Introduction to Cybersecurity Module 1

What Is Cybersecurity?

Cybersecurity is the ongoing effort to protect individuals, organizations and governments from digital attacks by protecting networked systems and data from unauthorized use or harm. There are three Levels of security.

1. Personal: On a personal level, you need to safeguard your identity, your data, and your computing devices.
2. Organizational: At an organizational level, it is everyone’s responsibility to protect the organization’s reputation, data and customers.
3. Government: As more digital information is being gathered and shared, its protection becomes even more vital at the government level, where national security, economic stability and the safety and wellbeing of citizens are at stake.

   Protecting Data

   We have two different kinds of presence today. Online presence and Offline presence in Online world everything is connected and so it is best to not give too many information here. on the other hand in the offline presence we are forced to give more personal information about us than we want to accept.

Offline identity

Your offline identity is the real-life persona that you present on a daily basis at home, at school or at work. As a result, family and friends know details about your personal life, including your full name, age and address.

Offline Identity

Your online identity is not just a name. It’s who you are and how you present yourself to others online. It includes the username or alias you use for your online accounts, as well as the social identity you establish and portray on online communities and websites.

Data classification

Personal data describes any information about you, including your name, social security number, driver license number, date and place of birth, your mother’s maiden name, and even pictures or messages that you exchange with family and friends.

Cybercriminals can use this sensitive information to identify and impersonate you, infringing on your privacy and potentially causing serious damage to your reputation.

Some of the sensitive personal data are,

1. Medical records: Every time you visit the doctor, personal information regarding your physical and mental health and wellbeing is added to your electronic health records (EHRs). Since the majority of these records are saved online, you need to be aware of the medical information that you share.

   And these records go beyond the bounds of the doctor’s office. For example, many fitness trackers collect large amounts of clinical data such as your heart rate, blood pressure and blood sugar levels, which is transferred, stored and displayed via the cloud. Therefore, you should consider this data to be part of your medical records.

2. Education records: Educational records contain information about your academic qualifications and achievements. However, these records may also include your contact information, attendance records, disciplinary reports, health and immunization records as well as any special education records including individualized education programs (IEPs).

3. Employment and financial records: Employment data can be valuable to hackers if they can gather information on your past employment, or even your current performance reviews.

   Your financial records may include information about your income and expenditure. Your tax records may include paychecks, credit card statements, your credit rating and your bank account details. All of this data, if not safeguarded properly, can compromise your privacy and enable cybercriminals to use your information for their own gain.

   Where is the data?

4. When we take a photo the data is in the camera or in the smartphone.
5. When we share it with friends it is with friends and on the internet servers.
6. When they download it the data is in their devices as well.
7. when they share the photo it is in the internet even more share extensively.
8. and it goes further and further.

   Smart devices

   Computing devices not only let you access personal data (online bank statements, mobile banking) but also generate new data. Wearables like smartwatches and fitness trackers collect health and activity information for research and monitoring, increasing privacy risks as their use grows. Many “free” online services fund themselves with targeted advertising by sharing user data with marketing partners — convenience often comes at the cost of privacy.

Identity Theft

Not content with stealing your money for short-term financial gain, cybercriminals are invested in the long-term gain of identity theft. for example -

1. Rising medical costs have led to an increase in medical identity theft, with cybercriminals stealing medical insurance to use the benefits for themselves. Where this happens, any medical procedures carried out in your name will then be saved in your medical records.
2. Stealing private data can help cybercriminals access bank accounts, credit cards, social profiles and other online accounts. Armed with this information, an identity thief could file a fake tax return and collect the refund. They could even take out loans in your name and ruin your credit rating (and your life as well).

   Who else want my data

   Even without the criminals there are other parties who wants personal information,

3. ISP: to track online activity and sell that data to the advertisers.
4. Advertisers: to target the audience accurately
5. Social media and search engine: To collect various data to sell it to advertisers.
6. Websites: uses cookies to track and map behaviours to make personilazation.

