Why Systems Are Attacked PDF

Summary

This presentation discusses the motivations behind cyber-attacks, such as financial gain, industrial espionage, and personal vendettas. It also describes the various impacts a security breach can have on a business, including data loss, damage to reputation, financial loss, and legal repercussions.

Full Transcript

Why Systems are Attacked
Effective Digital Working Practices
Introduction
Organisations use digital systems every day to carry out tasks,
store data, and manage operations vital to the company.

When these systems are attacked, this will have a negative impact
on the business. There are many different reasons why they are
attacked, though.

In this lesson, we’ll learn about:

1. The reasons why systems are the target of cyber-attacks.

2. The impact that a security breach can have on an
organisation.
Reasons Why Systems are
Attacked
There are many reasons why systems are attacked, and they are
not always for financial gain.

Sometimes, attacks are purely for making mischief or due to a
personal vendetta.

The most common reasons for an attack include:

Fun/challenge

Industrial espionage

Financial gain

Personal attack

Disruption

Data/information theft

Let’s look at each of these reasons in more detail.
Reasons Why Systems are
Attacked
Fun/Challenge

Some attackers gain unauthorised access to systems for the
purpose of amusement or challenge.

Attacking a system for this purpose can allow individuals to gain
experience for future cyber-attacks, overcome personal goals of
‘beating’ an organisation’s cybersecurity measures, or, in some
cases, gain kudos from their peers or a community.

Industrial Espionage

Cyber-attacks may be perpetrated on specific targets to steal
unique sensitive information (quite often intellectual property)
from a rival business.

This data can then be used to aid those carrying out the attack to
be one step ahead of the rival, such as releasing a proprietary
product before the original organisation can.
Reasons Why Systems are
Attacked
Financial Gain

Often, an attack will be motivated by money as the end goal.

This could be direct gain, where the attacker directly steals
money/information during the attack, which will lead to profit.

Or it could be indirect gain, for example, extortion, where
attackers may use ransomware or denial-of-service attacks to
threaten an organisation into paying them to end the attack.

Personal Attack

On occasion, the motivation for attacks can be personal. For
example, an individual may be targeted based on their
beliefs/opinions, or organisations may receive attacks from
employees who feel they have been mistreated.
Reasons Why Systems are
Attacked
Disruption

Attacks may occur with the primary purpose of disrupting an
organisation’s service. This may be to benefit financially or in
business, but is often for personal, political, or social reasons.

Common forms of attacks that cause disruption include denial of
service attacks and website defacement.

Data/Information Theft

Attacks may occur for the purpose of stealing data. Often, this is
customer, personal or financial data stored by the company.

Stolen data can then be used by the attackers for identity and
bank fraud purposes, such as purchasing items using the
customer’s credit card details.
The Impact of a Security
Breach
Most attacks are perpetrated with a specific impact on the
business in mind.

It is important to understand the impact that a security breach
can have so we are aware of how best to reduce its effect.

These impacts include:

Data loss

Damage to public image

Financial loss

Reduction in productivity

Downtime

Legal action

Let’s look at each of these impacts in more detail.
The Impact of a Security
Breach
Data Loss

This could either be due to data theft, or data which has been
deleted/corrupted as a result of a malicious payload (e.g. virus).

Damage to Public Image

Attacks may cause customers to view an organisation more
negatively and indirectly cause loss of customers, public panic, or
political statements.

Financial Loss

Businesses may lose money, such as from the theft of banking
details, a loss in profit after the attack because of damage to the
public image, data loss, and industrial espionage, to name a few
examples.
The Impact of a Security
Breach
Reduction in Productivity

Attacks such as data theft and denial of service attacks prevent a
business from performing its daily operations.

Downtime

An attack may cause the system to fail and go down completely,
often because a malicious payload is so disruptive that the service
must be shut down manually or because an attack takes the
servers offline directly.

Legal Action

Organisations are legally obliged to ensure that individuals’ data is
secure and not misused. If data is harmed during an attack, then
the organisation may be liable to huge fines under the Data
Protection Act (2018).
Lesson Summary
IT systems are subjected to cyber-attacks motivated by fun,
industrial espionage, financial gain, personal vendetta, disruption,
and data theft.

These attacks lead to data loss, damage to public image, financial
loss, reduced productivity, downtime, and potential legal action.
Copyright © 2024 KnowItAllNinja.com

This presentation and its associated worksheets are protected by copyright and are licenced for
resale by KnowItAllNinja.com. No part of these publications may be reproduced, distributed, or
transmitted in any form or by any means, including photocopying, recording, or other electronic
or mechanical methods, without the prior written permission of KnowItAllNinja.com, except as
per the terms of use.

Terms of Use
By purchasing and downloading these resources you are entering a licence agreement that
allows for you to share these resources with members of a single educational institution. They
must not be shared with or used by any third-party outside of the institution in any form.
External Threats
Effective Digital Working Practices
Introduction
External cybersecurity threats come from outside an organization
and aim to steal data, disrupt systems, or cause harm.

These threats include hacking, phishing, malware, and DDoS
attacks.

Protecting against them is crucial for keeping information safe
and systems secure.

