The A to Zs of cybersecurity

A - Authentication
 

Authentication is the process of verifying the identity of a user or system. With data breaches becoming commonplace, passwords can be easily stolen, necessitating stronger methods of authentication.

 

For example, two-factor authentication (2FA) provides an extra layer of security even if your password is compromised. It blocks unauthorised access by requiring a second verification step, such as a code sent to a mobile device.

 

While effective, 2FA is not infallible, cyber criminals can sometimes overcome it using malicious software or social engineering¹. Always stay vigilant and consider using multi-factor authentication (MFA) with additional security measures.

 

B - Behavioural Biometrics
 

Unlike traditional biometrics, which rely on physical traits such as fingerprints or facial features, behavioural biometrics focus on actions such as typing rhythm, mouse movements, swiping patterns, and even how a user holds a device. 

 

These behavioural patterns are difficult for attackers to replicate, making this method a robust additional layer of protection. This also makes behavioural biometrics a potentially crucial part of financial cyber security². 

 

C - Contextual Authentication
 

With passwords becoming increasingly outdated, contextual authentication offers a more dynamic and secure approach to verifying user identities. 

 

This method considers various contextual factors during the authentication process, such as the user's location, the device being used, the time of access, and even the type of network connection. 

 

Analysing these additional data points allows contextual authentication to determine whether a login attempt is legitimate or potentially fraudulent. 

 

D - Data Breach

A data breach occurs when unauthorised individuals gain access to an individual or organisation’s confidential data. From here, this often results in significant financial and reputational damage.

 

It is estimated that in the financial sector alone, a single data breach incurs costs of 5.9 million U.S. dollars on average³. Additionally an incident in January 2024 dubbed “the mother of all breaches (MOAB)” caused about 12 terabytes of sensitive data being leaked and stolen⁴.

 

E - Encryption

Known as the process of transforming data into an unreadable format to prevent unauthorised access. There are various types of encryption, such as symmetric and asymmetric encryption, each with different applications. 

 

Symmetric encryption⁵ uses the same key for both encryption and decryption, while asymmetric encryption⁶ uses a pair of keys — a public key for encryption and a private key for decryption. 

 

F - Firewall

Firewalls act as a barrier between your internal network and external sources, controlling incoming and outgoing traffic based on predetermined security rules. A firewall can be hardware-based, software-based, or a combination of both. 

 

They are the first line of defence in preventing unauthorised access and protecting against various cyber threats. By monitoring and filtering network traffic, firewalls help to block malicious activity, ensuring that only legitimate traffic is allowed to pass through.

 

G - Governance in cyber security

Governance in cyber security⁷ refers to the frameworks, policies, and procedures that ensure an organisation’s information security measures are effective, compliant, and aligned with its objectives. 

 

Effective cyber security governance involves establishing clear roles and responsibilities, setting security policies, and implementing controls to manage risks.

 

H - Hacking

One of the most commonly heard terms in cyber security, hacking is actually a catch-all phrase referring to the unauthorised intrusion into computer systems, networks, or devices.

 

In the early days, hacking was a term used to describe enthusiasts devising new ways to make use of computers and software. 

 

Today, it involves a wide range of activities, from exploiting software vulnerabilities to manipulating human psychology through social engineering, all aimed at breaching security defences.

 

I - Internet of Things (IoT)

IoT refers to the interconnected network of everyday devices — such as smart home appliances, wearable technology, and industrial sensors—that communicate and share data over the internet. 

 

While IoT offers significant benefits in terms of convenience and efficiency, it also presents unique security challenges. Each connected device can serve as a potential entry point for cyber criminals if not properly secured.

 

IoT devices often come with weak default passwords and lack regular software updates, making them vulnerable to hacking. Moreover, the sheer number and diversity of IoT devices complicate security management. Attackers can exploit these weaknesses to gain unauthorised access, disrupt services, or steal sensitive data.

 

J - JSON Web Tokens (JWT)

JSON (JavaScript Object Notation) is a lightweight data interchange format that is easy for humans to read and write, and easy for machines to parse and generate. It is often used to transmit data between a server and a web application.

 

JSON Web Tokens (JWT) are a compact and self-contained way of securely transmitting information between parties as a JSON object. They are widely used for authentication and information exchange in web applications. A JWT typically consists of three parts: a header, a payload, and a signature, which together ensure the integrity and authenticity of the data.

 

JWTs are particularly useful in stateless authentication systems, where the server does not need to store session information. Instead, all the necessary data is embedded within the token itself. This reduces server load and allows for scalable, efficient authentication processes.

 

K - Keyloggers

One of the oldest forms of malware, keyloggers are malicious software designed to record keystrokes made by a user on their keyboard. This information is then sent to the attacker, who can use it to steal sensitive information such as passwords, credit card numbers, and other personal data. 

