Basics of Cybersecurity
This chapter is from the book
This chapter is from the book
This chapter is from the book
Cybersecurity
The earliest computers, such as the ZX-Spectrum or the original Apple computer designed by Steve Jobs and his colleagues, didn’t require login information or user credentials. Anyone could just switch on the machine, open a word processing application, type, and print. Most of those standalone machines did not even connect to a network. At that time, the only thing people wanted was a machine that could print a document and play a few funny games.
The languages used were simple, too—BASIC, C, and so on. Some systems used mostly by government organizations had huge machines called mainframes that ran languages such as FORTRAN and COBOL. A few database programs, such as DBase III and DBase IV, existed. For a desktop computer user who wanted nothing more than a word processing program for documents and a couple of games, all these extra language features did not exist, were neither required nor known.
If you asked most people about computer security in those days, the only answer you would get was about the physical security of the machine in the office or home. Personally identifiable information (PII) such as Social Security Number (SSN) and date of birth did exist in some files, but nobody gave a second thought to losing that information or otherwise finding that it had been compromised. Universities even printed the SSNs on students’ primary ID cards. Once in a while, a smart aleck stole credit card numbers in postal mail and used them, but the instances of extensive fraud—like what we have now—were rare.
Then came the era of Windows, Windows NT, and networking. The number of computing machines and the desktop machines exploded. Thanks to the ever-changing and improving technologies, the mainframes that occupied several thousand square feet of physical space slowly gave way to smaller units. As the explosion continued, hackers and attackers have found new ways to steal and smarter ways to dupe users to compromise a single system, a segment of a network, or even a complete network. To counter these attacks or hacking attempts, corporations have started reinventing their systems, reconfiguring software, and updating the login procedures for single computers and networks.
Along the way, new words like phishing and whaling have been introduced to identify the fraud. Even as governments and computing corporations were busy inventing new antifraud protection and technologies, hackers were getting smarter, too, and they used the same new technologies to invent worse methods to hack and steal. In the early days of Windows, Bill Gates even invited hackers to attend a meeting to share their methods in the hope that Microsoft could design software to avoid those attacks. At one point, people predicted that hacking attempts would end by a particular year, but so far, nothing has stopped hackers. They continue to come up with innovative ways to breach security. New hacking techniques, such as ransomware attacks, continue to be developed and make us wonder when, or even if, these attacks will end.
Although you may be happy with your systems and software with their increasing speeds and evolving technologies, you should never forget that someone is always watching what you do—even if the system is in your bedroom and not physically accessible to anyone. Shopping, checking for an address, finding out where to order a pizza, and almost everything else is online and uses the Internet. The cable that connects your computer to your Internet Service Provider (ISP) is not even required any longer because of the availability of Wi-Fi networks. We now also have more threats than before because most people carry phones and mobile devices such as tablets.
Before we delve deep into attacks, countermeasures, and cybersecurity, let’s first talk about a few important terms in cybersecurity. In this chapter, we touch on the basics of cybersecurity: the terms, fundamentals of guarding the data, what to guard, how successful we can become in guarding, and how we can independently decide if the guards we deploy to counter the threats are really successful.