Cybersecurity

Information Cybersecurity
Overview

By Suhazlan Suhaimi
20th March 2024
Topic Learning Outcome:

1. Acquire a thorough understanding of the history and evolution of cybersecurity, from

early computer viruses to modern-day sophisticated cyber threats, to appreciate the
importance of proactive defense measures in safeguarding digital assets and privacy.
2. Develop the ability to identify common attack vectors and vulnerabilities within
organizational systems and networks, enabling proactive measures to strengthen defenses
and mitigate the risk of successful cyber intrusions.

Engagement
Watch the following videos to gain an overview of cybersecurity.
https://youtu.be/Yr0xPVFcf-U?feature=shared&t=1

1
Learning Material

1.1 History and Trends Cybersecurity

Cybersecurity is like a shield for our digital world, protecting our information from bad guys
who try to steal or damage it. Over time, these bad guys have become more skilled and have
found new ways to attack, like through our smart devices or the internet cloud.

Cybersecurity 1940s
In the 1940s, the groundwork for cybersecurity was laid with the emergence of digital
computers. These early computers were massive and restricted to a select few individuals
due to their high cost and limited availability. Since they were isolated and not connected
to networks, the risk of cyber threats was minimal during this time. However, the
development of these machines marked the beginning of a new era in computing, setting
the stage for the future evolution of cybersecurity measures.

Cybersecurity 1950s
In the 1950s, the seeds of cybersecurity were sown as people began to explore the
potential of computer systems. This decade saw the emergence of phone phreaking, where
enthusiasts tinkered with telephone systems to explore their inner workings. While not
directly related to computers, this subculture laid the foundation for later hacking
practices. Additionally, the term "hacking" began to take shape during this time,
originating from the activities of individuals who sought to understand and modify high-
tech train sets at the MIT Tech Model Railroad Club.

Cybersecurity 1960s
In the 1960s, cybersecurity took its first steps as computers became more widespread. The
creation of ARPANET, the precursor to the internet, laid the foundation for modern
connectivity. However, the concept of cybersecurity emerged gradually, as researchers and
enthusiasts began to understand the potential risks associated with computer systems. This
decade also saw the birth of computer worms, such as the Creeper worm, which prompted
the development of early antivirus programs to protect against malicious software.

2
Additionally, the introduction of password-based access control systems marked an
important milestone in securing computer systems from unauthorized access.

Cybersecurity 1970s
In the 1970s, cybersecurity started to become a concern as computers became more
prevalent. This decade witnessed the birth of ARPANET, the precursor to the internet,
which laid the groundwork for modern communication networks. However, with increased
connectivity came new challenges, as cyber threats began to emerge. High-profile cyber-
attacks, such as those targeting National CSS, AT&T, and Los Alamos National
Laboratory, highlighted the vulnerability of computer systems to malicious actors.
Additionally, the release of the movie "War Games" in 1983 popularized the concept of
cyber threats, raising public awareness about the potential dangers of digital networks.
This decade also saw the introduction of terms like "Trojan Horse" and "computer virus,"
reflecting the growing awareness of cybersecurity issues among researchers and
practitioners.

Cybersecurity 1980s

In the 1980s, cybersecurity emerged as a critical concern with the rise of computer
networks and increased reliance on digital technologies. This decade saw a surge in cyber
attacks, including high-profile incidents targeting government agencies,
telecommunications companies, and research institutions. The release of the movie
"WarGames" in 1983 raised public awareness about the potential risks of cyber threats,
popularizing terms like "Trojan Horse" and "computer virus." The threat of cyber
espionage also escalated during the Cold War, highlighting the need for robust security
measures to protect sensitive information.

Cybersecurity 1990s
In the 1990s, cybersecurity became increasingly important as the internet became more
widespread. With more people putting their personal information online, cybercriminals
saw new opportunities for data theft. This decade witnessed a surge in network security
threats, prompting the mass production of firewalls and antivirus programs to protect
against viruses and other malicious software. As businesses and individuals alike relied
more on digital technologies, securing data and systems became paramount. However,

3
despite efforts to enhance cybersecurity measures, cyber-attacks continued to evolve and
become more sophisticated.