Organizational Data

Organizational data is any information that is created, collected, stored or transmitted by an organization in the course of its business activities. This data can include a wide range of information, such as customer data, financial data, employee data, intellectual property, and operational data.

Types of Organizational Data

There are two main types of organizational data:

1. Treditional data: Traditional data is typically generated and maintained by all organizations, big and small.
   1. Transactional data such as details relating to buying and selling, production activities and basic organizational operations such as any information used to make employment decisions.
   2. Intellectual property such as patents, trademarks and new product plans, which allows an organization to gain economic advantage over its competitors. This information is often considered a trade secret and losing it could prove disastrous for the future of a company.
   3. Financial data such as income statements, balance sheets and cash flow statements, which provide insight into the health of a company.
2. Internet of Things (IoT) and Big Data: IoT is a large network of physical objects, such as sensors, software and other equipment. All of these ‘things’ are connected to the Internet, with the ability to collect and share data. And given that storage options are expanding through the cloud and virtualization, it’s no surprise that the emergence of IoT has led to an exponential growth in data, creating a new area of interest in technology and business called ‘Big Data.’

The Cube

The McCumber Cube is a model framework created by John McCumber in 1991 to help organizations establish and evaluate information security initiatives by considering all of the related factors that impact them. This security model has three dimensions:

1. The foundational principles for protecting information systems.
   • Confidentiality is a set of rules that prevents sensitive information from being disclosed to unauthorized people, resources and processes. Methods to ensure confidentiality include data encryption, identity proofing and two factor authentication.
   • Integrity ensures that system information or processes are protected from intentional or accidental modification. One way to ensure integrity is to use a hash function or checksum.
   • Availability means that authorized users are able to access systems and data when and where needed and those that do not meet established conditions, are not. This can be achieved by maintaining equipment, performing hardware repairs, keeping operating systems and software up to date, and creating backups.
2. The protection of information in each of its possible states.
   • Processing refers to data that is being used to perform an operation such as updating a database record (data in process).
   • Storage refers to data stored in memory or on a permanent storage device such as a hard drive, solid-state drive or USB drive (data at rest).
   • Transmission refers to data traveling between information systems (data in transit).
3. The security measures used to protect data.
   • Awareness, training and education are the measures put in place by an organization to ensure that users are knowledgeable about potential security threats and the actions they can take to protect information systems.
   • Technology refers to the software- and hardware-based solutions designed to protect information systems such as firewalls, which continuously monitor your network in search of possible malicious incidents.
   • Policy and procedure refers to the administrative controls that provide a foundation for how an organization implements information assurance, such as incident response plans and best practice guidelines.

     Email-phishing

     There are multiple ways to detect a phishing email:

4. Check the sender’s email address for legitimacy.
5. Look for generic greetings instead of personalized ones.
6. Be cautious of urgent or threatening language.
7. Hover over links to see the actual URL before clicking.
8. Suspicious attachments and URL shorteners.
9. Look for spelling and grammar mistakes.
10. Verify the email’s authenticity by checking with the vendor or organization mailing policy or contacting them directly.
11. Suspicious graphic elements.
12. Requests for personal information.

    Is This for Real? - example case

    Yes, phishing is very common and often works. For example, in August 2020, elite gaming brand Razer experienced a data breach which exposed the personal information of approximately 100,000 customers.

A security consultant discovered that a cloud cluster (a group of linked servers providing data storage, databases, networking, and software through the Internet), was misconfigured and exposed a segment of Razer’s infrastructure to the public Internet, resulting in a data leak.

It took Razer more than three weeks to secure the cloud instance from public access, during which time cybercriminals had access to customer information that could have been used in social engineering and fraud attacks, like the one you uncovered just now.

Organizations therefore need to take a proactive approach to cloud security to ensure that sensitive data is secured.

