Why Systems Are Attacked PDF
Document Details
Uploaded by LawfulCactus
Tags
Summary
This presentation discusses the motivations behind cyber-attacks, such as financial gain, industrial espionage, and personal vendettas. It also describes the various impacts a security breach can have on a business, including data loss, damage to reputation, financial loss, and legal repercussions.
Full Transcript
Why Systems are Attacked Effective Digital Working Practices Introduction Organisations use digital systems every day to carry out tasks, store data, and manage operations vital to the company. When these systems are attacked, this will have a negative impact on the business. There are many...
Why Systems are Attacked Effective Digital Working Practices Introduction Organisations use digital systems every day to carry out tasks, store data, and manage operations vital to the company. When these systems are attacked, this will have a negative impact on the business. There are many different reasons why they are attacked, though. In this lesson, we’ll learn about: 1. The reasons why systems are the target of cyber-attacks. 2. The impact that a security breach can have on an organisation. Reasons Why Systems are Attacked There are many reasons why systems are attacked, and they are not always for financial gain. Sometimes, attacks are purely for making mischief or due to a personal vendetta. The most common reasons for an attack include: Fun/challenge Industrial espionage Financial gain Personal attack Disruption Data/information theft Let’s look at each of these reasons in more detail. Reasons Why Systems are Attacked Fun/Challenge Some attackers gain unauthorised access to systems for the purpose of amusement or challenge. Attacking a system for this purpose can allow individuals to gain experience for future cyber-attacks, overcome personal goals of ‘beating’ an organisation’s cybersecurity measures, or, in some cases, gain kudos from their peers or a community. Industrial Espionage Cyber-attacks may be perpetrated on specific targets to steal unique sensitive information (quite often intellectual property) from a rival business. This data can then be used to aid those carrying out the attack to be one step ahead of the rival, such as releasing a proprietary product before the original organisation can. Reasons Why Systems are Attacked Financial Gain Often, an attack will be motivated by money as the end goal. This could be direct gain, where the attacker directly steals money/information during the attack, which will lead to profit. Or it could be indirect gain, for example, extortion, where attackers may use ransomware or denial-of-service attacks to threaten an organisation into paying them to end the attack. Personal Attack On occasion, the motivation for attacks can be personal. For example, an individual may be targeted based on their beliefs/opinions, or organisations may receive attacks from employees who feel they have been mistreated. Reasons Why Systems are Attacked Disruption Attacks may occur with the primary purpose of disrupting an organisation’s service. This may be to benefit financially or in business, but is often for personal, political, or social reasons. Common forms of attacks that cause disruption include denial of service attacks and website defacement. Data/Information Theft Attacks may occur for the purpose of stealing data. Often, this is customer, personal or financial data stored by the company. Stolen data can then be used by the attackers for identity and bank fraud purposes, such as purchasing items using the customer’s credit card details. The Impact of a Security Breach Most attacks are perpetrated with a specific impact on the business in mind. It is important to understand the impact that a security breach can have so we are aware of how best to reduce its effect. These impacts include: Data loss Damage to public image Financial loss Reduction in productivity Downtime Legal action Let’s look at each of these impacts in more detail. The Impact of a Security Breach Data Loss This could either be due to data theft, or data which has been deleted/corrupted as a result of a malicious payload (e.g. virus). Damage to Public Image Attacks may cause customers to view an organisation more negatively and indirectly cause loss of customers, public panic, or political statements. Financial Loss Businesses may lose money, such as from the theft of banking details, a loss in profit after the attack because of damage to the public image, data loss, and industrial espionage, to name a few examples. The Impact of a Security Breach Reduction in Productivity Attacks such as data theft and denial of service attacks prevent a business from performing its daily operations. Downtime An attack may cause the system to fail and go down completely, often because a malicious payload is so disruptive that the service must be shut down manually or because an attack takes the servers offline directly. Legal Action Organisations are legally obliged to ensure that individuals’ data is secure and not misused. If data is harmed during an attack, then the organisation may be liable to huge fines under the Data Protection Act (2018). Lesson Summary IT systems are subjected to cyber-attacks motivated by fun, industrial espionage, financial gain, personal vendetta, disruption, and data theft. These attacks lead to data loss, damage to public image, financial loss, reduced productivity, downtime, and potential legal action. Copyright © 2024 KnowItAllNinja.com This presentation and its associated worksheets are protected by copyright and are licenced for resale by KnowItAllNinja.com. No part of these publications may be reproduced, distributed, or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without the prior written permission of KnowItAllNinja.com, except as per the terms of use. Terms of Use By purchasing and downloading these resources you are entering a licence agreement that allows for you to share these resources with members of a single educational institution. They must not be shared with or used by any third-party outside of the institution in any form. External Threats Effective Digital Working Practices Introduction External cybersecurity threats come from outside an organization and aim to steal data, disrupt systems, or cause harm. These threats include hacking, phishing, malware, and DDoS attacks. Protecting against them is crucial for keeping information safe and systems