Cyber Security BCC301

Unit-1
Cybercrime or a computer-oriented crime is a crime that includes a computer and a
network. The computer may have been used in the execution of a crime or it may be the
target. Cybercrime is the use of a computer as a weapon for committing crimes such as
committing fraud, identity theft, or breaching privacy. Cybercrime, especially through
the Internet, has grown in importance as the computer has become central to every field
like commerce, entertainment, and government. Cybercrime may endanger a person or
a nation’s security and financial health. Cybercrime encloses a wide range of activities,
but these can generally be divided into two categories:
1. Crimes that aim at computer networks or devices. These types of crimes
involve different threats (like virus, bugs etc.) and denial-of-service (DoS)
attacks.
2. Crimes that use computer networks to commit other criminal activities. These
types of crimes include cyber stalking, financial fraud or identity theft.

Term Cybercrime
The term cyber has some interesting synonyms: fake, replicated, pretend, imitation,
virtual, computer- generated. Cyber means combining forms relating to Information
Technology, the Internet and Virtual Reality. This term owes its origin to the word
"cybernetics" which deals with information and its use; furthermore, cybernetics is the
science that overlaps the fields of neurophysiology, information theory, computing
machinery and automation. However, beyond this, there does not seem to be any
further connection to the term "cybernetics" as per other sources searched. It is closely
related to control theory and systems theory.
People are curious to know how cybercrimes are planned and how they actually take
place. Worldwide, including India, cyberterrorists usually use computer as a tool, target
or both for their unlawful act to gain information which can result in heavy loss/damage
to the owner of that intangible sensitive information.
One definition that is advocated is, "a crime conducted in which a computer was directly
and significantly instrumental" This definition is not universally accepted. It, however,
initiates further discussion to narrow the scope of the definition for "cybercrime" for
example, we can propose the following alternative definitions of computer crime:

 Any illegal act where a special knowledge of computer technology is essential for
its perpetration, investigation or prosecution.
 Any traditional crime that has acquired a new dimension or order of magnitude
through the aid of a computer, and abuses that have come into being because of
computers.
  Any financial dishonesty that takes place in a computer environment.
 Any threats to the computer itself, such as theft of hardware or software,
sabotage and demands for ransom.

Classification of Cyber Crimes:

1. Cyber Terrorism –
Cyber terrorism is the use of the computer and internet to perform violent
acts that result in loss of life. This may include different type of activities
either by software or hardware for threatening life of citizens.
In general, Cyber terrorism can be defined as an act of terrorism committed
through the use of cyberspace or computer resources.

2. Cyber Extortion –
Cyber extortion occurs when a website, e-mail server or computer system is
subjected to or threatened with repeated denial of service or other attacks by
malicious hackers. These hackers demand huge money in return for assurance
to stop the attacks and to offer protection.

3. Cyber Warfare –
Cyber warfare is the use or targeting in a battle space or warfare context of
computers, online control systems and networks. It involves both offensive
and defensive operations concerning to the threat of cyber attacks, espionage
and sabotage.

4. Internet Fraud –
Internet fraud is a type of fraud or deceit which makes use of the Internet and
could include hiding of information or providing incorrect information for the
purpose of deceiving victims for money or property. Internet fraud is not
considered a single, distinctive crime but covers a range of illegal and illicit
actions that are committed in cyberspace.

5. Cyber Stalking –
This is a kind of online harassment wherein the victim is subjected to a
barrage of online messages and emails. In this case, these stalkers know their
victims and instead of offline stalking, they use the Internet to stalk.
However, if they notice that cyber stalking is not having the desired effect,
they begin offline stalking along with cyber stalking to make the victims’
lives more miserable.
Challenges of Cyber Crime:

1. People are unaware of their cyber rights-

The Cybercrime usually happen with illiterate people around the world who
are unaware about their cyber rights implemented by the government of that
particular country.

2. Anonymity-
Those who Commit cyber crime are anonymous for us so we cannot do
anything to that person.

3. Less numbers of case registered-

Every country in the world faces the challenge of cyber crime and the rate of
cyber crime is increasing day by day because the people who even don’t
register a case of cyber crime and this is major challenge for us as well as for
authorities as well.

4. Mostly committed by well educated people-

Committing a cyber crime is not a cup of tea for every individual. The person
who commits cyber crime is a very technical person so he knows how to
commit the crime and not get caught by the authorities.

