Basics of Cybersecurity: Threats & Vulnerabilities

Questions and Answers

Which type of attack is characterized by overwhelming a system with excessive traffic?

Denial-of-Service Attack (correct)

Man-in-the-Middle Attack

Supply Chain Attack

Social Engineering Attack

What is one of the main risks associated with social engineering attacks?

Unintentional disclosure of sensitive information (correct)

Degradation of hardware performance

Loss of physical equipment

Inability to detect malware

In which type of attack does malicious input potentially expose sensitive information within a web application?

Supply Chain Attacks

Malware Attacks

Injection Attacks (correct)

Man-in-the-Middle Attacks

Which of the following describes a significant vulnerability created by system misconfigurations?

Vulnerabilities due to incompatible security settings

What primarily enables attackers to exploit systems effectively?

Outdated or unpatched software

Which of the following best describes a supply chain attack?

Infection of legitimate applications without the vendor's knowledge

What is a consequence of a successful Man-in-the-Middle Attack?

Compromising sensitive communications between parties

Which of these is not categorized as a type of malware?

Phishing

What is the primary purpose of a patch management strategy?

To apply recent system updates

Which statement accurately defines the concept of data privacy?

Data privacy focuses on controlling who has access to specific data.

What are zero-day vulnerabilities?

Weaknesses in systems identified by attackers before the user

Which principle supports ensuring users can access data required for business functions?

Data Availability

What challenge is associated with malicious insider threats within an organization?

They often manipulate actions to appear genuine.

Data protection refers to which of the following?

The strategic steps to safeguard sensitive data

How does missing or weak data encryption affect an organization?

It can lead to the exposure of misleading information.

What aspect of data lifecycle management is emphasized in the protection of data?

Automating data transmission to various storage

What primary function does Information Lifecycle Management serve regarding information assets?

Valuating, cataloging, and protecting information assets

Which of the following laws is primarily concerned with safeguarding personal data in the Philippines?

Data Privacy Act of 2012 (RA No. 10173)

What is a key ethical responsibility of cybersecurity professionals?

To follow codes of conduct to maintain integrity

Which act specifically addresses incidents of online sexual abuse or exploitation of children in the Philippines?

Anti-Online Sexual Abuse or Exploitation of Children Act (RA No. 11930)

What potential consequences might organizations face due to security negligence?

Penalties and legal liability

What does ethical hacking require prior to conducting security tests?

Permission from the entity being tested

What should organizations balance when monitoring for security purposes?

Security requirements with privacy rights

What does the Cybercrime Prevention Act of 2012 primarily focus on?

Addressing cybercrime and promoting cybersecurity

What distinguishes Narrow AI from General AI?

General AI can handle complex tasks beyond human capabilities.

Which type of AI is characterized by the inability to store memories or use past experiences in decision-making?

Reactive Machines

Which type of AI is currently not in existence but predicts the potential to understand human emotions?

Theory of Mind

What is a key feature of Limited Memory AI?

It can store and utilize previous data for decision-making.

IBM’s Deep Blue is an example of which type of AI?

Reactive Machines

What is the primary function of Reactive Machines?

To carry out simplistic tasks in real-time

Which of the following applications exemplifies the capabilities of Limited Memory AI?

A self-driving car

What is a notable benefit of using cryptocurrencies over traditional banking systems?

Elimination of third parties

Which of the following is NOT considered a challenge in the use of cryptocurrencies?

Improved accuracy

What characteristic of Self-aware AI is unique compared to other types of AI?

It possesses a form of self-awareness.

What is one of the potential negative implications of the pseudonymous nature of cryptocurrency transactions?

Facilitation of criminal activities

Which financial technology application is specifically designed to help consumers manage their investments automatically?

Robinhood

What characteristic of cryptocurrencies contributes to their price volatility?

High demand coupled with limited supply

In the context of financial technology, which of the following applications is primarily used for peer-to-peer transactions?

Block (Square)

Which of the following statements accurately describes fintech?

It encompasses digital innovations that enhance financial services.