secure. In this lesson, we’ll learn about: 1. Social engineering threats 2. Malware 3. Unauthorised Access/Hacking 4. Denial of service attacks 5. Pharming 6. Man-in-the-middle attacks. Social Engineering Threats Social engineering allows attackers to access a system without using technical hacking techniques. Instead, it uses human psychology and social techniques to manipulate individuals into handing over private information. Social engineering doesn’t even need to involve technology; it can be done face-to-face, by letter, or over the phone. Two common examples of social engineering are: Phishing Shoulder surfing Let’s look at each of these in more detail. Social Engineering Threats Phishing This usually takes place via an email or phone service and involves an electronic message being sent to an individual containing some form of request (often to click a link or return information). The attacker usually pretends to be a legitimate business. The goal is to either get the victim to reveal information, such as login or bank details, or to infect their device with a virus that will allow for data to be stolen later. Shoulder Surfing The process of observing an individual in a physical location to obtain information, such as looking over someone’s shoulder. This technique can be used to gain information such as pin numbers or passwords. Malware Malware stands for malicious software and covers a variety of computer programs that perform attacks on a system. We often use the term “virus” interchangeably with “malware”, but in reality, a virus is only one form of malware. Some of the most common examples of malware are: Viruses Ransomware Worms Botnets Trojans Rootkits Spyware Let’s look at each of these in more detail. Malware Virus A malicious program that harms the operation of a computer system, such as by deleting files. As the name suggests, viruses spread from computer to computer, attached to a legitimate piece of software or file. Worm Similar to viruses, except they do not require the need to attach themselves to programs/files. Instead, once on your system, it copies itself and spreads on its own via an internet/network connection. Malware Trojan Malicious code disguised as a legitimate piece of software but containing a harmful payload. Users will download and install the program thinking it will provide a legitimate function, but behind the scenes, it is causing damage, such as installing keyloggers, adding you to a botnet, or deleting data. Spyware Gains access to the system and works in the background to monitor a user’s actions (keylogging for a password, downloading files, etc.). This information is then commonly used for further attacks or as part of identity/bank fraud. Malware Ransomware This refers to malicious software that infects computer systems and secretly encrypts local files. It then asks for a fee or other demand to unlock and decrypt the data. Botnets This is a number of connected computers co-ordinated together to carry out an often-repetitive task. Any computer can become a botnet if exposed to a form of malicious code. If your computer is added to a botnet, it can then be used as part of a ‘web’ or ‘network’ of computers to carry out an attack (i.e. a DDOS attack). Malware Rootkit This is a type of malware that hides on your computer and allows a malicious user to remotely access and control it. They could then change security settings to gain access later, install malware to steal data and much more. Unauthorised Access/Hacking This is where an individual gains access to a system without the permission of the system owner/administrator. Hacking doesn’t necessarily involve any clever technical skills and often results from the social engineering techniques we’ve examined previously. However, it could be through other methods like brute force attacks. A brute force attack is when an attacker loops through a dictionary of known passwords or lists of ordinary words and then tries all of them or combinations of them to identify a password. This can be done manually by typing in various passwords, but it is usually performed by programs that automatically try various passwords until access is gained. A malicious individual who gains access to a system without the Denial of Service Attacks A denial-of-service attack is when a hacker maliciously floods a server with thousands of fake requests. Often this can be HTTP requests made to a web server. If this happens, the server will attempt to deal with all of them, but due to the sheer number of requests, it will slow down. This means it could take too long for a request to be dealt with, leading to the connection timing out. Eventually, this can lead to the server crashing from being overwhelmed. If an attack comes from one device, it is a Denial of Service (DOS) Attack. If it comes from thousands of computers, it is a Distributed Denial of Service (DDOS) Attack. Denial of Service Attacks Figure 1 – An illustration of a DDOS attack. Pharming This is a form of cyber attack where individuals using the web are redirected to an alternative “fake” website instead, without their knowledge. The user will type in the URL for the website they want to visit, but when they submit it, they are taken to a different website. There are two common ways this might occur. The first is via infecting the user with malware that will redirect the user to the fake website. The second is via “DNS poisoning”. DNS is the “Domain Name System”, and it is responsible for converting the URL you type into your browser into the actual IP address of the website’s server. Pharming Figure 2 – An illustration of how DNS works. Pharming You can see websites aren’t accessed via their URL but rather their IP address, which DNS looks up when you type a URL in. However, DNS poisoning involves an attacker modifying the DNS server so that it returns a different IP address for the URL you enter. This then takes you to the fake website. Typically, a fake website is designed to trick you into revealing private information (such as by pretending to be your bank’s website) or infect your computer with malware. Man-in-the-Middle Attacks It is possible for an attacker to intercept data while it is being transmitted over a network. When a cybercriminal inserts themselves into the middle of a communication so that they can eavesdrop on the data being transmitted, this is known as a Man-in-the-Middle attack. A simple example of this involves the use of a program called a