Module 1 Introduction to Cybersecurity.pdf
Document Details
2020
Tags
Full Transcript
Module 1: Introduction to Cybersecurity Introduction to Cybersecurity (I2CS) Module Objectives Module Title: Introduction to Cybersecurity Module Objective: Explain the basics of being safe online, including what cybersecurity is and its potential impact. Topic Title Topic O...
Module 1: Introduction to Cybersecurity Introduction to Cybersecurity (I2CS) Module Objectives Module Title: Introduction to Cybersecurity Module Objective: Explain the basics of being safe online, including what cybersecurity is and its potential impact. Topic Title Topic Objective The World of Cybersecurity Explain what cybersecurity is and its potential impact. Identify types of sensitive information that hackers can use to invade Organizational Data your privacy and/or damage your reputation, where they can access this information, and why it’s of interest to cyber criminals. What Was Taken? Explain what organizational data is and why it must be protected. Cyber Attackers Describe who cyber attackers are and what they want. Explain what cyberwarfare is and why nations and governments need Cyberwarfare cybersecurity professionals to help protect their citizens and infrastructure. © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 1.1 The World of Cybersecurity © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3 The World of Cybersecurity What is Cybersecurity? Cybersecurity is the ongoing effort to protect individuals, organizations, and governments from digital attacks by protecting networked systems and data from unauthorized use or harm. Personal: On a personal level, you need to safeguard your identity, your data, and your computing devices. Organizational: At an organizational level, it is everyone’s responsibility to protect the organization’s reputation, data, and customers. Government: As more digital information is being gathered and shared, its protection becomes even more vital at the government level, where national security, economic stability, and the safety and wellbeing of citizens are at stake. © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4 The World of Cybersecurity Protecting Your Personal Data Personal data is any information that can be used to identify you, and it can exist both offline and online. Offline identity It is the real-life persona that you present daily at home, school, or work. As a result, family and friends know details about your personal life, including your full name, age, and address. It’s important not to overlook the importance of securing your offline identity. Identity thieves can easily steal your data from right under your nose when you’re not looking! Online identity It is not just a name, it’s who you are and how you present yourself to others online. It includes the username or alias you use for your online accounts, as well as the social identity you establish and portray on online communities and websites. You should take care to limit the amount of personal information you reveal through your online identity. © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 The World of Cybersecurity Your Data Personal data describes any information about you (name, social security number, driver's license number, date and place of birth, your mother’s maiden name, pictures, or messages exchanged with others). Cybercriminals can use this sensitive information to identify and impersonate you, infringing on your privacy, and potentially causing serious damage to your reputation. Hackers can get their hands on your personal data through records including: Medical Every time you visit the doctor, personal information regarding your physical and mental health Records and wellbeing is added to your electronic health records (EHRs). Since most of these records are saved online, you need to be aware of the medical information that you share. These records go beyond the bounds of the doctor’s office. Education They contain information about your academic qualifications and achievements. They may also Records include your contact information, attendance records, disciplinary reports, health and immunization records, as well as any special education records including individualized education programs (IEPs). Employment Employment data can be valuable to hackers if they can gather information on your past and employment - or even your current performance reviews. Your financial records may Financial include information about your income and expenditure. Your tax© 2020records may Cisco and/or its affiliates. include All rights reserved. Cisco Confidential 6 Records paychecks, credit card statements, your credit rating, and your bank account details. The World of Cybersecurity Where Is Your Data? Imagine that yesterday you shared a couple of photos of your first day on the job with a few of your close friends. But that should be OK, right? Let’s see… You took some photos at work on your mobile phone. Copies of these photos are now available on your mobile device. You shared these with five close friends, who live in various locations across the world. All of your friends downloaded the photos and now have copies of your photos on their devices. One of your friends was so proud that they decided to post and share your photos online. The photos are no longer just on your device. They have in fact ended up on servers located in different parts of the world and people whom you don’t even know now have access to your photos. © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7 The World of Cybersecurity What's More? This is just one example that reminds us that every time we collect or share personal data, we should consider our security. There are different laws that protect your privacy and data in your country. Do you know where your data is? Following an appointment, the doctor will update your medical record. For billing purposes, this information may be shared with the