Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks
Uploaded by Marlon Maddara

Cybersecurity: The Need for Protection

advertisement 
CHAPTER 1:
The Need for
Cybersecurity
Introduction to Cybersecurity v2.1
Chapter 1: The Need for Cybersecurity
Today's Presentation
POINTS OF DISCUSSION
1.1 Personal Data
1.2 Organizational Data
1.3 Attackers and Cybersecurity Professionals
1.4 Cyberwarfare
Chapter 1: The Need for Cybersecurity
Learning Objectives
1.1 Define personal data.
Identify the types of personal data.
Explain the value of personal data.
1.2 Define organizational data.
Identify the types of organizational data.
Explain the value of organizational data.
1.3 Describe the characteristics of attackers and cybersecurity professionals.
Explain the motives of cybercriminals.
Discuss the role of cybersecurity professionals.
1.4 Define cyberwarfare
Explain the purpose of cyberwarfare
Chapter 1: The Need for Cybersecurity
Introduction
CYBERSECURITY
The subset of information security that
addresses information and information
systems that store and process data in
electronic form.
CYBERSPACE
The notional environment in which
communication over computer networks
occurs.
Chapter 1: The Need for Cybersecurity
Introduction
OFFLINE IDENTITY
Your identity in the physical world.
ONLINE IDENTITY
or Internet Identity is the identity that an
internet user establishes in online communities
and websites. Only a limited amount of
information should be revealed about you.
Chapter 1: The Need for Cybersecurity
1.1 Personal Data
Chapter 1: The Need for Cybersecurity
Personal Data
Personal data is any information that is
related to an identified or identifiable
natural person.
Medical Records
Electronic Health Records (EHR)
Prescriptions
Educational Records
Grades, test scores, courses, awards, and degrees
Employment and Financial Records
Income and expenditure
Tax records
Employment history and performance
How is data stored?
PHYSICAL
DIGITAL
Data may be stored in a
variety of non-electronic
forms including paper
documents, artworks,
photographs, computer
printouts.
Hard or floppy disks, CDROMs, tapes, drives, cloud
storage devices
Chapter 1: The Need for Cybersecurity
Personal Data as a
Target
Billions of records of personal information are stolen
every year in data breaches.
Why do criminals want your data?
To sell it to other criminals on the dark web
Identity theft
ex. file a fake tax return, obtain loans, open
credit card accounts
Phishing and extortion
To harm companies
Chapter 1: The Need for Cybersecurity
Personal Data as a
Target
Billions of records of personal information are stolen
every year in data breaches.
How do criminals get your money?
Online Credentials
Creative Schemes
ex. Tricking you into wiring money to friends or
family
Chapter 1: The Need for Cybersecurity
1.2 Organizational Data
Chapter 1: The Need for Cybersecurity
Organizational Data
Organizational data describe central
characteristics of organizations, their
internal structures and processes as well
as their behavior as corporate actors in
different social and economic contexts.
Types of Organizational Data
Traditional Data
Big Data
Chapter 1: The Need for Cybersecurity
Organizational Data
Types of Organizational Data
Traditional Data
Personnel - information about current and
former employees, contractors, partners
ex. payroll, employee agreements, offer letter,
application materials
Intellectual - intangible assets
ex. patents, trademarks, product plans, trade
secrets
Financial - information related to the financial
health of a business
ex. income statements, balance sheets,
cashflow statements
Chapter 1: The Need for Cybersecurity
Organizational Data
Types of Organizational Data
Big Data
IoT (Internet of Things) - describes physical
objects that connect and exchange data with
other devices and systems over the internet or
other communications networks.
Traditional
Data
Generated in enterprise level
Volume ranges from
Gigabytes to Terabytes.
Traditional database system
deals with structured data.
Traditional data is generated
per hour or per day or more.
Big Data
Generated outside enterprise
level.
Volume ranges from
Petabytes to Zettabytes or
Exabytes.
Big data system deals with
structured, semi-structured
and unstructured data.
Big data is generated more
frequently mainly per
seconds.
Chapter 1: The Need for Cybersecurity
Security Breach
Any incident that results in unauthorized
access to computer data, applications,
networks or devices.