packet sniffer. Using a packet sniffer would allow someone to read data transmitted over a network, even if it wasn’t addressed to their device. This is one of the biggest reasons why Wi-Fi encryption is so important. Man-in-the-Middle Attacks Another example is by using a rogue access point. This is where an attacker sets up their own wireless access point and tricks users into connecting to it. Then, the attacker will be able to steal all data passing through their access point. A simple example of how this could work is shown in figure 3 below. Figure 3 – An illustration of a rogue access point man-in-the-middle attack. Lesson Summary Phishing is when an attacker tricks the target into clicking a link or downloading a file. Shoulder surfing involves physically observing individuals to obtain information. Malware stands for malicious software and covers a variety of computer programs that perform attacks on a system. Hacking is the unauthorised access to a computer system. Denial of service attacks are used to slow a system or take it offline using excessive malicious traffic. Pharming involves misdirecting users to a fraudulent/fake website without the individual’s knowledge. A man-in-the-middle attack is where an individual with malicious intent inserts themselves into the middle of communication. Copyright © 2024 KnowItAllNinja.com This presentation and its associated worksheets are protected by copyright and are licenced for resale by KnowItAllNinja.com. No part of these publications may be reproduced, distributed, or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without the prior written permission of KnowItAllNinja.com, except as per the terms of use. Terms of Use By purchasing and downloading these resources you are entering a licence agreement that allows for you to share these resources with members of a single educational institution. They must not be shared with or used by any third-party outside of the institution in any form. Internal Threats Effective Digital Working Practices Introduction Internal threats refer to vulnerabilities that come from within the organisation itself. In most cases, these are employees who seek to damage an organisation’s systems and/or data. Not all internal threats are purposeful, though. Through trickery or human error, employees can sometimes accidentally expose or harm data. In this lesson, we’ll learn about: 1. Stealing/leaking information 2. Overriding security controls 3. Unintentional disclosure of data 4. Using portable storage 5. Internet downloads 6. Visiting untrustworthy sites Intentional Stealing or Leaking of Information Employees with access to sensitive information might steal, delete, or leak this data for various reasons. Some might feel mistreated by the organisation, leading them to act out of spite. Financial gain is another motivator, with individuals leaking data to competitors or selling it. Whistleblowing, where employees expose illegal or unethical practices by leaking sensitive data, is also a common scenario. These actions can severely damage the organisation’s reputation, financial standing, and operational integrity. Users Overriding Security Controls Certain employees have extensive access to the company’s files, data, and software to perform their daily tasks. These individuals might change security software settings or configurations, such as firewalls and antivirus programs, to allow unauthorised access. This can enable third-party attackers to infiltrate the system, leading to data breaches, loss of sensitive information, and potential legal repercussions. The misuse of administrative privileges by trusted employees poses a significant risk to the organisation's security levels. Unintentional Disclosure of Data Data can sometimes be disclosed to external parties without malicious intent. For instance, through phishing schemes, employees might unknowingly provide sensitive information to individuals posing as colleagues or managers. Such unintentional disclosures can result in the leakage of confidential information, financial loss, and damage to the organization's credibility. Continuous training and awareness programs are essential to minimize these risks and educate employees about potential threats. Use of Portable Storage Devices Portable storage devices, like USB drives and external hard drives, are common tools for data transfer in the workplace. However, these devices can inadvertently introduce malware into the organization's systems. An infected file transferred via a portable device can compromise network security, leading to data corruption or unauthorised access. Establishing strict policies and regular scanning of these devices can help reduce the risks associated with their use. Downloads from the Internet Internet downloads are a frequent source of malware. Employees might unknowingly download malicious files from emails or websites, which can then infect the company’s systems. This can lead to significant data loss, operational disruptions, and financial damage. Implementing robust email filtering, endpoint protection, and employee training can reduce the likelihood of malware infections through internet downloads. Visiting Untrustworthy Websites Employees visiting dubious websites can expose the organisation's network to various threats. Such sites might host malware or phishing schemes that can compromise the employee’s computer and, by extension, the entire network. Simply accessing these sites can lead to infections or unauthorised data access. Enforcing strict browsing policies and using web filtering technologies can help protect against these risks. Lesson Summary Employees with access to sensitive information might steal, delete, or leak this data for various reasons. Individuals might change security software settings, such as firewalls and antivirus programs, to allow unauthorised access. Data can sometimes be disclosed to external parties without malicious intent. Portable storage devices can inadvertently introduce malware into the organisation's systems. Employees might unknowingly download malicious files from emails or websites, which can then infect the company’s systems. Employees visiting dubious websites can expose the organisation's network to various threats. Copyright © 2024 KnowItAllNinja.com This presentation and its associated worksheets are protected by copyright and are licenced for resale by KnowItAllNinja.com. No part of these publications may be