In this lesson, we’ll learn about:

1. Social engineering threats

2. Malware

3. Unauthorised Access/Hacking

4. Denial of service attacks

5. Pharming

6. Man-in-the-middle attacks.
Social Engineering Threats
Social engineering allows attackers to access a system without
using technical hacking techniques.

Instead, it uses human psychology and social techniques to
manipulate individuals into handing over private information.

Social engineering doesn’t even need to involve technology; it can
be done face-to-face, by letter, or over the phone.

Two common examples of social engineering are:

Phishing

Shoulder surfing

Let’s look at each of these in more detail.
Social Engineering Threats
Phishing

This usually takes place via an email or phone service and involves
an electronic message being sent to an individual containing
some form of request (often to click a link or return information).

The attacker usually pretends to be a legitimate business.

The goal is to either get the victim to reveal information, such as
login or bank details, or to infect their device with a virus that will
allow for data to be stolen later.

Shoulder Surfing

The process of observing an individual in a physical location to
obtain information, such as looking over someone’s shoulder.

This technique can be used to gain information such as pin
numbers or passwords.
Malware
Malware stands for malicious software and covers a variety of
computer programs that perform attacks on a system.

We often use the term “virus” interchangeably with “malware”, but
in reality, a virus is only one form of malware.

Some of the most common examples of malware are:

Viruses Ransomware

Worms Botnets

Trojans Rootkits

Spyware

Let’s look at each of these in more detail.
Malware
Virus

A malicious program that harms the operation of a computer
system, such as by deleting files.

As the name suggests, viruses spread from computer to
computer, attached to a legitimate piece of software or file.

Worm

Similar to viruses, except they do not require the need to attach
themselves to programs/files. Instead, once on your system, it
copies itself and spreads on its own via an internet/network
connection.
Malware
Trojan

Malicious code disguised as a legitimate piece of software but
containing a harmful payload.

Users will download and install the program thinking it will
provide a legitimate function, but behind the scenes, it is causing
damage, such as installing keyloggers, adding you to a botnet, or
deleting data.

Spyware

Gains access to the system and works in the background to
monitor a user’s actions (keylogging for a password, downloading
files, etc.).

This information is then commonly used for further attacks or as
part of identity/bank fraud.
Malware
Ransomware

This refers to malicious software that infects computer systems
and secretly encrypts local files. It then asks for a fee or other
demand to unlock and decrypt the data.

Botnets

This is a number of connected computers co-ordinated together
to carry out an often-repetitive task. Any computer can become a
botnet if exposed to a form of malicious code.

If your computer is added to a botnet, it can then be used as part
of a ‘web’ or ‘network’ of computers to carry out an attack (i.e. a
DDOS attack).
Malware
Rootkit

This is a type of malware that hides on your computer and allows
a malicious user to remotely access and control it. They could then
change security settings to gain access later, install malware to
steal data and much more.
Unauthorised Access/Hacking
This is where an individual gains access to a system without the
permission of the system owner/administrator.

Hacking doesn’t necessarily involve any clever technical skills and
often results from the social engineering techniques we’ve
examined previously.

However, it could be through other methods like brute force
attacks.

A brute force attack is when an attacker loops through a
dictionary of known passwords or lists of ordinary words and then
tries all of them or combinations of them to identify a password.

This can be done manually by typing in various passwords, but it
is usually performed by programs that automatically try various
passwords until access is gained.

A malicious individual who gains access to a system without the
Denial of Service Attacks
A denial-of-service attack is when a hacker maliciously floods a
server with thousands of fake requests. Often this can be HTTP
requests made to a web server.

If this happens, the server will attempt to deal with all of them,
but due to the sheer number of requests, it will slow down.

This means it could take too long for a request to be dealt with,
leading to the connection timing out. Eventually, this can lead to
the server crashing from being overwhelmed.

If an attack comes from one device, it is a Denial of Service (DOS)
Attack.

If it comes from thousands of computers, it is a Distributed Denial
of Service (DDOS) Attack.
Denial of Service Attacks

Figure 1 – An illustration of a DDOS attack.
Pharming
This is a form of cyber attack where individuals using the web are
redirected to an alternative “fake” website instead, without their
knowledge.

The user will type in the URL for the website they want to visit, but
when they submit it, they are taken to a different website.

There are two common ways this might occur.

The first is via infecting the user with malware that will redirect the
user to the fake website.

The second is via “DNS poisoning”. DNS is the “Domain Name
System”, and it is responsible for converting the URL you type into
your browser into the actual IP address of the website’s server.
Pharming

Figure 2 – An illustration of how DNS works.
Pharming
You can see websites aren’t accessed via their URL but rather their
IP address, which DNS looks up when you type a URL in.

However, DNS poisoning involves an attacker modifying the DNS
server so that it returns a different IP address for the URL you
enter. This then takes you to the fake website.

Typically, a fake website is designed to trick you into revealing
private information (such as by pretending to be your bank’s
website) or infect your computer with malware.
Man-in-the-Middle Attacks
It is possible for an attacker to intercept data while it is being
transmitted over a network.

When a cybercriminal inserts themselves into the middle of a
communication so that they can eavesdrop on the data being
transmitted, this is known as a Man-in-the-Middle attack.

A simple example of this involves the use of a program called a
packet sniffer.

