Cybersecurity

Cybersecurity (also: network security, IT security) consists of rules, processes and methods that are applied to prevent, detect, and record unauthorized access, misuse, modification or disruption of computer networks, cyber-physical systems (see LINK CPS) or other network-accessible resources. It should not be possible to influence hardware and software in an unintentional manner; in particular, interruption or misuse of the services and functions offered should be prevented. Unauthorized and unintentional intervention in technical communication between systems as well as direct access to these must be avoided to maintain services.

Cybersecurity is therefore primarily aimed at preventing cyber-attacks. Cybercrime can be distinguished between different types. These often have characteristics of several types and thus overlap:

• Insiders vs. outsiders
• Lone perpetrators vs. organized crime
• Financially motivated criminals
• State organized attacks
• Hidden attackers vs. attackers with public attention

In order to implement appropriate measures and their subsequent evaluation for necessity, appropriateness and cost-effectiveness, the infrastructure to be protected must first be inventoried and the cybersecurity exposure recorded.

Knowledge of network transitions and their protection is one of the fundamental factors for effective defense against external attacks. Based on the network structure analysis, countermeasures must be designed, tested, and implemented for all identified network transitions and for the corresponding processes as well.

A single line of defense is often ineffective, so a staggered defense strategy should always be implemented. In particular, protection mechanisms against malware, such as viruses, worms, and Trojan horses, should be deployed on the systems listed below:

• Security gateway
• E-mail server
• File server
• Mobile and stationary workstation systems

Security requirements for hardware and software should be defined as early as possible, i.e. during the development or construction phase. This is often referred to as security-by-design. Later retrofitting usually significantly increases the cost of eliminating security vulnerabilities.

The complex and frequently evolved IT system landscape, the diverse types of use and innovation and life cycles create the basis for high security risks for companies and government institutions. These risks will tend to increase sharply, placing cybersecurity further in the focus – and not just in IT departments. In the future, a cyber strategy must be part of the overall corporate strategy and should therefore be part of the corporate management.

With the rise of mobile and home offices, a new management style is likely to emerge, providing companies with a direct opportunity to say goodbye to outdated and obsolete security solutions and roll out effective state-of-the-art solutions instead.

Cyber risks continue to increase and will be a lasting companion for networked companies. For this reason, institutions need to develop strategies and solutions to protect themselves.

• 2007: A DoS attack cripples the entire Internet in Estonia.
• 2010: The Stuxnet computer worm shuts down the uranium enrichment facility in Iran.
• 2011: 77 million subscriber data stolen from Sony in Japan.
• 2012: 24 million customer records are stolen from Amazon subsidiary Zappos.
• 2013: Approximately 38 million customer records were stolen from Adobe in the United States.
• 2014: Due to a cyberattack, 1 billion customer records were stolen from YAHOO in the US. The data were: Phone number, date of birth, encrypted passwords, unencrypted password recovery security questions. In the same year, a total of 145 million customer data was stolen from eBay. 
• 2015: The cyberattack on the German Bundestag led to the replacement of all computers.
• 2016: The Mirai attacks, e.g. on Deutsche Telekom routers, led to a 24-hour outage of television, Internet and telephone in about one million households. During the US election campaign, misinformation was sent to Democrats via social bots.
• 2017: The WannaCry malware exploited a worldwide vulnerability in Windows. The NotPetya ransomware encrypted the table of contents of hard drives in hundreds of thousands of computers.
• 2018: Health records of 1.5 million citizens in Singapore were stolen.
• 2019: Phishing attacks on the Ärzte- und Apothekerbank in Germany initiated three-digit fraudulent bank transfers. 

Soon you will find here suitable apps on the topic: Cyber Security

References:

• https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/
• https://en.wikipedia.org/wiki/Network_security
• Cyberstrategien für Unternehmen und Behörden: Maßnahmen zur Erhöhung der Cyberresilienz – M. Bartsch – 2017
• Cybersecurity Best Practices: Lösungen zur Erhöhung der Cyberresilienz für Unternehmen und Behörden – M. Bartsch; S. Frey – 2018
• https://www.infineon.com/cms/de/discoveries/cybersecurity-grundlagen/