5. No harsh punishment-
In Cyber crime there is no harsh punishment in every cases. But there is harsh
punishment in some cases like when somebody commits cyber terrorism in
that case there is harsh punishment for that individual. But in other cases
there is no harsh punishment so this factor also gives encouragement to that
person who commits cyber crime.
Prevention of Cyber Crime:
Below are some points by means of which we can prevent cyber crime:
1. Use strong password –
Maintain different password and username combinations for each account
and resist the temptation to write them down. Weak passwords can be easily
cracked using certain attacking methods like Brute force attack, Rainbow
table attack etc, So make them complex. That means combination of letters,
numbers and special characters.

2. Use trusted antivirus in devices –

Always use trustworthy and highly advanced antivirus software in mobile and
personal computers. This leads to the prevention of different virus attack on
devices.
3. Keep social media private –
Always keep your social media accounts data privacy only to your friends.
Also make sure only to make friends who are known to you.

4. Keep your device software updated –

Whenever you get the updates of the system software update it at the same
time because sometimes the previous version can be easily attacked.

5. Use secure network –

Public Wi-Fi are vulnerable. Avoid conducting financial or corporate
transactions on these networks.

6. Never open attachments in spam emails –

A computer get infected by malware attacks and other forms of cybercrime is
via email attachments in spam emails. Never open an attachment from a
sender you do not know.
7. Software should be updated – Operating system should be updated
regularly when it comes to internet security. This can become a potential
threat when cybercriminals exploit flaws in the system.
How Criminal Plan the Attacks
Criminals use many methods and tools to locate the vulnerabilities of their target. The
target can be an individual and/or an organization.Criminals plan passive and active
attacks.Active attacks are usually used to alter the system, whereas passive attacks
attempt to gain information about the target. Active attacks may affect the availability,
integrity and authenticity of data whereas passive attacks lead to breaches of
confidentiality.
In addition to the active and passive categories, attacks can be categorized as
either inside or outside. An attack originating and/or attempted within the
security, perimeter of an organization is an inside attack. it is usually
attempted by an "insider" who gains access to more resources. than
expected. An outside attack is attempted by a source outside the security
perimeter, maybe attempted by an insider and/or an outsider, who is indirectly
associated with the organization, it is attempted through the Internet or a
remote access connection.
The following phases are involved in planning cybercrime:

1. Reconnaissance (information gathering) is the first phase and is treated

as passive attacks.
2. Scanning and scrutinizing the gathered information for the validity of the
information as well as to identify the existing vulnerabilities.
3. Launching an attack (gaining and maintaining the system access).

1. Reconnaissance
The literal meaning of "Reconnaissance" is an act of reconnoitering- explore,
often with the goal of finding something or somebody (especially to gain
information about an enemy or potential enemy).
In the world of "hacking," reconnaissance phase begins with "Footprinting" -
this is the preparation toward preattack phase, and involves accumulating
data about the target's environment and computer architecture to find ways to
intrude into that environment. Footprinting gives an overview about system
vulnerabilities and provides a judgment about possible exploitation of those
vulnerabilities. The objective of this preparatory phase is to understand the
system, its networking ports and services, and any other aspects of its
security that are needful for launching the attack.
Thus, an attacker attempts to gather information in two phases: passive and
active attacks.
2. Passive Attacks
A passive attack involves gathering information about a target without his/her
(individual's or company's) knowledge. It can be as simple as watching a
building to identify what time employees enter the building's premises.
However, it is usually done using Internet searches or by Googling (i,e.,
searching the required information with the help of search engine Google) an
individual or company to gain information.

1. Google or Yahoo search: People search to locate information about

employees.
2. Surfing online community groups like Orkut/Facebook will prove useful
to gain the information about an individual.
 3. Organization's website may provide a personnel directory or information
about key employees, for example, contact details, E-Mail address, etc.
These can be used in a social engineering attack to reach the target.
4. Blogs, newsgroups, press releases, etc. are generally used as the
mediums to gain information about the company or employees.
5. Going through the job postings in particular job profiles for technical
persons can provide information about type of technology, that is,
servers or infrastructure devices a company maybe using on its
network.