Consequences of a Security Breach

There are several consequences of a security breach, including:

1. Financial Loss: Organizations may face significant financial losses due to theft of funds, legal penalties, and costs associated with remediation efforts.
2. Reputational Damage: A security breach can damage an organization’s reputation, leading to loss of customer trust and loyalty.
3. Vandalism: A hacker or hacking group may vandalize an organization’s website by posting untrue information. They might even just make a few minor edits to your organization’s phone number or address, which can be trickier to detect.
4. Theft of Data and Intellectual Property: A security breach can result in the theft of sensitive data and intellectual property, which can be used for competitive advantage or sold on the black market.
5. Loss of Revenue: A security breach can lead to a loss of revenue due to decreased sales, increased costs, and damage to the organization’s brand.

   Cyber Attack

   Attackers are individuals or groups who attempt to exploit vulnerability for personal or financial gain. As we’ve already seen, they are interested in everything, from credit cards to product designs!

Types of attackers

1. Amateurs: The term ‘script kiddies’ emerged in the 1990s and refers to amateur or inexperienced hackers who use existing tools or instructions found on the Internet to launch attacks. Some script kiddies are just curious, others are trying to demonstrate their skills and cause harm. While script kiddies may use basic tools, their attacks can still have devastating consequences.
2. Hackers: This group of attackers break into computer systems or networks to gain access. Depending on the intent of their break in, they can be classified as white, gray or black hat hackers.
   • White hat attackers break into networks or computer systems to identify any weaknesses so that the security of a system or network can be improved. These break-ins are done with prior permission and any results are reported back to the owner.
   • Gray hat attackers may set out to find vulnerabilities in a system but they will only report their findings to the owners of a system if doing so coincides with their agenda. Or they might even publish details about the vulnerability on the internet so that other attackers can exploit it.
   • Black hat attackers take advantage of any vulnerability for illegal personal, financial or political gain.

3. Organized hackers: These attackers include organizations of cyber criminals, hacktivists, terrorists and state-sponsored hackers. They are usually highly sophisticated and organized, and may even provide cybercrime as a service to other criminals.

   Hacktivists make political statements to create awareness about issues that are important to them.

   State-sponsored attackers gather intelligence or commit sabotage on behalf of their government. They are usually highly trained and well-funded and their attacks are focused on specific goals that are beneficial to their government.

Internal and External Threat

Cyber attacks can originate from within an organization as well as from outside of it.

1. Internal: Employees, contract staff or trusted partners can accidentally or intentionally:
   1. mishandle confidential data
   2. facilitate outside attacks by connecting infected USB media into the organization’s computer system
   3. invite malware onto the organization’s network by clicking on malicious emails or websites
   4. threaten the operations of internal servers or network infrastructure devices.
2. External : Amateurs or skilled attackers outside of the organization can:
   1. exploit vulnerabilities in the network
   2. gain unauthorized access to computing devices
   3. use social engineering to gain unauthorized access to organizational data.

Cyberwarfare

Cyberwarfare, as its name suggests, is the use of technology to penetrate and attack another nation’s computer systems and networks in an effort to cause damage or disrupt services, such as shutting down a power grid.

Purpose of cyber warfare

The main reason for resorting to cyberwarfare is to gain advantage over adversaries, whether they are nations or competitors.

1. To gather compromised information and/or defense secrets

   A nation or international organization can engage in cyberwarfare in order to steal defense secrets and gather information about technology that will help narrow the gaps in its industries and military capabilities.

   Furthermore, compromised sensitive data can give attackers leverage to blackmail personnel within a foreign government.

2. To impact another nation’s infrastructure

   Besides industrial and military espionage, a nation can continuously invade another nation’s infrastructure in order to cause disruption and chaos.

   For example, a cyber attack could shut down the power grid of a major city. Consider the consequences if this were to happen; roads would be congested, the exchange of goods and services would be halted, patients would not be able to get the care they would need if an emergency occurred, access to the internet would be interrupted. By shutting down a power grid, a cyber attack could have a huge impact on the everyday life of ordinary citizens.