reproduced, distributed, or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without the prior written permission of KnowItAllNinja.com, except as per the terms of use. Terms of Use By purchasing and downloading these resources you are entering a licence agreement that allows for you to share these resources with members of a single educational institution. They must not be shared with or used by any third-party outside of the institution in any form. User Access Restrictions Effective Digital Working Practices Introduction Businesses will implement physical and software-based prevention methods to ensure system security. These methods are especially vital when an organisation holds a lot of sensitive data. One of the main ways they will protect a system is by restricting access to the physical computers and the data they store. In this lesson, we’ll learn about: 1. Physical security measures 2. Levels of access 3. Passwords 4. Biometrics 5. Two-factor authentication Physical Security Measures This is securing a system’s data from threats through preventing physical access to the IT systems. Commonly this can be performed through: Locks Either electric or key-operated and requiring a unique combination (e.g. passcode) or item (e.g. key or swipe card) to bypass. These can be on doors to access rooms, locks on cabinets containing devices, or locks on devices themselves. Surveillance A method of observing a physical space through live recording, often fed back to a secure location for review, such as CCTV cameras. Physical Security Measures Pros & Cons Advantages It can deter attackers by visually seeing the prevention methods. It prevents access to actual physical locations containing data & the theft of these devices. Disadvantages It can be very expensive to initially install. It can require quite a bit of specialist equipment. Internal threats will be able to bypass physical security measures very easily in many cases. Levels of Access This involves separating logged-in individuals into user groups, with each group assigned specific permissions for accessing files and software and for performing specific functions. For example, in most organisations, only IT admin staff can install software; regular users cannot. This helps prevent the spread of malware. It’s important that users are assigned the correct settings. Businesses should work to the “principle of least privilege”. This means that users can only access and do exactly what they need to perform their job role. Levels of Access Pros & Cons Advantages It reduces the impact of a security breach, as the access will be restricted to certain files & features. It reduces the likelihood of occurring and damage caused by human error. Disadvantages It doesn’t actually prevent access to data; it only limits the damage that can be caused during an incident. It may restrict the user’s ability to do their job by limiting their access to files & features. Passwords This is a secret string of characters used to secure and control access to a company’s system. This is the most common method of ensuring that only authorised users can view system content. Password complexity is important in ensuring this is an effective security method. Good passwords should: Be a minimum of 8 characters. Contain uppercase & lowercase letters, numbers & symbols. Not be reused on multiple different systems. Not contain dictionary words or names (preferably it should be a random mix of characters). Passwords Pros & Cons Advantages It actually prevents access to user accounts on computer systems, rather than just limiting impact. It’s simple and easy to set up for both the system admin and the user, and it’s also cheap to set up. Disadvantages It relies on the end user setting their password with a good level of complexity & not revealing it to others. It can be hard to remember a variety of different complex passwords. Biometrics This is a method of verifying the identity of a user through the use of unique physical characteristics. Retina (eye) scans, fingerprint identification, voice analysis and facial recognition are a few examples of common biometrics. This can be used as a method of authenticating access to a computer system. For example, you’ll commonly see fingerprint identification on smartphones. However, it can also be used as part of physical access security in place of keys & swipe cards. Biometrics Pros & Cons Advantages It can save time, as users do not have to remember and enter a security string. Users have accountability for their actions, as a physical trait cannot be stolen. Disadvantages It can be expensive to initially purchase and install due to its speciality. Physical traits are not changeable, so if compromised in a breach, they cannot be reset. Two-Factor Authentication This is a form of authentication that reduces the vulnerabilities of standard passwords by adding a second authentication challenge. After entering a password, a user may be expected to use a method such as a: Biometric scanner Unique one-time code Security token or swipe card Security question (e.g. what was your first pet?). This means that an attacker would not only need to compromise your password, but also a second system to hack your system. Two-Factor Authentication Pros & Cons Advantages It’s much more secure, as two different methods of authentication would need to be compromised to gain access to a system. It’s still very cheap to implement as the 2nd-factor authentication can rely on existing systems, like email or employee smartphones. Disadvantages Logging into a system may take a lot longer, which will be frustrating and affect the productivity of employees. If you don’t have access to the second authentication method (e.g. your smartphone), then you can’t log in. Lesson Summary Physical security measures can be essential in preventing outside threats through physical means (i.e. locks or surveillance). System users can be split into user groups with varying permissions to control access levels and prevent abuse of power. Passwords are used as a method of verifying an individual’s identity and preventing unauthorised access. Biometrics examine and analyse physical characteristics in order to verify the identity of a user (e.g. retina scans, fingerprint identification, voice analysis). Two-factor authentication introduces a secondary challenge (after a password has been verified) to further confirm a user’s identity. Copyright © 2024 KnowItAllNinja.com This presentation