 

Keyloggers can be installed through phishing emails, malicious downloads, or by exploiting vulnerabilities in software. The main threat posed by keyloggers is their ability to capture everything typed by the user, including login credentials and other confidential information. 

 

L - Living off the Land (LotL) cyber attacks

In response to improved antivirus software and tighter security measures, criminals have resorted to what is known as Living off the Land (LotL) cyber attacks. These types of attacks involve the use of legitimate software and tools already present in the target environment to carry out malicious activities.

 

What makes LotL attacks worrisome is the fact that they are difficult to detect as they blend in with normal system operations. For example, attackers might use tools like PowerShell, Windows Management Instrumentation (WMI), or remote desktop protocols to move laterally across the network, escalate privileges, and exfiltrate data.

 

M - Malware

Malware, short for malicious software, refers to any software intentionally designed to cause damage to a computer, server, client, or network. Types of malware include viruses, worms, ransomware, spyware, and trojans, each with unique characteristics and threat mechanisms.

 

It often spreads through email attachments, malicious websites, or exploited vulnerabilities in software. Once installed, malware can perform a variety of harmful actions, such as logging keystrokes, encrypting files for ransom, or spreading to other devices on the network.

 

One of the best defences against malware is comprehensive cyber security education. By educating employees about the risks and signs of malware, organisations can significantly reduce the likelihood of infection. 

 

Singtel's cyber security education programme offers training and resources to help businesses and their staff stay informed about the latest threats and best practices for preventing malware attacks.

 

N - Network Security

Network security involves protecting the integrity, confidentiality, and availability of data as it is transmitted across or accessed. It encompasses a variety of technologies, devices, and processes designed to defend against cyber threats such as unauthorised access, data breaches, and other malicious activities.

 

Effective network security includes implementing firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS) to monitor and control incoming and outgoing network traffic. 

 

Encryption protocols ensure that data transmitted over the network remains secure and unreadable to unauthorised parties. Additionally, secure access controls, such as VPNs and multi-factor authentication (MFA), help verify the identity of users accessing the network.

 

O - One-Time Password (OTP)

A One-Time Password (OTP) is a unique, temporary code that can be used for a single login session or transaction. 

 

OTPasswords add an extra layer of security to the authentication process by ensuring that a password can only be used once and is valid for a limited time. This makes it much more difficult for attackers to gain unauthorised access, even if they manage to intercept or steal the password.

 

OTPs are typically delivered via SMS, email, or through an authenticator app, and are often used in conjunction with traditional passwords in two-factor authentication (2FA) setups.

 

P - Phishing

Phishing is a deceptive practice where attackers impersonate trusted entities to trick individuals into revealing sensitive information, such as login credentials, financial details, or personal data. These attacks are typically carried out through emails, social media messages, or fraudulent websites that appear legitimate.

 

Phishing schemes often lure victims by creating a sense of urgency or fear, prompting them to click on malicious links or download infected attachments. Because of this, phishing is also commonly used to overcome two-factor authentication (2FA)⁸ by tricking users into providing the secondary authentication code.

 

To combat social engineering attacks, Singtel offers SingVerify, which includes the Number Verify API and Device Location API. 

 

The Number Verify API matches phone numbers with registered account details, ensuring that even if a user enters login or OTP details on a phishing platform, the bad actor cannot access the account because the phone number and device do not match Singtel's records. 

 

The Device Location API checks whether log-in attempts are made on the correct network in the correct country, blocking access if the device is not where it should be.

 

Q - Quantum Computing

Quantum computing has the potential to enhance cyber security by solving complex problems quickly, improving encryption algorithms, and strengthening data protection methods. 

 

Simultaneously, it poses a significant threat to current cryptographic systems. Many of the encryption techniques used today, such as RSA and ECC, could be broken by a sufficiently powerful quantum computer, rendering them obsolete.

 

To address these emerging threats, Singtel’s Quantum Safe Network (QSN) is designed to protect against potential threats from quantum computers. It does this by ensuring the secrecy of encryption keys and using cryptographic techniques resistant to quantum attacks. 

 

This includes quantum key distribution and post-quantum cryptography. Preparing for the advent of quantum computing by adopting such technologies will be crucial for safeguarding sensitive information in the future.

 

R - Ransomware

Ransomware is a type of malicious software designed to block access to a computer system or data until a ransom is paid. Attackers typically encrypt the victim’s data and demand payment, often in cryptocurrency, in exchange for the decryption key. 

 

Major ransomware incidents have made headlines in recent years. For example, the WannaCry attack in 2017⁹ affected hundreds of thousands of computers worldwide, including critical infrastructure like hospitals. Another notable incident is the 2021 Colonial Pipeline attack¹⁰, which led to fuel shortages across the eastern United States.

