INFORMATION

SECURITY AND
CYBER LAW

Submitted by: Bishesh Shakya

What is cybersecurity?
Cybersecurity is the practice of protecting internet-connected systems such
as hardware, software and data from cyberthreats. It's used by individuals
and enterprises to protect against unauthorized access to data centers and
other computerized systems.

An effective cybersecurity strategy can provide a strong security

posture against malicious attacks designed to access, alter, delete, destroy
or extort an organization's or user's systems and sensitive data.
Cybersecurity is also instrumental in preventing attacks designed to disable
or disrupt a system's or device's operations.

An ideal cybersecurity approach should have multiple layers of protection

across any potential access point or attack surface. This includes a
protective layer for data, software, hardware and connected networks. In
addition, all employees within an organization who have access to any of
these endpoints should be trained on the proper compliance and security
processes. Organizations also use tools such as unified threat
management systems as another layer of protection against threats. These
tools can detect, isolate and remediate potential threats and notify users if
additional action is needed.

Cyberattacks can disrupt or immobilize their victims through various

means, so creating a strong cybersecurity strategy is an integral part of any
organization. Organizations should also have a disaster recovery plan in
place so they can quickly recover in the event of a successful cyberattack.

Why is cybersecurity important?

With the number of users, devices and programs in the modern enterprise
increasing along with the amount of data -- much of which is sensitive or
confidential -- cybersecurity is more important than ever. But the volume and
sophistication of cyberattackers and attack techniques compound the problem even
further.
Without a proper cybersecurity strategy in place -- and staff properly trained on
security best practices -- malicious actors can bring an organization's operations to
a screeching halt.

What are the elements of cybersecurity and how does

it work?
The cybersecurity field can be broken down into several different sections, the
coordination of which within the organization is crucial to the success of a
cybersecurity program. These sections include the following:

 Application security.

 Information or data security.

 Network security.

 Disaster recovery and business continuity planning.

 Operational security.

 Cloud security.

 Critical infrastructure security.

 Physical security.

 End-user education.

Maintaining cybersecurity in a constantly evolving threat landscape is a challenge

for all organizations. Traditional reactive approaches, in which resources were put
toward protecting systems against the biggest known threats while lesser-known
threats were undefended, are no longer a sufficient tactic. To keep up with
changing security risks, a more proactive and adaptive approach is necessary.
Several key cybersecurity advisory organizations offer guidance. For example, the
National Institute of Standards and Technology (NIST) recommends adopting
continuous monitoring and real-time assessments as part of a risk assessment
framework to defend against known and unknown threats.
What are the benefits of cybersecurity?
The benefits of implementing and maintaining cybersecurity practices
include the following:

 Business protection against cyberattacks and data breaches.

 Protection of data and networks.

 Prevention of unauthorized user access.

 Improved recovery time after a breach.

 Protection for end users and endpoint devices.

 Regulatory compliance.

 Business continuity.

 Improved confidence in the company's reputation and trust for

developers, partners, customers, stakeholders and employees.

What are the different types of cybersecurity threats?

Keeping up with new technologies, security trends and threat intelligence is
a challenging task. It's necessary in order to protect information and other
assets from cyberthreats, which take many forms. Types of
cyberthreats include the following:

 Malware is a form of malicious software in which any file or

program can be used to harm a user's computer. Different types
of malware include worms, viruses, Trojans and spyware.

 Ransomware is a type of malware that involves an attacker

locking the victim's computer system files -- typically through
encryption -- and demanding a payment to decrypt and unlock
them.

 Social engineering is an attack that relies on human interaction.

It tricks users into breaking security procedures to gain sensitive
information that's typically protected.
 Phishing is a form of social engineering in which fraudulent email
or text messages that resemble those from reputable or known
sources are sent. Often random attacks, the intent
of phishing messages is to steal sensitive data, such as credit
card or login information.

 Spear phishing is a type of phishing that has an intended target

user, organization or business.

 Insider threats are security breaches or losses caused by

humans -- for example, employees, contractors or customers.
Insider threats can be malicious or negligent in nature.

 Distributed denial-of-service (DDoS) attacks are those in which

multiple systems disrupt the traffic of a targeted system, such as a
server, website or other network resource. By flooding the target
with messages, connection requests or packets, DDoS
attacks can slow the system or crash it, preventing legitimate
traffic from using it.

 Advanced persistent threats (APT) is a prolonged targeted

attack in which an attacker infiltrates a network and remains
undetected for long periods of time. The goal of an APT is to steal
data.

 Man-in-the-middle (MitM)) attacks are eavesdropping attacks

that involve an attacker intercepting and relaying messages
between two parties who believe they're communicating with each
other.

 SQL injection is a technique that attackers use to gain access to

a web application database by adding a string of malicious SQL
code to a database query. A SQL injection provides access to
sensitive data and enables the attackers to execute malicious
SQL statements.
Cybersecurity best practices
To minimize the chance of a cyberattack, it's important to implement and follow a
set of best practices that includes the following:

 Keep software up to date. Be sure to keep all software, including

antivirus software, up to date. This ensures attackers can't take
advantage of known vulnerabilities that software companies have
already patched.

 Change default usernames and passwords. Malicious actors might be

able to easily guess default usernames and passwords on factory preset
devices to gain access to a network.

 Use strong passwords. Employees should select passwords that use a

combination of letters, numbers and symbols that will be difficult to
hack using a brute-force attack or guessing. Employees should also
change their passwords often.

 Use multifactor authentication (MFA). MFA requires at least two

identity components to gain access, which minimizes the chances of a
malicious actor gaining access to a device or system.

 Train employees on proper security awareness. This helps employees

properly understand how seemingly harmless actions could leave a
system vulnerable to attack. This should also include training on how to
spot suspicious emails to avoid phishing attacks.

 Implement an identity and access management system

(IAM). IAM defines the roles and access privileges for each user in an
organization, as well as the conditions under which they can access
certain data.

 Implement an attack surface management system. This process

encompasses the continuous discovery, inventory, classification and
monitoring of an organization's IT infrastructure. It ensures security
covers all potentially exposed IT assets accessible from within an
organization.
 Use a firewall. Firewalls restrict unnecessary outbound traffic, which
helps prevent access to potentially malicious content.

 Implement a disaster recovery process. In the event of a successful

cyberattack, a disaster recovery plan helps an organization maintain
operations and restore mission-critical data.