In today’s digital era, every business should be concerned about cyber security, otherwise, it is only a matter of time before losing any precious data during a cyber attack. What is cyber security? How to protect companies against cyber attacks? What are the recommended cyber security courses for organisations? Preface is here to give you a complete overview!
What is cyber security?
Cyber security refers to the practice of defending technical systems, networks and programs against malicious attacks and unauthorised exploitation.
Source: kaspersky, CISCO, IT Governance
Read more:Ultimate Guide to Fintech (Financial Technology) in Hong KongComparing Virtual Banking to Traditional Banking in Hong Kong
Areas of cyber security
Cyber security ranges from simple to complex, common measures include:
Network security
Protects the network and data from breaches, intrusions and other threats.
Application security
Prevents security vulnerabilities against threats such as unauthorized access and modification. For example, all wireless devices and products should take action to improve cyber security before entering the EU market.
Information security
Keeps data secure from unauthorized access or alterations.
Operational security
Safeguards sensitive information and preserve essential secrecy.
Disaster recovery and business continuity
Responds to or adapts to potential threats or unforeseen disruptive events while minimising the negative impacts
Storage security
Encompasses the implementation and management of security across all layers of a storage environment.
Cloud security
Avoids data stored on cloud computing platforms from being stolen, deleted and leaked to unauthorised parties.
End-user education
Equips employees with the tools and skills required to protect themselves and their organisation’s assets from loss or harm.
Read more:NFT: What is it? Why is it shaking up the Art World?More than a game: Everything you need to know about MetaverseHow to be a Digital Nomad in 2022? Here are 5 things you need to know
Why is cyber security important?
While people are becoming more and more dependent on the internet, there has been an increasing number of incidents of security breaches, fraud, malicious attacks and more that could potentially dupe you of your money or other crucial data.
According to InfoSec, there has been a surge in computer and internet based criminal activities, and the problem is identified to be one of the major public concerns.
Therefore, whether you are an individual, small business or large multinational, maintaining a strong cyber security posture is of utmost importance. With reference to Cybersecurity Ventures, cyberattacks are expected to cost organisations worldwide about $6 trillion by the end of 2021. Therefore, businesses of all sizes and in all sectors should put cyber security and safety as top priority.
Especially during the pandemic, business owners should take extra attention to cyber security given that the mass shift to working from home might make employees become confused as to how to continue to work securely.
Businesses that require capturing and using sensitive information frequently, the healthcare industry, in particular, are facing more cyber threats and forms of disruption than ever before. In 2020, there has been a 25% year-over-year increase in healthcare data breaches.
It goes without saying that data breaches and hacks will continue to accelerate, organisations should therefore incorporate the highest security measures to protect themselves from ongoing dangers.
Source: CISCO
Types of cyber security threats
1. Virus
A virus will infect the computer system by duplicating itself without any permission. It will penetrate its own malicious code into pre-existing programs with an aim to spread to other systems. This is one of the most destructive threats as it might damage various data storage and lead to a complete system failure.
2. Ransomware
Ransomware is that kind of threat that will take your data hostage, unless money is paid, or else the whole data set will be destroyed. However, more often, even if the victim has settled the payment, the attackers won’t return the hostage but keep demanding for more.
3. Worm
The nature of worms is similar to viruses as they will replicate themselves on a computer system and cause destructive consequences. But also unlike the virus, a worm is an independent program that can work just fine without attaching to a file.
4. Cryptomining Malware
It is a well-known fact that mining cryptocurrency consumes a great amount of computing power. Therefore, some miners will parasite other computers and steal the processing power for their own uses, given that this allows them to mine faster and more efficiently. Once the organisations’ computers are hijacked, there will be an obvious decrease in speed.
5. DDoS Attacks
The full name of “DDoS” is “Distributed Denial of Service”, meaning that the normal operation of a system or device will be interrupted, resulting in access denial and downtime. DDoS normally brings a larger scale of destruction, making the recovery process to be more challenging. To deal with this, experts suggested adopting advanced threat protection.