 

S - Social Engineering

Social engineering is a method used by cyber criminals to manipulate individuals into revealing confidential information or performing actions that compromise security. Instead of exploiting technical vulnerabilities, attackers rely on psychological manipulation, deception, and trickery to achieve their goals.

 

Common forms of social engineering attacks include pretexting, where attackers fabricate a scenario to obtain sensitive information i.e. impersonating a major customer or a figure in authority. Additionally, there’s also baiting, where victims are enticed with offers or promises to reveal their credentials or download malware.

 

T - Threat Intelligence

Effective threat intelligence provides insights into the latest attack vectors, vulnerabilities, and threat actors, allowing organisations to stay ahead of cyber criminals. Intelligence sources can come from various channels, including threat feeds, security forums, and collaboration with other organisations. 

 

Singtel’s Managed Threat Detection and Response (MDR) services is one example of threat intelligence in action. The service integrates multiple clouds, endpoints, and on-premises devices to provide advanced visibility and protection from threats.

 

In addition, Singtel’s MDR service takes a proactive stance on intelligence gathering by using skilled cyber experts to actively search for potential security breaches and hazards.

 

U - URL Filtering

URL filtering is a cyber security measure that controls access to websites by allowing or blocking specific URLs based on predefined security policies. It is commonly used on corporate networks to reduce the risk of malware infections, phishing attacks, and other online threats.

 

It works by categorising websites into various categories, such as gambling, adult content, or known malicious sites. When a user attempts to access a restricted address, the filtering system checks the URL against its database and either allows or blocks access based on the established policies. 

 

V - VPNs (Virtual Private Networks)

VPNs are a type of service that create a secure, encrypted connection over a less secure network, such as the internet. VPNs are commonly used to protect sensitive data, maintain privacy, and ensure secure communications for remote workers and businesses.

 

They work by routing internet traffic through a secure server, where it is encrypted before transmission. This hides the user’s IP address and makes it appear as though they are accessing the internet from the location of the VPN server, which is called IP masking or spoofing. 

 

Besides allowing a user to bypass geo-restrictions, VPNs reduce the risk of eavesdropping, man-in-the-middle attacks, and other cyber threats¹¹. For this reason, businesses with remote employees commonly use VPNs to provide remote employees with secure access to the company’s internal network and resources.

 

W - Wi-Fi Security

Wi-Fi security refers to the measures taken to protect wireless networks from unauthorised access and cyber threats. It works by implementing protocols and encryption standards to secure wireless communication between a device and the network. 

 

Common security protocols include WPA2 (Wi-Fi Protected Access 2) and the more recent WPA3. These protocols encrypt data to prevent eavesdropping and unauthorised access.

 

X - XSS (Cross-Site Scripting)

XSS is a type of security vulnerability commonly found in web applications. It allows attackers to inject malicious scripts into web pages viewed by other users..

 

When an attacker successfully injects a malicious script, the script runs in the user's browser as if it were part of the legitimate website. This can lead to unauthorised actions being performed on behalf of the user without their knowledge.

 

To prevent XSS attacks, developers should implement input validation and output encoding which ensures that data entered by users is properly sanitised and does not contain executable scripts. 

 

Additionally, using security headers like Content Security Policy (CSP) can help mitigate the risk of XSS by restricting the sources from which scripts can be loaded.

 

Y - YARA Rules

YARA (Yet Another Recursive Acronym) rules are a tool used for identifying and classifying malware based on specific patterns¹². 

 

They are widely employed by security researchers and professionals to detect and analyse malware by creating descriptions of malware families based on textual or binary patterns.

 

When patterns found in malware are detected in a file, the YARA engine can identify it as a potential threat. This helps in quickly identifying malware and responding to security incidents.
 

 

Z - Zero Trust Model
 

The Zero Trust security model is an approach to cyber security that assumes no entity, whether inside or outside the network, can be trusted by default¹³. 

 

In the Zero Trust model, every access attempt is treated as potentially malicious. Because of this, it focuses on verifying every access request and continuously monitoring and validating user activity.

 

This means enforcing strict identity verification, using multi-factor authentication (MFA), and applying the principle of least privilege to limit access rights. 

 

Staying informed and proactive is essential in the fight against cyber crime. Regularly updating your knowledge and security measures will help you stay ahead of emerging threats and ensure that your defences remain robust. 

 

By understanding the key concepts and best practices outlined in this guide, you can better protect your organisation and personal data from a myriad of cyber threats. 

 

For more support and advanced solutions, consider exploring Singtel’s comprehensive suite of cyber security services to enhance your protection strategy, or speak to us to find out more.