CYBER Security Essential

Types of Organizational Data

Traditional Data
Corporate data includes personnel information, intellectual
properties, and financial data. The personnel information includes
application materials, payroll, offer letters, employee agreements,
and any information used in making employment decisions.
Intellectual property, such as patents, trademarks and new
product plans, allows a business to gain economic advantage over
its competitors. This intellectual property can be considered a
trade secret; losing this information can be disastrous for the
future of the company. The financial data, such as income
statements, balance sheets, and cash flow statements of a
company gives insight into the health of the company.
 Internet of Things and Big Data

With the emergence of the Internet of Things (IoT), there is a lot

more data to manage and secure. IoT is a large network of
physical objects, such as sensors and equipment that extend
beyond the traditional computer network. All these connections,
plus the fact that we have expanded storage capacity and
storage services through the cloud and virtualization, lead to the
exponential growth of data. This data has created a new area of
interest in technology and business called “Big Data". With the
velocity, volume, and variety of data generated by the IoT and
the daily operations of business, the confidentiality, integrity and
availability of this data is vital to the survival of the organization.
 Confidentiality, Integrity, and Availability

• Confidentiality, integrity and availability,

known as the CIA triad (Figure 1), is a
guideline for information security for an
organization. Confidentiality ensures the
privacy of data by restricting access through
authentication encryption. Integrity assures
that the information is accurate and
trustworthy. Availability ensures that the
information is accessible to authorized people.
 Confidentiality
Another term for confidentiality would be privacy. Company policies
should restrict access to the information to authorized personnel and
ensure that only those authorized individuals view this data. The data
may be compartmentalized according to the security or sensitivity
level of the information. For example, a Java program developer
should not have to access to the personal information of all
employees.
Furthermore, employees should receive training to understand the
best practices in safeguarding sensitive information to protect
themselves and the company from attacks. Methods to ensure
confidentiality include data encryption, username ID and password,
two factor authentication, and minimizing exposure of sensitive
information.
 Integrity

Integrity is accuracy, consistency, and trustworthiness

of the data during its entire life cycle. Data must be
unaltered during transit and not changed by
unauthorized entities. File permissions and user
access control can prevent unauthorized access.
Version control can be used to prevent accidental
changes by authorized users. Backups must be
available to restore any corrupted data, and checksum
hashing can be used to verify integrity of the data
during transfer.
• A checksum is used to verify the integrity of files, or strings of
characters, after they have been transferred from one device
to another across your local network or the Internet.
Checksums are calculated with hash functions. Some of the
common checksums are MD5, SHA-1, SHA-256, and SHA-512.
A hash function uses a mathematical algorithm to transform
the data into fixed-length value that represents the data, as
shown in Figure 2. The hashed value is simply there for
comparison. From the hashed value, the original data cannot
be retrieved directly. For example, if you forgot your password,
your password cannot be recovered from the hashed value.
The password must be reset.
 What is checksum with example?
• The received data unit is divided into
segments of 8 bits. All the segments along
with the checksum value are added. Sum of all
segments + Checksum value = 00100101 +
11011010 = 11111111. Complemented value =
00000000. Since the result is 0, receiver
assumes no error occurred in the data and
therefore accepts it.
 What is the purpose of a checksum?

A checksum is a string of numbers and letters

that act as a fingerprint for a file against which
later comparisons can be made to detect errors
in the data. They are important because we use
them to check files for integrity
 What is a checksum?
• A checksum is a technique used to determine
the authenticity of received data, i.e., to
detect whether there was an error in
transmission. Along with the data that needs
to be sent, the sender uses an algorithm to
calculate the checksum of the data and sends
it along.
 Availability
Maintaining equipment, performing hardware repairs, keeping
operating systems and software up to date, and creating
backups ensure the availability of the network and data to the
authorized users.
Plans should be in place to recover quickly from natural or
man-made disasters.
Security equipment or software, such as firewalls, guard against
downtime due to attacks such as denial of service (DoS).
Denial of service occurs when an attacker attempts to
overwhelm resources so the services are not available to the
users.
• D41d8cd98f00b204e9800998ecf8427e
• ed6a85fb43e09a433b1bea31a6549709
 The Consequences of a Security Breach

To protect an organization from every possible

cyberattack is not feasible, for a few reasons. The
expertise necessary to set up and maintain the secure
network can be expensive.
Attackers will always continue to find new ways to
target networks. Eventually, an advanced and targeted
cyberattack will succeed. The priority will then be how
quickly your security team can respond to the attack
to minimize the loss of data, downtime, and revenue.
• By now you know that anything posted online can live
online forever, even if you were able to erase all the copies
in your possession. If your servers were hacked, the
confidential personnel information could be made public.
• A hacker (or hacking group) may vandalize the company
website by posting untrue information and ruin the
company’s reputation that took years to build. The hackers
can also take down the company website causing the
company to lose revenue. If the website is down for longer
periods of time, the company may appear unreliable and
possibly lose credibility.
• If the company website or network has been
breached, this could lead to leaked
confidential documents, revealed trade
secrets, and stolen intellectual property. The
loss of all this information may impede
company growth and expansion.
• The monetary cost of a breach is much higher than
just replacing any lost or stolen devices, investing in
existing security and strengthening the building’s
physical security. The company may be responsible
for contacting all the affected customers about the
breach and may have to be prepared for litigation.
With all this turmoil, employees may choose to
leave the company. The company may need to focus
less on growing and more on repairing its
reputation
 Security Breach Example 1

