Chapter 3: Cybersecurity- McGraw Hill textbook, MIS 180
- Confidentiality, hackers, and the amount of private information on the internet is just a
few concerns internet users have
- Cybersectuiry is utilized by companies to guard this information and reduce the risk of
information leaks
Cyber security Threats, Vulnerabilities, Exploits
Threats - a cybersecurity threat is an event or condition that has the potential for causing asset
loss, as well as the ugly consequences or impact from such loss.
- What are these assets at risk? Information, software, or hardware
- The specific causes of asset loss come from a wide variety of situations;
- Intentional, unintentional, accidental, incidental, misuse, abuse, error, weakness,
defect, fault, and failed events and associated conditions
- Cybersecutiry threats should be assessed and resolved to prevent future impacts
Vulnerabilities- cyber security vulnerabilities are weaknesses or flaws in system security
procedures, design, implementation, and control that could be compromise accidentally or
intentionally
- These compromises can result in security breaches, lost information or data, system
outages, and violations of an organization’s system security policy
- Vulnerabilities also occurs when there is exposure in an operating system or application
software (backup of data is insufficient)
Exploits- cybersecurity exploits identify system vulnerabilities and take advantage
- An exploit is basically when a HACKER finds a vulnerable system, and uses the
weakness to execute a malicious activity on a system
- Exploits can include code, command sequences, and open-source exploit kits that are
designed to take advantage of software vulnerabilities or flaws in a system security
- They allow intruders to remotely access a network to gain unwarranted access, and
move deeper into their private network- Scary! Imagine if this happened to your
Robinhood investment or bank account! 😬
Computer Viruses and Trojan Horses
- A Computer virus is software that infects a computer
- Created using computer code, must be activated to “attack”
- Can destroy programs or alter operations of a computer or network
- Designed to spread in hosts, has the ability to replicate themselves
- Cannot reproduce and spread without proper programming, such as that
contained in a file or document
- A Trojan horse is a program that appears legitimate but executes an unwanted activity
when activated
- Commonly used by cyber thieves and hackers to gain unauthorized access to a
user’s device or systems
- Often used to find passwords, destroy data, or bypass firewalls (security
measures)
- Trojan horses are similar to viruses, but do not replicate themselves and are
usually found in free apps and downloads
, - Can be used to delete, block, copy, and modify data, and to disrupt computer
performance
Cybersecurity Breaches and Threat Mitigation
A Breach occurs when a hacker gains unauthorized access to an organization's systems, data
and information
- Think: A security breach is similar to someone breaking into your home! Why do we lock
our doors and set an alarm on the door?
- Security breaches are early-stage intrusions, they can lead to system damage, data
loss, and network downtime
- Hackers use malicious software and other techniques to reach restricted areas of a
system or network
- Breaches occur in a variety of ways; viruses, spyware, impersonation, and distributed
denial of service (DDos) attacks
Threat mitigation are the policies and producers that an organization puts in place to help
prevent security incidents, data breaches, and unauthorized network access
- Think: This is the companies’ alarm system or way of arming their house!
- Threat mitigation also includes the procedures to reduce the damage if and when a
security attack happens
- 3 components of threat mitigation;
- Threat prevention- policies and procedures an organization has
designed/implemented to protect systems and data
- Threat identification- the security tools and oversight designed to identify
specific and active security threats
- Threat cures- the policies, tools, and strategies used to lessen the impact of
active security threats
Social Engineering
- Social engineering refers to how a criminal uses psychological manipulation to get
people to willingly give up confidential information
- Social engineering is designed specifically to get individuals to give their private
information to criminals
- These criminals want passwords, bank information, access to your computer or
network, and even your Social Security Number (SSN)
- Social engineering attacks exploit individuals trust and lack of knowledge about sharing
their information on the Internet
Common social engineering cybersecurity attacks
- These criminals can send emails posed as your family or friends, and send links that that
can lead to illegitimate file downloads or a virus
- Other attacks come from an individual being encouraged to download a movie, song, or
enter in a “giveaway”
- Ie. 123movies.com, LimeWire, or “WIN $100,000 NOW!”
- For my girls, lately a “sugar daddy” scam is going around posing to give people
money when in reality they gather bank information and hack it
- When you receive any type of random digital information or a request to give
your information, it is important to slow down and research the facts before
making yourself vulnerable