insurance company. In such cases, your medical record, or part of it, is now accessible at the insurance company. Store loyalty cards may be a convenient way to save money on your purchases. However, the store is using this card to build a profile of your purchasing behavior, which it can then use to target you with special offers from its marketing partners. © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 The World of Cybersecurity Smart Devices Consider how often you use your computing devices to access your personal data. Unless you have chosen to receive paper statements, you probably access digital copies of bank account statements via your bank’s website. And when paying a bill, it’s highly likely that you’ve transferred the required funds via a mobile banking app. But besides allowing you to access your information, computing devices can now also generate information about you. Wearable technologies such as smartwatches and activity trackers collect your data for clinical research, patient health monitoring, and fitness and wellbeing tracking. As the global fitness tracker market grows, so also does the risk to your personal data. © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 The World of Cybersecurity Identity Theft Not content with stealing your money for short-term financial gain, cybercriminals are invested in the long-term gain of identity theft. Medical theft Rising medical costs have led to an increase in medical identity theft, with cybercriminals stealing medical insurance to use the benefits for themselves. Where this happens, any medical procedures carried out in your name will then be saved in your medical records. Banking Stealing private data can help cybercriminals access bank accounts, credit cards, social profiles, and other online accounts. Armed with this information, an identity thief could file a fake tax return and collect the refund. They could even take out loans in your name and ruin your credit rating (and your life as well). © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10 The World of Cybersecurity Who Else Wants My Data? It’s not just criminals who seek your personal data. The table describes other entities interested in your online identity and why. Your ISP tracks your online activity, and in some countries, they can sell this data to Your Internet advertisers for a profit. In certain circumstances, ISPs may be legally required to Service Provider share your information with government surveillance agencies or authorities. Targeted advertising is part of the internet experience. Advertisers monitor and Advertisers track your online activities such as shopping habits and personal preferences and send targeted ads your way. Search engines and These platforms gather information about your gender, geolocation, phone social media number, and political and religious ideologies based on your search histories and platforms online identity. This information is then sold to advertisers for a profit. Websites use cookies to track your activities to provide a more personalized Websites you visit experience. But this leaves a data trail that is linked to your online identity that can often end up in the hands of advertisers! © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11 1.2 Organizational Data © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 Organizational Data Types of Organizational Data Traditional data is typically generated and maintained by all organizations, big and small. It includes the following: Transactional data such as details relating to buying and selling, production activities, and basic organizational operations such as any information used to make employment decisions. Intellectual property such as patents, trademarks, and new product plans, allows an organization to gain economic advantage over its competitors. This information is often considered a trade secret and losing it could prove disastrous for the future of a company. Financial data such as income statements, balance sheets, and cash flow statements, provide insight into the health of a company. © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13 Organizational Data Types of Organizational Data (Cont.) Internet of Things (IoT) and Big Data IoT is a large network of physical objects, such as sensors, software, and other equipment. All of these ‘things’ are connected to the Internet, with the ability to collect and share data. Data storage options are expanding through the cloud and virtualization. The emergence of IoT has led to exponential growth in data, creating a new area of interest in technology and business called 'Big Data.' © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14 Organizational Data The Cube This security model has three dimensions: 1. The foundational principles for protecting information systems Confidentiality is a set of rules that prevents sensitive information from being disclosed to unauthorized people, resources, and processes. Methods to ensure it includes data encryption, identity proofing, and two factor authentication. Integrity ensures that system information or processes are protected from intentional or accidental modification. One way to ensure it is to use a hash function or checksum. Availability means that authorized users are able to access systems and data when and where needed and those that do not meet established conditions, are not. This can be achieved by maintaining equipment, performing hardware repairs, keeping operating systems and software up to date, and creating backups. © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15 Organizational Data The Cube (Cont.) 2. The protection of information in each of its possible states Processing refers to data that is being used to perform an operation such as updating a database record (data in process). Storage refers to data stored in memory or on a permanent storage device such as a hard drive, solid-state drive, or USB drive (data