What type of applications do personal finance tools like Mint provide?

Overview of finances and budgeting capabilities

What is the penalty for a person found guilty of section 4(c)(3)?

PhP50,000.00 to PhP250,000.00

Which factor does NOT contribute to the digital divide?

Cultural inclusiveness of digital platforms

What primary advantage of technology in education is mentioned in the context?

Gamified learning and personalized approaches

For which of the following does the penalty increase by one degree according to the regulations?

Section 4(c)(2)

Which statement about the digital divide is true?

It encompasses disparities in access and digital literacy.

What is a common concern raised regarding the legal framework around technology?

Privacy issues surrounding personal data can arise.

What is the purpose of MOOCs like edX and Coursera?

To democratize education and make it accessible globally.

Which aspect is NOT considered an advantage of cybersecurity?

Reduction of the digital divide

Study Notes

Basics of Cybersecurity: Threats and Vulnerabilities

• Cyber threats originate from individuals aiming to steal data or damage systems.
• Malware attacks involve malicious software (viruses, worms, trojans, spyware, ransomware).
• Effects of malware include data collection, network manipulation, and data destruction.
• Social engineering manipulates individuals to provide access for malware.
• Phishing, baiting, pretexting, vishing, smishing, piggybacking, and tailgating are social engineering techniques.
• Supply chain attacks target legitimate applications, potentially infecting software from vendors.
• Man-in-the-Middle attacks intercept communications, eavesdropping or impersonating parties.
• Denial-of-Service attacks overwhelm a system with traffic, hindering functionality.
• HTTP flood DDoS and SYN flood DDoS are denial-of-service techniques.
• Injection attacks insert malicious input into web applications, potentially exposing sensitive information.
• Cross-Site Scripting (XSS) is an example of an injection attack.

Types of Cybersecurity Vulnerabilities

• System misconfigurations can cause security mistakes in network assets.
• Cybercriminals exploit vulnerabilities in security settings to gain access.
• Outdated or unpatched software is easily exploited by attackers.
• Patch management strategies are crucial to ensure systems are updated regularly.
• Missing or weak authorization credentials allow attackers to guess passwords and access systems.
• Malicious insider threats are posed by employees with access to critical systems.
• Missing or poor data encryption makes sensitive data vulnerable to interception.

Data Privacy and Protection

• Data privacy focuses on who can access data, often controlled by the user.
• Data protection is the company's responsibility to ensure data privacy.
• Data privacy guidelines dictate how data should be collected and handled.
• Data protection involves procedural steps to safeguard sensitive data.
• Principles of data protection include data availability, lifecycle management, and information protection.

Legal and Ethical Considerations in Cyber Security

• Compliance with laws like GDPR and CCPA is crucial to protect personal data.
• Protecting intellectual property prevents unauthorized access and ensures rights are respected.
• Legal liability exists for organizations negligent in security.
• Ethical hackers must obtain permission to perform penetration testing and security audits.
• Cybersecurity professionals must comply with codes of conduct to ensure integrity and responsibility.
• Surveillance and monitoring should balance security with privacy rights to inform individuals.

Zero-Day Vulnerabilities

• These are software flaws known to attackers but not yet identified by users.
• Attackers can exploit these vulnerabilities to infiltrate systems undetected.

Incident Reporting Obligations

• Timely reporting of data breaches is mandatory by regulations.
• Laws exist to combat hacking, identity theft, and other cybercrimes.

Cybersecurity Legislation in the Philippines

• Various acts including RA No. 11967, RA No. 8792, RA No. 11930, RA No. 8484, RA No. 9995, RA No. 11934, RA No. 11202, and RA No. 9775 address cybercrimes, and RA No. 10173 addresses data privacy.
• Specific penalties exist for violations depending on the act violated.

IT and Society: Digital Divide

• The digital divide refers to inequalities in access, use, and skills related to information and communication technologies.
• Geographical disparities, economic barriers, education and literacy limitations, and cultural and language barriers contribute to the digital divide.

