With the immense growth in the technology the world is moving towards a digital era where the most of our information is stored on the internet, our bank details, identities, social security numbers, driving licenses, adhar numbers and the list is endless. Social networking sites have our personal details like photographs, places we visit, things we buy which may sound trivial at this point but trust me when these small details get in the hands of someone who knows where and how to use them, the results may be disastrous. Earlier theft was considered as looting a house, stealing a car or robbing a bank but with this transition into digital world, the meaning of theft has also changed manifolds. Today a person can steal someone’s digital identity and might sell it for a huge amount maintaining his/her anonymity, an attacker can launch a ransomware attack and can demand huge chunks of money in the forms of crypto currency and once the transaction occurs all the money is untraceable.
Nowadays all our data is being moved onto the cloud infrastructure so as to store it efficiently and securely, Information security is one of the biggest challenges that the world is facing and needs to improve upon each and every day. Every day there is some attack on a company stealing all their employee’s personal details, a ransomware attack demanding thousands and thousands of dollars just for the decryption key or stealing of a company’s secrets etc. The information dumped from these attacks may be sold on the dark web, which is the market place for all this kind of stuff and an attacker may get a huge amount of payout by dumping a company’s whole database and selling it on the internet. Sometimes the compromised systems are left unusable after such kind of attacks. So as a company or nation or even as an individual, it is immensely important to protect ourselves from such happenings by securing our systems. Let’s take a real life example to understand the effects of a weak security infrastructure.
Have you ever heard about NotPetya? It’s the best example we can see in order to understand the need of a strong cyber security infrastructure needed by a nation in order to protect itself from a cyber-attack. NotPetya was a cyber-attack (a worm) on Ukraine that destroyed their digital life leaving the ATM’s, subway ticketing systems, turnstiles, big organizations computer systems in a paralyzed state and this did not stop here, since it was a worm, so it spread out and caused a massive and unimaginable impact not only on Ukraine but various other countries. The scary part Is that all this was leveraged by using an exploit in the windows operating system called the eternal blue (MS17–010) that exploited SMB (Server Message Block) and a flaw in the operating system that stored the passwords of the users in clear text. There are various other examples like Wannacry, stuxnet, mirai, etc that show us how important the field of cyber security is and how much we need to focus on it
Till this point I think it may be pretty clear to you that how much we need to focus on information security and strengthen the presently available system. When talking about protection information the first thing that pops up in our mind is cyber security or ethical hacking. Now cyber security is the universal set of various other fields such as, penetration testing, red teaming, blue teaming, ethical hacker, information security, cyber forensics etc. Cyber security is a pretty dynamic field, everyday a hacker may find a new exploit or vulnerability and at the same time patches are released to repair the presently known vulnerabilities, so a person needs to keep up with this pace to survive in this field. It’s not something that can be mastered as every day you learn something new. Now you must be thinking how to start yourself to get in this cat and mouse game? Well the answer is pretty simple, start collecting more and more information about it, read more and more blogs, go on to social networking sites like twitter and follow the people who actually achieved some milestones in this field (ill provide some in the resources) surf the internet, listen to podcasts (Darknet Dairies being my favorite) try out things and find out where do you belong. Suppose you’re interested in detecting how an attack happened, or how a system was compromised you may look into cyber forensics or you’re good at breaking thinks you may look at penetration testing or ethical hacking. Start reading the most popular attacks and how they were caused and most importantly why they were caused, what were the mitigations taken to prevent further attacks and see if it all motivates you or fascinates you to try things, by trying I do not mean to plan an attack but like try to learn. You may start looking at your own systems and start finding what all can I do to compromise my own self and I bet you will find at least one or two things that may lead an attacker to your doors. All this will give you an inside look and you will find out whether you want to be in this field or not. Surf YouTube for courses and video explanations there are a ton of content available you just need to search at the right place. Now I will surely write a detailed blog covering all the pathways to start with cyber security but for now just have a taste of the field and see does it seem promising to you. Here are some great resources you can start with:
YouTube Channels:
Podcasts:
People you can follow:
https://twitter.com/thecybermentor
https://twitter.com/stokfredrik
https://twitter.com/_johnhammond
Hope this article will help you getting an introduction into the field of cyber security and the importance of it in the modern day scenarios.
Thanks for your patient reading, stay tuned for the next one.