Cybersecurity 2000s
In the 2000s, cybersecurity encountered significant challenges as digital technologies
became more essential to daily life. This decade saw a remarkable increase in cybercrime,
with organized crime groups funding professional cyberattacks. Governments responded
by imposing stricter penalties for hacking offenses, highlighting the growing seriousness
of cyber threats. Additionally, as the internet continued to expand, so did the prevalence of
viruses and other malicious software. The emergence of ransomware as a prominent threat
emphasized the need for robust cybersecurity measures to safeguard against data breaches
and financial losses.

Cybersecurity 2010s
In the 2010s, cybersecurity faced significant challenges as technology continued to
advance rapidly. With the widespread adoption of mobile devices, cloud computing, and
the Internet of Things (IoT), the attack surface expanded, presenting new vulnerabilities
for cybercriminals to exploit. High-profile data breaches, such as those at Equifax and
Yahoo, underscored the importance of strong cybersecurity measures to protect sensitive
information. The rise of state-sponsored cyber-attacks, such as those attributed to Russia
and North Korea, further highlighted the evolving threat landscape. Additionally, the
emergence of new technologies, such as artificial intelligence and blockchain, offered both
opportunities and challenges for cybersecurity professionals. Despite efforts to improve
security awareness and implement stronger defences, cyber-attacks continued to evolve in
sophistication and scale. Overall, the 2010s were a transformative decade for
cybersecurity, marked by the ongoing battle to secure digital assets in an increasingly
interconnected world.

4
1.2 Definition of Cybersecurity Fundamentals

Cybersecurity fundamentals form the cornerstone of protecting digital systems and data,
encompassing essential principles and practices aimed at thwarting malicious cyber threats and

ensuring the integrity, confidentiality, and availability of information.

1.2.1 Authentication

Authentication is the process of verifying the identity of a user or system attempting to

access a resource, such as a computer system, network, application, or data.
Authentication typically involves presenting credentials, such as a username and
password, biometric data (e.g., fingerprints or facial recognition), security tokens, or
cryptographic keys, which are then compared against stored authentication data to
determine whether access should be granted or denied. The goal of authentication is to
prevent unauthorized access to sensitive information or resources, thereby maintaining
the security and integrity of the system.

1.2.2 Authorization

Authorization is the process of granting or denying access to specific resources,

functionalities, or data within a system or application to authenticated users or systems.
Authorization ensures that users can only access the resources and perform the actions
that they are explicitly allowed to, according to their assigned permissions or roles. It
plays a crucial role in maintaining the security and integrity of a system by preventing
unauthorized users from accessing sensitive information or performing unauthorized
actions.

1.2.3 Encryption
Encryption is the process of converting plaintext or data into a coded form, known as
ciphertext, to prevent unauthorized access or interception during transmission or storage.
It employs algorithms and cryptographic keys to scramble the original data in such a way
that it becomes unreadable without the corresponding decryption key. Encryption ensures
confidentiality and privacy by making it extremely difficult for unauthorized parties to
decipher the encrypted data, even if they manage to intercept it. It is widely used in

5
various applications, including secure communication channels, data storage, online
transactions, and protecting sensitive information such as passwords, personal data, and
financial records.

There are different types of encryption methods, including symmetric encryption, where
the same key is used for both encryption and decryption, and asymmetric encryption,
where a pair of keys (public and private) are used.

Encryption Types

1. Symmetric encryption is faster and more efficient for encrypting large amounts of
data
2. Asymmetric encryption provides better security for sharing sensitive information
over insecure channels like the internet.

1.2.4 OTP

OTP stands for "One-Time Password." It is a unique and temporary password generated
for a single login session or transaction and is typically valid for only a short period.
OTPs are commonly used as an additional layer of security in multi-factor authentication
systems to verify the identity of users before granting them access to a system,
application, or service.