Using a packet sniffer would allow someone to read data
transmitted over a network, even if it wasn’t addressed to their
device.

This is one of the biggest reasons why Wi-Fi encryption is so
important.
Man-in-the-Middle Attacks
Another example is by using a rogue access point.

This is where an attacker sets up their own wireless access point
and tricks users into connecting to it. Then, the attacker will be
able to steal all data passing through their access point.

A simple example of how this could work is shown in figure 3
below.

Figure 3 – An illustration of a rogue access point man-in-the-middle attack.
Lesson Summary
Phishing is when an attacker tricks the target into clicking a link or
downloading a file.

Shoulder surfing involves physically observing individuals to
obtain information.

Malware stands for malicious software and covers a variety of
computer programs that perform attacks on a system.

Hacking is the unauthorised access to a computer system.

Denial of service attacks are used to slow a system or take it
offline using excessive malicious traffic.

Pharming involves misdirecting users to a fraudulent/fake website
without the individual’s knowledge.

A man-in-the-middle attack is where an individual with malicious
intent inserts themselves into the middle of communication.
Copyright © 2024 KnowItAllNinja.com

This presentation and its associated worksheets are protected by copyright and are licenced for
resale by KnowItAllNinja.com. No part of these publications may be reproduced, distributed, or
transmitted in any form or by any means, including photocopying, recording, or other electronic
or mechanical methods, without the prior written permission of KnowItAllNinja.com, except as
per the terms of use.

Terms of Use
By purchasing and downloading these resources you are entering a licence agreement that
allows for you to share these resources with members of a single educational institution. They
must not be shared with or used by any third-party outside of the institution in any form.
Internal Threats
Effective Digital Working Practices
Introduction
Internal threats refer to vulnerabilities that come from within the
organisation itself. In most cases, these are employees who seek
to damage an organisation’s systems and/or data.

Not all internal threats are purposeful, though. Through trickery
or human error, employees can sometimes accidentally expose or
harm data.

In this lesson, we’ll learn about:

1. Stealing/leaking information

2. Overriding security controls

3. Unintentional disclosure of data

4. Using portable storage

5. Internet downloads

6. Visiting untrustworthy sites
Intentional Stealing or Leaking
of Information
Employees with access to sensitive information might steal,
delete, or leak this data for various reasons.

Some might feel mistreated by the organisation, leading them to
act out of spite.

Financial gain is another motivator, with individuals leaking data
to competitors or selling it.

Whistleblowing, where employees expose illegal or unethical
practices by leaking sensitive data, is also a common scenario.

These actions can severely damage the organisation’s reputation,
financial standing, and operational integrity.
Users Overriding Security
Controls
Certain employees have extensive access to the company’s files,
data, and software to perform their daily tasks.

These individuals might change security software settings or
configurations, such as firewalls and antivirus programs, to allow
unauthorised access.

This can enable third-party attackers to infiltrate the system,
leading to data breaches, loss of sensitive information, and
potential legal repercussions.

The misuse of administrative privileges by trusted employees
poses a significant risk to the organisation's security levels.
Unintentional Disclosure of
Data
Data can sometimes be disclosed to external parties without
malicious intent.

For instance, through phishing schemes, employees might
unknowingly provide sensitive information to individuals posing
as colleagues or managers.

Such unintentional disclosures can result in the leakage of
confidential information, financial loss, and damage to the
organization's credibility.

Continuous training and awareness programs are essential to
minimize these risks and educate employees about potential
threats.
Use of Portable Storage
Devices
Portable storage devices, like USB drives and external hard drives,
are common tools for data transfer in the workplace.

However, these devices can inadvertently introduce malware into
the organization's systems.

An infected file transferred via a portable device can compromise
network security, leading to data corruption or unauthorised
access.

Establishing strict policies and regular scanning of these devices
can help reduce the risks associated with their use.
Downloads from the Internet
Internet downloads are a frequent source of malware.

Employees might unknowingly download malicious files from
emails or websites, which can then infect the company’s systems.

This can lead to significant data loss, operational disruptions, and
financial damage.

Implementing robust email filtering, endpoint protection, and
employee training can reduce the likelihood of malware infections
through internet downloads.
Visiting Untrustworthy
Websites
Employees visiting dubious websites can expose the
organisation's network to various threats.

Such sites might host malware or phishing schemes that can
compromise the employee’s computer and, by extension, the
entire network.

Simply accessing these sites can lead to infections or
unauthorised data access.

Enforcing strict browsing policies and using web filtering
technologies can help protect against these risks.
Lesson Summary
Employees with access to sensitive information might steal,
delete, or leak this data for various reasons.

Individuals might change security software settings, such as
firewalls and antivirus programs, to allow unauthorised access.

Data can sometimes be disclosed to external parties without
malicious intent.

Portable storage devices can inadvertently introduce malware into
the organisation's systems.

Employees might unknowingly download malicious files from
emails or websites, which can then infect the company’s systems.

Employees visiting dubious websites can expose the
organisation's network to various threats.
Copyright © 2024 KnowItAllNinja.com

This presentation and its associated worksheets are protected by copyright and are licenced for
resale by KnowItAllNinja.com. No part of these publications may be reproduced, distributed, or
transmitted in any form or by any means, including photocopying, recording, or other electronic
or mechanical methods, without the prior written permission of KnowItAllNinja.com, except as
per the terms of use.