at rest). Transmission refers to data traveling between information systems (data in transit). © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16 Organizational Data The Cube (Cont.) 3. The security measures used to protect data Awareness, training and education are the measures put in place by an organization to ensure that users are knowledgeable about potential security threats and the actions they can take to protect information systems. Technology refers to the software- and hardware-based solutions designed to protect information systems such as firewalls, which continuously monitor your network in search of possible malicious incidents. Policy and procedure refers to the administrative controls that provide a foundation for how an organization implements information assurance, such as incident response plans and best practice guidelines. © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17 Organizational Data Is This For Real? Phishing is very common and often works. For example, in August 2020, elite gaming brand Razer experienced a data breach which exposed the personal information of approximately 100,000 customers. A security consultant discovered that a cloud cluster (a group of linked servers providing data storage, databases, networking, and software through the Internet), was misconfigured and exposed a segment of Razer’s infrastructure to the public Internet, resulting in a data leak. It took Razer more than three weeks to secure the cloud instance from public access, during which time cybercriminals had access to customer information that could have been used in social engineering and fraud attacks. Organizations, therefore, need to take a proactive approach to cloud security to ensure that sensitive data is secured. © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18 Organizational Data Data Security Breaches Data security breaches are becoming all too common, and the implications are severe. The IoT is connecting more and more devices, creating more opportunities for cybercriminals to attack. Two well-known data security breaches include: The Persirai botnet In 2017, an Internet of Things (IoT) botnet, Persirai, targeted over 1,000 different models of IP cameras, accessing open ports to inject a command that forced the cameras to connect to a site which installed malware on them. Once the malware was downloaded and executed, it deleted itself and was therefore able to run in memory to avoid detection. Over 122,000 of these cameras from several different manufacturers were hijacked and used to carry out DDoS attacks, without the knowledge of their owners. A DDoS attack occurs when multiple devices infected with malware flood the resources of a targeted system. © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19 Organizational Data Data Security Breaches (Cont.) Equifax Inc. In September 2017, Equifax, a consumer credit reporting agency in the US, publicly announced a data breach event: attackers had been able to exploit a vulnerability in its web application software to gain access to the sensitive personal data of millions of customers. In response to this breach, Equifax established a dedicated website that allowed Equifax customers to determine if their information was compromised. However, instead of using a subdomain of equifax.com, the company set up a new domain name, which allowed cybercriminals to create unauthorized websites with similar names. These websites were used to try and trick customers into providing personal information. Attackers could use this information to assume a customer’s identity. In such cases, it would be very difficult for the customer to prove otherwise, given that the hacker is also privy to their personal information. © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20 Organizational Data Consequences of a Security Breach These examples show that the potential consequences of a security breach can be severe. A security breach can have a negative long-term impact on an organization’s reputation that has taken years to build. Customers, particularly those who have been adversely affected by the breach, will need to be notified Reputational and may seek compensation and/or turn to a reliable and secure competitor. Employees may also choose to damage leave in light of a scandal. Depending on the severity of a breach, it can take a long time to repair an organization’s reputation. A hacker or hacking group may vandalize an organization’s website by posting untrue information. They might even just make a few minor edits to your organization’s phone number or address, which can be trickier to Vandalism detect. In either case, online vandalism can portray unprofessionalism and have a negative impact on your organization’s reputation and credibility. A data breach often involves an incident where sensitive personal data has been stolen. Cybercriminals can Theft make this information public or exploit it to steal an individual’s money and/or identity. The financial impact of a security breach can be devastating. For example, hackers can take down an Loss of organization’s website, preventing it from doing business online. A loss of customer information may impede revenue company growth and expansion. It may demand further investment in an organization’s security infrastructure. And let’s not forget that organizations may face large fines or penalties if they do not protect online data. Damaged A security breach could also have a devastating impact on the competitiveness of an organization, particularly if intellectual hackers are able to get their hands on confidential documents, trade secrets and intellectual property. property © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21 1.4 Cyber Attackers © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22 Cyber Attackers Types of Attackers Cyber attackers range from amateur to organized and will try anything to get their hands on personal information. They are