Introducing
Your new presentation assistant.
Refine, enhance, and tailor your content, source relevant images, and edit visuals quicker than ever before.
Trending searches
Cyber Attacks & Security Lecture Ch.3
36
ITECH
3900
// CYBER ATTACKS and CYBER SECURITY
LECTURE
You?
Time to hack
Practices & Ethics
02/06/2020
Today's Agenda
CHAPTER 3:
CYBER ATTACKS &
CYBER SECURITY
Our Team
Our Team
Ciapha Dorley
Quang Nguyen
Alexandra Yon
Objectives
Objectives
Cyber Attacks . How It Works.
Who is at Risk. Cyber Security. Legal
- - What is cybercrime, cyber attacks, and why are they important?
- - Reasons why cyber attacks are becoming more prevalent
- - Response to cyber attacks
- - Types of Exploits
- - Type of Perpetrators
- - Risk assessment
- - Establishing a Security Policy
- - Educating Employees and Contract Workers
- - Preventions
- - Laws against computer attacks
Cyber Attacks
Cyber Attacks Outline:
- Definition
- Prevalence
- Importance
- How it Works
- Methods of Attacks
- Types of Perpetrators
- Response
Definition
Definition
DEFINITION:
In the computer world, cyber attacks are defined by the obtaining of, manipulation of, and/or exploitation of something (i.e. information or data) through means of technology. It is typically malicious in intent and deliberate (Cisco).
Key Points:
- Illegal
- Typically Malicious intent and Deliberate
- Uses Technology As Means To Attack
Prevalence
Prevalence
Reasons Why Cyber Incidents are Prevalent
Cyber attacks are widespread due to myriads amounts of factors. Said factors include the following:
- Increasing Complexity
- Expanding / Changing Systems
- Increasing use of Bring Your Own device
(BYOD)
- Increase Reliance of Commercial Software
- Attackers are Becoming More resourceful
(Reynolds, 2019)
Why?
Reason
Factors That are Prevalent in Cyber Attacks
Why
Factors
Number of Entry Points increases
Means New Updates, Implementations, and Security Assessments
- Increasing Complexity
- Expanding / Changing Systems
- use of Bring Your Own device
(BYOD)
- Reliance of Commercial Software
- Attackers are more resourceful
May be Less Secure than company issued / monitored Devices
Can Lead to Exploits and Zero-Day Attacks
More Resources = More Knowledge = More Dangerous
Importance
Importance
Cyber Attacks have the ability to gain access to sensitive information, rob businesses/ individuals of their identity, take down a country, and more. Thus, it is highly important to recognize the impact cyber attacks can and do have.
According to Cisco, a company is attacked everyday.
Who is at Risk
Types of perpetrators
- Hackers are not depicted correctly in media.
- Hacking is not inherently bad.
- White hat hackers help find exploits and reports them.
- Black hat hackers do not report on exploits.
Black Hat Hackers
Types of black hat hackers
- Cracker
- Malicious Insider
- Industrial spy
- Cybercriminal
- Hacktivist
- Cyberterrorist
Crackers
- Not the same as a hacker.
- They break into security measures with ill intent.
Malicious Insider
- Attacks from the inside.
- Motives are filled with selfish desires.
- Hard to catch.
- Follow the Steps to keep attacks minimal
Industrial spies
- Corporate spying.
- Espionage.
- They attempt to gain secrets to benefit themselves/another company.
- Attacks from the outside sending viruses, and exploiting back doors.
Cyber
Criminal
CyberCriminal
- The most dangerous type of criminal to businesses
- Equivalent of digital thieves
- Equifax Hack
Hacktivist
- Hacker and activist.
- Usually attack companies or groups for a cause.
- Blackmails.
Cyberterrorist
Cyber
Terrorism
- The most dangerous type of perpetrator
- causes damage to everyday infrastructure and has the intent to cause physical violence.
- Usually seen more as a global impact
Types of Attacks
Methods of attacks
- Ransomware
- Virus
- Worm
- Trojan Horse
- Logic bomb
- Spam
- Ddos
- Rootkit
- Advanced persistent threat
- Phishing
- Spear Phishing
- Smishing
- Vishing
- Cyberespionage
RESPONSE
How it Works
How do we prepare?