• The online password manager, LastPass, detected unusual

activity on its network in July 2015. It turned out that hackers
had stolen user email addresses, password reminders, and
authentication hashes. Fortunately for the users, the hackers
were unable to obtain anyone’s encrypted password vaults.
• Even though there was a security breach, LastPass could still
safeguard the users’ account information. LastPass requires
email verification or multi-factor authentication whenever
there is a new login from an unknown device or IP address.
The hackers would also need the master password to access
the account.
• LastPass users also have some responsibility in safeguarding their own
accounts. The users should always use complex master passwords and
change the master passwords periodically. The users should always
beware of Phishing attacks. An example of a Phishing attack would be if
an attacker sent fake emails claiming to be from LastPass. The emails ask
the users to click an embedded link and change the password. The link in
the email goes to a fraudulent version of the website used to steal the
master password. The users should never click the embedded links in an
email. The users should also be careful with their password reminder. The
password reminder should not give away your passwords. Most
importantly, the users should enable multi-factor authentication when
available for any website that offers it.
• If the users and service providers both utilize
the proper tools and procedures to safeguard
the users’ information, the users’ data could
still be protected, even in the event of security
breach.
 Example 2
• Security Breach The high tech toy maker for children, Vtech,
suffered a security breach to its database in November 2015. This
breach could affect millions of customers around the world,
including children. The data breach exposed sensitive information
including customer names, email addresses, passwords, pictures,
and chat logs.
• A toy tablet had become a new target for hackers. The customers
had shared photos and used the chat features through the toy
tablets. The information was not secured properly, and the company
website did not support secure SSL communication. Even though
the breach did not expose any credit card information and personal
identification data, the company was suspended on the stock
exchange because the concern over the hack was so great.
• Vtech did not safeguard the customers’ information properly
and it was exposed during the breach. Even though the company
informed its customers that their passwords had been hashed, it
was still possible for the hackers to decipher them. The
passwords in the database were scrambled using MD5 hash
function, but the security questions and answers were stored in
plaintext. Unfortunately, MD5 hash function has known
vulnerabilities. The hackers can determine the original
passwords by comparing millions of pre-calculated hash values.
• With the information exposed in this data breach, cybercriminals
could use it to create email accounts, apply for credits, and
commit crimes before the children were old enough to go to
school. For the parents of these children, the cybercriminals
could take over the online accounts because many people reuse
their passwords on different websites and accounts.
• The security breach not only impacted the
privacy of the customers, it ruined the company’s
reputation, as indicated by the company when its
presence on the stock exchange was suspended.
• For parents, it is a wake-up call to be more
vigilant about their children’s privacy online and
demand better security for children’s products.
For the manufacturers of network-connected
products, they need to be more aggressive in the
protection of customer data and privacy now and
in the future, as the cyber attack landscape
evolves
• The security breach not only impacted the privacy of the
customers, it ruined the company’s reputation, as
indicated by the company when its presence on the stock
exchange was suspended.
• For parents, it is a wake-up call to be more vigilant about
their children’s privacy online and demand better security
for children’s products. For the manufacturers of network-
connected products, they need to be more aggressive in
the protection of customer data and privacy now and in
the future, as the cyberattack landscape evolves
 Example 3
• Equifax Inc. is one of the nationwide consumer credit reporting agencies in
the United States. This company collects information on millions of
individual customers and businesses worldwide. Based on the collected
information, credit scores and credit reports are created about the
customers. This information could affect the customers when they apply
for loans and when they are looking for employment.
• In September 2017, Equifax publicly announced a data breach event. The
attackers exploited a vulnerability in the Apache Struts web application
software. The company believes that millions of U.S. consumers' sensitive
personal data were accessed by the cyber criminals between May and July
of 2017. The personal data includes the customers' full names, Social
Security numbers, birth dates, addresses and other personally identifiable
information. There is evidence that the breach may have affected
customers in United Kingdom and Canada.
• Equifax established a dedicated web site that allows the consumers
to determine if their information was compromised, and to sign up
for credit monitoring and identity theft protection. Using a new
domain name, instead of using a subdomain of equifax.com, this
allowed nefarious parties to create unauthorized websites with
similar names.
• These websites can be used as part of a phishing scheme to trick
you into providing personal information. Furthermore, an employee
from Equifax provided an incorrect web link in social media for
worried customers. Fortunately, this web site was taken down
within 24 hours. It was created by an individual who use it as an
educational opportunity to expose the vulnerabilities that exists in
Equifax's response page
• As a concerned consumer, you may want to quickly verify if
your information was compromised, so you can minimize the
impact. In a time of crisis, you may be tricked into using
unauthorized websites. You should be cautious about providing
personal information so you do not become a victim again.
• Furthermore, companies are responsible for keeping our
information safe from unauthorized access. Companies need to