Terms of Use
By purchasing and downloading these resources you are entering a licence agreement that
allows for you to share these resources with members of a single educational institution. They
must not be shared with or used by any third-party outside of the institution in any form.
User Access Restrictions
Effective Digital Working Practices
Introduction
Businesses will implement physical and software-based
prevention methods to ensure system security.

These methods are especially vital when an organisation holds a
lot of sensitive data.

One of the main ways they will protect a system is by restricting
access to the physical computers and the data they store.

In this lesson, we’ll learn about:

1. Physical security measures

2. Levels of access

3. Passwords

4. Biometrics

5. Two-factor authentication
Physical Security Measures
This is securing a system’s data from threats through preventing
physical access to the IT systems. Commonly this can be
performed through:

Locks

Either electric or key-operated and requiring a unique
combination (e.g. passcode) or item (e.g. key or swipe card) to
bypass.

These can be on doors to access rooms, locks on cabinets
containing devices, or locks on devices themselves.

Surveillance

A method of observing a physical space through live recording,
often fed back to a secure location for review, such as CCTV
cameras.
Physical Security Measures
Pros & Cons
Advantages

It can deter attackers by visually seeing the prevention methods.

It prevents access to actual physical locations containing data &
the theft of these devices.

Disadvantages

It can be very expensive to initially install. It can require quite a bit
of specialist equipment.

Internal threats will be able to bypass physical security measures
very easily in many cases.
Levels of Access
This involves separating logged-in individuals into user groups,
with each group assigned specific permissions for accessing files
and software and for performing specific functions.

For example, in most organisations, only IT admin staff can install
software; regular users cannot. This helps prevent the spread of
malware.

It’s important that users are assigned the correct settings.

Businesses should work to the “principle of least privilege”. This
means that users can only access and do exactly what they need
to perform their job role.
Levels of Access
Pros & Cons
Advantages

It reduces the impact of a security breach, as the access will be
restricted to certain files & features.

It reduces the likelihood of occurring and damage caused by
human error.

Disadvantages

It doesn’t actually prevent access to data; it only limits the damage
that can be caused during an incident.

It may restrict the user’s ability to do their job by limiting their
access to files & features.
Passwords
This is a secret string of characters used to secure and control
access to a company’s system.

This is the most common method of ensuring that only authorised
users can view system content.

Password complexity is important in ensuring this is an effective
security method. Good passwords should:

Be a minimum of 8 characters.

Contain uppercase & lowercase letters, numbers & symbols.

Not be reused on multiple different systems.

Not contain dictionary words or names (preferably it should be
a random mix of characters).
Passwords
Pros & Cons
Advantages

It actually prevents access to user accounts on computer systems,
rather than just limiting impact.

It’s simple and easy to set up for both the system admin and the
user, and it’s also cheap to set up.

Disadvantages

It relies on the end user setting their password with a good level
of complexity & not revealing it to others.

It can be hard to remember a variety of different complex
passwords.
Biometrics
This is a method of verifying the identity of a user through the use
of unique physical characteristics.

Retina (eye) scans, fingerprint identification, voice analysis and
facial recognition are a few examples of common biometrics.

This can be used as a method of authenticating access to a
computer system.

For example, you’ll commonly see fingerprint identification on
smartphones.

However, it can also be used as part of physical access security in
place of keys & swipe cards.
Biometrics
Pros & Cons
Advantages

It can save time, as users do not have to remember and enter a
security string.

Users have accountability for their actions, as a physical trait
cannot be stolen.

Disadvantages

It can be expensive to initially purchase and install due to its
speciality.

Physical traits are not changeable, so if compromised in a breach,
they cannot be reset.
Two-Factor Authentication
This is a form of authentication that reduces the vulnerabilities of
standard passwords by adding a second authentication challenge.

After entering a password, a user may be expected to use a
method such as a:

Biometric scanner

Unique one-time code

Security token or swipe card

Security question (e.g. what was your first pet?).

This means that an attacker would not only need to compromise
your password, but also a second system to hack your system.
Two-Factor Authentication
Pros & Cons
Advantages

It’s much more secure, as two different methods of authentication
would need to be compromised to gain access to a system.

It’s still very cheap to implement as the 2nd-factor authentication
can rely on existing systems, like email or employee smartphones.

Disadvantages

Logging into a system may take a lot longer, which will be
frustrating and affect the productivity of employees.

If you don’t have access to the second authentication method (e.g.
your smartphone), then you can’t log in.
Lesson Summary
Physical security measures can be essential in preventing outside
threats through physical means (i.e. locks or surveillance).

System users can be split into user groups with varying
permissions to control access levels and prevent abuse of power.

Passwords are used as a method of verifying an individual’s
identity and preventing unauthorised access.

Biometrics examine and analyse physical characteristics in order
to verify the identity of a user (e.g. retina scans, fingerprint
identification, voice analysis).