1.2.5 Scam
A scam is a deceptive or fraudulent scheme designed to cheat individuals or organizations
out of money, personal information, or other valuables through deceit, trickery, or
manipulation. Scams often involve false promises, misrepresentation of facts, or
exploitation of vulnerabilities to persuade victims to part with their money or assets under
false presences. Scammers may use various tactics, such as fake websites, phishing
emails, phone calls, or impersonation of legitimate entities, to deceive their targets and
illicitly obtain their resources.

Type of Scams
1. Investment fraud
2. Lottery scams

6
3. Romance scams
4. Identity theft
5. Phishing attacks

The ultimate goal of a scam is to enrich the perpetrator at the expense of the victim, often
leaving the victim with financial losses, emotional distress, or other negative
consequences.

1.2.6 Phishing
Phishing is when bad actors try to trick you into giving away your personal information,
like passwords or credit card numbers, by pretending to be someone you trust. They
might send fake emails or messages that look real, asking you to click on links or provide
sensitive information. If you fall for it, they can steal your identity or money.

1.2.7 Investment Scam

An investment scam is a deceptive scheme where individuals or organizations promise
high returns on investments but fail to deliver or use the invested funds for illegitimate
purposes. These scams often involve false claims, misrepresentation of investments, or
high-pressure tactics to persuade people to invest their money. Typically, perpetrators of
investment scams lure victims with promises of quick profits or guaranteed returns, often
using sophisticated marketing techniques to appear legitimate. However, in reality, the
investments may not exist or may be much riskier than portrayed, resulting in financial
losses for investors. Investment scams can take various forms, including Ponzi schemes,
pyramid schemes, fraudulent trading platforms, or fake investment opportunities.

1.2.8 Hacking
Hacking is when someone tries to enter computer systems or networks without
permission. Some hackers do this to find and fix security problems (ethical hackers),
while others do it for bad reasons, like stealing information or causing trouble (malicious
hackers). The goals of hacking are:
1. Stealing sensitive information, compromising system integrity, disrupting
services, to causing financial harm or reputational damage to victims.

7
 2. For personal gain or malicious purposes, others may pursue ethical hacking
practices, known as penetration testing or white-hat hacking, to identify and
address security vulnerabilities before they are exploited by malicious actors.

1.2.9 Cracking
Cracking is like breaking into a digital lock to use software or access things without
permission. It's usually done to get around paying for software or accessing something
you're not supposed to. Cracking is illegal and goes against the rules.

1.2.10 Impressions
An impression refers to any trace or record left behind by an action, event, or entity
within a digital system or network. Impressions can include various types of data, such as
logs, audit trails, timestamps, user activities, network traffic, or system events. By
examining impressions, cybersecurity professionals can gain insights into the behaviour
of users, applications, and systems, helping to identify abnormal or suspicious activities
that may indicate unauthorized access, malware infections, or other security threats.

1.2.11 CIA
In the context of cybersecurity, CIA stands for Confidentiality, Integrity, and Availability.
These three principles represent the core objectives of information security:
1. Confidentiality: Ensures that information is only accessible to authorized individuals
or systems. It involves protecting sensitive data from unauthorized access or
disclosure.
2. Integrity: Involves maintaining the accuracy, trustworthiness, and reliability of
information. Information should not be altered or tampered with in an unauthorized or
undetected manner.
3. Availability: Ensures that information and resources are consistently and readily
accessible to authorized users when needed. It involves preventing disruptions or
downtime that could impact the availability of services.

8
1.3 Field of Cybersecurity and The Current Workforce Gap
The rise in cyberattacks fueled by a thriving marketplace for stolen data necessitates a deep
understanding of the dark web's workings, crucial for future cybersecurity professionals
collaborating with law enforcement. With cybercriminals employing diverse tactics like man-
in-the-middle and denial-of-service attacks, comprehending their motivations becomes
paramount in protecting IT assets. However, addressing the significant cybersecurity
workforce gap demands concerted efforts from education institutions, industry stakeholders,
and governments worldwide to bridge the talent shortage and fortify defenses against
evolving cyber threats.

