Cybersecurity Awareness

Cybersecurity refers to the protection of organization, its employees and assets against cyber security threats.  

In todays era, security threats a more prevalent than ever with state sponsored actors chiming in to compromise, spy and or even extort money from organizations through ransomware attacks.

WHATS THE IMPORTANCE OF CYBER SECURITY AWARENESS

• Enables us to stay safe online and avoiding to fall victim.
• Protect the organization from cyber security threats.
• Protect and safe guarding organization data.
• Ensuring Business Continuity

MALWARES THREATS

Malware is a type of software designed to cause harm to computer systems, networks, or devices. The term "malware" is short for "malicious software."

Malwares include:

• Viruses
• Worms
• Spyware
• Trojan horse
• Ransomware
• Adware

VIRUSES

A malware virus is a type of malicious software that replicates itself and infects other programs or files on a computer.

A virus typically spreads by attaching itself to a legitimate program or file. It can then spread to other computers when that file is shared or when the infected program runs on another computer.

A virus can cause many problems, including slowing computer performance, stealing sensitive information, and even destroying data. Some viruses can also be used as a tool for more extensive cyberattacks, such as distributed denial-of-service (DDoS) attacks.

Damage from VIRUSES includes:

• Corrupting files
• Computer slowdown
• Taking over essential functions of the operating system

WORMS

A computer worm is an independent malware program that reproduces itself to infect other computers. It can spread to other computers without attaching to an existing program and can damage the network.

Damage from WORMS includes:

• Bandwidth consumption
• Stopping active anti-malware service
• Immobilizing Safe Mode
• Hindering operating systems auto-update

SPYWARE

The primary purpose of a spyware is to gather information about an individual or a company without their knowledge or consent.

Damage from SPYWARE includes:

• Collecting personal information.
• Installing unsolicited software.
• Redirecting web browser.
• Changing computer settings.
• Slow down internet connection.

TROJAN HORSE

A trojan horse is a type of malware that disguises itself as a legitimate program or file.

Damages from TROJAN HORSE includes:

• Crashing the computer
• Deleting files
• Corrupting data
• Logging keystrokes

RANSOMWARE

Ransomware is malware that encrypts a victim's files. It can lock you out of your machine at home or work. Once encrypted, a demand is made (ransom) to make a payment in exchange for the decryption key.

There is no guarantee that you'll get your information back, even if you follow instructions.

Ransomware is often spread through phishing emails, infected software downloads, or exploiting vulnerabilities in software or systems.

CYBERSECURITY BREACHES

A cybersecurity breach is an unauthorized intrusion into a computer system or network designed to steal sensitive information, compromise data, or disrupt normal operations.

A security breach can be caused by various means, including hacking, malware, phishing attacks, or exploiting vulnerabilities in software or systems.

Security breaches can have significant consequences, including unauthorized sharing of sensitive information, financial loss, damage to reputation, and disruption of normal operations. They can also put individuals at risk, as sensitive personal information—such as social security numbers and financial information—can be stolen.

TYPES OF CYBERSECURITY BREACHES

• Phishing
• Pretexting
• Shoulder Surfing

PHISHING

PHISHING is a cyberattack that tricks individuals into sharing sensitive information through fake emails or directed to websites that appear legitimate.

The cybercriminals who use phishing scams masquerade as real:

• businesses
• prominent companies
• banks and financial institutions
• government offices
• credit card businesses
• charities and nonprofits

They are usually looking for sensitive information such as passwords and financial information.

Features of a Phishing Scam

Request for immediate action and urgent offers:

• Claim that there's a problem with your account or password.
• Request to confirm your password or account information.
• Say that there's been suspicious activity on your account.
• Notify you of a failed or missed payment.
• Offer you a free coupon or gift, or say that you're eligible for a refund.

Digital Communication (Email, Text, Messaging)

• Generic information to the sender and from an unknown sender
• Unrequested invoice or message attachment or invoice
• Mismatched subject and contents
• Spelling errors and basic punctuation mistakes
• Similar characters for numbers and vice versa. For example, the number 1 instead of capital I.
• Ask you to click on a link or provide information for a new security update.
• A hyperlink to what seems to be a legitimate website.
• Virus warnings

PHISHING PHRASES

Watch out for words and phrases such as:

• We suspect unauthorized use or transactions on your account.
• We will lock or close your account if you do not immediately confirm your identity.
• Click the link to verify your account is not compromised.

PRETEXTING

Phishing focuses on fear and urgency, but pretexting is a form of manipulation to build false trust with victim. Example: Impersonating a stranded tourist. To be successful the attacker who is pretexting creates a credible story that erases any doubt from targets mind.

SHOULDER SURFING

Shoulder surfing is a physical security breach in which an attacker obtains sensitive information by looking over an individual's shoulder as they enter passwords, credit card numbers, or other sensitive information.

How To Spot The Difference Between An Attack And An Authentic Interaction

A simple approach to increase cybersecurity is to STOP, CONFIRM, ACT. Because social engineering attacks are common, learning to spot the telltale signs can help avoid becoming victims. Most cyberattacks focus on humans' innate desire to help and support one another. In our hyper-accelerated lives, looking at the details may be difficult

PROTECTION AND PREVENTION

About Password Attacks

Using strong passwords to prevent threats against the privacy and security of the data associated with your information, your company, and your customers are necessary to achieve password security and, thus, information security

Using easy-to-guess passwords or the same password for multiple accounts allows hackers to test and illegally gain access to your accounts.

Simple and common passwords can enable the hacker to steal from your bank accounts, obtain health records, and infiltrate your social media accounts.

Download Attachments with Care

IF YOU RECEIVE AN ATTACHMENT IN AN EMAIL AND YOU WERE NOT EXPECTING IT, check for potential security risks first—even if the email appears to be from a credible source.

Although the attachment may have what seems to be a well-known extension, for example a .PDF, .docx, or .pptx, it could be a Trojan Horse. Malicious attachments and links are two of the most common ways hackers manipulate victims into downloading malware.

TIPS

• Never open email file attachments sent by someone you don't know.
• Even if you know the sender, confirm their email address matches the real deal before opening a file. A hacker's email may look similar to a real person or business.
• Beware of generic but enticing messages like "Check this out,” "Is this you?" or "You’ve got to try this.”
• Question the sender's intentions when you receive an unsolicited email to visit a particular website.
• Use another method to contact the sender to verify if they sent you the attachment.

Website Legitimacy and Secure Internet Browsing

It’s always important to steer clear of sites that do not include an “S” after HTTP. Don’t risk it. Look for HTTPS URLs to ensure connections are encrypted and private—no exceptions.

Look for the padlock symbol in the search bar left of the URL. The padlock shows that the website has a digital certificate.

The Safest Way to Use Public Wi-Fi

• Use a secure virtual private network (VPN) in public areas to protect information
• Remember to shield your screen from shoulder surfers when entering sensitive information
• It’s always important to steer clear of sites that do not include an “S” after HTTP, but even more so on public Wi-Fi.
• Don’t access sensitive information on public Wi-Fi.
• Alternatives to public Wi-Fi are Personal hotspots and Cellular network. Thank You

Resources

NB: The notes were made by me from skimming through the cybersecurity essentials class from Linux Foundation, most of the content is borrowed from there.