Two-factor authentication introduces a secondary challenge (after
a password has been verified) to further confirm a user’s identity.
Copyright © 2024 KnowItAllNinja.com

This presentation and its associated worksheets are protected by copyright and are licenced for
resale by KnowItAllNinja.com. No part of these publications may be reproduced, distributed, or
transmitted in any form or by any means, including photocopying, recording, or other electronic
or mechanical methods, without the prior written permission of KnowItAllNinja.com, except as
per the terms of use.

Terms of Use
By purchasing and downloading these resources you are entering a licence agreement that
allows for you to share these resources with members of a single educational institution. They
must not be shared with or used by any third-party outside of the institution in any form.
Data Level Protection 1
Effective Digital Working Practices
Introduction
Data level protection is software and hardware techniques
designed specifically to protect data from theft, damage &
corruption.

Both software and hardware techniques can be applied to digital
systems to protect data. All companies that hold any type of data
should implement some form of data-level protection.

In this lesson, we’ll learn about:

1. Firewalls

2. Anti-virus software

3. Interface design
Firewalls
Firewalls monitor incoming and outgoing network traffic and
blocks suspicious packets based on a set of security rules.

A firewall can be a hardware device installed between external
and internal networks to protect against external cyber threats or
viruses. Most commonly this would be between the Internet and
the businesses’ LAN.

It can also be a software program installed on a computer. This
performs the same packet filtering as a hardware firewall but
protects individual devices rather than the whole network.

However, it also has additional features, such as filtering network
traffic to and from software applications.

Most businesses will use both a hardware firewall and software
firewalls installed on each individual device.
Firewall
Pros & Cons
Advantages

It prevents external attackers from gaining access to your
computer system by blocking their attempts.

Software firewalls are usually very cheap to install and set up.
Most operating systems include them built-in.

Disadvantages

Firewalls can be restrictive, preventing employees from
performing legitimate activities, like visiting certain websites.

Software firewalls take up resources and slow computer &
network performance. Hardware firewalls could slow internet
speed.
Anti-Virus Software
Antivirus software is used to scan for and remove malware from a
computer, server, or mobile device.

Antivirus software often has a real-time protection feature that
scans all data coming into a system and all files and folders as
they are executed.

This helps prevent malware from ever infecting your system.

Anti-viruses usually use virus signatures (a unique data pattern for
each virus) to detect malicious programs, which are subsequently
removed. This is known as “signature detection”.

It can also use “heuristic detection”, which monitors the behaviour
of your computer and spots anything that is behaving like a virus.
Anti-Virus Software
Pros & Cons
Advantages

It prevents all forms of malware from ever infecting your
computer system.

It’s usually reasonably affordable and relatively simple to set up.

Disadvantages

It must be regularly maintained and updated. Otherwise, it won’t
detect some malware.

Running a scan can be resource-intensive and lead to your
computer running slowly.
Interface Design
Software interface design is usually based on assisting user
accessibility and ease of use.

However, it is sometimes given additional features to enhance
security. Some of these features include:

Obscuring data entry

Autocomplete

“Stay logged in”

Let’s look at each of these features in more detail.
Interface Design
Obscuring Data Entry

Reduces shoulder surfing or accidental password sharing by
replacing entered data with a special character (often a * or ).

Autocomplete

Completes user data entry automatically rather than typing it in.
This can prevent spyware keylogging your password, but
generally is a security threat as attackers won’t need to know your
details as the system will enter for you.

“Stay Logged In”

It allows users to remain logged in, even after leaving the site.
This can also prevent spyware from keylogging your password,
but it could also allow anyone who has access to your computer to
access your systems as they’ll be already logged in.
Interface Design
Pros & Cons
Advantages

Good design can reduce the need for overly stringent security
measures.

Disadvantages

Focusing on security may sometimes worsen ease-of-use &
accessibility.
Lesson Summary
Firewalls are responsible for monitoring network traffic and
blocking suspicious packets based on a set of security rules.

Hardware firewalls are physical devices that sit between your
network and the Internet, while software firewalls are installed on
individual devices.

Anti-virus software scans for and removes viruses from a system
by identifying unique virus signatures.

Real-time protection can prevent viruses from ever infecting your
system.

Some software design is built around improving security, this
includes adding features such as hidden data entry.

Features like autocomplete and “stay logged in” can have positive
and negative effects on security.
Copyright © 2024 KnowItAllNinja.com

This presentation and its associated worksheets are protected by copyright and are licenced for
resale by KnowItAllNinja.com. No part of these publications may be reproduced, distributed, or
transmitted in any form or by any means, including photocopying, recording, or other electronic
or mechanical methods, without the prior written permission of KnowItAllNinja.com, except as
per the terms of use.

Terms of Use
By purchasing and downloading these resources you are entering a licence agreement that
allows for you to share these resources with members of a single educational institution. They
must not be shared with or used by any third-party outside of the institution in any form.
Data Level Protection 2 &
Finding Weaknesses
Effective Digital Working Practices
Introduction
In the previous lesson, we learned how firewalls, anti-virus
software, and interface design can prevent security threats. Other
methods, though, include backups and encryption.

To ensure all these methods effectively protect our data, some
companies will go as far as to invest in weakness-finding services.

In this lesson, we’ll learn about:

1. Backup

2. Encryption

3. Finding weaknesses in a business’s security system
Backup
It is critical to back up data in any kind of computer system.