1.3.1 The Market Stolen Data

The rise in cyberattacks is fueled by the marketplace for stolen data, similar to how stolen
goods are sold by criminals to "fences" in non-cybercrimes. In the cyber realm, criminals
sell specific data on the dark web, a hidden part of the internet. Law enforcement finds it
challenging to trace and prosecute criminals operating on the dark web. Unlike the open
web accessible to the public, the dark web is only reachable via specialized browsers like
Tor. It's like a hidden mall where illegal data is traded. Understanding the dark web is
crucial for future cybersecurity professionals, who will need to collaborate with law
enforcement to combat cybercrime effectively. They must shift focus from deterring and
recovering from attacks to identifying and prosecuting cybercriminals.

1.3.2 Cybersecurity Method

The TCP/IP model facilitates data transfer between computers using binary values over
networks. Cyberattacks like man-in-the-middle or denial of service disrupt this process,
causing network breakdowns. Cybercriminals have specific methods of operation and
goals, leading to malicious cyberattacks that compromise data integrity. These attacks can
involve unauthorized access, data changes, or asset disruption, posing serious threats.
Protecting IT assets from threats, such as malware or intellectual property theft, is crucial.
Cyberattacks vary in goals and types, with attackers aiming for different outcomes.
Understanding attackers' motivations is key to addressing threats effectively. Different
cyber attackers have distinct skill levels and motivations, categorized to help
cybersecurity professionals identify and counter threats effectively.

9
1.3.3 The Cybersecurity Workforce Gap
The cybersecurity workforce of the future faces a significant gap between available
positions and qualified candidates. This shortage, estimated at 1.8 to 3.5 million positions,
poses challenges for industry and government in recruiting skilled professionals. The
emergence of new technology skills like machine learning and big data analytics in
cybersecurity adds to this gap. As cyber threats evolve, organizations struggle to find and
retain cybersecurity talent to combat increasingly sophisticated attackers. Education and
training institutions worldwide are finding it hard to keep up with the demand for
cybersecurity talent. Shortages exist for various cybersecurity roles, emphasizing the need
for highly skilled technical professionals who can design secure systems and develop
advanced tools to prevent and mitigate cyber threats. Efforts are being made to bridge this
gap through degree programs, industry training, and certification programs, but the
diversity of skills required in cybersecurity remains a significant challenge for the future
workforce.

1.3.4 Challenges to Global Business and Government

Cybersecurity differs from industries like healthcare or finance as it operates globally
using a universal communication protocol. The global nature of cybersecurity presents
challenges for data security and creates a competitive global marketplace for skilled
professionals. To address this, a robust management model is needed to recruit, train, and
manage a diverse international cybersecurity workforce. The future of cybersecurity will
involve a global workforce with workers from various backgrounds, requiring strong
ethics and privacy protocols. Businesses and governments face challenges in securing
data, including selecting cybersecurity consultants, hiring and retaining cybersecurity
professionals, and integrating cybersecurity practices into their operations. The global
cybersecurity workforce gap impacts economic vitality, innovation, and job creation.
Governments can play a crucial role in establishing policies, national cybersecurity
strategies, and developing skilled cyber experts to combat growing cyber threats.
Initiatives such as new education programs, certifications, and government strategies aim
to bridge the talent gap and educate the next generation of cybersecurity professionals to
address the evolving cyber landscape effectively.

10
 1.3.5 Managing Risk
Organizations assess their risk appetite to determine how much effort and investment they
are willing to make to protect their data. This impacts the type of cybersecurity workforce
they will need. A minimal security approach limits the workforce to basic tasks, while a
stringent approach requires a more robust workforce. Cybersecurity professionals must
understand and align with the organization's risk appetite, balancing risk management
with performance needs. Effective cybersecurity risk management involves identifying,
analysing, and addressing threats across the organization, involving everyone in the
process. The National Institute of Standards and Technology's Risk Management
Framework (RMF) offers a structured approach to managing information security and
privacy risks, applicable to organizations of all sizes and sectors. It integrates security and
privacy measures into system development, ensuring a comprehensive and consistent risk
management approach.