regularly patch and update their software to mitigate
exploitation of known vulnerabilities. Their employees should
be educated and informed about the procedures to safeguard
the information and what to do in the event of a breach.
• Unfortunately, the real victims of this breach are the individuals whose
data may have been compromised. In this case, Equifax has the burden of
protecting the collected consumer data while conducting credit checks
because the customers did not choose to use the services provided by
Equifax. The consumer has to trust the company to safeguard the
collected information.
• Furthermore, the attackers can use this data to assume your identity, and
it is very difficult to prove otherwise because both the attacker and the
victim know the same information. In these situations, the most you can
do is be vigilant when you are providing personally identifiable
information over the Internet. Check your credit reports regularly (once
per month or once per quarter). Immediately report any false
information, such as applications for credit that you did not initiate, or
purchases on your credit cards that you did not make.
 Types of Attackers
• Attackers are individuals or groups who attempt to exploit
vulnerability for personal or financial gain. Attackers are
interested in everything, from credit cards to product designs
and anything with value.
• Amateurs – These people are sometimes called Script Kiddies.
They are usually attackers with little or no skill, often using
existing tools or instructions found on the Internet to launch
attacks. Some of them are just curious, while others are trying
to demonstrate their skills and cause harm. They may be using
basic tools, but the results can still be devastating
• Hackers – This group of attackers break into computers or
networks to gain access. Depending on the intent of the break-
in, these attackers are classified as white, gray, or black hats
•
The white hat attackers break into networks or computer systems to
discover weaknesses so that the security of these systems can be
improved. These break-ins are done with prior permission and any results
are reported back to the owner.
• On the other hand,
• black hat attackers take advantage of any vulnerability for illegal personal,
financial or political gain.
• Gray hat attackers are somewhere between white and black hat attackers.
The gray hat attackers may find a vulnerability in a system. Gray hat
hackers may report the vulnerability to the owners of the system if that
action coincides with their agenda. Some gray hat hackers publish the facts
about the vulnerability on the Internet so that other attackers can exploit
 Organized Hackers 
• These hackers include organizations of cyber
criminals, hacktivists, terrorists, and state-
sponsored hackers. Cyber criminals are usually
groups of professional criminals focused on
control, power, and wealth. 
 Internal and
External Threats
• Internal Security Threats
• Attacks can be originated from within an organization or from
outside of the organization, as shown in the figure. An internal
user, such as an employee or contract partner, can accidently or
intentionally:
• Mishandle confidential data
• Threaten the operations of internal servers or network
infrastructure devices
• Facilitate outside attacks by connecting infected USB media into
the corporate computer system
• Accidentally invite malware onto the network through malicious
email or websites
• Internal threats also have the potential to
cause greater damage than external threats,
because internal users have direct access to
the building and its infrastructure devices.
Employees also have knowledge of the
corporate network, its resources, and its
confidential data, as well as different levels of
user or administrative privileges.
• External Security Threats
• External threats from amateurs or skilled attackers can
exploit vulnerabilities in network or computing
devices, or use social engineering to gain access.
• What is Cyberwarfare?
• Cyberspace has become another important dimension
of warfare, where nations can carry out conflicts
without the clashes of traditional troops and machines.
This allows countries with minimal military presence to
be as strong as other nations in cyberspace
• Cyberwarfare is an Internet-based conflict that
involves the penetration of computer systems
and networks of other nations. These
attackers have the resources and expertise to
launch massive Internet-based attacks against
other nations to cause damage or disrupt
services, such as shutting down a power grid.
• An example of a state-sponsored attack involved the
Stuxnet malware that was designed to damage Iran’s
nuclear enrichment plant.
• Stuxnet malware did not hijack targeted computers to
steal information. It was designed to damage physical
equipment that was controlled by computers.
• It used modular coding that was programmed to
perform a specific task within the malware. It used stolen
digital certificates so the attack appeared legitimate to
the system. Click Play to view a video about Stuxnet.
 The Purpose of Cyberwarfare

• The main purpose of cyberwarfare is to gain advantage over adversaries,

whether they are nations or competitors.
• A nation can continuously invade other nation’s infrastructure, steal
defense secrets, and gather information about technology to narrow the
gaps in its industries and military.
• Besides industrial and militaristic espionage, cyber war can sabotage the
infrastructure of other nations and cost lives in the targeted nations.
• For example, an attack can disrupt the power grid of a major city.
Traffic would be disrupted. The exchange of goods and services is
halted. Patients cannot get the care needed in emergency situations.
Access to the Internet may also be disrupted. By affecting the power
grid, the attack can affect the everyday life of ordinary citizens.
• Furthermore, compromised sensitive data can
give the attackers the ability to blackmail
personnel within the government. The
information may allow an attacker to pretend
to be an authorized user to access sensitive
information or equipment.
• If the government cannot defend against the
cyberattacks, the citizens may lose confidence
in the government’s ability to protect them.
Cyberwarfare can destabilize a nation, disrupt
commerce, and affect the citizens’ faith in
their government without ever physically
invading the targeted nation
END