Reasons for Security Breaches

Questions and Answers

PDF Questions PDF Answers

What is an example of human error that can lead to a security break?

Installing antivirus software

Regularly updating software

Using strong passwords

Falling for phishing scams (correct)

What is the term for tricking users into revealing sensitive information?

Phishing (correct)

Malware

Pretexting

Baiting

What is an example of a system vulnerability?

Strong passwords

Regular security audits

Unpatched software (correct)

Patched software

What is an example of an insider threat?

Accidental insider

What is an example of a physical security breach?

Unauthorized access to facilities

What is the term for encrypting data and demanding payment for decryption keys?

Ransomware

What is the term for overwhelming systems with traffic to make them unavailable?

DoS attack

What is the term for injecting malicious code into databases to access sensitive data?

SQL injection

Study Notes

Reasons for Security Break

Human Error

• Carelessness: e.g., using weak passwords, falling for phishing scams
• Lack of knowledge: e.g., not understanding security best practices, misconfiguring systems
• Negligence: e.g., failing to update software, ignoring security warnings

Social Engineering

• Phishing: tricking users into revealing sensitive information
• Pretexting: creating a fake scenario to gain access to information
• Baiting: leaving malware-infected devices or storage media in public areas

System Vulnerabilities

• Unpatched software: exploiting known vulnerabilities in outdated software
• Misconfigured systems: e.g., open ports, weak passwords, unnecessary services
• Zero-day attacks: exploiting previously unknown vulnerabilities

Insider Threats

• Malicious insiders: intentionally causing harm from within an organization
• Accidental insiders: unintentionally causing harm due to lack of knowledge or carelessness

Physical Security Breaches

• Unauthorized access to facilities or devices
• Theft or loss of devices or storage media containing sensitive data
• Tampering with devices or systems

Malware and Ransomware

• Viruses: self-replicating code that damages systems or data
• Trojans: malicious code disguised as legitimate software
• Ransomware: encrypting data and demanding payment for decryption keys

Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks

• Overwhelming systems with traffic to make them unavailable
• Using multiple compromised systems to launch a coordinated attack

SQL Injection and Cross-Site Scripting (XSS)

• Injecting malicious code into databases to access sensitive data
• Injecting malicious code into websites to steal user data or take control of sessions

Reasons for Security Breach

Human Error

• Carelessness can lead to security flaws, such as using weak passwords or falling for phishing scams.
• Lack of knowledge often results in misconfiguration of systems and unawareness of security best practices.
• Negligence includes ignoring software updates and disregarding security alerts.

Social Engineering

• Phishing schemes deceive users into disclosing sensitive information.
• Pretexting involves creating a fictitious scenario to manipulate individuals into providing data.
• Baiting encourages individuals to use infected devices left in public areas, compromising systems.

System Vulnerabilities

• Unpatched software leaves systems open to exploitation of known vulnerabilities.
• Misconfigured systems, such as open ports and weak passwords, can be easily attacked.
• Zero-day attacks leverage unknown vulnerabilities, often catching organizations off guard.

Insider Threats

• Malicious insiders deliberately compromise security, potentially causing significant harm.
• Accidental insiders unintentionally create security risks due to ignorance or carelessness.

Physical Security Breaches

• Unauthorized access can occur when individuals gain entry to restricted facilities or devices.
• Theft or loss of devices containing sensitive information presents a serious security risk.
• Tampering with devices or systems can lead to data breaches and operational disruptions.

Malware and Ransomware

• Viruses can replicate themselves and inflict damage on systems or data, leading to extensive recovery efforts.
• Trojans masquerade as legitimate software but contain harmful payloads that can compromise systems.
• Ransomware encrypts data and demands payment, essentially holding information hostage.

Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks

• DoS attacks flood systems with excessive traffic, rendering them unavailable to legitimate users.
• DDoS attacks involve multiple compromised systems coordinating a massive assault on targeted networks or services.

SQL Injection and Cross-Site Scripting (XSS)

• SQL injection involves inserting harmful code into databases, allowing unauthorized access to sensitive data.
• XSS attacks inject malicious scripts into websites, enabling attackers to steal user data or hijack online sessions.

Description

This quiz covers the common reasons behind security breaches, including human error and social engineering tactics. Learn about the different ways security can be compromised.