and its associated worksheets are protected by copyright and are licenced for resale by KnowItAllNinja.com. No part of these publications may be reproduced, distributed, or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without the prior written permission of KnowItAllNinja.com, except as per the terms of use. Terms of Use By purchasing and downloading these resources you are entering a licence agreement that allows for you to share these resources with members of a single educational institution. They must not be shared with or used by any third-party outside of the institution in any form. Data Level Protection 1 Effective Digital Working Practices Introduction Data level protection is software and hardware techniques designed specifically to protect data from theft, damage & corruption. Both software and hardware techniques can be applied to digital systems to protect data. All companies that hold any type of data should implement some form of data-level protection. In this lesson, we’ll learn about: 1. Firewalls 2. Anti-virus software 3. Interface design Firewalls Firewalls monitor incoming and outgoing network traffic and blocks suspicious packets based on a set of security rules. A firewall can be a hardware device installed between external and internal networks to protect against external cyber threats or viruses. Most commonly this would be between the Internet and the businesses’ LAN. It can also be a software program installed on a computer. This performs the same packet filtering as a hardware firewall but protects individual devices rather than the whole network. However, it also has additional features, such as filtering network traffic to and from software applications. Most businesses will use both a hardware firewall and software firewalls installed on each individual device. Firewall Pros & Cons Advantages It prevents external attackers from gaining access to your computer system by blocking their attempts. Software firewalls are usually very cheap to install and set up. Most operating systems include them built-in. Disadvantages Firewalls can be restrictive, preventing employees from performing legitimate activities, like visiting certain websites. Software firewalls take up resources and slow computer & network performance. Hardware firewalls could slow internet speed. Anti-Virus Software Antivirus software is used to scan for and remove malware from a computer, server, or mobile device. Antivirus software often has a real-time protection feature that scans all data coming into a system and all files and folders as they are executed. This helps prevent malware from ever infecting your system. Anti-viruses usually use virus signatures (a unique data pattern for each virus) to detect malicious programs, which are subsequently removed. This is known as “signature detection”. It can also use “heuristic detection”, which monitors the behaviour of your computer and spots anything that is behaving like a virus. Anti-Virus Software Pros & Cons Advantages It prevents all forms of malware from ever infecting your computer system. It’s usually reasonably affordable and relatively simple to set up. Disadvantages It must be regularly maintained and updated. Otherwise, it won’t detect some malware. Running a scan can be resource-intensive and lead to your computer running slowly. Interface Design Software interface design is usually based on assisting user accessibility and ease of use. However, it is sometimes given additional features to enhance security. Some of these features include: Obscuring data entry Autocomplete “Stay logged in” Let’s look at each of these features in more detail. Interface Design Obscuring Data Entry Reduces shoulder surfing or accidental password sharing by replacing entered data with a special character (often a * or ). Autocomplete Completes user data entry automatically rather than typing it in. This can prevent spyware keylogging your password, but generally is a security threat as attackers won’t need to know your details as the system will enter for you. “Stay Logged In” It allows users to remain logged in, even after leaving the site. This can also prevent spyware from keylogging your password, but it could also allow anyone who has access to your computer to access your systems as they’ll be already logged in. Interface Design Pros & Cons Advantages Good design can reduce the need for overly stringent security measures. Disadvantages Focusing on security may sometimes worsen ease-of-use & accessibility. Lesson Summary Firewalls are responsible for monitoring network traffic and blocking suspicious packets based on a set of security rules. Hardware firewalls are physical devices that sit between your network and the Internet, while software firewalls are installed on individual devices. Anti-virus software scans for and removes viruses from a system by identifying unique virus signatures. Real-time protection can prevent viruses from ever infecting your system. Some software design is built around improving security, this includes adding features such as hidden data entry. Features like autocomplete and “stay logged in” can have positive and negative effects on security. Copyright © 2024 KnowItAllNinja.com This presentation and its associated worksheets are protected by copyright and are licenced for resale by KnowItAllNinja.com. No part of these publications may be reproduced, distributed, or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without the prior written permission of KnowItAllNinja.com, except as per the terms of use. Terms of Use By purchasing and downloading these resources you are entering a licence agreement that allows for you to share these resources with members of a single educational institution. They must not be shared with or used by any third-party outside of the institution in any form. Data Level Protection 2 & Finding Weaknesses Effective Digital Working Practices Introduction In the previous lesson, we learned how firewalls, anti-virus software, and interface design can prevent security threats. Other methods, though, include backups and encryption. To ensure all these methods effectively protect our data, some companies will go as far as to invest in weakness-finding services. In this lesson, we’ll learn about: 1. Backup 2. Encryption 3. Finding weaknesses in a business’s security system Backup It is critical to back up data in any kind of computer system. This way, if data is lost, we can recover it and