How relevant is the issue of cyber security in contemporary times?

Even though we tend to only hear about the high profile attacks in the news, Cyber-attacks have become increasingly common and more sophisticated.
The U.S. government is still reeling from the attacks in the span of less than a month by hackers from China and Russia who managed to steal classified information. Attacks and leaks by some the nation’s most popular apps and websites earlier this year too have brought the threat to India Inc.’s attention. A report recently found that India ranks among the top 10 ransom attacks in the world. Cyber-security is no longer a luxury for firms to have on board. It is a given.
All the IT giants are setting up Data centers across India to scale up their capacity and with initiatives like “Digital India” gathering strength, a lot of important information is going to be available online. It is all the more vital to keep this information safe. It is estimated that nearly 1.7 crore jobs will be created due to this initiative of which a large chunk will be for Security professionals.

What are the most common types of vulnerabilities that computer systems are prone to?

Hackers use all sorts of tricks to sneak in. They can hack, con employees over the phone or email, use impersonation to walk in, the list is endless.
The most common attacks are Trojan viruses responsible for multiple threats such as data theft, money theft or even installing ransomware.
Remote Access Tool (RAT), although it was introduced for remote administration, they have become a favourite for malicious activity. Hackers can gain access to the user’s screen, use their webcam, control the hardware and even keep a log of all that is typed.
Denial of Service (DoS) is the most common form of attack. Hackers usually use bots to overload a site’s servers and cause disruption in the service.
SQL Injections are very popular and often implemented by tampering with the source code of the website. This can be used to get information stored on the backend or deface a website.
Basically, no one with an online presence is 100% immune to attacks.

What are the different areas of study one can specialize in under Cyber Security?

There are many roles dealing with its different aspects. And these roles usually overlap with each other and hence it is likely that a specialist working in one area will have to be familiar with the work in other areas as well.
The major areas which one can specialize in include:

  1. Information Security/Risk Analysts – They are the front line of defence for organizations, protecting information from attacks and trespassers. They analyse and assess potential security risks, put in safety measures such as firewalls and encryption and audit systems for abnormal activity, and if required carry out corrective actions.
  2. Ethical hackers or Penetration testers – They carry out tests on a system to find weaknesses in security. They do everything a hacker would do, but they do it on behalf of the organisation itself. They try to access information without usernames and passwords, and will try to break through whatever security applications have been set up.
  3. Computer forensics analysts or investigators – With the rising crimes these have become essential for studying the attacks to track and nab the culprits and also to understand the attack and prevent it from recurring in the future. From recovery of deleted files to analysing and interpreting data linked to crime they often will often provide evidence used in proving cyber-crimes.

Are there courses for training in Cyber Security? What are the qualifications necessary to apply for the same?

Yes, Coursera offers an online course. In general, there is no minimum certification required to be an ethical hacker. However, it is advisable to attain these since a certified qualification ensures that the candidate has a sweeping knowledge of all the potential threats and is up to date with all the necessary trends he needs to know.
Having a strong understanding of coding, networks, operating systems and hardware is fundamental because these are often manipulated by hackers to carry out an attack. There is a thin line distinguishing ethical hacking from illegal hacking. It is doubtful that basement hackers would ever be equipped or take the trouble to go through cyber laws governing the internet. Additionally, a qualification also adds weight to one’s resume and makes it easier to land a job.

Could you give us a brief explanation on the concept of Ethical Hacking?

Ethical hackers are hired to carry out tests on a system to find weaknesses in security. They do everything a hacker would do, but they do it on behalf of the organisation itself. They try to access information without usernames and passwords, and will try to break through whatever security applications have been set up.
They then report their findings to the organization and suggest preventive measures that must be put in place to keep the organization’s information and network safe. The major difference is, between an ethical hacker and a malicious hacker is that the latter would try and take advantage of the vulnerability instead of reporting it.

What advice would you give to the youth of today who aspire to build a career in Cyber Security?

According to NASSCOM, the cyber security industry has been growing by leaps and bounds year on year, and the lack of a steady supply of such trained professionals is going to push the global demand higher.
Computer science roles have been in high demand in India as it is. Adding the element of security makes these professionals even more sought after. So if you have a passion for computers, enjoy solving puzzles, breaking things, fixing things, learning new skills and are eager to work at a thrilling job, then Ethical Hacking is the perfect career path for you.