Technical

Cyberattacks: Explanation and Prevention

Speed Lines Of Light And Stripes Over Technology Background

“If you know the enemy and know yourself, you need not fear the result of a hundred battles.”

-Niccolo Machiavelli, The Prince

While I may not agree with all of Niccolo Machiavelli’s ideas, this quote sums up cybersecurity nicely; if you have knowledge of what to look out for, coupled with knowledge of how to defend yourself, then cybersecurity doesn’t need to be something to fear.

Did you know the NSA data center in Utah undergoes approximately 300,000,000 hacking attempts per day? Per day! That is nearly as many hacking attempts every day as there are people in the United States. Some major insurance companies estimate that if their cybersecurity measures failed, their servers would be compromised in minutes. What was once a campy trope in tech-oriented action movies is now reality: The internet is the Wild West, and cackling mustachioed villains in black hats abound.

My purpose in this series is to turn out their pockets, but before we get too far into the nitty-gritty details, there are three concepts that we need to cover to ensure that we are on the same page: AssetsVulnerabilities, and Controls.

These three concepts are the core of cybersecurity thought, and the three questions you need to ask yourself in relation are:

Assets: What do I need to protect?

Vulnerabilities: Where are my weaknesses?

Controls: How am I going to mitigate those weaknesses?

 

Assets

Network Cable With High Tech Technology Color Background

network cable with high tech technology color background

Assets are defined as “property owned by a person or company, regarded as having value and available to meet debts, commitments, or legacies.” In business, an asset is any portion of the operation that is designated as important to the continuance of that operation. CERT generally divides assets into four categories:  people to perform and monitor the operation, information and data to both feed and be produced by the operation, technology to automate and support the operation, and facilities in which to perform the operation. These are the portions of your business that must be protected!

 

Vulnerabilities

Finance And Stock Market Data Graph

Finance and stock market data graph.

In cybersecurity, a vulnerability is a weakness within established systems, controls, or processes that can be used by cybercriminals to infiltrate, exfiltrate, vandalize, or take control of those systems or data contained within them. Vulnerabilities are closely associated with avenues of attack, and will be mostly what are focused on in this series of blogs. It is important to realize that a vulnerability does not have to be within a computer system; employees who are careless with data or credentials count as well!

 

 

Controls

It Engineer In Action Configuring Servers

An IT engineer is configuring the servers in a data center.

Simply put, controls are the mitigations put in place to prevent or curb cyber-attacks. These can be anything from firewalls, obfuscated credentials, and abstracted code to training employees on data protection standards and distributing permissions, to minimalist access. Just like vulnerabilities, these are only partially digital; the behavior and training of those handling the data is just as important!

 

 

Next Time:  Cookie Spoofs, Explained and Prevented!

 

Thoughts on “Cyberattacks: Explanation and Prevention”

  1. Excellent article, Michael! I’m looking forward to learning more about cookie spoofing.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Michael Cheatham

I am a CDDO Technical Consultant and have a background in Azure DevOps and NSX with Hashicorp Terraform, with a special interest in cybersecurity and automation. I am a father of four children and live in South Louisiana, operating out of the Lafayette Delivery Center.

More from this Author

Subscribe to the Weekly Blog Digest:

Sign Up
Categories
Follow Us
TwitterLinkedinFacebookYoutubeInstagram