Cybersecurity Threats Overview

Questions and Answers

What defines a data breach in the context of cybersecurity?

• The unauthorized alteration of software settings
• The leak or spill of sensitive data from a secure to an insecure environment (correct)
• The installation of malware on a user's device
• The use of removable media in a secure environment

Which of the following describes removable media as a cyber threat?

• It can only transfer data without any risk of infection
• It is always used in a secure environment
• It can be intentionally or unwittingly connected to computers, leading to malware infection (correct)
• It is immune to physical theft

What happens when software vulnerabilities remain unpatched?

• They enhance user data privacy
• They improve system performance
• They create stronger security measures
• They enable unauthorized users to access networks and systems (correct)

What is the primary goal of phishing attacks?

To steal usernames and passwords (C)

Which of the following best describes a Distributed Denial of Service (DDoS) attack?

An overwhelming amount of traffic directed at a system to make it inaccessible (D)

Which scenario exemplifies negligence as a cyber threat?

An employee forgetting to log out from a secure account (D)

What tactic is used in pretexting during social engineering attacks?

Creating a believable scenario to gain access to information (C)

Which type of insider threat involves an employee stealing data for personal gain?

Malicious Intent (A)

What common goal do phishing attacks aim to achieve?

Steal sensitive information (D)

How do viruses spread compared to worms?

Viruses can attach themselves to other files (C)

Which type of malware disguises itself as legitimate software?

Trojan (B)

What is a primary impact of ransomware attacks?

Data encryption with payment demands (A)

What is the role of a botnet in DDoS attacks?

To flood the target with traffic (D)

What is essential to protect against malware threats?

Installing antivirus software (D)

Which practice helps protect sensitive information from cybersecurity threats?

Educating employees about threats (A)

What is a potential consequence of a DDoS attack?

Website downtime (C)

Flashcards

Cyberthreat

Any malicious activity aimed at damaging, stealing data, or disrupting digital operations and information systems.

Data Breach

The unauthorized release of sensitive data from secure to insecure environments, potentially copied, transmitted, viewed, stolen, or misused.

Malware and Viruses

Malicious programs designed to disrupt computer systems and steal data.

Social Engineering Attacks

Attacks that take advantage of human psychology to gain access to systems or information.

Phishing

Attacks that aim to steal user credentials, often through deceptive emails or websites.

Ransomware

Malware that encrypts data and demands payment for its release.

Distributed Denial of Service (DDoS) Attacks

Attacks that overwhelm systems with traffic, making them inaccessible to legitimate users.

Insider Threats and Data Breaches

Threats posed by employees, either accidentally or intentionally, through negligence, malicious intent, compromised accounts, or social engineering.

Virus

A type of malware that spreads by attaching itself to executable files, allowing it to infect other files and programs.

Worm

A type of malware that replicates itself and spreads across networks, often exploiting vulnerabilities in software.

Trojan

A type of malware that disguises itself as legitimate software but carries malicious payloads, allowing attackers to steal data or take control of the infected system.

Spyware

A type of malware that secretly monitors user activities, collecting sensitive information such as passwords, financial details, and browsing history.

Adware

A type of malware that displays unwanted advertisements on your computer, often without your knowledge or consent.

Study Notes

Cybersecurity Threats

• Cyberthreats are potential malicious activities aiming to damage, steal data, or disrupt digital operations.

Types of Cyber Threats

• Data Breach: Unauthorized leak or transfer of sensitive data from a secure to an insecure environment. This might involve copying, transmitting, viewing, or stealing data.

  • Example: Students' confidential record information mistakenly viewed or misused.

• Removable Media: Physical storage devices like thumb drives, CDs, DVDs, and external hard drives can carry malware if infected or inappropriately used.

  • Devices can be intentionally or unintentionally connected to a computer and infect it with malware.

• Unpatched Software Vulnerabilities: Software lacking updates creates gaps that malicious actors can exploit to access systems.

  • Outdated software without the newest security patches makes systems vulnerable to attacks.

Types of Cyber Threats - Continued

• Malware and Viruses: Malicious software meant to disrupt or steal data from computer systems.

  • Examples include viruses, worms, trojans, spyware, and adware.

• Phishing and Ransomware: Phishing involves tricking users into giving up login credentials, while ransomware encrypts data to extort money for its recovery.

• Social Engineering Attacks: Exploiting human psychology to gain access to systems or data.

  • Tactics include pretexting (creating believable scenarios) and baiting (offering tempting incentives to entice victims).
  • Phishing uses deceptive communications to trick victims into revealing sensitive information.

• Distributed Denial of Service (DDoS) Attacks: Overwhelm systems with traffic, preventing legitimate users from accessing them.

  • Attackers use a network of compromised computers to flood the target system.

Insider Threats and Data Breaches

• Negligence: Employees accidentally exposing sensitive data or failing to follow security protocols.
• Malicious Intent: Employees intentionally stealing or leaking data for personal gain or sabotage.
• Compromised Accounts: Unauthorized access to accounts by attackers compromising employee credentials.

Protecting Against Cybersecurity Threats

• Strong Passwords: Use complex, unique passwords for different accounts to hinder unauthorized access.
• Security Software: Install and regularly update antivirus and anti-malware software to defend against threats.
• Regular Updates: Keep operating systems and applications updated with the latest security patches to close vulnerabilities.
• Employee Training: Educate employees about cybersecurity threats, best practices, and how to protect sensitive information.