6. Phishing
Phishing primarily relies on social engineering techniques. It usually starts with dropping the victim an email, instant message or text message with a malicious link, once the recipient is tricked into clicking the link, it can then lead to auto-installation of malware and sensitive information such as login passwords and credit card numbers will fall into the wrong hands.
Want to keep up with the tech-driven future? Check out Preface Coding Event for our latest Tech Seminars and Coding Workshops to stay relevant! Come enjoy the exquisite beverage selection from Preface Coffee & Wine while updating yourself with the most up-to-date knowledge!
Cyber security online courses
To prevent sophisticated cyberattacks, businesses must extend the cyber security awareness to all employees, helping the employees to avoid and prevent cyberattacks when they are accessing email, social media and other apps while using the company’s technology resources or their personal devices.
To achieve that, companies should consider holding cyber security training programs since continuous employee awareness training is effective in mitigating cybersecurity risks as proven by the cyber security awareness training firm KnowBe4.
Below is a list of some featured courses:
1. Udemy - Basic Cyber Security Expert
This is a beginner course for cyber security. If you know how to work on computers and have Basic knowledge of the Internet, you must be able to catch up with the class.
The course will talk about the basics of cyber security, the common threats as well as the solutions to protect organisations from cyberattacks. The course was originally priced at USD $34.99 and is now discounted to USD $9.99.
2. Coursera - Introduction to Cyber Security
The course is designed to help students develop a deeper knowledge of the most common information and system protection technology and methods nowadays.
After the course, learners are expected to get a baseline understanding of common cyber security threats, basic functional protections, real-time security techniques and methods and a series of advanced topics in cyber security.
The course is now free for registration from 21 Nov 2021.
3. Universal Class - Cybersecurity 101
This course covers different areas of cyber security, including but not limited to network security, cloud security, system security, network infrastructure, protocols and encryption.
It is not necessary for students to have any IT background, throughout the course, learners will be provided with the groundwork for future studies or the potential for entry-level work in smaller companies.
The course is now priced from USD $55 to USD $80.
4. FutureLearn - Introduction to Cyber Security
The course is supported by the UK Government’s National Cyber Security Programme.
By the end of the course, students will be able to explain basic cyber security terminology, identify major malware types, describe basic authentication mechanisms, apply fundamental risk analysis and management techniques and more.
The course fee ranges from USD $15.83 to USD $89 per month.
5. Udemy - Ethical Hacking with Metasploit: Exploit & Post Exploit
This course begins with the very basics. First students will learn how to install the tools, some terminology and how devices communicate with each other. Then they will learn how to scan vulnerabilities with Nessus and gain full access to computer systems via discovering the weaknesses and vulnerabilities.
Students will also be given the opportunity to learn how to set up a lab environment and install the needed virtual machines such as Kali Linux, Nessus and Metasploit.
The tuition fee was USD $84.99 and is now reduced to USD $9.99 only.
How to protect yourself against cyber attacks
Though cyberattacks are unexpected, they are not completely inevitable. Below are some tips to protect yourself from a cyberattack:
1. Use a secure password
Instead of using your birthday and other commonly used combinations such as “123456”, “qwerty” and “pa$$w0rd”, you should better use a mix of uppercase and lowercase letters, and make sure the passwords are at least eight characters long.
2. Apply zero-trust strategy
“Zero-trust” refers to “never trust, always verify”, which means that devices should never be trusted by default, instead you should verify everything trying to connect before granting access.
3. Protect every device
Computer viruses and malware are everywhere. Antivirus programs such as firewalls and intrusion detection systems can protect your computer against unauthorised code or software that may threaten your operating system.
4. Backup your computer
If you haven’t started backing up your hard drive, you should do it immediately. Backing up your data is critical in helping you to rebuild as quickly as possible after suffering any data breach or loss.
5. Use two-factor authentication
Two-factor authentication adds another security layer to the login process, reducing the chances of your account getting hacked since having a password alone is not enough to pass the authentication check.
