Cyber Security Threat Levels 2

Vulneralbilities: cyberalert-900

Environmental:

  • Natural disasters can affect data, information and computer systems
  • Data/information inaccessible
  • Loss of power / internet connection
  • Hardware damaged

System:

Physical:

  • Theft of devices
  • Misplaced devices
  • Relate to the physical devices used to store data / information / identity theft
  • Relate to the running of devices and computer systems
  • Weak passwords
  • Software’s not updated with patches
  • System updates not completed
  • Security updates not completed
  • Updates not completed in real-time
  • Using public Wi-Fi connections
  • Using unsecured hardware devices

Impacts of a Cyber - Security Attack: internet-crime-and-electronic-banking-security-picture-id480137882

Data Destruction: Data is destroyed by a cyber-security attacker and no longer exists.

Data Manipulation: Data is amended to meet the needs of the cyber-security attacker

Identity Theft / Fraud: Personal details have been stolen during a cyber-security attack. The attacker may use these details for criminal activity.

Data Modification: It changes data to meet the needs of the attacker. However, the attacker usually has different aims and the crime may not be found for a long time.

Dos Attack: Authorised users may not have access to the website. The affected business may lose business or data.

Data Theft: Cyber-attacker steals computer-based data. Can happen to passwords, personal details and financial data. But it can also happen to portable storage devices or mobile devices.

Consequences of a Cyber Security Attack: cso_cybersecurity_cyber_attack_warning_danger_threat_hack_by_matejmo_gettyimages-486818926_2400x1600-100813827-large

Financial: Compensation to be paid. Financial accounts not up-to-date.

Commercial: Business cannot function as normal.

Operational: Time delay to restore data and continue with business.

Individuals: Identity theft. National security.

Reputation: Decline – not trustworthy.

Finance: Unable to access financial accounts / data. Data loss from personal financial accounts – identity theft/fraud.

Data: Data lost. Not backed-up.

Equipment: DDoS.

Financial: Compensation for loss of financial data. Data subject may also suffer.

Prevention Measures: ezine_security_03

Anti-Virus Software

  • Detects viruses before they enter the computer system.
  • Once detected it is automatically quarantined and ask the user what action to take

Secure Backup:
Should be made at regular intervals, can use portable storage media. Should be kept safely and protected from theft or fire. Can be encrypted.

Access Rights are Permissions:

  • Usernames (authorisation) and passwords (authentication)
    • Access right - control who has access
    • Permission - what a user can do

Encryption Software

  • Encrypts data so that only users with the encryption key can read / use the data that has been transmitted.

Other Methods

  • Locking doors Using swipe / RFID cards or keypads
  • Bolting equipment to desks
  • CCTV cameras
  • Closing windows / blinds

Overwriting Data:
Data is overwritten with meaningless data, usually binary (1 or 0). Storage device can be reused.

Biometric Protection Measures:
Uses a person’s physical
characteristic:

  • Fingerprint
  • Eye scan
  • Voice
  • Facial Recognition

Magnetic Wipe:
Removes the magnetic field part of a storage device. Makes the data unreadable and the device unusable.

Physical Destruction:
Device is so thoroughly destroyed that the data cannot be recovered:

  • Hard drive shredder
  • Drill through or hammer on the device
  • Steamroller to run over device