1.4 The Current and Future Technology of Cybersecurity

1.4.1 Computer And Network Security

A set of rules and configurations designed to protect the integrity, confidentiality, and
accessibility of computer networks and data using both software and hardware technologies.
It involves using software and hardware to make sure that data in the network stays safe, can
only be accessed by authorized people, and doesn't get messed up. Basically, every
organization needs some level of network security to stay safe from all the cyber threats out
there.

1.4.2 Hardware And Software Security Solutions

Computer security involves protecting hardware and software components in electronic

devices, including individual computers and systems that communicate globally. It aims to
protect data and property from corruption, theft, or natural disaster while ensuring
accessibility and productivity. Hardware security protects machine and peripheral hardware
from threats, while software security protects software from threats and risks.

11
1.4.3 The Cybersecurity Toolbox

Cybersecurity software and tools are essential for professionals in areas like application,
information, network, disaster recovery, and operational security. They protect against
various cyber threats like ransomware, malware, social engineering, and phishing. These
tools include network security monitoring, encryption, web vulnerability scanning, network
defence, packet sniffers, antivirus software, firewall, PKI services, managed detection, and
penetration testing.

1.5 Emerging Technologies in Cybersecurity

1.5.1 Artificial Intelligence and Machine Learning

The future of cybersecurity will see the integration of machine learning (ML) capabilities into
cybersecurity software and hardware solutions, as well as the development of more
sophisticated and sophisticated attacks by cybercriminals. As new types of attacks emerge,
current security systems may become obsolete. Companies like Apache and Amazon offer
ML software solutions, which can predict and stop such attacks. AI systems, particularly
Deep Learning, can handle large amounts of data and work even when attacks have never
been seen before. However, the scale, scope, and frequency of cyberattacks will increase,
making analysts overwhelmed in their efforts to detect, manage, and respond to them. To
combat these complex cybercrimes, robust and intelligent cybersecurity approaches are
needed, allowing defence mechanisms to make real-time decisions and effectively respond to
sophisticated attacks.

1.5.2 Blockchain Technology

Blockchain, a technology first introduced in 2008, is primarily used in cryptocurrencies and

is now being applied to other databases and file storage structures. Its robustness and
integrity-preserving design make it a crucial technology for cybersecurity. Blockchain
technologies can improve various attributes of Internet of Things (IoV), including security,
privacy, reputation, distributed, decentralized, data sharing, authentication, and trust-based
approaches. Blockchain stores information electronically in digital format, ensuring fidelity
and security without the need for a trusted third party. Its data structure creates an irreversible

12
timeline of data when implemented in a decentralized manner, with each block given an exact
timestamp.

1.5.3 Quantrum Computing

Tomorrow's cybersecurity workforce will need to adapt to changes in encryption and

cryptography advances. Modern encryption methods like RSA use Advanced Encryption
Standards (AES) to protect data, but they are difficult to break due to processors that can
process a 0 or a one at one time. Quantum processors, which eliminate the need for static 0s
and 1s, rely on quantum entanglement and superposition to create processors capable of
simultaneously processing potentially unlimited bits, called qubits in quantum. This leads to a
new concept called quantum-resistant encryption. Quantum computing, a rapidly emerging
technology, uses quantum mechanics to solve problems too complex for classical computers.
Quantum algorithms create multidimensional spaces where patterns linking individual data
points emerge, allowing quantum computers to tackle complex problems. The impact of
quantum computing on cybersecurity is significant, as traditional threat identification and
mitigation approaches may become obsolete. The concept of limitless processing power and a
workforce unprepared for new technology could lead to catastrophic cyberattacks.