IT in Education and Learning

• Technology extends beyond online classes to include gamified learning, AI-driven personalization, VR, and data analytics.

Innovations in E-learning

• Massive Open Online Courses (MOOCs) democratize access to education from top institutions.
• Virtual classrooms and collaboration tools enhance accessibility and real-time interaction.
• AI in education personalizes lessons based on individual progress (DreamBox, Khan Academy)

Opportunities

• Digital tools promote inclusivity, allowing students from diverse backgrounds to engage.
• These tools support teacher-student interaction and provide access to global experiences.

Challenges

• Concerns regarding data privacy remain important.
• Digital fatigue and inequality in access are ongoing issues, particularly for lower-income countries.

Impact of IT on Culture and Social Interactions

• Digital communication platforms have reshaped social interactions, leading to increased awareness of global issues, greater connectivity, and more opportunities for self-expression.
• Cyberbullying, misinformation, and polarization are also negative consequences of these platforms.

Emerging Technologies

• Emerging technology is a term generally used to describe a new technology, continuing development of an existing technology, or the varying interpretations of a technology based on its use case.

Artificial Intelligence (AI)

• AI involves developing computers and robots that behave in ways that mimic or surpass human capabilities.
• Narrow or Weak AI carries out specific tasks (e.g., personal assistants).
• General AI is complex and human-like in capabilities (e.g., self-driving cars).
• Reactive machines perceive the world but don't store memory or rely on past experience.
• Limited memory AI has limited memory but gathers data to make decisions.
• Theory of mind and self-aware AI are hypothetical AI types that have not been realized.

AI Benefits and Disadvantages

• AI benefits include automating tasks, solving complex problems, improving customer experiences, accelerating healthcare, and reducing human error.
• Disadvantages include job displacement, bias and discrimination, hallucinations, and privacy and ethical concerns.

AI Applications and Examples

• Applications include healthcare, retail, customer service, manufacturing, finance, and marketing.
• Examples include generative AI tools, smart assistants, self-driving cars, wearables, and visual filters.

Machine Learning (ML)

• Machine learning teaches computers to learn from data without explicit programming.
• Deep learning uses sophisticated neural networks for advanced predictive analytics.
• Categories of ML include supervised, unsupervised, reinforcement, and semi-supervised learning.

ML Benefits and Risks

• Benefits include lower operational costs, improved efficiency, and better insights.
• Risks include job displacement, bias/discrimination, and ethical concerns.

ML Applications

• Applications include speech recognition, customer service, computer vision, recommendation systems, and more.

Big Data

• Big data refers to massive and complex data sets that can't be easily managed using conventional tools.
• Characteristics are often described by the "5 Vs": volume, velocity, variety, veracity, and value.
• Big data benefits include better insights, decision-making, personalization, and efficiency improvements.
• Uses are present in retail, healthcare, financial services, manufacturing, and more.

Data Analytics

• Data analytics involves collecting, organizing, and transforming data to inform decisions.
• Types of data analytics include descriptive, diagnostic, predictive, and prescriptive analytics.

Blockchain Technology

• Blockchain is a decentralized ledger of data shared securely among participants.
• Using cloud services enables easy data integration and sharing of transactional data from multiple sources.
• Prevents alteration and data tampering because data can't be modified without consensus from participants.

Cryptocurrency

• Cryptocurrencies are digital payment systems independent of banks, enabling peer-to-peer transactions without intermediaries.
• Transactions are recorded in a public ledger called a blockchain.
• Cryptocurrency is stored in digital wallets.

Fintech

• Fintech refers to using technology to improve and automate financial services.
• Examples are robo-advisors, investment apps, payment apps, personal finance apps, P2P lending platforms, and crypto apps.
• Insurtech is an example of leveraging technology in the insurance industry.

Description

Test your knowledge on the basics of cybersecurity, focusing on various threats and vulnerabilities. This quiz covers topics such as malware, social engineering techniques, and different types of attacks including DDoS and injection attacks. Prepare to deepen your understanding of how to protect systems from cyber threats.