Chapter 3 - Cyberattacks and Cyber Security.pptx
Transcript
Al Imam Mohammad Ibn Saud Islamic University College of Computer and Information Sciences Information Systems Department IS 1180 IS and ethics Chapter 3 CYBERATTACKS AND CYBERSECURITY LEARNING OBJECTIVES 1. Why are computer incidents so prevalent, and what are their e...
Al Imam Mohammad Ibn Saud Islamic University College of Computer and Information Sciences Information Systems Department IS 1180 IS and ethics Chapter 3 CYBERATTACKS AND CYBERSECURITY LEARNING OBJECTIVES 1. Why are computer incidents so prevalent, and what are their effects? 2. What can be done to implement a strong security program to prevent cyberattacks? 3. What actions must be taken in the event of a successful security intrusion? ORGANIZATIONS BEHAVING BADLY A zero-day exploit is a cyberattack that takes place before the security community and/or software developers become aware of and fix a security vulnerability. Zero-day exploits have been found in widely used software such as Acrobat Reader, Adobe Flash Player, Apple iOS, Google Chrome, Java, Microsoft Internet Explorer, and Microsoft Windows. ORGANIZATIONS BEHAVING BADLY While one would hope that the discoverer of a zero-day vulnerability would immediately inform the original software manufacturer so that a fix can be created for the problem, unfortunately this is often not the case. In some cases, this knowledge is sold on the black market to hackers, cyberterrorists, governments, or large organizations that may then use it to launch their own cyberattacks. Information about one zero-day vulnerability in Apple’s iOS was reportedly sold for $500,000. THE THREAT LANDSCAPE The number and intensity of cybercrimes being committed against individuals, organizations, and governments continues to grow. As a result, organizations are putting in place a range of countermeasures to combat cybercrime like: Having an overall security strategy having a chief information security officer (CISO) in charge of security having employee security awareness and training programs having security standards for third parties conducting threat assessments actively monitoring and analyzing security intelligence THE THREAT LANDSCAPE In spite of all these countermeasures, however, the number of computer security incidents surged from 2014 to 2015 in the following industries: public sector organizations; entertainment, media, and communications; technology and telecommunications companies; pharmaceuticals and life sciences; and power and utilities organizations Why Computer Incidents Are So Prevalent? There are various reasons that behind the dramatic increase in the number, variety, and severity of security incidents: 1. Increasing Complexity Increases Vulnerability 2. Expanding and Changing Systems Introduce New Risks 3. Increasing Prevalence of Bring your own device (BYOD) Policies 4. Growing Reliance on Commercial Software with Known Vulnerabilities 5. Increasing sophistication of those who would do harm, Table 3-1 summarizes the types of perpetrators of computer mischief, crime, and damage. Why Computer Incidents Are So Prevalent? Types of Exploits 1. Ransomware: is malware that stops you from using your computer or accessing your data until you meet certain demands, such as paying a ransom or sending photos to the attacker. 2. Viruses: s is a piece of programming code, usually disguised as something else, that causes a computer to behave in an unexpected and usually undesirable manner. 3. Worms: is a harmful program that resides in the active memory of the computer and duplicates itself. 4. Trojan Horses: is a seemingly harmless program in which malicious code is hidden 5. Blended Threat: is a sophisticated threat that combines the features of a virus, worm, Trojan horse, and other malicious code into a single payload. Types of Exploits 6. Email spam: is the use of email systems to send unsolicited email to large numbers of people. 7. DDoS Attacks: is one in which a malicious hacker takes over computers via the Internet and causes them to flood a target site with demands for data and other small tasks. 8. Rootkit: is a set of programs that enables its user to gain administrator-level access to a computer without the end user’s consent or knowledge 9. Advanced Persistent Threat (APT) : is a network attack in which an intruder gains access to a network and stays there— undetected—with the intention of stealing data over a long period of time (weeks or even months). Types of Exploits 10.Phishing: is the act of fraudulently using email to try to get the recipient to reveal personal data. Spear phishing is a variation of phishing in which the phisher sends fraudulent emails to a certain organization’s employees 11.Smishing: another variation of phishing that involves the use of texting. In a smishing scam, people receive a legitimate-looking text message telling them to call a specific phone number or log on to a website 12.Vishing: is similar to smishing except that the victims receive a voice-mail message telling them to call a phone number or access a website. Types of Exploits 13.Cyberespionage: involves the deployment of malware that secretly steals data in the computer systems of organizations, such as government agencies, military contractors, political organizations, and manufacturing firms. 14.Cyberterrorism: the intimidation of government or civilian population by using information technology to disable critical national infrastructure (for example, energy, transportation) to achieve political, religious, or ideological goals. Federal Laws for Prosecuting Computer Attacks Over the years, several laws have been enacted to help prosecute those responsible for computer-related crimes. IN the USA Those convicted of cyberterrorism are subject to a prison term of 5 to 20 years. An example in Saudi Arabia: The Anti-Cybercrimes Law of 2017 THE CIA SECURITY TRIAD The IT security practices of organizations worldwide are focused on ensuring confidentiality, maintaining integrity, and guaranteeing the availability of systems and data. Confidentiality: ensures that only those individuals with the proper authority can access sensitive data. Integrity: ensures that data can only be changed by authorized individuals. Availability: ensures that the data can be accessed when and where needed, including during times of both normal and disaster recovery operations Implementing CIA at the Organization Level Implementing CIA begins at the organization level with: 1. The definition of an overall security strategy. 2. Performance of a risk assessment to help prioritize the investments in time and resources. 3. Laying out plans for disaster recovery, which is a documented process for recovering an organization’s business information system assets in the event of a disaster. 4. Setting security policies that defines responsibilities and the behaviour expected of members of the organization. 5. Conducting security audits that evaluates an organization’s security policy. 6. Ensuring regulatory standards compliance. 7. Creating a security dashboard to provide a comprehensive display of the organization’s security defences performance. Completion of these tasks at the organizational level will set a sound foundation and clear direction for future CIA-related actions.
