On October 12, 2021 National Cyber Security Publicity Week, the white paper "Cyber Security Industry Talent Development Report", led by the Talent Exchange Center of the Ministry of Industry and Information Technology and the Cyber Security Industry Development Center and participated by Anheng Information and other companies, shows that my country's network The demand for talents in the security industry is growing rapidly. In the first half of 2021, the total demand for talents has increased by 39.87% from last year. As of now, the talent gap in the network security industry exceeds 1.4 million. This data clearly reflects the penetration rate of cyber security in various industries and its importance in the structure of talent demand.
What is cyber security?
Network security measures, also known as information technology (IT) security, are designed to counter threats to network systems and applications, regardless of whether these threats come from within or outside the organization. Its core function is to protect the devices we use (smartphones, laptops, tablets, computers, etc.) and access services (in life and work) from theft or damage, reduce the risk of cyber attacks, and prevent systems and networks And technology has been used without authorization.
Why is network security so important?
In recent years, smart phones, computers and the Internet have become basic components of modern life. It is difficult for us to imagine working and living conditions without it. However, with the rapid development of technology and the widespread popularity of the Internet, network attacks have become more and more complex, and the types of strategies used by attackers have increased. They are usually "out of sight" and attack specific vulnerabilities. This causes the attacked person to suffer huge economic losses, and some even damage their reputation.
In the face of this situation, how to take effective defensive measures and how to trace and discover the source of the attack is particularly important, and these are the parts of network security that are responsible.
So in the face of cyber attacks that may crise us at any time, how does cyber security deal with it? Before we understand cyber security, we should also understand our "enemy" cyber threats.
Common types of cyber threats
The current Internet threats mainly include the following 6 types:
Malware
Malware is a broad term that includes any file or program that damages or destroys a computer. For example: ransomware, botnet software, spyware, Trojan horses, viruses and worms, etc., they will provide hackers with unauthorized access to damage the computer. A more common malware attack method is that the malware pretends to be a legitimate file to bypass detection.
Distributed Denial of Service (DDoS) attack
A DDoS attack is a malicious behavior that floods the target server or its surrounding infrastructure through large-scale Internet traffic, thereby destroying the target server, service, or normal network traffic. It uses multiple damaged computer systems as the source of attack traffic to achieve the attack effect. The machines used can include computers or other networked resources (such as IoT devices).
Phishing/Social Engineering
Phishing is a form of social engineering that induces users to provide their own PII (Personal Identifiable Information) or sensitive information. For example, many of the online scams that we must have heard of are disguising themselves as emails or text messages from legitimate legal companies and asking users to provide private information such as bank cards and passwords. The email or text message appears to come from a legitimate legal company that requires users to provide sensitive information, such as bank card data or login passwords, but in fact, as long as you complete the input, your personal information will be stolen. Here is also a reminder: not credulous, does not disclose, and does not transfer money for suspected fraud.
Advanced Persistent Threat (APT)
An APT attack, also known as a targeted threat attack, refers to a continuous and effective attack activity carried out by an organization on a specific object. This kind of attack is highly concealed and targeted. It usually uses various methods such as infected media, supply chain, and social engineering to implement advanced, lasting and effective threats and attacks.
middle attack
Man-in-the-middle is a kind of eavesdropping attack. Hackers intercept normal network communication data and perform data tampering and sniffing, while the two communicating parties are unaware of it. For example, on an insecure Wi-Fi network, an attacker can intercept the data passed between the guest device and the network.
Insider threat
Current or former employees, business partners, outsourcing service providers, or anyone who has accessed the system or network, if they abuse their access rights, can be regarded as an insider threat. Internal threats may be invisible to traditional security solutions that focus on external threats (such as firewalls and intrusion detection systems), but they are also the most important thing to ignore.
How to ensure that the network is more secure?
Although we cannot prevent attacks from the source, adequate preparations and preventive measures can still minimize losses as much as possible. And this is exactly what network security does. Network security can be roughly divided into 3 parts:
- Equipment system security
- Data content security
- Operational safety
Device security
Device security refers to physical data storage, iteration, etc. devices, or servers, hard drives, etc. It is the material foundation of network security, and it is also the first consideration for network security. If your equipment is damaged, no matter what you do in the future, it will be useless.
Generally, we need to consider the following aspects when considering equipment system security:
- Availability: whether the equipment system can be used
- Reliability: how long the device can be used
- Stability: Whether there will be unexpected problems when the device is in use
Taking a personal computer as an example, we need to ensure that the system version is up to date, including the operating system and all applications. At the same time you also need an excellent anti-virus program and a good firewall.
Data content security
Generally speaking, when we talk about content security, we mean that the data content complies with national laws and regulations. But in addition to the encryption of the content itself and the security of transmission, currently we mainly use two encryption methods:
- Symmetric encryption (private key encryption)
- Asymmetric encryption (public key encryption)
Operational behavior safety
Operations in the network can actually threaten the security of the network. According to statistics, more than 80% of the security threats for enterprises are due to the lack of effective management methods and strict authority management systems, which leads to internal personnel actively or passively leaking through mobile devices or network transmission when using the network and equipment. A large amount of data information materials. In social engineering-type threats, criminals will pretend to be internal employees through the corporate information they have to gain trust, and further gain internal secrets.
With the continuous development of the Internet, network security will become more and more important, and the directions involved will certainly become more and more comprehensive. When working or studying programmers are thinking about what else they can do, you might as well consider the direction of network security.
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。