SECURITY AWARENESS - CORPORATE SECURITY

CORPORATE SECURITY

Corporate security encompasses the policies, procedures, and technologies implemented by a business to protect its personnel, assets, and information from various threats, including physical and cyber risks. It aims to prevent incidents that could endanger the company's interests, such as theft, fraud, and cyberattacks. Corporate security also involves managing risks, communicating them to management, and managing them appropriately.

ELECTRONIC SECURITY

Electric security encompasses a variety of electronic systems designed to enhance security, ranging from perimeter protection with electric fences to interior security with alarm systems and CCTV. These systems utilize electronic components to detect threats, such as intruders or fire, and trigger alarms or alerts.

TYPES OF ELECTRIC SECURITY SYSTEMS:

·        Electric Fences: These systems use electrified wires to deter intruders and create a barrier, often used for perimeter security.

·        Alarm Systems: These systems use sensors to detect intruders and trigger an alarm, alerting residents or security personnel.

·        CCTV (Closed-Circuit Television): This system uses cameras to record and monitor activity, providing visual surveillance for security purposes.

·        Fire Alarm Systems: These systems detect smoke or fire and trigger an alarm, alerting residents or fire services.

·        Access Control Systems: These systems control who can enter specific areas or buildings, often using electronic badges or keys.  

 

 

PHYSICAL SECURITY

Physical security is the protection of people, property, data and assets from physical actions that can cause damage or loss. This includes the prevention of theft, vandalism, accidental damage and natural elements that can be harmful to an establishment.

PERIMETER SECURITY

Perimeter security refers to the measures implemented to protect the boundary of a property, building, or network, primarily to prevent unauthorized access and intrusion. It involves a combination of physical and technological solutions to deter, detect, and respond to security threats.

Physical Perimeter Security

·        Barriers: This includes fences, walls, gates, and other physical obstacles designed to deter intruders.

·        Surveillance: Closed-circuit television (CCTV) cameras, lighting, and alarm systems are used to monitor the perimeter and detect unauthorized activity.

·        Access Control: Security measures like card access, biometric scanners, and patrolled guards control access points and ensure only authorized personnel enter the area.

Technological Perimeter Security

·        Firewalls: Hardware and software firewalls control network traffic, preventing unauthorized access from the internet or other external networks.

·        Intrusion Detection and Prevention Systems (IDS/IPS): These systems monitor network traffic for suspicious activity and can take action to prevent or alert administrators to potential threats.

·        Surveillance Systems: Advanced video analytics, motion sensors, and other technological solutions enhance surveillance capabilities and provide alerts for potential breaches. 

CYBERSECURITY

Cybersecurity refers to the practice of safeguarding computer systems, networks, and digital information from any unwarranted access, use, disclosure, disruption, or destruction.

IP Address – It is a numerical address which is assigned to each computer on a network. Without an IP address, a device cannot connect to the internet.

Network – It is a group of devices connected to each other, the connection can either be wired or wireless.

Server – it is a device that handles requests for data, information and network services from other computers and devices known as clients. All your data is stored on this server.

Internet – it is a collection of multiple networks. It contains the millions of networks across the world.

VPN – Virtual private network

 

 

OVERVIEW OF CYBER THREATS AND ATTACK VECTORS

What are Cyber Threats?

Cyber threats can be defined as attempts by criminals or hackers to damage or disrupt computer networks or systems for illicit gain, typically to steal, alter, or destroy targets by hacking into vulnerable systems and then using that access point as their weapon of attack.

 

Types of Cyber Threats

1. Malware

Malware can be defined as malicious software installed without consent on an end user device with the intention of harming them and/or their data, including viruses such as worms and trojans as well as ransomware and spyware. All such examples constitute examples of Malware.

2. Phishing

The Phishing technique is a devious method of cybercrime where scammers design falsely realistic-looking websites or emails in order to entice unaware victims into providing confidential information such as passwords as well as credit card numbers and social security numbers.

3. Man-in-the-Middle Attacks

Man-in-the-Middle attacks are cybersecurity attacks wherein an attacker secretly intervenes between two parties' communication to eavesdrop, alter data or pose as trusted entities, jeopardizing both confidentiality and integrity of communications between them.

4. Distributed Denial of Service Attacks

When engaged in, DDoS attacks use brute-force traffic attacks against networks or websites in an effort to render it unavailable for user use.

5. SQL Injection

In an SQL Injection attack, attackers take advantage of vulnerabilities in web application's database query software in order to gain unauthorized access to information.

6. Zero-Day Exploits

Zero-day exploits are cyber-attacks which strike upon discovering any weakness in software, often on its very first day of discovery. Because most affected parties remain unaware of it until much later, exploits may remain for days, weeks, or even months until being patched by those with the best protection plans in place.

 

 

WHAT ARE ATTACK VECTORS?

An attack vector is any route through which an attacker gains unauthorized entry to a computer or network with malicious intentions and delivers their payload or payoff. Attack vectors allow hackers to exploit system vulnerabilities - including human ones - by exploiting human vulnerabilities as part of an offensive strategy.

Common Attack Vectors

1. Email and Phishing

Email has emerged as a primary attack vector, with phishing being one of the more popular attack techniques used against users. Attackers typically pose as trusted organizations to lure recipients into clicking malicious links or downloading infected attachments from an email sent from them.

2. Web

Attackers may exploit vulnerabilities in web applications to gain unauthorized access or spread malware, either via SQL injection, cross-site scripting (XSS), or simply uploading files with malware onto them.

3. Social Engineering

Social engineering involves deceiving or coercing individuals into divulging confidential information through various techniques like phishing, pretexting, baiting and tailgating.

4. Physical Media

Attackers often employ physical devices such as USB flash drives to gain entry to systems and compromise them. Leaving such seemingly innocent items lying about makes for easier compromise by attackers who will soon discover it and exploit its vulnerabilities.

5. Unpatched Software

Software with known vulnerabilities that has yet to be patched can provide attackers with easy entry points into networks containing zero-day attacks, making exploitation an attractive prospect.