This way, if data is lost, we can recover it and protect ourselves
from harm.

Backups aren’t something you make once and then forget,
though. You should take regular backups.

How regular your backup should be depends on your business.
For some, a weekly backup is fine, as they don’t do much business
daily. Others might need hourly backups, though. Generally, daily
backups are common.

Backups should also be stored in a remote location. This means
they’re stored somewhere other than where the original data is.

This way, your backup won't be affected if your building burned
down or flooded. It’s common to use cloud storage for remote
backups.
Backup
Pros & Cons
Advantages

It prevents losing critical data from a range of possible risks.

Well-managed backups reduce the potential maximum downtime
of a system following an incident.

Disadvantages

It can be extremely costly to implement backups with lots of data.

Large backups will take considerable resources to make, and your
computer performance may be very slow during it.
Encryption
This is the process of converting plain-text data into an encoded
form known as ciphertext. This ciphertext is unreadable until it is
decrypted.

We encrypt data using an encryption algorithm and an encryption
key.

The algorithm is the process performed to convert the data into
the ciphertext.

The key is a unique string that is applied to the algorithm to ensure
the encryption output is unique (so someone using the same
algorithm but a different key will get a different ciphertext output).

We most commonly think of encryption when we are transmitting
data, such as when we send our bank details to an online shopping
website over the internet.

However, we sometimes encrypt stored data, too.
Encryption
Stored Data

We can encrypt individual files or an entire drive. This way, we can
only view the data if we have the decryption key. Even if a device is
stolen, you can be sure the data is safe.

Websites that store users' passwords encrypt them, so even if
their database is hacked, users' passwords will still be safe.

Transmitted Data

When files are transmitted over the Internet, they can be
intercepted by malicious users and read. This is why we encrypt
transmitted data; if it is stolen during transmission, the thieves will
only receive the ciphertext, which they can’t understand.

Websites with HTTPS in the title use SSL encryption, so you know
the data going between your computer and the server is secure.
Encryption
Pros & Cons
Advantages

Ensures data is safe even when being transmitted over a public
network like the internet.

Disadvantages

If you lose the decryption key then you’ll never be able to decrypt
your data and view it.
Finding Weaknesses
Any weakness in a computer system will expose a business to
security vulnerabilities and potential attacks.

Many organisations will invest in weakness-finding services to
identify these weaknesses and advise on preventative methods.

Some of the methods used to identify weaknesses include:

Ethical hacking

Penetration testing

Analysis of system data/behaviours

Let’s look at each of these methods in more detail.
Ethical Hacking
An ethical hacker is an individual or group who purposefully uses
techniques such as penetration testing & social engineering to
identify weaknesses in a system to help prevent future malicious
attacks.

There are two common forms of ethical hacking:

White-hat hacking

Grey-hat hacking.

Let’s look at each of these forms of ethical hacking in more detail.
Ethical Hacking
White-Hat Hacking

This is an individual who has been invited by a system’s owner to
identify exploits/vulnerabilities and suggest improvements to
cybersecurity measures.

They will not violate any ethical boundaries and will stay within the
law while doing so. They will not release this information publicly,
which could damage the business’s reputation.

Grey-Hat Hacking

This is an individual who finds and reports an exploit/vulnerability
they have found in a system or application but has not been
explicitly asked to do so by its owner.

They will then usually report this to the organisation, often
receiving a “bounty” for doing so. Sometimes, grey-hat hackers
will publicly reveal a vulnerability if the company doesn’t fix it.
Penetration Testing
This is a process used by cybersecurity professionals in order to
identify security vulnerabilities in a computer system.

This can involve techniques like:

Port scanning

Vulnerability scanners

Packet sniffers

The goal is to identify weak points such as open network ports,
coding flaws, out-of-date software & missing encryption.
Analysis of System Data /
Behaviours
The process of observing a system’s data and its users’ actions to
assess whether the data is being held securely and whether it can
be accessed in some way.

This might identify a weakness, such as users taking confidential
data out of the business to work at home.

This allows us to identify internal threats to a business that we
cannot easily protect ourselves from through technical means,
such as human error.
Finding Weaknesses
Pros & Cons
Advantages

Gives you confidence that the security measures you have in place
are effective in protecting your data.

Disadvantages

It can be a very expensive and time consuming process to
perform. Especially in large businesses.
Lesson Summary
Having frequent backups is important so you can recover data if it
is ever lost. Backups should be kept in a remote location.

Encryption refers to the process of encoding plain-text
information with an encryption key.

Ethical hacking is the process of utilising techniques in order to
gain access to a system with ethical intent.

The most common forms of ethical hacking are white-hat hacking
and grey-hat hacking.

Penetration testing is a specific technique used to identify exploits
in a system and is commonly used in ethical hacking.

Analysis of system data/behaviours involves overserving system
data and user actions to see if poor practices are being followed.
Copyright © 2024 KnowItAllNinja.com

This presentation and its associated worksheets are protected by copyright and are licenced for
resale by KnowItAllNinja.com. No part of these publications may be reproduced, distributed, or
transmitted in any form or by any means, including photocopying, recording, or other electronic
or mechanical methods, without the prior written permission of KnowItAllNinja.com, except as
per the terms of use.

