Keywords: cyber security, network security, cyberspace.
Nowadays, Turkmenistan is sensitive to the global development trends in the field of digital technologies. By the decision of the President, a «cyber security» service was established within the «Turkmenaragatnashyk» agency to ensure the security of the information system in the country. Cybersecurity is the practice of protecting systems, networks, and applications from digital attacks. A general analysis of protection against emerging and evolving threats can be described in terms of cybersecurity.
What is cyber security?
Cybersecurity (sometimes called computer security) is a collection of methods and practices for protecting computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. Cybersecurity should be geared towards providing protection in cyberspace. Therefore, a key concept for the analysis of cyber security is the concept of cyberspace.
Cyberspace is a complex environment that does not exist in any physical form, resulting from the interaction of people, software, and Internet services through technological devices and network connections.
The Cyber Security Program is defined by UK Professionals as:
– network and any type of digital activity, including information content and actions carried out over encrypted networks.
In this multiplicity of definitions, the focus is on the people who use the technologies rather than the technologies themselves, in accurately describing the relationship between cyberspace and the ICT infrastructure.
One of the main things is that the main content of cyberspace is focused on the activities of users using digital information resources and ICT infrastructure.
The concept of cyber security is very multifaceted and thus defining this concept is very difficult and complex. There are many different opinions and views on this matter.
Network security is the actions taken to protect computer networks from various threats such as targeted attacks or malware.
Application security — protecting devices from threats that criminals can hide in applications. This program can allow an attacker to access data that they are supposed to protect. Software security is also ensured during development, before it appears in open source.
Data security — ensures the integrity and confidentiality of data both in storage and transmission.
Operational security — managing and protecting information assets. This category includes, for example, network access permissions or rules that define where and how data can be stored and transferred.
Raise awareness — educate users. This approach helps everyone reduce the impact of unpredictability in the cyber security industry. Even the most secure system can be attacked due to someone's mistake or ignorance. Therefore, every organization should conduct training for employees and tell them about the basic rules: for example, not to open suspicious e-mail attachments or plug in suspicious USB devices.
Todd Cyberthreats are expanding in scope and threats worldwide, and data breaches are on the rise.
The International Data Corporation predicts that cyber security spending will reach $133.7 billion by 2022 if cyber threats continue to increase. Governments around the world are fighting criminals by helping organizations implement cybersecurity practices. For example, the US National Institute of Standards and Technology (NIST) has developed principles for a secure IT infrastructure. NIST recommends regular real-time monitoring of all electronic resources to prevent malicious code from harming and spreading.
Types of cyber threats.
Cyber security combats three types of threats:
- Cybercrime activities organized by one or more attackers to disrupt business or financial gain and attack a system.
- Cyber attacks are actions aimed at collecting information of a political nature.
- Cyber terrorism — actions aimed at destabilizing electronic systems to create fear or panic.
How can cybercriminals gain control of computer systems? They use different tools and techniques.
Malware.
Malware is the most common cyber crime tool. Malware is often spread through harmless files or email attachments. Cybercriminals use it to make money or attack for political purposes. Cybercriminals download Trojans to users' computers and then collect or damage data.
Embedded software that secretly monitors user activity and collects information (such as credit card information). Cybercriminals can then use this for their own purposes.
Ransomware encrypts files and data. The criminals then demand a ransom, claiming that they will lose the user's data. Adware is an adware that can distribute malware.
Botnets are networks of computers infected with malware that cybercriminals use for their own purposes.
SQL injection.
This type of cyber attack is used to steal information from databases. Cybercriminals exploit vulnerabilities in data-driven applications to distribute malicious database management language (SQL) code.
Phishing.
Phishing — attacks aimed at tricking the user into confidential information (for example, bank card details or passwords). In these attacks, criminals often send emails to victims posing as official organizations.
Man-in-the-Middle. (man-in-the-middle attacks)
It's an attack where a cybercriminal intercepts data as it's being sent — as it were, it becomes an intermediate link in the chain, and victims don't even know it. For example, if you connect to an unsecured Wi-Fi network, you may be vulnerable to such an attack.
DoS (Denial of Service)
Cybercriminals overload the target's networks and servers, disrupting system functionality and usage. Thus, attackers can damage critical infrastructure components and disrupt an organization's operations.
References:
- The Constitution of Turkmenistan — Ashgabat: Turkmen State Publishing Service, 2023
- The Law of Turkmenistan «On Administrative Procedures» //Bulletin of Mejlis of Turkmenistan — 2017
- Scientific commentary to the Law of Turkmenistan «On Administrative Procedures» — Ashgabat: Turkmen State Publishing Service, 2020
- Arbitration Procedural Code of Turkmenistan //Bulletin of Mejlis of Turkmenistan — 2021
