Please enable JavaScript.

Coggle requires JavaScript to display documents.

Targets for cyber security threats - Coggle Diagram

- - - - What is it?
        
        cookies are a form of spyware intended to improve the convenience on the web, this is done by finding tailored adverts by tracking your sites, as well as this cookies also save your login information if you choose to remain logged in, as these are inherently against cyber security, ones that you have not permitted can be much worse, and can result in unwanted emails and pop ups which can redirect to more malicious websites.
      - how to reduce the risk
        
        frequently clear your cookies, the less time the cookies are on your machine, the less data they can harvest from you, while it may go at the cost of convenience it will significantly improve computer security
    - - What is it?
        
        particularly used in phishing attacks fake websites are websites intended to mimic the look of a legitimate site, such as amazon or ebay, which, if an unsuspecting user types their information into the fake sign in page, will save the login details that they have entered therefore giving the person their login details.
      - how to reduce the risk?
        
        the best way to reduce the risk of this is to never click on dodgy emails, always check the sender and ensure that it is the same as the actual business's email, as well as this, on the website ensure that it supports HTTPS through the lock in the top left corner of the screen and that the link is definitely the same as the website, as well as this, if the email is written as an urgent warning (someone hacked your account, password at risk, ect) you should definitely keep alert.
  - - - financial information is anything such as your bank information, the best way to ensure your information is secure is that you should freeze your account if you feel like your financial information may be at risk to avoid the money being stolen
    - - personal information is by far the most vital of the three, with the use of personal information it is possible for someone to steal your identity (known as identity theft), which can lock you out of all of your accounts, and inadvertently steal anything they want including all social media which could potentially lead to further harm, to yourself, and others.
    - - this means anything which can be used to sign into your account, if you have two factor authentication this is less of a problem but you should still make sure you have a strong password (no real words, numbers, multiple symbols, long) to ensure that these details are secure.
- - - - an internal attack is any cyber attack carried out from inside the system, this means an internal attacker is someone who works for the organisation, this person is known as an insider.
    - - an external attack is any cyber attack carried out by someone outside of the network, this means that the attack is carried out from outside of the place targeted, but sometimes it can be carried out physically in particularly unprotected places
  - - - what is it?
        
        A denial of service attack is when too many requests are given to a server at once and it has to go down, typically performed by a botnet (a clandestine network of computers infected with malware controlled by a single individual) in a DDOS (dedicated denial of service) attack, however, if the server has a low capacity then it can happen accidently
      - how to prevent it
        
        the best way to prevent a DOS attack is to correctly use firewalls, if a certain computer uses to many requests within a short time span then the firewall can automatically block its requests, making the botnet all get banned from the website, while this may result in a few people being IP banned accidently, it would save alot of time and money from being DDOSed.
    - - what is it?
        
        theft of data is simply someone stealing data, for an organisation, a lot of people will want their data for the financial value it has, this type of theft is usually carried out in sync with a ddos attack, as the ddos attack give the attacker a window of opportunity to hack into the system, so most of the prevention methods can be found in DDOS.
      - how to prevent it
        
        besides the prevention methods listed above, other methods can include encryption, as the data will not be useful if the hacker gets their hands on it, and as well as this, physical security methods such as disabling all input methods (USB, DISC drive, SD slot ect) can prevent issues with the physical attacks as well, and the other main method of prevention would be the use of ethernet, as using ethernet will prevent hackers from intercepting the communications between client and server that is a result of wireless network access, and by extension locking the router in a safe room with a lot of physical security.
    - - what is it?
        
        theft of equipment is just that, equipment being stolen from the company, while this can be used to simply take and sell the devices, it will most likely be used for the information contained inside of them, and will most likely cause the person to find company data which puts them at risk.
      - how to prevent it
        
        the best way to prevent equipment is by physically security placements, this can be done via RFID, security cameras, bolting machines down to the desks and use of biometrics in particularly high value areas.
    - - what is it?
      - how to prevent it