Source: kaspersky, Victoria University
Top cyber security tools
1. Kali Linux
Kali Linux is an open-source, Debian-based Linux distribution. It contains several hundred tools targeted towards various information security tasks, such as Penetration Testing, Security Research, Computer Forensics and Reverse Engineering.
2. Nmap
Nmap stands for Network Mapper, which is a free open source command-line tool. It is an information-gathering tool used for recon reconnaissance. Basically, it scans hosts and services on a computer network, followed by sending packets and analyzing the response.
3. Keepass
KeePass is a free, open-source password manager that helps users to manage passwords in a secure way. Keepass stores all passwords in one database that is locked with a single master key. This database is encrypted using extremely secure encryption algorithms.
4. POF
POF is mainly used for monitoring the network without generating additional data traffic. It can be used for detecting host operating systems in a network, as well as creating probes, lookups, queries, and more as additional functions.
5. Nikto
Nikto is an open-source vulnerability scanner that provides additional vulnerability scanning specific to web servers. It performs checks for 6400 potentially dangerous files and scripts, 1200 outdated server versions, and nearly 300 version-specific problems on web servers.
Source: Jigsaw
Does cyber security require coding?
If you are looking for entry-level cyber security jobs, coding skills are not necessarily required. However, for mid-level and upper-level cyber security positions, being able to write and understand code will be a must.
To mitigate cyberattacks, more advanced technologies such as Artificial Intelligence (AI) and Machine Learning (ML) have been applied to cyber security practices. Therefore, if cyber security interests you, you might consider taking some coding courses to strengthen your knowledge.
1. From Newbie to Full Stack Web Developer
Preface’s Web Developer course is well recognised by many leading companies including JP Morgan, Cathay Pacific and Adidas. It is a beginner-friendly program with an aim to give learners a concrete base in both front-end (HTML & CSS) and backend (Python in Django) development. By taking a step-by-step teaching approach and comprehensive exercises, quizzes and assignments, students are expected to master coding and programming techniques and apply them to various actual business use cases accordingly.
2. All-in-one: Data Science and Python
Preface has successfully offered top-tier coding education to over 6,000 graduates since 2015. This course goes through the entire data science process such as APIs, matrix factorisation and cross-validation methods. The tutor will then move from basic knowledge to more advanced concepts like machine learning and algorithms for predictive analysis, which is closely related to cyber security applications.
Source: Startacybercareer, CIOinsight
Cyber security Law in HK
When it comes to cyber-related offences, the Hong Kong Police Force (HKPF) is the key enforcement authority. HKPF has a division called Cyber Security and Technology Crime Bureau dedicated to handling cyber security issues, its job duties include carrying out cybercrime and technology crime investigations, computer forensic examinations and prevention of technology crime.
Hong Kong is also the first Asian jurisdiction to enact comprehensive personal data privacy legislation. From a business perspective, the key compliance framework to follow is the Personal Data (Privacy) Ordinance (PDPO), which clearly states that all organisations that collect, hold, process or use personal data must comply with the specific data protection principles, or else might lead to a fine of HK$1 million and imprisonment for five years.
Cyber security resilience
Last but not least, you need to know about cyber resilience.
Cyber resilience is the ability to prepare for, respond to and recover from cyber threats. A cyber-resilient organisation is able to adapt to both known and unknown crises, attacks, adversities and challenges.
Both cyber security and cyber resilience are vital strategies to protect a company’s assets and keep customers’ sensitive data secure. In a nutshell, the former refers to a company’s ability to protect against and avoid the increasing threat from cybercrime, whereas the latter describes a company’s ability to mitigate damage and carry on once systems or data have been compromised.
Source: World Economic Forum
Read more:NFT: What is it? Why is it shaking up the Art World?More than a game: Everything you need to know about MetaverseHow to be a Digital Nomad in 2022? Here are 5 things you need to know
Want to keep up with the tech-driven future? Check out Preface Coding Event for our latest Tech Seminars and Coding Workshops to stay relevant! Come enjoy the exquisite beverage selection from Preface Coffee & Wine while updating yourself with the most up-to-date knowledge!
