incidents internationally in order to determine the type of policy you will write. You will need
more advanced threatening individuals, businesses and governments. Due to the vast impact cybercrime has to have a strategic mindset to ascertain that the policy covers the business’ needs.
• Cyber insurance suppliers analyze an organization’s cybersecurity posture in the process of issuing a across all networks and systems, naturally, world leaders are obliged to combat this issue.
Intelligence
policy. Having a solid security posture enables an enterprise to obtain better coverage. In contrast, a
Cyber security plays an integral role in every government’s defence policy with policy advisors in talks
poor security posture makes it more difficult for an insurer to understand their approach, resulting in Those of you that enjoy analysing a lot of information in order to produce a persuasive story will find a
regarding the implication of technology on international security. Every business needs to have cyber security
ineffective insurance purchases. rewarding career in intelligence. Cyber counterterrorism analyst roles fall under this category because the daily
countermeasures in place with a well-structured cyber security policy and best practices guide for employers to
tasks merge with intelligence as you will find yourself investigating and researching terrorist activities. Getting
adhere to. As the world continues to depend on online services to get through their everyday lives, businesses
a job in intelligence requires an ethical mindset because you are working with confidential and sensitive
are held accountable for protecting their customers. This has a significant impact on international relations with
• Furthermore, failing to invest in appropriate or effective cybersecurity solutions can result in information in order to strengthen international security.
businesses, governments and organisations compelled to work together to prevent cybercrime leading to the rise
enterprises either failing to qualify for cyber insurance or paying more for it. What are the salary expectations and future career outlook for a cyber security professional with a
of international cooperation.
humanities background?
The rise of global cyberterrorism and its cyber security countermeasures
• How to choose the right cyber insurance policy? World leaders are concerned about the growing cases of cybercrime and devising strategies to combat the rise
• Pricing cyber risk will typically depend on an enterprise’s revenue and the industry they operate in. of global cyberterrorism. Global cyberterrorism presents serious consequences for businesses such as the loss of
To qualify, they will likely need to allow an insurer to carry out a security audit or provide relevant

The Australian public service is a rather competitive sector to get into because of its many benefits and higher
salary outlook. Here is a list of different government organisations offering governance
& policy and intelligence roles as well as the salary expectations.
Australian Federal Police
The AFP offers a variety of non-policing roles for cyber counterterrorism analysts and intelligence analysts. The
average salary for an intelligence analyst is $99,292 as of 2019.
Australian Secret Intelligence Service (ASIS) & Australian Security Intelligence Organisation (ASIO)
ASIS and ASIO both employ intelligence analysts but both departments have different functions. ASIS is
focused on foreign intelligence that will enhance Australia’s national defence and international relations. ASIO
gathers intelligence to alert the government about any threats to Australia’s security. The salary expectations for
an entry-level intelligence officer role ranges from $80,775 to $111,390 depending on your skillset.
Department of Foreign Affairs and Trade (DFAT)
DFAT looks for outstanding and patriotic professionals that have a mixed skillset, especially those with the
ability to speak Asian and Indo-Pacific languages. Securing a role in DFAT requires an analytical mindset and a
passion for problem-solving which coincides with the skills you need to excel in cybersecurity.
Conclusion
Contribute to strengthening international security with a mixed skillset of cyber security and international
relations. Getting a job in this field requires the determination to continue learning and upskilling to remain a
step ahead of cyber criminals.
If you are interested in upskilling in cyber security, book a consultation with an Institute of Data consultant
today.