Terms of Use
By purchasing and downloading these resources you are entering a licence agreement that
allows for you to share these resources with members of a single educational institution. They
must not be shared with or used by any third-party outside of the institution in any form.
Defining Responsibilities &
Parameters
Effective Digital Working Practices
Introduction
Organisations use policies and procedures to ensure legal
compliance and clarify employee responsibilities.

One area where we need well-defined policies is to protect
ourselves from the impacts of a cybersecurity incident.

These policies will define responsibilities, protection measures,
and response protocols for when incidents occur.

In this lesson, we’ll learn about:

1. Defining responsibilities

2. Defining security parameters
Defining Responsibilities
Companies assign specific roles to IT staff or management to
implement and maintain cybersecurity policies.

This allows for accountability and ensures staff are constantly
aware of the actions they need to take.

Aspects of the responsibilities that are assigned include:

Who is responsible for what

How to report concerns

Reporting to staff/employees

Let’s look at each of these in more detail.
Defining Responsibilities
Who is Responsible For What

A member of the IT staff or management will decide what policies
must be implemented. It’s important that specific employees,
usually members of the IT staff, are assigned responsibilities for
implementing these cybersecurity policies.

How to Report Concerns

There should be a defined person that staff contact if they have a
concern over a possible issue. This is commonly the individual(s)
responsible for implementing and maintaining the policy.

Reporting to Staff/Employees

Security policies are only secure if staff are aware of the policy &
its procedures. There should be someone responsible for making
staff aware and training them on following the policies put in
place.
Defining Security Parameters
Security parameters work in conjunction with modern
technologies to create a system with better overall security.

Your cybersecurity policies will define security parameters that
must be implemented and maintained to protect the business
from harm caused by an incident.

These parameters might include:

Password policy

Acceptable software policy

Acceptable use policy

Device hardening parameters

Let’s look at each of these policies in more detail.
Password Policy
The password policy defines a set of instructions for employees
regarding the rules they must follow when setting and protecting
their passwords.

This helps prevent attackers from gaining unauthorised access
through cracking passwords or stealing data.

A password policy will consider:

The don’ts of password creation

The dos of password creation

Protection of passwords

Let’s look at each of these in more detail.
Password Policy
The Don’ts of Password Creation

A password must not be guessable; it must, therefore, NOT
contain personal information such as common words, memorable
phrases, or dictionary words. Also, you should not use the same
password on multiple systems.

The Dos of Password Creation

A good password is at least 8 characters long and contains a
variety of upper-case and lowercase letters, numbers, and special
characters.

Protection of Passwords

Passwords must be stored in a secure database. They must be
changed regularly or immediately if generated automatically. It is
important that passwords are never shared or written down
somewhere.
Acceptable Software Policy
An acceptable software policy controls and restricts software
installation on a system.

It helps IT staff prevent employees from accidentally downloading
unauthorised material that may contain malware or conflict with
current / older software and hardware.

IT staff can enforce the policy by configuring an employee’s access
rights to block installation.

Employees can be punished for breaching the acceptable software
policy, this may include a warning, suspension, or restriction from
using the IT systems, depending on the situation.
Acceptable Software Policy
However, this will also usually mean employees are unable to
install any software without the permission of IT staff.

To install a new piece of software, employees must request
software they need installed to IT staff, who will consider their
request and ensure the software is fit to run on the system.

This can take several months which will harm productivity.
Acceptable Use Policy
An acceptable use policy defines what a user can and cannot do
on a company’s IT systems.

The purpose of this policy is partially to prevent employees from
wasting time, such as by playing video games or using their
personal email during company time.

However, another major reason behind it is to keep company IT
systems safe from threats.

Typically, this will involve a series of dos and don’ts that all
employees must agree to when using a company IT system.
Acceptable Use Policy
Some examples of dos and don’ts you might see include:

Don’t create, view or transmit any offensive, obscene or
indecent images, data or other material.

Don’t create, view or transmit any material that infringes the
copyright of another person.

Don’t gain deliberate unauthorised access to company
facilities or services.

Don’t examine, change, or use another person’s files, output,
or user name or password.

Don’t corrupt or destroy other users’ data.

Don’t violate the privacy of other users.
Device Hardening Parameters
We’ve learnt previously that device hardening is the
implementation of technologies to protect a system’s data from
harm.

Our cybersecurity policies define device hardening parameters,
including technologies to implement and their configurations and
maintenance.

If implemented and enforced, it will go a long way toward
protecting our systems from all kinds of cybersecurity threats.

Let’s look at a few example parameters we can set to harden our
devices.
Device Hardening Parameters
Antivirus software must be installed on all IT systems. Virus
definitions must be updated every evening at 10 p.m., and a full
scan of all storage devices must be performed at 11 p.m.

A hardware firewall must be installed between the company LAN
and the Internet. The firewall must be configured to block all ports
except ports 53, 443, and 80.

Full backups of company data must be performed every Sunday
at 1 a.m. Incremental backups of changes will be made every day
at 11 p.m. and stored on the remote backup server.
Lesson Summary
Policies help to ensure companies comply with laws and
regulations.

Defining responsibilities is key, including who is responsible for
what, how to report concerns, and how to report to
staff/employees.

