According to Randy Vickers, Today’s cybersecurity landscape is an ever-changing environment where the greatest vector of attack is our normal activities, e-mail, surfing, online gaming, etc. Cyber security never sleeps nor takes holidays.
ACCA and PWC in a recent research found out that technology has four established pillars viz: Analytics, Cloud, Collaboration and RPA (Robotic Processing Automation)
According to that research, a fifth emerging technology pillar is Cybersecurity. The reason for this emerging trend is due to the fact that businesses are increasingly taking their processing and data storage to the cloud (there is no sign of this trend reversing)
The fact that technology has become synonymous with business makes it a business CRIME not to have cyber security savvy workforce. To be secure online, one has to think like a hacker- thinking like a hacker is one of the soft skills that one picks up in the course of acquiring cyber security skills.
It is a well established fact that business technology has come to stay. Companies regardless of their sizes are gradually automating processes and this has created much vulnerability that can be leveraged upon by hackers to cause havoc to the bottom line of businesses.
Building a stronger cyber security workforce is a strategic decision that serious minded companies are not taking lightly.
‘Cybersecurity should no longer be viewed as a technical issue, but as a business risk issue, an ongoing risk which is constantly changing and evolving,’ says Wootliff
WHY SHOULD ANY COMPANY FOR THAT MATTER CARE?
Earlier this year, the Information Security Forum released its latest research on nine major threats CEOs and CFOs should be aware of over the next two to three years as a result of technology change. The report, Threat Horizon 2019: Disruption. Distortion. Deterioration, identifies three major areas of concern:
- disruption – from overreliance on fragile connectivity
- distortion – as trust in the integrity of information is lost
- deterioration – when controls are eroded by regulation and technology.
Companies need to begin thinking about cybersecurity less as a purely IT-managed risk and far more as a strategic business issue,’ says the Consumer Loss Barometer report by KPMG, published last August.
And that is the way it should be, because cyber attacks cost business worldwide as much as US$450bn in 2016, according to Steve Langan, CEO at Hiscox Insurance.
And while larger businesses may have the resources to weather the damage even in the long haul, for smaller businesses, cyber attacks can be impossible to overcome, with nearly 60% of small companies going out of business following a hack, according to the United States House Committee on Small Business.
WHAT IS IN IT FOR ME AS A STAFF?
Cybersecurity upskilling is now a requirement for occupying C-suits and being on the board of most Fortune 500 companies after a report that the CFO of €3bn-revenue German cable manufacturer Leoni had been tricked into transferring €40m into an unknown bank account because of business-email compromise (BEC) scam.
In a digitalized world that we now live in, cyber security literacy is an essential survival skill at workplace. Employers will always keep their most valued employees regardless what the economic situation might be. Cybersecurity skill according to March 2017 ACCA research is ranked in top 10 sought after skills- so what is wrong with getting it.
The best way to build a strong cyber security workforce is through education hence, this presentation. The method to be adopted in this presentation is to explain some selected cyber security terms (including basic threats), explain what they mean and then proffer best practices that can be adopted in order to minimise the likelihood of them occurring.
Basic Cybersecurity Terms
- Ransomware (Wannacry): This is a crytoworm that was released on Friday, 12th May 2017 targeted at computers running on windows operating systems. It automatically encrypts all data on the infected system and other vulnerable systems on the network.
“The attack began on Friday, 12 May 2017, and within a day was reported to have infected more than 230,000 computers in over 150 countries. Parts of the United Kingdom’s National Health Service (NHS), Spain’s Telefónica, FedEx and Deutsche Bahn were hit, along with many other countries and companies worldwide. Shortly after the attack began, Marcus Hutchins, a 22-year-old web security researcher from North Devon in England, who blogs as “MalwareTech”, discovered an effective kill switch by registering a domain name he found in the code of the ransomware.
This greatly slowed the spread of the infection, effectively halting the initial outbreak on Monday, 15 May 2017, but new versions have since been detected that lack the kill switch. Researchers have also found ways to recover data from infected machines under some circumstances.” Wikipedia
- Phishing: this form of attack is primarily delivered through email and instant messaging. “Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. The word is a neologism created as a homophone of fishing due to the similarity of using bait in an attempt to catch a victim. According to the 2013 Microsoft Computing Safety Index, released in February 2014, the annual worldwide impact of phishing could be as high as US$5 billion” Wikipedia
We have 3 types of Phishing VIZ:
- Spear: this kind of phishing attack is targeted as specific individuals in a company like the CEO, FD/CFO, CRO, etc
- Clone: this is a kind of man-in-the-middle attack whereby legitimate and previously known email containing an attachment is intercepted, and its content replaced with malicious codes and links
- Whaling: Several phishing attacks have been directed specifically at senior executives and other high-profile targets within businesses, and the term whaling has been coined for these kinds of attacks.
In the case of whaling, the masquerading web page/email will take a more serious executive-level form. The content will be crafted to target an upper manager and the person’s role in the company. The content of a whaling attack email is often written as a legal subpoena, customer complaint, or executive issue.