3. Active Attacks
An active attack involves probing the network to discover individual hosts to
confirm the information (IP addresses, operating system type and version, and
services on the network) gathered in the passive attack, phase. It involves the
risk of detection and is also called "Rattling the doorknobs" or "Active
reconnaissance."
Active reconnaissance can provide confirmation to an attacker about security
measures in place,, but the process can also increase the chance of being
caught or raise suspicion.
4. Scanning and Scrutinizing Gathered Information
Scanning is a key step to examine intelligently while gathering information
about the target. The objectives of scanning are as follows:

1. Port scanning: Identify open/close ports and services.

2. Network scanning: Understand IP Addresses and related information
about the computer network systems.
3. Vulnerability scanning: Understand the existing weaknesses in the
system.

The scrutinizing phase is always called "enumeration" in the hacking world.

The objective behind this step is to identify:
1. The valid user accounts or groups;
2. Network resources and/or shared resources
3. OS and different applications that are running on the OS.
5. Attack (Gaining and Maintaining the System Access)
After the scanning and enumeration, the attack is launched using the following
steps:
 1. Crack the password
2. Exploit he password
3. Execute the malicious command/applications;
4. Hide the files (if required);
5. Cover the tracks - delete the access logs, so that there is no trail illicit

Social Engineering – The Art of Virtual Exploitation

Social engineering uses human weakness or psychology to gain access to the system,
data, personal information, etc. It is the art of manipulating people. It doesn’t involve
the use of technical hacking techniques. Attackers use new social engineering practices
because it is usually easier to exploit the victim’s natural inclination to trust. For
example, it is much easier to fool someone to give their password instead of hacking
their password. Sharing too much information on social media can enable attackers to
get a password or extracts a company’s confidential information using the posts by the
employees. This confidential information helped attackers to get the password of victim
accounts.

Purpose
The purpose of social engineering attacks is typically to steal sensitive information,
such as login credentials, credit card numbers, or personal information. Attackers can
use this information for identity theft, financial fraud, or other malicious purposes.
Another purpose of social engineering attacks is to gain unauthorized access to secure
areas or systems. For example, an attacker might use tailgating to follow an authorized
individual into a secure area or use pretexting to convince an individual to give them
access to a restricted system.

Types of Social Engineering

There are many different types of social engineering attacks, each of which uses a
unique approach to exploit human weaknesses and gain access to sensitive information.
Here are some of the types of attacks, include:
 Phishing: Phishing is a type of social engineering attack that involves sending
an email or message that appears to be from a legitimate source, such as a
bank, in an attempt to trick the recipient into revealing their login credentials
or other sensitive information.
  Baiting: Baiting is a type of social engineering attack that involves leaving a
tempting item, such as a USB drive, in a public place in the hope that
someone will pick it up and plug it into their computer. The USB drive is
then used to infect the computer with malware.
 Tailgating: Tailgating is a type of social engineering attack that involves
following an authorized individual into a secure area, such as a building or
data center, without proper authorization.
 Pretexting: Pretexting is a type of social engineering attack that involves
creating a false identity or situation in order to trick an individual into
revealing sensitive information. For example, an attacker might pretend to be
a customer service representative in order to trick an individual into giving
them their login credentials.
 Vishing: Vishing is a type of social engineering attack that involves using
voice phishing, or “vishing,” to trick individuals into revealing sensitive
information over the phone.
 Smishing: Smishing is a type of social engineering attack that involves using
SMS messages to trick individuals into revealing sensitive information or
downloading malware.

Prevention
 Timely monitor online accounts whether they are social media accounts or
bank accounts, to ensure that no unauthorized transactions have been made.
 Check for Email headers in case of any suspecting mail to check its legitimate
source.
 Avoid clicking on links, unknown files, or opening email attachments from
unknown senders.
 Beware of links to online forms that require personal information, even if the
email appears to come from a source. Phishing websites are the same as
legitimate websites in looks.
 Adopt proper security mechanisms such as spam filters, anti-virus software,
and a firewall, and keep all systems updated, with anti-keyloggers.