Security parameters work alongside security technologies to
protect our data.

The password policy outlines how employees should create
passwords and how passwords should be protected.

The acceptable software policy limits the software that can be
installed on a system; this will sometimes include updates.

The acceptable use policy defines what a user can and cannot do
on a company’s IT systems.

Device hardening parameters define what technologies should be
Copyright © 2024 KnowItAllNinja.com

This presentation and its associated worksheets are protected by copyright and are licenced for
resale by KnowItAllNinja.com. No part of these publications may be reproduced, distributed, or
transmitted in any form or by any means, including photocopying, recording, or other electronic
or mechanical methods, without the prior written permission of KnowItAllNinja.com, except as
per the terms of use.

Terms of Use
By purchasing and downloading these resources you are entering a licence agreement that
allows for you to share these resources with members of a single educational institution. They
must not be shared with or used by any third-party outside of the institution in any form.
Disaster Recovery
Effective Digital Working Practices
Introduction
No matter how careful you are, there is always a chance you will
be affected by an incident that affects your data.

This is why organisations will always have a disaster recovery
policy.

This policy puts in place the process a business should follow so
that a company is prepared for and can respond to a disaster
once it has occurred.

In this lesson, we’ll learn about:

1. Disaster recovery policies

2. Actions to take after an attack
Disaster Recovery Policies
A disaster recovery policy ensures an organisation’s readiness to
respond to a disaster.

By keeping a detailed, well-documented plan, normal business
service can be resumed as soon as possible.

Disaster recovery is effective in the event of all kinds of incidents
that may harm business data, including:

Data loss (theft, internal threats or human error)

Environmental threats (natural disasters, fires, floods)

Hardware failure

Cybersecurity attacks

The next slide shows an example of the different considerations
that need to be considered in a disaster recovery plan.
Disaster Recovery Policies
Who is Responsible for What

The policy will define the responsibility of different staff in
preparing for and responding to a disaster.

This ensures accountability if something isn’t completed correctly
and reduces confusion about who should be doing what.

Dos and Don’ts for Staff

The policy will define the procedures that staff members should
follow and what they should not do, in the event of a disaster.

This might be to tell staff that they should report an incident
immediately to the incident response lead.
Disaster Recovery Policies
Defining the Backup Process

The policy will define what data will be backed up, how often it will
be backed up, when it will be backed up and where it will be
backed up.

These will depend on the business. For some, weekly backups on
Sunday evening are fine. But for others, that will be nowhere near
often enough.

Timeline for Data Recovery

The policy will define the priority systems that need to be restored
as soon as possible and show the timeline for how long it can take
to recover each system, indicating the order in which we should
target recovery after a disaster.
Disaster Recovery Policies
Location for Alternative Provision

The policy will likely define where additional hardware, software &
personnel are available to continue business operations while the
main site is recovered.

Many businesses will pay for a “hot site” where they can instantly
switch business operations over to after a disaster.
Actions to Take After an Attack
Employees must be aware of the actions they should take
following an attack so that the organisation can resume its
functionality as soon as possible and minimise potential damage.

A business will normally take the following steps:

Investigate

Respond

Manage

Recover

Analyse

Let’s look at each of these steps in more detail.
Actions to Take After an Attack
Investigate

Investigate the attributes of an attack to determine a response.

Identify the timing and reason for the attack, the type of attack,
and the impact on the organisation's core services.

Establish the severity of the attack, which can be used to decide
the level of response required.

Respond

Inform the relevant stakeholders (e.g. customers, employees &
suppliers), as well as relevant authorities (e.g. the police).

It is especially important to inform customers, as a data breach
will require action from their end (i.e. changing their password).

It’s also a legal requirement and if not done, could lead to massive
fines.
Actions to Take After an Attack
Manage

Isolate & contain the attack to prevent it from causing further
damage.

Target the problem, using appropriate measures to resume
services where appropriate (e.g. using a firewall to block malicious
traffic).

Recover

Implement the disaster recovery policy to correct any damage
caused by the incident (e.g., restore the most recent backup).

This may involve establishing new plans to prevent similar attacks
in the future.
Actions to Take After an Attack
Analyse

Work with employees to establish information about the attack to
help prevent future threats.

Analyse why, how, who and the lessons learned to assess what
changes can be made.

Update policies and procedures as a result of this analysis.
Lesson Summary
Disaster recovery policies help organisations to resume function
following a disaster.

It covers who is responsible for what, dos and don’ts for staff,
defining the backup process, timeline for data recovery, and
location of alternative provision.

Following an attack, there are five actions to take:

Investigate

Respond

Manage

Recover

Analyse
Copyright © 2024 KnowItAllNinja.com

This presentation and its associated worksheets are protected by copyright and are licenced for
resale by KnowItAllNinja.com. No part of these publications may be reproduced, distributed, or
transmitted in any form or by any means, including photocopying, recording, or other electronic
or mechanical methods, without the prior written permission of KnowItAllNinja.com, except as
per the terms of use.

Terms of Use
By purchasing and downloading these resources you are entering a licence agreement that
allows for you to share these resources with members of a single educational institution. They
must not be shared with or used by any third-party outside of the institution in any form.