💻
Cyber Threats Reading
Summaries + Lecture Notes -
Week 1-7
This is a summary of all the readings and lectures throughout week 1-7.
The structure of a week is as follows:
Week number:
Readings for that lecture
Lecture notes
Etc.
Week 4 and the corresponding lectures and readings are missing, because we had no
lectures that week.
Also, the page numbers don’t make sense sorry about that.
Good luck on the final!! :]
Cyber Threats Reading Summaries + Lecture Notes - Week 1-7 1
, 💻
Cyber Threats Reading
Summaries + Lecture Notes -
Weeks 1-7
Week 1
Meeuwisse, R. (2017). Cyber Security for
Beginners. Cyber Simplicity Ltd
Chapter 1: Cybersecurity & Its Origins
We are living through the most significant period of change that has ever taken place in
human history – the digital revolution.
There is almost no service or product that you use that is not fully dependent on
technology.
And you are almost certainly reliant on the cyber world in ways that regularly, if not
constantly, put your life in the hands of technology.
Whenever you download a ‘free’ application, the price is most certainly your
personalized information.
This illustrates that we live in an age in which collecting information is power.
Specifically, organizations collect information to build their power.
Cyber Threats Reading Summaries + Lecture Notes - Weeks 1-7 1
, It is tempting to think that cybersecurity is only about protecting against people trying to
hack and steal other peoples’ information.
Cybersecurity certainly includes those measures, but is also a much wider and
more significant discipline, in part because the people trying to gain unauthorized
access often have motives other than stealing information or money.
Cybersecurity =
The protection of digital devices and their communication channels to keep them
stable, dependable and reasonably safe from danger or threat. Usually the
required protection level must be sufficient to prevent or address unauthorized
access or intervention before it can lead to substantial personal, professional,
organizational, financial and/or political harm.
Digital device =
Any electronic appliance that can create, modify, archive, retrieve or transmit
information in an electronic format. Desktop computers, laptops, tablets,
smartphones and Internet-connected home devices are all examples of digital
devices.
Cybersecurity is about more than just protecting any and all technologies. It is really
about protecting people, who directly or indirectly, rely on anything electronic.
It is now becoming accepted that cybersecurity also encompasses the need to keep
electronic devices and digital services stable and dependable.
As specifically, following a cybersecurity strategy that relies on prevention alone no
longer works.
The US National Security Agency (NSA) and their Defense in Depth strategy
documents have helped expert audiences appreciate the wider threats, including human
factors.
Cyber Threats Reading Summaries + Lecture Notes - Weeks 1-7 2
, Defense in depth =
The use of multiple layers of security techniques to help reduce the chance of a
successful attack. The idea is that if one security technique fails or is bypassed,
there are others that should address the attack. The latest (and correct) thinking on
defense in depth is that security techniques must also consider people and
operations (for example processes) factors and not just technology.
Guarding against external and malicious threats is considered a priority because they
currently appear to create the most damage and cost.
This is because most (but not all) major cybersecurity incidents are due to
criminal, state or terrorist-led activities.
A malicious attack often includes the unauthorized removal or copying of information.
These information leaks often cause customer, brand and share damage in addition
to high remediation and compensation costs.
Virus =
A form of malicious software that spreads by infecting (attaching itself) to other
files and usually seeks opportunities to continue that pattern. Viruses are now
less common than other forms of malware. Viruses were the main type of malware in
very early computing. For that reason, people often refer to something as a virus
when it is technically another form of malware.
The transformation that gave rise to cybersecurity threats was mostly driven by one
key factor: Internet connection speeds became faster, cheaper and more widely
adopted, even in less economically developed countries.
As more organizations and people adopted connected technologies, traditional
(disconnected) services became even less competitive due to their higher costs and
Cyber Threats Reading Summaries + Lecture Notes - Weeks 1-7 3
, lower benefits.
This created a ‘Darwin’ effect. Those who adapted to the advantages of connected
technologies were (and are) gaining advantages and thriving. Those organizations
that were (and are) not evolving to use connected technologies are mostly shrinking
or perishing.
We now routinely store and transact very sensitive (monetizable) information and
services through networked devices.
It is also important to remember that even the very first electronic computers were used
for breaking into information, or, more accurately, code breaking through the use of
cryptanalysis.
Cryptoanalysis =
The art of examining ciphered information to determine how to circumvent the
technique that was used to encode or hide it. In other words; analyzing ciphers
(coded messages).
So for as long as humans have used computing power, it has been used to both
enhance how we use our own information and to take advantages away from
competitors.
Until around 2005, IT departments selected and rolled out systems that were frequently
(but not always) of little or no business value. They were the ones that controlled which
devices and software could be used in any organization.
Then, with the enhanced connection speeds of the Internet, the cloud arrived.
The Cloud =
An umbrella term used to identify any technology service that uses software and
equipment not physically managed or owned by the person or organization
Cyber Threats Reading Summaries + Lecture Notes - Weeks 1-7 4
, (customer) using it. This usually provides the advantage of on-demand scalability
at lower cost. Examples include applications that are hosted online, online file
storage areas, and even remote virtual computers. Using a cloud means the
equipment managing the service is run by the cloud provider and not by the
customer. But although the customer does not own the service, he or she is still
accountable for the information that he or she chooses to store and process through
it. Usually a cloud service is identified by an ‘aaS’ suffix. For example – SaaS
(Software as a Service), IaaS (Infrastructure as a Service) and PaaS (Platform as a
Service).
The cloud opened up a market for software that offered choices and prices never seen
before.
Instead of paying thousands or millions for a piece of software, waiting months or
years for it to arrive, and then spending more money again to get it ‘hosted’
(installed on computers), we could all pay a much lower price (sometimes even
free) and try out software within a matter of minutes.