- Understand the severity
- Keep passwords saved
- Do not share passwords
- MFA
- Correct levels of access
- Control access of private devices.
Cyber Security
Security
What is Risk Assessment?
Risk assessment is the process of assessing security related risks to an organization’s
computers and networks from both internal and external threats. Such threats can prevent
an organization from meeting its key business objectives.
What is CIA in security and why is it important?
C I A
Confidentiality, integrity and availability, also known as the CIA, is a model designed to guide policies for information security within an organization.
Security Policy
How Do You Develop a Security Policy?
- Identify your risks
- Learn from others
- Make sure the policy follows legal requirements
- Include staff in policy development
- Train your employees
- Set clear penalties and enforce them
- Update your staff
- Install the tools you need
Prevention
How to Prevent It From Happening to You?
- Installing a Corporate Firewall
- Antivirus software
- Implementing Safeguards Against Attacks by Malicious Insiders
- Conducting Periodic IT Security Inspections
- intrusion detection system (IDS)
Response and Detection
Under Attack
What to do during an attack
- Options are limited.
- Disconnect parts of the VLAN.
Legal
Legal
Affects all Levels of Government & Many Areas of Life
Key Laws enacted to combat computer-related crime:
- Computer Fraud and Abuse Act (CFAA)
- Health Insurance Portability and Accountability Act (HiPAA)
- Fraud and Related Activity in Connection with Access Devices Statute
- Stored Wire and Electronic Communications and Transactional Records Access Statutes
- USA Patriot Act
- Homeland Security Act
Timeline
About
Key Laws To Combat Computer Related Crime
1984
Fraud and Related Activity
2003
Notice of Security Breach
2001
U.S. Patriot Act
1986
Stored Communications Act
2002
Homeland Security Act
1986 CFAA
1996
HIPAA
Discussion: Which Law do you find most influential? WHy?
Conclusion
Conclusion
What We've Discussed
- What is cybercrime, cyber attacks, and why are they important?
- Reasons why cyber attacks are becoming more prevalent
- Response to cyber attacks
- Types of Exploits
- Type of Perpetrators
- Risk assessment
- Establishing a Security Policy
- Educating Employees and Contract Workers
- Preventions
- Laws against computer attacks
CHECK
Pop Quiz
2 factors may be Increased Reliance on community software and BYOD.
1 method may be Phishing.
1: Name 2 factors that contribute to Cyber Attacks.
2: Name 1 Method of Attack (Exploit).
3: What is a type of cyber Perpetrator?
4: What does CIA Stand for in Cyber Security?
5: What is The U.S. Patriot Act?
Malicious Insider
CIA stands for Confidential, Integrity, and Availability.
The U.S. Patriot Act is a law that attempts to detour terrorist attacks.
Resources
Resources
Cisco. (n.d.). What is the most common type of cyber attack. https://www.cisco.com/c/en/us/products/security/common-cyberattacks.html#~how-cyber-attacks-work
Cornell Law School. (n.d.) 18 US Code s 1029 Fraud and related activity in connection with access devices. https://www.law.cornell.edu/uscode/text/18/1029
Kim, D., & Solomon, M. (2012). Fundamentals of information systems security (1st ed., pp. 87-114). Jones & Bartlett Learning International.
Reynolds, G. (2015). Ethics In Information Technology (5th ed., pp. 88-99). Cengage Learning.
Resources
Resources
Cisco. (n.d.). What is the most common type of cyber attack. https://www.cisco.com/c/en/us/products/security/common-cyberattacks.html#~how-cyber-attacks-work
Kim, D., & Solomon, M. (2012). Fundamentals of information systems security (1st ed., pp. 87-114). Jones & Bartlett Learning International.
Reynolds, G. (2015). Ethics In Information Technology (5th ed., pp. 88-99). Cengage Learning.
file:///G:/Cyber%20Security%20Basics.html
“Cybersecurity Basics - Educate and Protect Yourself.” Malwarebytes, 2020, www.malwarebytes.com/cybersecurity/.