protect ourselves from harm. Backups aren’t something you make once and then forget, though. You should take regular backups. How regular your backup should be depends on your business. For some, a weekly backup is fine, as they don’t do much business daily. Others might need hourly backups, though. Generally, daily backups are common. Backups should also be stored in a remote location. This means they’re stored somewhere other than where the original data is. This way, your backup won't be affected if your building burned down or flooded. It’s common to use cloud storage for remote backups. Backup Pros & Cons Advantages It prevents losing critical data from a range of possible risks. Well-managed backups reduce the potential maximum downtime of a system following an incident. Disadvantages It can be extremely costly to implement backups with lots of data. Large backups will take considerable resources to make, and your computer performance may be very slow during it. Encryption This is the process of converting plain-text data into an encoded form known as ciphertext. This ciphertext is unreadable until it is decrypted. We encrypt data using an encryption algorithm and an encryption key. The algorithm is the process performed to convert the data into the ciphertext. The key is a unique string that is applied to the algorithm to ensure the encryption output is unique (so someone using the same algorithm but a different key will get a different ciphertext output). We most commonly think of encryption when we are transmitting data, such as when we send our bank details to an online shopping website over the internet. However, we sometimes encrypt stored data, too. Encryption Stored Data We can encrypt individual files or an entire drive. This way, we can only view the data if we have the decryption key. Even if a device is stolen, you can be sure the data is safe. Websites that store users' passwords encrypt them, so even if their database is hacked, users' passwords will still be safe. Transmitted Data When files are transmitted over the Internet, they can be intercepted by malicious users and read. This is why we encrypt transmitted data; if it is stolen during transmission, the thieves will only receive the ciphertext, which they can’t understand. Websites with HTTPS in the title use SSL encryption, so you know the data going between your computer and the server is secure. Encryption Pros & Cons Advantages Ensures data is safe even when being transmitted over a public network like the internet. Disadvantages If you lose the decryption key then you’ll never be able to decrypt your data and view it. Finding Weaknesses Any weakness in a computer system will expose a business to security vulnerabilities and potential attacks. Many organisations will invest in weakness-finding services to identify these weaknesses and advise on preventative methods. Some of the methods used to identify weaknesses include: Ethical hacking Penetration testing Analysis of system data/behaviours Let’s look at each of these methods in more detail. Ethical Hacking An ethical hacker is an individual or group who purposefully uses techniques such as penetration testing & social engineering to identify weaknesses in a system to help prevent future malicious attacks. There are two common forms of ethical hacking: White-hat hacking Grey-hat hacking. Let’s look at each of these forms of ethical hacking in more detail. Ethical Hacking White-Hat Hacking This is an individual who has been invited by a system’s owner to identify exploits/vulnerabilities and suggest improvements to cybersecurity measures. They will not violate any ethical boundaries and will stay within the law while doing so. They will not release this information publicly, which could damage the business’s reputation. Grey-Hat Hacking This is an individual who finds and reports an exploit/vulnerability they have found in a system or application but has not been explicitly asked to do so by its owner. They will then usually report this to the organisation, often receiving a “bounty” for doing so. Sometimes, grey-hat hackers will publicly reveal a vulnerability if the company doesn’t fix it. Penetration Testing This is a process used by cybersecurity professionals in order to identify security vulnerabilities in a computer system. This can involve techniques like: Port scanning Vulnerability scanners Packet sniffers The goal is to identify weak points such as open network ports, coding flaws, out-of-date software & missing encryption. Analysis of System Data / Behaviours The process of observing a system’s data and its users’ actions to assess whether the data is being held securely and whether it can be accessed in some way. This might identify a weakness, such as users taking confidential data out of the business to work at home. This allows us to identify internal threats to a business that we cannot easily protect ourselves from through technical means, such as human error. Finding Weaknesses Pros & Cons Advantages Gives you confidence that the security measures you have in place are effective in protecting your data. Disadvantages It can be a very expensive and time consuming process to perform. Especially in large businesses. Lesson Summary Having frequent backups is important so you can recover data if it is ever lost. Backups should be kept in a remote location. Encryption refers to the process of encoding plain-text information with an encryption key. Ethical hacking is the process of utilising techniques in order to gain access to a system with ethical intent. The most common forms of ethical hacking are white-hat hacking and grey-hat hacking. Penetration testing is a specific technique used to identify exploits in a system and is commonly used in ethical hacking. Analysis of system data/behaviours involves overserving system data and user actions to see if poor practices are being followed. Copyright © 2024 KnowItAllNinja.com This presentation and its associated worksheets are protected by copyright and are licenced for resale by KnowItAllNinja.com. No part of these publications may be reproduced, distributed, or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without the prior written permission of KnowItAllNinja.com, except as per the terms of use. Terms of Use By purchasing and downloading these resources you are entering a licence agreement that allows for you to share these resources with members of a single educational institution. They