often categorized as white hat, gray hat, or black hat attackers. Amateur Hackers The term 'script kiddies' emerged in the 1990s and refers to amateur or inexperienced hackers who use existing tools or instructions found on the Internet to launch attacks. Some script kiddies are just curious, others are trying to demonstrate their skills and cause harm. While these white hat attackers may use basic tools, their attacks can still have devastating consequences. © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23 Cyber Attackers Types of Attackers (Cont.) Hackers This group of attackers break into computer systems or networks to gain access. Depending on the intent of their break-in, they can be classified as the following: White hat attackers break into networks or computer systems to identify any weaknesses so that the security of a system or network can be improved. These break-ins are done with prior permission and any results are reported back to the owner. Gray hat attackers may set out to find vulnerabilities in a system, but they will only report their findings to the owners of a system if doing so coincides with their agenda. They might even publish details about the vulnerability on the internet so that other attackers can exploit it. Black hat attackers take advantage of any vulnerability for illegal personal, financial, or political gain. © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24 Cyber Attackers Types of Attackers (Cont.) Organized Hackers These attackers include organizations of cyber criminals, hacktivists, terrorists, and state- sponsored hackers. They are usually highly sophisticated and organized and may even provide cybercrime as a service to other criminals. Hacktivists make political statements to create awareness about issues that are important to them. State-sponsored attackers gather intelligence or commit sabotage on behalf of their government. They are usually highly trained and well-funded, and their attacks are focused on specific goals that are beneficial to their government. © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25 Cyber Attackers Internal and External Threats Cyber attacks can originate from within an organization as well as from outside of it. Internal Employees, contract staff, or trusted partners can accidentally or intentionally: mishandle confidential data facilitate outside attacks by connecting infected USB media into the organization’s computer system invite malware onto the organization’s network by clicking on malicious emails or websites threaten the operations of internal servers or network infrastructure devices External Amateurs or skilled attackers outside of the organization can: exploit vulnerabilities in the network gain unauthorized access to computing devices use social engineering to gain unauthorized access to organizational data © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26 1.5 Cyberwarfare © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27 Cyberwarfare Sign of the times (Stuxnet) One example of a state-sponsored attack involved the Stuxnet malware that was designed not just to hijack targeted computers but to actually cause physical damage to equipment controlled by computers! Watch a short video on the case of Stuxnet and discover the impact this malware had on Iran’s nuclear enrichment plant. © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28 Cyberwarfare The Purpose of Cyberwarfare The main reason for resorting to cyberwarfare is to gain advantage over adversaries, whether they are nations or competitors. Cyberwarfare is used in the following ways: To gather compromised information and/or defense secrets A nation or international organization can engage in cyberwarfare to steal defense secrets and gather information about technology that will help narrow the gaps in its industries and military capabilities. Furthermore, compromised sensitive data can give attackers leverage to blackmail personnel within a foreign government. © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29 Cyberwarfare The Purpose of Cyberwarfare (Cont.) To impact another nation’s infrastructure Besides industrial and military espionage, a nation can continuously invade another nation’s infrastructure to cause disruption and chaos. For example, a cyber attack could shut down the power grid of a major city. Consider the consequences if this were to happen; roads would be congested, the exchange of goods and services would be halted, patients would not be able to get the care they would need if an emergency occurred, access to the internet would be interrupted. By shutting down a power grid, a cyber attack could have a huge impact on the everyday life of ordinary citizens. © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30 1.6 Module Quiz © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31 Introduction to Cybersecurity Summary What Did I Learn in this Module? Cybersecurity is the ongoing effort to protect individuals, organizations, and governments from digital attacks by protecting networked systems and data from unauthorized use or harm. Personal data is any information that can be used to identify you, and it can exist both offline and online. Traditional data is typically generated and maintained by all organizations, big and small. The McCumber Cube is a model framework created by John McCumber in 1991 to help organizations establish and evaluate information security initiatives by considering all related factors that impact them. A security breach can have a negative long-term impact on an organization’s reputation that has taken years to build. A data breach often involves an incident where sensitive personal data has been stolen. Cybercriminals can make this information public or exploit it to steal an individual’s money and/or identity. Cyber attacks can originate from within an organization as well as from outside of it. © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32