The Consequences of Security Breaches
Financial Loss
Reputational Damage
Operational Downtime
Legal Action
Loss of Sensitive Data
Chapter 1: The Need for Cybersecurity
Security Breach
Example 1. LastPass, An online password
manager
On June 15, 2015, LastPass posted a blog post
indicating that the LastPass team had
discovered and halted suspicious activity on
their network.
Account email addresses, password reminders,
server per user salts, and authentication hashes
were compromised.
Chapter 1: The Need for Cybersecurity
Security Breach
Example 2. QRS, Inc., A health IT and EHR
software company
QRS began notifying its clients of a cyberattack
that exposed the PII and PHI of nearly 320,000
individuals. The attack occurred between August
23 and August 26, 2021, when a hacker accessed
one QRS dedicated patient portal server.
names, birth dates, addresses, social security
numbers, portal usernames, medical treatment
and diagnosis information, and patient
identification numbers were stolen.
Chapter 1: The Need for Cybersecurity
1.3 Attackers and
Cybersecurity Professionals
Chapter 1: The Need for Cybersecurity
Cyber attackers
Types of cyber attackers
Script Kiddies
Amateur hackers with little to no skill
Use hacking tools found on the internet
Hackers
Have skill and experience to break into computers to gain
access
White hats - ethical hackers who help the government and
organizations by performing penetration testing and
identifying loopholes in their cybersecurity.
Gray hats - hackers who compromise systems without
permission
Black hats - hackers who take advantage of any
vulnerability for illegal personal, financial or political gain
Chapter 1: The Need for Cybersecurity
Cyber attackers
Types of cyber attackers
Hackers (cont'd)
Green hats - newbies who have a desire to become fullblown hackers and are very curious to learn.
Blue hats - another form of novice hackers whose main
agenda is to take revenge on anyone who makes them
angry.
Red hats - hackers who halt the acts of black hat hackers.
They are ruthless when it comes to dealing with black hat
hackers.
Organized Hackers
Networks of cyber criminals who work in collaboration to
pull off massive heists over the internet.
Chapter 1: The Need for Cybersecurity
Cyber attackers
Internal and External Threats
Internal Security Threats
Insiders
Can intentionally or unintentionally cause great damage
to the system
Mishandle confidential data
Accidentally invite malware onto the network through
malicious email or websites
Facilitate outside attacks by connecting infected USB
media into the corporate computer system
External Security Threats
Amateurs, hackers, organized hackers
Exploit vulnerabilities in network or computing devices
Chapter 1: The Need for Cybersecurity
1.4 Cyberwarfare
Chapter 1: The Need for Cybersecurity
Cyberwarfare
Involves the actions by a nation-state or
international organization to attack and
attempt to damage another nation's
computers or information networks
The Purpose of Cyberwarfare
To gain advantage over adversaries, nations, or
competitors
To sabotage the infrastructure of nations
To blackmail governmental personnel
To affect the citizens’ faith in their government
and their ability to protect them
Chapter 1: The Need for Cybersecurity
Cyberwarfare
Types of Cyberwarfare attacks
Espionage - use of botnets and spear phishing attacks to
compromise sensitive computer systems before exfiltrating
sensitive information.
Distributed denial-of-service (DDoS) attacks - prevent legitimate
users from accessing targeted computer networks or devices
Propaganda or disinformation campaigns - used to expose
embarrassing truths, spread lies to make people lose trust in
their country, or side with their enemies.
Viruses, phishing, computer worms and malware
Chapter 1: The Need for Cybersecurity
Cyberwarfare
Examples
Stuxnet Virus - a worm that attacked the Iranian nuclear
program. It is among the most sophisticated cyber attacks in
history. According to most reports, the attack seriously
damaged Iran’s ability to manufacture nuclear weapons.
Fancy Bear - the Russian organized cybercrime group Fancy
Bear targeted Ukrainian rocket forces and artillery between
2014 and 2016. The malware was spread via an infected
Android application used by the D-30 Howitzer artillery unit
to manage targeting data.
Chapter 1: The Need for Cybersecurity
END
Related documents
Computer Networks 2 – Assignment
Computer Networks 2 – Assignment
BomberJacket Networks - Andover Cybersecurity and IT Support
BomberJacket Networks - Andover Cybersecurity and IT Support
Download
advertisement