must not be shared with or used by any third-party outside of the institution in any form. Defining Responsibilities & Parameters Effective Digital Working Practices Introduction Organisations use policies and procedures to ensure legal compliance and clarify employee responsibilities. One area where we need well-defined policies is to protect ourselves from the impacts of a cybersecurity incident. These policies will define responsibilities, protection measures, and response protocols for when incidents occur. In this lesson, we’ll learn about: 1. Defining responsibilities 2. Defining security parameters Defining Responsibilities Companies assign specific roles to IT staff or management to implement and maintain cybersecurity policies. This allows for accountability and ensures staff are constantly aware of the actions they need to take. Aspects of the responsibilities that are assigned include: Who is responsible for what How to report concerns Reporting to staff/employees Let’s look at each of these in more detail. Defining Responsibilities Who is Responsible For What A member of the IT staff or management will decide what policies must be implemented. It’s important that specific employees, usually members of the IT staff, are assigned responsibilities for implementing these cybersecurity policies. How to Report Concerns There should be a defined person that staff contact if they have a concern over a possible issue. This is commonly the individual(s) responsible for implementing and maintaining the policy. Reporting to Staff/Employees Security policies are only secure if staff are aware of the policy & its procedures. There should be someone responsible for making staff aware and training them on following the policies put in place. Defining Security Parameters Security parameters work in conjunction with modern technologies to create a system with better overall security. Your cybersecurity policies will define security parameters that must be implemented and maintained to protect the business from harm caused by an incident. These parameters might include: Password policy Acceptable software policy Acceptable use policy Device hardening parameters Let’s look at each of these policies in more detail. Password Policy The password policy defines a set of instructions for employees regarding the rules they must follow when setting and protecting their passwords. This helps prevent attackers from gaining unauthorised access through cracking passwords or stealing data. A password policy will consider: The don’ts of password creation The dos of password creation Protection of passwords Let’s look at each of these in more detail. Password Policy The Don’ts of Password Creation A password must not be guessable; it must, therefore, NOT contain personal information such as common words, memorable phrases, or dictionary words. Also, you should not use the same password on multiple systems. The Dos of Password Creation A good password is at least 8 characters long and contains a variety of upper-case and lowercase letters, numbers, and special characters. Protection of Passwords Passwords must be stored in a secure database. They must be changed regularly or immediately if generated automatically. It is important that passwords are never shared or written down somewhere. Acceptable Software Policy An acceptable software policy controls and restricts software installation on a system. It helps IT staff prevent employees from accidentally downloading unauthorised material that may contain malware or conflict with current / older software and hardware. IT staff can enforce the policy by configuring an employee’s access rights to block installation. Employees can be punished for breaching the acceptable software policy, this may include a warning, suspension, or restriction from using the IT systems, depending on the situation. Acceptable Software Policy However, this will also usually mean employees are unable to install any software without the permission of IT staff. To install a new piece of software, employees must request software they need installed to IT staff, who will consider their request and ensure the software is fit to run on the system. This can take several months which will harm productivity. Acceptable Use Policy An acceptable use policy defines what a user can and cannot do on a company’s IT systems. The purpose of this policy is partially to prevent employees from wasting time, such as by playing video games or using their personal email during company time. However, another major reason behind it is to keep company IT systems safe from threats. Typically, this will involve a series of dos and don’ts that all employees must agree to when using a company IT system. Acceptable Use Policy Some examples of dos and don’ts you might see include: Don’t create, view or transmit any offensive, obscene or indecent images, data or other material. Don’t create, view or transmit any material that infringes the copyright of another person. Don’t gain deliberate unauthorised access to company facilities or services. Don’t examine, change, or use another person’s files, output, or user name or password. Don’t corrupt or destroy other users’ data. Don’t violate the privacy of other users. Device Hardening Parameters We’ve learnt previously that device hardening is the implementation of technologies to protect a system’s data from harm. Our cybersecurity policies define device hardening parameters, including technologies to implement and their configurations and maintenance. If implemented and enforced, it will go a long way toward protecting our systems from all kinds of cybersecurity threats. Let’s look at a few example parameters we can set to harden our devices. Device Hardening Parameters Antivirus software must be installed on all IT systems. Virus definitions must be updated every evening at 10 p.m., and a full scan of all storage devices must be performed at 11 p.m. A hardware firewall must be installed between the company LAN and the Internet. The firewall must be configured to block all ports except ports 53, 443, and 80. Full backups of company data must be performed every Sunday at 1 a.m. Incremental backups of changes will be made every day at 11 p.m. and stored on the remote backup server. Lesson Summary Policies help to ensure companies comply with laws and regulations. Defining responsibilities is key, including who is responsible for what, how to report concerns, and how to