Early cloud adopters were able to significantly outpace their competition, stripping back
costs and more importantly, connecting more effectively with their customers.
These cloud opportunities took most of the decisions about technology choices away
from IT departments, but left them with the responsibility of securing these externally-
administered tools after the decision was made.
The decision-making power in most companies now lies with non-IT
personnel, the technology department is now just a consultancy service.
However, this does not mean that the role of technologists has diminished; in fact,
technology departments have progressed from playing a peripheral role to being the
critical foundation upon which each and every organization on the planet relies.
The primary role of a modern ‘business technology’ department is to establish and
manage methods by which an organization can work smoothly and securely with a
combination of in-house and external technologies. To do this, the department
leaders must establish a centralized security architecture and must work with each
Cyber Threats Reading Summaries + Lecture Notes - Weeks 1-7 5
, internal and external supplier to establish roles, responsibilities, boundaries,
standards and other controls.
Unless the convenience and money-saving advantages of using externally-
supplied technologies are balanced with comparable investments in security, bad
things can happen.
Any digital device that is used directly or indirectly to help us run our lives and
businesses is a potential point of vulnerability.
Vulnerability =
a weakness, usually in design, implementation or operation of software (including
operating systems), that could be compromised and result in damage or harm.
In the cybersecurity world, any potential vulnerability that might be leveraged is called
an attack vector.
Vector =
another word for 'method,' as in 'They used multiple vectors for the attack.'
Today many organizations and individuals are using ‘bleeding edge’ technologies. An
example of bleeding edge technology usage is ‘BYOD’, the trend of ‘Bring Your Own
Device’ to work.
Bleeding edge =
Using inventions so new, they have the likelihood to cause damage to their
population before they become stable and safe.
The two most important elements in cybersecurity are having control over:
1. Access to your digital devices.
Cyber Threats Reading Summaries + Lecture Notes - Weeks 1-7 6
, 2. The information they store and transact.
The more variety and options in your cyberspace, the harder it will be to keep it secure.
Each time there is a brand new type of vulnerability or method of attack uncovered, you
can often still smell the paint drying on the controls used to mitigate the problem.
Controls =
A method of regulating something, often a process, technology or behavior, to
achieve a desired outcome, usually resulting in the reduction of risk. Depending on
how it is designed and used, any single control may be referred to as preventive,
detective or corrective.
Cybersecurity is still about humans attacking humans.
The only difference between cybersecurity and traditional methods of preventing
attacks is that the weapons used to hurt us are our digital devices and the sensitive
information they contain.
Cyber insecurity =
Suffering from a concern that weaknesses in your cybersecurity are going to cause
you personal or professional harm.
Chapter 2: About the Case Studies
From around 2007 until 2013, many industry insiders believed the risks of quickly
adopting new technologies were outweighed by the benefits and/or earnings they
returned.
Thus in the race to outsource anything that was not considered absolutely core to
each enterprise’s operations, information no longer remained in a closed and
controlled environment.
Cyber Threats Reading Summaries + Lecture Notes - Weeks 1-7 7
, In all the case studies we will look at, you will see that a number of what are referred to
as ‘control failures’ existed and compounded each other to cause the breaches.
I call this a ‘stacked control failure’ as a result of unmitigated ‘stacked risks’.
Hacker =
a person who engages in attempts to gain unauthorized access to one or more
digital devices. Can be black hat (unethical) or white hat (ethical) hacker,
depending on the person’s intent.
Cyber attack =
To take aggressive or hostile action by leveraging or targeting digital devices. The
intended damage is not limited to the digital (electronic) environment.
The primary purpose of any cyber attack is to achieve a monetary and/or political power
advantage. Hackers and digital devices are only some of the weaponry used.
The basics of any cyber attack can therefore be summarized as follows:
Hostile parties (threat actors) seek vulnerabilities (security
gaps) to exploit (take advantage of) for financial or political
gain.
Threat actors =
An umbrella term to describe the collection of people and organizations that work to
create cyber attacks. Examples of threat actors can include cyber criminals,
hacktivists and nation states.
Exploit =
Cyber Threats Reading Summaries + Lecture Notes - Weeks 1-7 8
, To take advantage of a security vulnerability. Well-known exploits are often given
names. Falling victim to a known exploit with a name can be a sign of low security,
such as poor patch management.
Patch management =
A controlled process used to deploy critical, interim updates to software on digital
devices. The release of a software ‘patch’ is usually in response to a critical flaw or
gap that has been identified. Any failure to apply new interim software updates
promptly can leave open security vulnerabilities in place. As a consequence,
promptly applying these updates (patch management) is considered a critical
component of maintaining effective cybersecurity.
The tools used by hackers to launch cyber attacks include something called malware.
Malware =
Shortened version of malicious software. A term used to describe disruptive,
subversive or hostile programs that can be inserted onto a digital device. People
can intentionally or unintentionally make these types of programs harmful.
Intentionally-harmful versions are usually disguised or embedded in a file that looks
harmless so the attacker who uses them can intentionally compromise a device.
Malware that someone does not intend to be harmful can still disrupt a device or
leak information; however, the harmful qualities can result from unintentionally poor
construction quality, bad design or insecure configuration. There are many types of
malware; adware, botnets, computer viruses, ransomware, scareware, spyware,
trojans and worms are all examples of intentional malware. Hackers often use
malware to mount cybersecurity attacks.
Botnet =
Shortened version of robotic network. A connected set of programs designed to
operate together over a network (including the Internet) to achieve specific
purposes. The purpose can be good or bad. Some programs of this type are used to
help support Internet connections; malicious uses include taking over control of
Cyber Threats Reading Summaries + Lecture Notes - Weeks 1-7 9