Whaling scam emails are designed to masquerade as a critical business email, sent from a legitimate business authority. The content is meant to be tailored for upper management, and usually involves some kind of falsified company-wide concern. Whaling phishers have also forged official-looking FBI subpoena emails, and claimed that the manager needs to click a link and install special software to view the subpoena.
- Cybersecurity: this is referred as the protection of anything that is potentially exposed to the internet.
- DDOS: DDOS stands for Distributed Denial Of Service attack. Attackers send too much traffic to the systems of the target to keep it too busy in such a way that it cannot process legitimate business functions. Application layer DDOS attack and the persistent DDOS attack are the most common types.
- Time bomb: as the name implies, this kind of malicious code only manifests at specified time. It may lay dormant on a system without being detected.
- Logic bombs: this type of attack is triggered by the occurrence of an event. Disgruntled employees usually carryout this type of attack
- Worm: A worm is a malicious program that replicates itself constantly, without requiring another program to provide a safe ground for replication. According to Avast (an anti-virus company), Computer worms are nasty bugs that self-replicate and slow your computer to a crawl. Common ways of transmitting worms include attachments, file-sharing networks and links to malicious websites.
- Viruses: A computer virus consists of segments of code that perform malicious actions. The code attaches itself to the existing programs and takes control of that program’s access to the targeted computer.
According to Wikipedia, A computer virus is a type of malicious software program (“malware”) that, when executed, replicates itself by modifying other computer programs and inserting its own code. Infected computer programs can include as well, data files, or the “boot” sector of the hard drive. When this replication succeeds, the affected areas are then said to be “infected” with a computer virus.
Spyware: Spyware is software that aims to gather information about a person or organization without their knowledge that may send such information to another entity without the consumer’s consent, or that asserts control over a device without the consumer’s knowledge.
“Spyware” is mostly classified into four types: adware, system monitors, tracking cookies, and trojans.
- Scareware: have you ever seen a pop up on your computer screen saying that a virus has been detected on your system that you should run their software to remove it. The aim is to trick you into running a program that contains virus.
- Adware: marketers and advertising firms use adware programs to collect user information that will enable them deliver relevant adverts. However, some people with motive gather these information foot-printing purpose and ultimately lunch attack.
- Malware: this is a broad name for all kinds of malicious codes- including a virus.
- Rootkit: A rootkitis a collection of computer software, typically malicious, designed to enable access to a computer or areas of its software that would not otherwise be allowed (for example, to an unauthorized user) and often masks its existence or the existence of other software. The term rootkit is the combination of “root” (the traditional name of the privileged account on Unix-like operating systems) and the word “kit” (which refers to the software components that implement the tool). The term “rootkit” has negative connotations through its association with malware. Rootkit is dangerous because it is very difficult to detect. It resides in the kernel of the computer operating system. Removal of firmware rootkit entails replacement of hardware.
- Spam: we are all familiar with one form of spam or the order. Spam represents all unsolicited messages that are sent to us. Major email clients have devised ways of auto filtering out spammy messages. Spam messages contain dangerous contents and links.
- Botnets and zombies: botnets are malicious codes that act as proxies. Black-hat guys use this to turn infected computers into zombies that are subsequently used to launch DDOS
- Firewall: the term “firewall” originated from fire fighters. Firefighters make ring of fire some distance form bush firm so that the fire naturally dies when it gets there. In the context of information technology, firewall is a set of rules that controls how packets flow in and out of a network.
- Zero day attack: a zero day attack is a kind of attack that causes massive damage before the attacker gets the chance to respond.
- Social engineering: this is used to describe what happens when attackers tricks users into willingly giving out sensitive information. Spoofing of email addresses and IP addresses are major ways of masquerading in social engineering.
- Identity theft: this happens when a person’s personal detail is used to impersonate the person. The perpetrators of this act usually use the stolen identity to either commit fraud, take massive loan or buy expensive item on credit
- Pharming: Pharming is a cyber attack intended to redirect a website’s traffic to another, fake site. Pharming can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software.
- 20 General systems security tips:
- Use a password to get system out of sleeping mode
- Use password to share folders
- Never re-use a password
- Correct and consistent use of firewall
- Timely deployment of patches
- Make your password as complicated and unique as possible
- Update your password regularly
- System hardening
- Virtual Machine for some tasks
- Never write down your password- keep it far from your desk if you must do
- Don’t use dictionary words as passwords
- Regularly check the privacy settings on your social media accounts
- Enable a two-factor authentication (where possible)
- Have an updated antivirus and antimalware software install
- Always install OS updates
- Never click on any link – especially in an email
- Regularly update your browser
- Use of firewall to hide network name from broadcaster
- Never share password
- When you forward email to others, ensure that you have checked the contents of the mail and that it is suitable to be forwarded.
Purpose of Cyber Security
- CIA of cyber security: All efforts in the area of cybersecurity is to ensure that information is confidential, have some integrity and is available as at when needed. Confidential information will ensure that trade secrets or sensitive personal data is not exposed for example. Integrity of information gives the assurance that the contents of information have not been tampered with and Availabliity of information makes it possible for people to gain access to needed information when needed.