report to staff/employees. Security parameters work alongside security technologies to protect our data. The password policy outlines how employees should create passwords and how passwords should be protected. The acceptable software policy limits the software that can be installed on a system; this will sometimes include updates. The acceptable use policy defines what a user can and cannot do on a company’s IT systems. Device hardening parameters define what technologies should be Copyright © 2024 KnowItAllNinja.com This presentation and its associated worksheets are protected by copyright and are licenced for resale by KnowItAllNinja.com. No part of these publications may be reproduced, distributed, or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without the prior written permission of KnowItAllNinja.com, except as per the terms of use. Terms of Use By purchasing and downloading these resources you are entering a licence agreement that allows for you to share these resources with members of a single educational institution. They must not be shared with or used by any third-party outside of the institution in any form. Disaster Recovery Effective Digital Working Practices Introduction No matter how careful you are, there is always a chance you will be affected by an incident that affects your data. This is why organisations will always have a disaster recovery policy. This policy puts in place the process a business should follow so that a company is prepared for and can respond to a disaster once it has occurred. In this lesson, we’ll learn about: 1. Disaster recovery policies 2. Actions to take after an attack Disaster Recovery Policies A disaster recovery policy ensures an organisation’s readiness to respond to a disaster. By keeping a detailed, well-documented plan, normal business service can be resumed as soon as possible. Disaster recovery is effective in the event of all kinds of incidents that may harm business data, including: Data loss (theft, internal threats or human error) Environmental threats (natural disasters, fires, floods) Hardware failure Cybersecurity attacks The next slide shows an example of the different considerations that need to be considered in a disaster recovery plan. Disaster Recovery Policies Who is Responsible for What The policy will define the responsibility of different staff in preparing for and responding to a disaster. This ensures accountability if something isn’t completed correctly and reduces confusion about who should be doing what. Dos and Don’ts for Staff The policy will define the procedures that staff members should follow and what they should not do, in the event of a disaster. This might be to tell staff that they should report an incident immediately to the incident response lead. Disaster Recovery Policies Defining the Backup Process The policy will define what data will be backed up, how often it will be backed up, when it will be backed up and where it will be backed up. These will depend on the business. For some, weekly backups on Sunday evening are fine. But for others, that will be nowhere near often enough. Timeline for Data Recovery The policy will define the priority systems that need to be restored as soon as possible and show the timeline for how long it can take to recover each system, indicating the order in which we should target recovery after a disaster. Disaster Recovery Policies Location for Alternative Provision The policy will likely define where additional hardware, software & personnel are available to continue business operations while the main site is recovered. Many businesses will pay for a “hot site” where they can instantly switch business operations over to after a disaster. Actions to Take After an Attack Employees must be aware of the actions they should take following an attack so that the organisation can resume its functionality as soon as possible and minimise potential damage. A business will normally take the following steps: Investigate Respond Manage Recover Analyse Let’s look at each of these steps in more detail. Actions to Take After an Attack Investigate Investigate the attributes of an attack to determine a response. Identify the timing and reason for the attack, the type of attack, and the impact on the organisation's core services. Establish the severity of the attack, which can be used to decide the level of response required. Respond Inform the relevant stakeholders (e.g. customers, employees & suppliers), as well as relevant authorities (e.g. the police). It is especially important to inform customers, as a data breach will require action from their end (i.e. changing their password). It’s also a legal requirement and if not done, could lead to massive fines. Actions to Take After an Attack Manage Isolate & contain the attack to prevent it from causing further damage. Target the problem, using appropriate measures to resume services where appropriate (e.g. using a firewall to block malicious traffic). Recover Implement the disaster recovery policy to correct any damage caused by the incident (e.g., restore the most recent backup). This may involve establishing new plans to prevent similar attacks in the future. Actions to Take After an Attack Analyse Work with employees to establish information about the attack to help prevent future threats. Analyse why, how, who and the lessons learned to assess what changes can be made. Update policies and procedures as a result of this analysis. Lesson Summary Disaster recovery policies help organisations to resume function following a disaster. It covers who is responsible for what, dos and don’ts for staff, defining the backup process, timeline for data recovery, and location of alternative provision. Following an attack, there are five actions to take: Investigate Respond Manage Recover Analyse Copyright © 2024 KnowItAllNinja.com This presentation and its associated worksheets are protected by copyright and are licenced for resale by KnowItAllNinja.com. No part of these publications may be reproduced, distributed, or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without the prior written permission of KnowItAllNinja.com, except as per the terms of use. Terms of Use By purchasing and downloading these resources you are entering a licence agreement that allows for you to share these resources with members of a single educational institution. They must not be shared with or used by any third-party outside of the institution in any form.