Cyber Stalking
In Cyber Stalking, a cyber criminal uses the internet to consistently threaten
somebody. This crime is often perpetrated through email, social media, and the other
online medium. Cyber Stalking can even occur in conjunction with the additional
ancient type of stalking, wherever the bad person harasses the victim offline. There’s no
unified legal approach to cyber Stalking, however, several governments have moved
toward creating these practices punishable by law. Social media, blogs, image sharing
sites and lots of different ordinarily used online sharing activities offer cyber Stalkers
with a wealth of data that helps them arrange their harassment. It includes actions like
false accusations, fraud, information destruction, threats to life and manipulation
through threats of exposure. It has stalkers take the assistance of e-mails and other
forms of message applications, messages announce to an online website or a discussion
cluster, typically even the social media to send unwanted messages, and harass a
specific person with unwanted attention. Cyber Stalking is typically cited as internet
stalking, e-stalking or online stalking.
Types of Cyber Stalking:
 Webcam Hijacking: Internet stalkers would attempt to trick you into
downloading and putting in a malware-infected file that may grant them
access to your webcam. the method is therefore sneaky that it’s probably you
wouldn’t suspect anything strange.
 Observing location check-ins on social media: In case you’re adding
location check-ins to your Facebook posts, you’re making it overly simple for
an internet stalker to follow you by just looking through your social media
profiles.
 Catfishing: Catfishing happens via social media sites, for example,
Facebook, when internet stalkers make counterfeit user-profiles and approach
their victims as a companion of a companion.
 Visiting virtually via Google Maps Street View: If a stalker discovers the
victim’s address, then it is not hard to find the area, neighbourhood, and
surroundings by using Street View. Tech-savvy stalkers don’t need that too.
 Installing Stalkerware:One more method which is increasing its popularity
is the use of Stalkerware. It is a kind of software or spyware which keeps
track of the location, enable access to text and browsing history, make an
audio recording, etc. And an important thing is that it runs in the background
without any knowledge to the victim.
 Looking at geotags to track location:Mostly digital pictures contain geotags
which is having information like the time and location of the picture when
shot in the form of metadata. Geotags comes in the EXIF format embedded
into an image and is readable with the help of special apps. In this way, the
stalker keeps an eye on the victim and gets the information about their
whereabouts.
Protective Measures:
 Develop the habit of logging out of the PC when not in use.
 Remove any future events you’re close to attending from the social networks
if they’re recorded on online approaching events and calendars.
 Set strong and distinctive passwords for your online accounts.
 Cyber Stalkers can exploit the low security of public Wi-Fi networks to
snoop on your online activity. Therefore, avoid sending personal emails or
sharing your sensitive info when connected to an unsecured public Wi-Fi.
  Make use of the privacy settings provided by the social networking sites and
keep all info restricted to the nearest of friends.
 Do a daily search on the internet to search out what information is accessible
regarding you for the public to check.

Types of Cyber Criminals:

Cyber crime is taken very seriously by law enforcement. In the early long periods of
the cyber security world, the standard cyber criminals were teenagers or hobbyists in
operation from a home laptop, with attacks principally restricted to pranks and
malicious mischief. Today, the planet of the cyber criminals has become a lot of
dangerous. Attackers are individuals or teams who attempt to exploit vulnerabilities for
personal or financial gain.
Types of Cyber Criminals:
1. Hackers: The term hacker may refer to anyone with technical skills, however, it
typically refers to an individual who uses his or her skills to achieve unauthorized
access to systems or networks so as to commit crimes. The intent of the burglary
determines the classification of those attackers as white, grey, or black hats. White hat
attackers burgled networks or PC systems to get weaknesses so as to boost the
protection of those systems. The owners of the system offer permission to perform the
burglary, and they receive the results of the take a look at. On the opposite hand, black
hat attackers make the most of any vulnerability for embezzled personal, monetary or
political gain. Grey hat attackers are somewhere between white and black hat attackers.
Grey hat attackers could notice a vulnerability and report it to the owners of the system
if that action coincides with their agenda.
 (a). White Hat Hackers – These hackers utilize their programming aptitudes
for a good and lawful reason. These hackers may perform network
penetration tests in an attempt to compromise networks to discover network
vulnerabilities. Security vulnerabilities are then reported to developers to fix
them and these hackers can also work together as a blue team. They always
use the limited amount of resources which are ethical and provided by the
company, they basically perform pentesting only to check the security of the
company from external sources.
 (b). Gray Hat Hackers – These hackers carry out violations and do
seemingly deceptive things however not for individual addition or to cause
harm. These hackers may disclose a vulnerability to the affected organization
after having compromised their network and they may exploit it .
 (c). Black Hat Hackers – These hackers are unethical criminals who violate
network security for personal gain. They misuse vulnerabilities to bargain PC
frameworks. theses hackers always exploit the information or any data they
got from the unethical pentesting of the network.
2. Organized Hackers: These criminals embody organizations of cyber criminals,
hacktivists, terrorists, and state-sponsored hackers. Cyber criminals are typically teams
of skilled criminals targeted on control, power, and wealth. These criminals are
extremely subtle and organized, and should even give crime as a service. These
attackers are usually profoundly prepared and well-funded.
3. Internet stalkers: Internet stalkers are people who maliciously monitor the web
activity of their victims to acquire personal data. This type of cyber crime is conducted
through the use of social networking platforms and malware, that are able to track an
individual’s PC activity with little or no detection.
4. Disgruntled Employees: Disgruntled employees become hackers with a particular
motive and also commit cyber crimes. It is hard to believe that dissatisfied employees
can become such malicious hackers. In the previous time, they had the only option of
going on strike against employers. But with the advancement of technology there is
increased in work on computers and the automation of processes, it is simple for
disgruntled employees to do more damage to their employers and organization by
committing cyber crimes. The attacks by such employees brings the entire system
down. Please refer for: Cyber Law (IT Law) in India