1.5.4 The 5G Spectrum

The 5G spectrum, a fifth-generation wireless networking technology, offers ultrafast

download rates, low latency, and improved user experiences. It enables the connection of
machines, objects, and devices with fiber-like speeds over the air. The 5G Core Network
manages mobile voice, data, and internet connections, integrating with internet and cloud-
based services. However, state-sponsored actors could interfere and disrupt these features,
posing a massive threat to strategically vital networks. The large number of connected
devices introduces vulnerabilities and communication between devices can be the weakest
link in 5G's security. The future cybersecurity workforce will need to create tools and
automate processes to handle the enormous amount of data moving through these larger
communication pipes, contrasting with the amount currently moving through existing
infrastructure.

13
1.5.5 Operational Technology

Operation technology (OT) is crucial for cybersecurity as it controls operations systems like
industrial control systems, building management systems, fire control systems, and physical
access control mechanisms. These programmable devices interact with the physical
environment and can detect or cause changes through monitoring or control. Any breach or
compromise can allow threat actors to access the system, damage it, shut it down, or cause
harm to others or infrastructure. For example, a compromise of an OT system controlling a
railroad crossing could put pedestrians and vehicles at risk.

1.5.6 Internet Of Things

The Internet of Things (IoT) is a growing concern for cybersecurity and its workforce, as it
involves physical objects embedded with sensors, software, and other technologies for data
exchange over the internet. With over 7 billion connected IoT devices, experts predict this
number to grow to 10 billion by 2020 and 22 billion by 2025. The goal of cybersecurity is to
become operationally resilient, but more threats and vulnerabilities are discovered and
exploited by adversaries daily. IoT devices and systems are at a higher risk due to their
components not being designed with cybersecurity in mind. The most worrisome modern
cyberattacks could render medical devices and implants unusable or even malfunction. To
address this, it is crucial for employees working on IoT systems to be trained in best practices
and the latest cybersecurity threats. There are currently no curriculum standards for IoT
cybersecurity professionals, which may contribute to hiring issues. With 22 billion access
points on the internet, the cybersecurity workforce of tomorrow must understand and
embrace IoT devices, including control board limitations, firmware vulnerabilities, and how
they are connected to trusted computer bases.

14
Activities

1. Group Discussion
Assessment based on Case Study:
Scenario 1: A major hospital system, HealthFirst, experiences a data breach. Hackers
gain unauthorized access to a server containing patient medical records. The stolen data
includes names, addresses, Social Security numbers, and sensitive medical information.
However, upon further investigation, it is discovered that the majority of the stolen data is
encrypted, making it unreadable to unauthorized individuals.

Question: Analyse the scenario above and discuss the role of encryption in mitigating the
impact of the data breach at Healthfirst.

Scenario 2: Sarah, a busy marketing manager, receives an email from "Clicky the Cat," a
popular online pet store where she occasionally shops. The email subject line reads
"Exclusive Discount: Save 25% on Catnip Toys!" and includes a link to the "Clicky the
Cat" website. Excited about the deal, Sarah clicks the link and is taken to a website that
looks almost identical to the real Clicky the Cat website. She enters her login credentials
and credit card information to complete the purchase.

Question: Analyse the scenario above and identify the type of cyber threat Sarah
encountered. Explain how you came to your conclusion and what steps Sarah should take
to mitigate any potential damage.

2. Online Forum on Cybersecurity Awareness

Conduct an Online Forum regarding Cybersecurity Awareness.
Title: "Cybersecurity Essentials: Protecting Yourself Online"

3. Audit System
Personal Computer: Auditing a personal computer can be a practical starting point for
individuals looking to improve their cybersecurity practices. This could involve assessing
the security settings, updating software, and ensuring that antivirus and firewall

15
 protections are in place. Users can also review their browsing habits, password
management practices, and data backup procedures as part of the audit process.

Online Quiz

Please click the link below:

https://forms.gle/iomrCTeRrA2AL2sJ9

16