My topic was to research cybersecurity and penetration testing. For research I read one book named Introduction to cybersecurity and other articles from the internet. I also did one interview via email. I interviewed ICT-specialist from the Finnish police. This topic was unfamiliar for me so basically, the researching and studying started from zero. I wanted to take this topic because it interested me and I want learn about this field.

People in the world love to use social media, order things online, and read news and books on their devices. We are sharing a lot of data on the internet, and there is a chance that the data could go to wrong hands. Total disaster could be behind of one click. On the internet, there is a security system called cybersecurity. Cybersecurity’s task is to protect people from hackers in the network and digital field. Cybersecurity has become one of the most important operators in the security sector because of digitalization. We all should be able to surf online carelessly, that no one can steal your personal information.  According Margaret Rouse from Lehmann’s book. She said that cybersecurity can be defined as the body of technologies, processes and practices designed to protect networks, programs, computers and data from attacks, damage or unauthorized access (Lehmann 2016, 5).

Digitalization has opened a lot of opportunities. Mobile banks, online shopping, news, and online books. People share their personal information and payment methods on the internet. How do companies secure this data? Cybersecurity is key for this.  Many critical actions like money transfers, energy production, and air traffic are dependent on cybersecurity. Without cybersecurity, any of these wouldn’t be possible. If some hacker has access to those the damage can be indispensable. A good example is what happened to British Airways in 2018. Around 500 000 people’s personal information was hacked. It included credit cards and CVV-codes. This all happened because British Airways had a weak security system. For British Airways, this cost a hundred of million dollars including 205 million euros fine from the British data protection authority.

Cybersecurity is such a deep topic so I can’t go really deep without having courses or experience behind. The book I mentioned before there were well explained terminology that can help understand different risks of cybersecurity. I collected some of them below.

Active attack – this is an attack that is made intentionally which targets the integrity of a system, its resources, data, or operations.

Blacklist – a blacklist is a list of constituents that are not allowed to have either access or sometimes other privileges on systems

Bot – a bot is a computer that is internet connected and has been permeate with malicious code. This “bot” will possibly do damage by being controlled by a remote administrator.

Critical infrastructure – this term refers to assets such as systems that may be either physical or virtual, that if attacked could have a very negative impact on the economy, public health, security, safety, or the environment.

Data breach – a data breach exists when there is an unauthorized disclosure of information to a party that is not allowed to have access to the information.

Intrusion detection – this is an approach taken to catch if systems have been breached. It includes using processes and systems to see if a violation has happened.

Key – a key is a number that is used for aspects of Cybersecurity such as encryption, signature generation or verification, or alternatively, decryption.

Malware – this is a type of software that infects a system with malicious code to disturb computer operations, gather sensitive information, gain access to private computer systems, or display unwanted advertising.

Passive attack – this is an attack that is carried out consciously but rather than trying to change the system, its resources, its data, or operations, it instead seeks out information of learn from the system it is assaulting.

Virus – this is a computer program that has the ability to self-replicate, without the user of the system that it is operating in having given permission. It can then spread to other computers on the network. (Lehmann 2016, 5-9.)

I interviewed ITC- specialist from the Finnish police. He pointed that with right timed cyberattack could disable important society actions and cause a major crisis for example (stuxnet). The biggest challenge is people. Even there is possible to use many different cryptos or protection software the most vulnerabilities come because of carelessness attitude or unconsciousness. Cybersecurity has developed past years. Individual’s internet behavior has been more on track. This tracking eventually makes “big data” that is used to marketing. This is why big data communication operators have started to invest for good cybersecurity systems and software. Police facing small data break-ins almost every day, but big ones are rare. Attacks cause financial harm, but in some cases, the motive is just to irritate the victim. He also listed things that can expose people to hackers. Weak passwords, indifference, lack of knowledge or interest, outdated software, not thinking twice about what you upload to the internet, accepting scam emails or calls, open WIFIs without VPN, and IoT devices. The last thing he wanted to say was that common thinking is always good and, if you see something on the internet that looks too good to be true, it’s not often true. (Finnish Police, 2021.)

Penetration testing is a big part of cybersecurity. Penetration tests’ task is to create cyberattacks towards computer systems and then evaluate the security of the system. The goal is to find weaknesses, unauthorized parties’ possible access to the system’s features and data. The goal is also to find strengths. The UK National Cyber Security Center described Penetration testing as “A method for gaining assurance in the security of an IT system by attempting to breach some or all of that system’s security, using the same tools and techniques as an adversary might.”  (The UK National Cyber Security Center, 2017.) Penetration testing helping to prepare for cyberattacks. Ongoing tests can avoid big harm.

This topic was interesting and gave me a lot of usable information for the future and how big is cybersecurity’s role today. I haven’t thought about this before. The most important thing I learned, was probably that behind everything is human. Everyone should keep in mind that think twice before the click. Always keep a skeptical and prepared attitude on the internet. I want to highlight one thing I had in my text. If you see something on the internet that looks too good to be true, it’s not often true. Always keep common sense in mind when surfing on the internet. This is probably the best way to avoid getting scammed. This has worked for me quite well during the time I have had mobile devices.

SOURCES

Finnish Police. ICT-specialist. Email interview. Email. Read 4.2.2021

Lehmann, J. 2016. Introduction to Cybersecurity. YOUPublish.

Traficom. Kyberturvallisuus. Read 12.2.2021. https://www.kyberturvallisuuskeskus.fi/fi/

UK National Cyber Security Center. 8.8.2017. Penetration testing. Read 11.2.2021. https://www.ncsc.gov.uk/guidance/penetration-testing

YLE. n.d. British Airwaysille lätkäistiin Britannian historian suurimmat tietomurtosakot – satojentuhansien henkilö- ja luottokorttitietoja vääriin käsiin. Read 11.2.2021. https://yle.fi/uutiset/3-10867469