Beruflich Dokumente
Kultur Dokumente
FOR
CYBER SECURITY
For instance, you’ll learn how to protect your personal privacy online while gaining additional
insight on the challenges companies, and governmental and educational institutions face today.
Contents
Cyber security and cyber crime 1
Cybercrime 1
Cyber security 2
Solutions 7
Cybersecurity Solutions Require a Multi-Pronged Approach 7
Access controls 9
Multifactor authentications 10
Ensure the security of third party 10
Staff training and awareness 10
Do not share your work devices with friends and family 10
Think before you click: Avoid phishing attacks 11
Use backups 14
Tighten the security 14
Introduction to Seers 15
Cyber security and cyber crime
Cybercrime
Cyber Bank Robberies Contrib-
The ride sharing service Uber became a viticm of cyber-
ute to $1 Trillion in Cybercrime
crime in 2016 when the data of about fifty-seven million
Losses
customers was compromised. The breach revealed
customers' names, email addresses, and phone num-
bers. Uber kept the breach a secret and paid $100,000 in
ransom money, admitting it later.
Robert Morris, a Cornell Univer-
In November 2016, cyber criminals hacked the Britain's sity graduate student, created
Tesco Bank exploiting deficiencies in the design of Tesco the first computer worm in
Bank's debit card system. The attackers netted £2.26 1988. There were only around
million during the 48-hour incident. 50,000 plus workstations and
mainframes at the time, making
Cybercrime is a global issue that's been dominating the it easier to detect the problem
press and media. It not only threatens individual security one day on November 2. The
but also large organisations, banks, governments and worm, famously known as
national defence. Cybercrime is relentlessly increasing Morris Worm, slowed down the
and unlikely to stop. It is easy, and when successful, computer processes and
results in high payoffs. copied itself to other devices.
As a result of this worm, CERT
A sophisticated cybercriminal can make millions of (Computer Emergency Readi-
dollars with almost no chance of legal consequences i.e. ness Team) was created at MIT
arrest and jail. With access to anonymised, secure pay- under the U.S government
ment systems like Bitcoin, it’s very hard to catch the contract.
cyber criminals. That makes it a low risk crime attracting
thousands of cybercriminals creating even more power-
ful malware and causing increasing number of security
incidents.
NotPetya/ExPetr, WannaCry,
and Bad Rabbit as leading
examples of malicious attacks.
Cyber security is the processes and methods that secure computer devices, networks, and data
and information against attack, theft, misdirection, misuse, or disruption.
Cost of attacks
The cost of cyber-attacks can be attributed to different factors including:
Loss of information and resources
Cost of business disruption due to system downtime
Cost of recovery and reinstalling the systems
Cost of damages claimed by affected parties
Cost of legal penalties
Loss of customers and revenue
Loss of reputation and goodwill
Julian Assange
famous for creating WikiLeaks, started hacking at
age of 16, using the name 'Mendax'
Phishing attacks
Social Engineering
SQL injection Attacks (SQLi)
A sophisticated elevation of phishing wherein attack- Cross Site Scripting (XSS)
ers use web pages, email, and even phone calls to
pose as authority figures or friendly agents to acquire Man-in-the-middle (MTM)
sensitive personal or company data. Social engineer- Attacks
ing often involves research on an individual through Malware Attacks
social media so that they can leverage the victim’s
lifestyle, work, and interests. Examples can include an Denial-of-Service Attacks
email under the name of a CFO asking for HR records, Distributed Denial of Service
or a message requesting money from a “grandchild.” Attacks (DDoS)
Other examples include emailing invoices under the
guise of a legitimate vendor in order to secure pay- Spear Phishing attacks
ment into the accounts of thieves. Whaling Phishing attacks
Phishing
A phishing attack is carried out by sending an email pretending to be someone you know. The
phishing emails may ask you to provide sensitive information like your bank account details or
social media credentials.
The phishing email may also contain malware. The moment you click the link it installs a key-logger
that spies on your web activity and steals your credentials.
Sometimes the phishing email contains a link to a malicious website that pretends to be your bank
account login screen, asking you to enter the credentials and stealing the login information the
moment you provide it on that screen.
Phishing email utilises psychological manipulation, i.e., a sense of urgency or fear, so that you are
tempted to perform the required action.
Botnet
A network of private computers, including portable devices that are surreptitiously controlled as a
group to propagate spam or break passwords.
