Index

CYBER SECURITY, DETECTION THREATS AND MITIGATION

By:#Abakpa Blessing

1.1 INTRODUCTION Cybersecurity is one of the foremost
concerns for individuals and organizations because of the historical behavior of the attacker. Cybersecurity which might even be called
information security is that the techniques or method of protecting the network, program, computer, and data from unauthorized access or
attacks aimed for exploitation. According to previous research when the internets first came to existence a half-century ago, security wasn’t a difficulty of concern.

The foremost focus then was a way to make this new packet-based networking scheme work. it absolutely was
impossible at the time for anyone else to access the fledgling network. because of the rising use of internet today, a contemporary surge in cyberattacks which became a difficulty of concern to everyone, and therefore the advantage of hindsight, it’s easy to work out how ignoring security was a large flaw which gave rise to cybersecurity.

1.2 DESCRIPTION Cybersecurity is created up of:
1) Application Security
2) Information Security
3) Disaster recovery
4) Network Security APPLICATION SECURITY: Application security is that the measures taken during the event life-cycle to guard applications against attacks that will come through flaws within the application design, development, deployment, upgrade, or maintenance. Some basic techniques used for application security are

a) Input parameter validation,
b) User/Role
Authentication & Authorization,
c) Session management, parameter manipulation and exception management, and d) Auditing and logging.

INFORMATION SECURITY: Measures taken to guard information against unauthorized access or attacks so as to avoid fraud and to guard
privacy. the subsequent are the foremost techniques used:
a) Identification, authentication, and authorization of the user,
b) Cryptography.
DISASTER RECOVERY: it involves performing risk assessment, establishing priorities, developing recovery strategies just in case of a disaster or attack. it’s expedient for organizations or individuals to possess a concrete plan just in case of disaster or attack.

NETWORK SECURITY: it includes activities to guard the usability, reliability, integrity, and safety of the network. Network security is equally important because it targets a range of threats and stops unauthorized access from entering or spreading on the network. a) Anti-virus and anti-spyware,
b) Firewall, to dam unauthorized access to your network,
c) Intrusion prevention systems (IPS), to spot fast-spreading threats, like zero-day or zero-hour attacks, and d) Virtual Private Networks (VPNs), to produce secure remote access.

1.3 WAYS TO DETECT,
CONTAIN AND CONTROL CYBERSECURITY As an organization aimed to cut back or eliminate threats or attacks there are some important
concepts that require to be considered. The followings are tips that will help a corporation detect, contain, and control cyber-attacks.

i. Security control: one amongst the basic step in protecting organizations date, computer, program, and data is to form sure security control are in situ and active like regular patching, restrictive administrative access, two-factor authentication or verification, and network segmentation where appropriate or necessary and alert when there’s unauthorized access trying to access the organization information.

ii. Network monitoring: Enterprises should implement network monitoring functionality like Netflow and collect logs from any device that records indemnity usage as he enables organizations to make red flags associated with fraud, data loss, and abnormal activity on a day-to-day basis. there’s also a need for detailed information on incoming emails sure because the content and heading as this may help or allow cybersecurity teams to cycle back to the origin of the incident.

iii. Continuous Endpoint Monitoring: With continuous endpoint monitoring, organizations are able to cultivate a keen perception of individuals, processes, and machines – translating user activity on the tipping point to policies as this helps to detect the usual behavior of users.

This also helps the safety team of the organization respond faster and spend less time doing traditional forensic work trying to know attacker movements and intentions. the bulk of attacks start with the host or employee, so continuous endpoint monitoring may be a major evolution in security posture, and significant for expedited incident response.

iv. User Awareness: it’s expedient or advisable that organizations not only educate the staff on organizational policies and government mandate but also the risk that poses a threat to the well-being of the organization. it’s also imperative that the safety team of the organization educate the staff away to identify once they became the target of the attackers. When the information is combined with good technology and processed with great employees, a corporation can stand an opportunity against the advanced threats, contain and control cyber-attacks.

1.4 THREAT
DETECTION AND MITIGATION. It is obvious and evident that individuals and organizations are struggling to detect and forestall
cyberattacks, despite significant effort. there’s also a growing realization that reliably detecting attacks is extremely difficult collectively in five attacks is being detected within every week. Effective detection is critical in establishing cyber resilience. Responding to and recovering from an attack is basically dependant on the reliable, timely detection of a spread of threats or attacks. The followings are some detection threat face by organizations: Use of the identical approach Most organizations’ approaches remain the identical like the utilization of perimeter although attention is shifting from the perimeter to network-level detection, to endpoint visibility.

Modern attack techniques like phishing are usually successful at bypassing perimeter controls. If the attack isn’t detected at the perimeter, or by the user, most organizations find it difficult to detect and forestall an attacker’s subsequent actions. it’s expedient that organizations not only specialize in perimeter but also attempt to specialize in post-exploitation detection; trying to find the steps an attacker will use so as to realize their objectives. Over-reliant on automated technology Organizations relied on deployed technology to detect threats and serve them with necessary alerts, using increasingly sophisticated analysis techniques, from event correlation and heuristics to machine learning.

Yet deployed monitoring technology is manipulated and so defeated or evaded by attackers skilled in this area. Focus on operational efficiency instead of effectiveness Organization conventional assessments of security monitoring teams tend to concentrate on operational efficiency instead of effectiveness; doing things well, without necessarily doing the proper things pro re nata. prior to now organization lack the potential and opportunity to detect the threat and will not watch for a happening or attack to be told of control failure or techniques. Although red team exercises do provide a safer learning opportunity but yet concentrate on a narrow set of activities and fail to produce a border set of activities for appraisal of detection capability.

There are increasing opportunities to use technological solutions to the challenges above, in numerous and more useful ways. One area is offensive security skills, a scarce yet integral part of building a good detection capability. in a very post-exploitation situation, an organization must understand the stage an attacker is at, and crucially what their next move could be. this enables a corporation as a defender not only to anticipate and intervene but offers the opportunity to travel back and search within the right places for further information.

1.5 CONCLUSION In today’s world, it’s not about simply understanding whether or not it’s possible for an attacker to infiltrate and attack a corporation. Rather, the main target is a way to use every weapon in an organization armory to know as complete an image as possible of all the ways an attacker might try to get in and attack the organization. The longer attackers remain within the organization, the more damage they’ll cause, and also the more material possession they’ll steal.

it’s imperative that today’s organizations mustn’t focus solely on
keeping attackers out, but on ensuring that the attacker stays within the network for as little time as possible and constantly striving to further reduce attacks on the organization. The attacker might return but when attackers experience a corporation attuned to attacks, they quickly realize that whether or not they found an open door the organization would immediately detect them, and boot them out. As sure they’re going to then go someplace else, in search of a less-
protected organization

Leave a Comment

Your email address will not be published. Required fields are marked *

error: Alert: Content is protected !!