Chapter 1 The need for cybersecurity (Internal and External Threats…
Chapter 1 The need for cybersecurity
Nations can carry out conflicts without the clashes of traditional troops and machines.
Cyberwarfare is an
that involves the penetration of computer systems and networks of other nations.
An example of a state-sponsored attack involved the
malware that was designed to damage Iran’s nuclear enrichment plant. It was designed to
damage physical equipment
that was controlled by computers.
Internal and External Threats
threats from amateurs or skilled attackers can exploit vulnerabilities in network or computing devices, or use social engineering to gain access.
Internal Security Threats
An internal user, such as an employee or contract partner have the potential to cause greater damage than external threats, because internal users have
to the building and its infrastructure devices.
Types of Attackers
Attackers are individuals or groups who
attempt to exploit vulnerability
for personal or financial gain
They are usually groups of professional criminals focused on control, power, and wealth.
These hackers include
others: terrorist, organizations of cyber criminals
attackers gather intelligence or commit sabotage on behalf of their government.
make political statements to create awareness to issues that are important to them.
This group of attackers
break into computers or networks to gain access.
Depending on the
of the break-in, these attackers are classified as:
gray hat attackers
may find a vulnerability in a system and report it to the owners of the system if that action coincides with their agenda.
Some gray hat hackers publish the facts about the vulnerability on the Internet so that other attackers can exploit it.
Black hat attackers
take advantage of any vulnerability for
illegal personal, financial or political gain
white hat attackers
(ethical hackers) break into networks or computer systems to discover weaknesses so that the security of these systems can be
These break-ins are done with
and any results are reported back to the owner.
or Script Kiddies
They may be using basic tools, but the results can still be devastating.
using existing tools
or instructions found on the Internet to launch attacks
They are usually attackers with
little or no skill
The Consequences of a Security Breach
Damaged intellectual property
It is a guideline for information security for an organization
ensures that the
information is accessible
to authorized people.
Security equipment or software, such as firewalls, guard against downtime due to attacks such as denial of service
assures that the information is
during its entire life cycle.
After a file is downloaded, you can
verify its integrity by verifying the hash values
from the source with the one you generated using any hash calculator. By comparing the hash values, you can ensure that the file has not been
with or corrupted during the transfer.
Some of the common checksums are MD5, SHA-1, SHA-256, and SHA-512
Version control can be used to
prevent accidental changes
by authorized users.
must be available to restore any corrupted data, and
can be used to verify integrity of the data during transfer.
or privacy ensure that only authorized individuals access to data, by restricting access through
The data may be
according to the security or sensitivity level of the information
Employees should receive
to understand the best practices in safeguarding sensitive information to protect themselves and the company from attacks.
A program developer should not have to access to the personal information of
Personal data as a target
Online credentials are valuable, these credentials give you access to your accounts. A criminal could also take advantage of your relationships, criminals also want your identity (
Any information about you, can be considered to be your data. This personal data can uniquely identify you as an individual
Medical record, education records, employments and financial records
Online and offline identity
Offline identity is the person who your friends and family interact with on daily basis at home, school, work, etc.
Online identity is how you present yourself to others online
It is an ongoing effort to protect networked systems and data from unauthorized use or harm.