Malware
Malware has different types including virus, trojans and worms. The terms malware stands for
malicious software. Malware is used to gain access to systems, and it is sent via phishing email
attachments, infected file downloads or operating system vulnerabilities.
Ransomware
Ransomware is a type of malware that freezes the systems or encrypts the data and making it
useless for the actual owner. The hacker then demands ransom money to restore the data or
system to its original form. Ransomware may be installed through a phishing scam.
Eavesdropping
The surreptitious conversation monitoring, whether by listening in on a room, tapping into a
landline or cell phone, or intercepting an email.
Spoofing
The act of pretending to be something or someone you are not in order to gain access to sensitive
information. You can spoof people or equipment, such as spoofing email addresses to distribute
spam or spoofing caller IDs on VoIP networks.
Tampering
The act of modifying devices, such as installing surveillance capability on a router or installing a
rootkit, with software that permits access to parts of a computer that are usually inaccessible.
Clickjacking
Through hijacking webpage links or user clicks, clickjacking redirects a user to a page that spoofs
a legitimate page, often to collect sensitive information.
Patching frequently
A software patch is a temporary update in software to fix a bug, address a security vulnerability or
stability issue. A software patch may also be released to make the existing software compatible
with the latest hardware components.
Regularly scan for any updates and fixes by the software vendors and install them as soon as
possible. This will confront the vulnerability and increase the integrity of software, thereby reduc-
ing the likelihood of data breach.
The goal of incident response is to minimise damage, Conduct a complete risk assess-
reduce recover time and mitigate breach expenses after a ment
cyber-attack or network security breach. Identify all stakeholders
A comprehensive incident response (IR) plan can help your Define security incident types:
Identify what counts as an
team persona rapid and effective response to a data
incident
breach incident. Your incident response plan should be a Create a list of resources and
clear and actionable document that your team can refer to assets
in a variety of scenarios. Recovery plan hierarchy and
information flow
Incident response plan also includes Disaster Recovery Prepare a variety of public
Plan (DR) and Business Continuity Plan (BCP). statements
Prepare an incident event log
Disaster Recovery Plan includes information and resourc-
es to resume a company's operations after a cyber-securi-
ty incident.
Make sure you update the backups on regular bases and utilising best technology and methods.
Passwords
One of the most common methods for hackers to access the systems is by guessing passwords. Hackers
can use automated software to guess your username and password combination.
Hackers also use phishing to gain access to your credentials. A phishing attack is carried out by sending a
spoofed email pretending to be someone you know or someone from a reputed organisation, asking you to
provide credentials or clicking on a link that could install malware on your computer.
A stolen password can result in identity theft and cause long-lasting damage. Once your password is
stolen, the hacker can get access to your contacts and ask them to provide their confidential information,
spreading the damage to more and more people.
Access controls
Do not allow non-employees and unauthorised people to access the rooms where computer, server or
paperback information is accessible. Implement monitoring cameras to detect any intruder in your office
premises. In server rooms and record rooms, implement RFID access control cards and only give them to
relevant staff members.
Never let the third-party suppliers and guests roam freely in the premises and always accompany them
with one of your trusted staff members. Keep the waiting room and meeting room separate from the
workspace. This will reduce the chance of strangers or unwanted persons overhearing your employees
discussing work related matters.
Grant your vendor a minimum level of access to your information, only to an extent that is necessary for the
performance of the task. Regularly review the use of credentials if you have provided any.
Contact clients
You need to reach out to the clients and customers and let them know that the breach has happened. You
can provide them detailed facts about the breach so they can take appropriate measures, for example,
changing passwords or PIN, to guard themselves from further damage.
Use backups
If you have been keeping backups of your crucial data, you can utilise them in case of an unfortunate
incident while your team is working to fix the issue.
Seers provides a wide range of GDPR and cyber security compliance solutions, as well as latest news and
updates with industry insights. Seers products range include:
GDPR Audit
PECR Audit
Cyber security assessments
Cookie compliance solution
Data Control
Data X-Ray
Articles and blog
eBooks and videos
Hiring platform for privacy and information security experts
Visit our website www.seersco.com now and sign up to explore more of our solutions and receive our
newsletter to get updates.
Seers mission is to help organisations comply with latest privacy laws, protect their sys-
tems and information against internal and external threat actors.
It provides a wide range of GDPR and cyber security compliance solutions, as well as latest
news and updates with industry insights.