WHAT IS MEANING OF CYBER CRIME

AND CYBER CAFE…
In February 2009 survey, 90% of the audience across eight cities and 3500 cafes
were male and in the age group of 15-35 years.
52% were graduates and postgraduates.
Almost 50% were students.
In India, cybercafes are known to be used for either real or false terrorist
communication.

Cybercafe hold two types of risks :

1. We do not know what programs are installed on the computer like keyloggers or
spyware.
2. Over the shoulder peeping can enable others to find out your passwords.

Cyber criminals prefer cybercafes to carry out their activities.

A recent survey conducted in one of the metropolitan cities in India reveals the
following facts :
1.Pirated software are installed in all the computers.
2.Antivirus was not updated with latest patch.
3.Several cybercafes has installed “Deep Freeze” to protect computer which helps
cyber criminals.
4.Annual Maintenance Contract (AMC) was not found for servicing of the
computer.
5.Pornographical websites were not blocked.
6.Cybercafe owner have very less awareness about IT security.
7.Cybercafe association or State Police do not seem to conduct periodic visits to
cybercafe.

SECURITY TIPS FOR CYBER CAFE….

Always Logout–While checking email or logging in for chatting, always click
logout/sign out.
Stay with the computer–While surfing, don’t leave the system unatteneded for
any period of time.
Clear history and temporary files–Before browsing
deselect AutoComplete option. Browser -> Tools -> Internet options -> Content
tab.–Tools -> Internet Option -> General Tab -> Temporary Internet Files ->
Delete files and then Delete Cookies.
Avoid online financial transactions–One should avoid online banking, shopping,
etc.–Don’t provide sensitive information such as credit card number or bank
account details.
Change Passwords / Virtual Keyboard–Change password after completion of
transaction.
Be alert–One have to be alert for snooping over the shoulder.

Need for Regulation of Cyber Cafe in India

The regulation of cyber cafes in India is essential for several reasons, as the internet and cyber
cafes can be misused for illegal activities or pose potential threats to individuals’ privacy and
security. Here are some key reasons for the need for regulation:

1. Prevent Cybercrime:
Cyber cafes can be misused by criminals to carry out illegal activities, such as hacking,
cyberbullying, online fraud, identity theft, and distribution of illegal content. Regulations can
help enforce stricter measures to deter cybercriminals from using cyber cafes as a platform for
their activities.

2. Child Safety and Protection:

Unregulated cyber cafes may inadvertently expose children to harmful and age-inappropriate
content. By implementing regulations, authorities can enforce content filtering and age
verification measures to protect minors from accessing harmful online material.

3. Data Protection and Privacy:

Cyber cafes handle sensitive information belonging to their customers. Proper regulations can
mandate data protection and privacy practices to ensure that customer data is handled securely
and not misused or leaked.

4. Intellectual Property Rights (IPR) Protection:

Without regulation, cyber cafes might facilitate the illegal sharing and downloading of
copyrighted content, leading to infringement of intellectual property rights. Regulation can help
enforce copyright laws and discourage piracy.

5. Network Security and Safety:

Unregulated cyber cafes may lack adequate network security measures, making them vulnerable
to hacking or cyberattacks. Regulations can set minimum security standards that cyber cafes
must adhere to, thereby protecting both the cafe and its customers from cyber threats.
Attack vectors
An attack vector, or threat vector, is a way for attackers to enter a network or
system. Common attack vectors include social engineering attacks, credential
theft, vulnerability exploits, and insufficient protection against insider threats.
A major part of information security is closing off attack vectors whenever
possible.

