Cybersecurity Threats and Mitigation PDF
Document Details
Uploaded by UserReplaceableOpossum5257
Quezon City University
Tags
Summary
The document discusses various cybersecurity threats such as phishing, malware, and ransomware, along with techniques to mitigate them. It also includes common preventive measures, common response strategies, and long-term risk management plans related to cybersecurity attacks.
Full Transcript
○ Compromised Insiders – Hacked Cybersecurity Threats & Their Mitigation accounts used for attacks. 1. Phishing 6. Ransomware Attack Definition: Attackers impersonate trusted Definition: Malware that e...
○ Compromised Insiders – Hacked Cybersecurity Threats & Their Mitigation accounts used for attacks. 1. Phishing 6. Ransomware Attack Definition: Attackers impersonate trusted Definition: Malware that encrypts files and entities to steal sensitive information. demands ransom. Techniques: Types: ○ Email Phishing – Fake emails with ○ Locker Ransomware – Locks users out malicious links/attachments. of their system. ○ Spear Phishing – Targeted attacks using ○ Crypto Ransomware – Encrypts files personal details. and demands payment. ○ Smishing – Fraudulent SMS messages. ○ Vishing – Phone scams posing as 7. Social Engineering legitimate calls. Definition: Psychological manipulation to steal ○ Clone Phishing – Replicating real emails sensitive information. with altered links. Techniques: ○ Whaling – Targeting high-level ○ Phishing – Fake messages to steal executives. credentials. 2. Malware ○ Pretexting – Creating false scenarios to gain access. Definition: Malicious software designed to ○ Impersonation – Posing as trusted harm systems and steal data. individuals. Types: ○ Baiting – Using tempting offers to ○ Viruses – Attach to files and spread. deploy malware. ○ Worms – Spread automatically without user action. ○ Trojans – Disguised as legitimate software. Common Preventive Measures (Applies to all ○ Spyware – Secretly collects user data. threats) ○ Adware – Displays unwanted ads and collects data. ✅ ✅ Employee Training & Awareness 3. Unauthorized Access ✅ ✅ Multi-Factor Authentication (MFA) Access Control & Encryption Definition: Gaining entry to systems without permission, leading to data breaches. ✅ Regular Software Updates ✅ Network Security & Monitoring Email Filtering & Safe Downloads Techniques: ○ Password Cracking – Using brute force or guessing passwords. ○ Session Hijacking – Taking over active Common Response Strategies (What to do user sessions. when an attack happens) ○ Exploiting Software Vulnerabilities – Hacking weak systems. 🚨 🚨 Incident Response Plan (IRP) 4. Data Breach 🚨 🚨 Isolate Affected Systems Identify & Remove Threats Definition: Exposure of sensitive data due to cyberattacks or human error. 🚨 Communicate with Stakeholders Report to Authorities Causes: ○ Phishing ○ Malware ○ Social Engineering Common Risk Management Plans (Long-term ○ Software Vulnerabilities strategies) ○ Insider Threats 🔒 🔒 Regular Risk Assessments & Security Audits 5. Insider Threat Definition: Security risks from employees, 🔒 Backup & Disaster Recovery 🔒 Cyber Insurance Continuous Threat Monitoring contractors, or partners misusing access. Types: ○ Malicious Insiders – Intentional harm. ○ Negligent Insiders – Careless mistakes.