Suppose a security firm is tasked with guarding a rare painting that hangs in a
museum. There are a number of ways that a thief could enter and exit the
museum — front doors, back doors, elevators, and windows. A thief could
enter the museum in some other way too, perhaps by posing as a member of
the museum's staff. All of these methods represent attack vectors, and the
security firm may try to eliminate them by placing security guards at all doors,
putting locks on windows, and regularly screening museum staff to confirm
their identity.
Similarly, digital systems all have areas attackers can use as entry points.
Because modern computing systems and application environments are so
complex, closing off all attack vectors is typically not possible. But strong
security practices and safeguards can eliminate most attack vectors, making it
far more difficult for attackers to find and use them.

What are some of the most common

attack vectors?
Phishing: Phishing involves stealing data, such as a user's password, that an
attacker can use to break into a network. Attackers gain access to this data by
tricking the victim into revealing it. Phishing remains one of the most
commonly used attack vectors — many ransomware attacks, for instance, start
with a phishing campaign against the victim organization.

Email attachments: One of the most common attack vectors, email

attachments can contain malicious code that executes after a user opens the
file. In recent years, multiple major ransomware attacks have used this threat
vector, including Ryuk attacks.

Account takeover: Attackers can use a number of different methods to take

over a legitimate user's account. They can steal a user's credentials (username
and password) via phishing attack, brute force attack, or purchasing them on
the underground market. Attackers can also try to intercept and use a
session cookie to impersonate the user to a web application.

Lack of encryption: Unencrypted data can be viewed by anyone who has

access to it. It can be intercepted in transit between networks, as in an on-path
attack, or simply viewed inadvertently by an intermediary along the network
path.
Insider threats: An insider threat is when a known and trusted user accesses
and distributes confidential data, or enables an attacker to do the same. Such
occurrences can be either intentional or accidental on the part of the user.
External attackers can try to create insider threats by contacting insiders
directly and asking, bribing, tricking, or threatening them into providing
access. Sometimes malicious insiders act of their own accord, out of
dissatisfaction with their organization or for some other reason.

Vulnerability exploits: A vulnerability is a flaw in software or hardware —

think of it as being like a lock that does not work properly, enabling a thief
who knows where the faulty lock is to enter a secured building. When an
attacker successfully uses a vulnerability to enter a system, this is called a
vulnerability "exploit." Applying the software or hardware vendor's updates
can fix most vulnerabilities. But some vulnerabilities are "zero-day"
vulnerabilities — unknown vulnerabilities for which there is no known fix.

Browser-based attacks: To display webpages, Internet browsers load and

execute code they receive from remote servers. Attackers can inject malicious
code into a website or direct users to a fake website, tricking the browser into
executing code that downloads malware or otherwise compromises user
devices. With cloud computing, employees often access data and applications
solely through their Internet browser, making this threat vector of particular
concern.

Application compromise: Instead of going after user accounts directly, an

attacker may aim to infect a trusted third-party application with malware. Or
they could create a fake, malicious application that users unknowingly
download and install (a common attack vector for mobile devices).

Open ports: A port is a virtual entryway into a device. Ports help computers
and servers associate network traffic with a given application or process. Ports
that are not in use should be closed. Attackers can send specially crafted
messages to open ports to try to compromise the system, just as a car thief
might try opening doors to see if any are unlocked.

How can an organization secure its

attack vectors?
There is no way to eliminate attack vectors altogether. But these approaches
can help stop both internal and external attacks.

 Good security practices: Many attacks succeed due to user error:

users fall for phishing attacks, open malicious email attachments, or
provide access to an unauthorized person. Training users to avoid
these errors can go a long way toward eliminating several major
attack vectors.

 Encryption: Encrypting data in transit prevents it from being

exposed to any intermediary parties.

 Browser isolation: This technology moves the process of loading and

executing untrusted code to a location outside of an organization's
secured network. Browser isolation can even help eliminate the
threat of zero-day attacks, at least in the browser.

 Patching vulnerabilities: A large number of attacks occur because

an organization has not patched a vulnerability. Patching
vulnerabilities and regularly updating software and hardware vastly
reduces the chances of a successful vulnerability exploit.

 Secure access service edge (SASE): As reliance on the cloud has

changed corporate computing models, many organizations find their
networking and security models need to change as well. Secure
access service edge (SASE) is one method of integrating networking
and security. SASE includes a number of security safeguards that
close off the attack vectors described above — learn more about
SASE.