Scribd
Upload
12 views

Introduction to Security and Ethics in Cyberspace

Uploaded by

Hanis Zamri
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
12 views

Introduction to Security and Ethics in Cyberspace

Uploaded by

Hanis Zamri
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 17

Introduction to Security

and Ethics in cyberspace


Lecture 1 – GFW0018
CONTENT
01 What is cybersecurity?

What is the importance of


02
cybersecurity?

03 Where cybersecurity operates?

04 Case Study
What is Cybersecurity?

• Cybersecurity is the practice of protecting systems,


networks, and programs from digital attacks.

• These cyberattacks are usually aimed at accessing,


changing, or destroying sensitive information;
extorting money from users via ransomware; or
interrupting normal business processes.
Ransomware is a malware designed
to deny a user or organization access
to files on their computer
What is the importance of cybersecurity?
• The costs of cyber security breaches are rising
• Privacy laws such as the GDPR (General Data Protection Regulation)
and DPA (Data Protection Act) 2018 can mean significant fines for
organizations that suffer cyber security breaches. There are also non-
financial costs to be considered, like reputational damage.

• Cyber attacks are increasingly sophisticated


• Cyber attacks continue to grow in sophistication, with attackers using an
ever-expanding variety of tactics. These include social engineering (try
to manipulate the victim, e.g. scam calls to establish your trust to
give personal details. They don’t use any software. People often
overlook this.), malware and ransomware. (malware, ransomware =
phone, small technical, try to execute unknown programs on your
computer)
What is the importance of cybersecurity?
• Cyber security is a critical, board-level issue
• New regulations and reporting requirements make cyber security risk
oversight a challenge. The board needs assurance from management
that its cyber risk strategies will reduce the risk of attacks and limit
financial and operational impacts. (e.g. date of birth, may be used to
hack password)

• Cyber crime is a big business (government entities, education and


legislation will always be attacked)
• According to The hidden costs of cybercrime, a 2020 study carried out by
McAfee and the CSIS (Centre for Strategic and International Studies),
based on data collected by Vanson Bourne, the world economy loses
more than $1 trillion (approximately £750 billion) each year. Political,
ethical and social incentives can also drive attackers.
Where does cybersecurity operate?
Here are the primary domains where cybersecurity plays an important role.

Automobiles Businesses End Users Financial Sector

Energy Firms Government The IoTs


Automobiles

Most of today’s cars and trucks are practically rolling laptops, with a wide array
of important vehicle systems controlled by sophisticated onboard computers.
Many of them also have the capacity to use Wi-Fi and Bluetooth to
communicate with passenger devices, cell networks and the internet, making
them also resemble smartphones on wheels.

The Remote 2015 Jeep Hack


Businesses

Firms of every size, from family-owned restaurants to multinational


corporations, rely on computers to do business, creating a vulnerability that
hackers can exploit. Cyber criminals have an obvious incentive to steal a
business’s financial information, such as bank account numbers that could
give them access to the company’s cash, but the threats don’t stop there.
Companies need to protect their trade secrets from being stolen in acts of
corporate espionage, and retail businesses have to safeguard their customers’
payment information from being purloined.

Retail Giant Target Case 2013


Measures Taken by Companies
• Information classification is the process of identifying, categorizing and locating the
different kinds of information in the company’s custody. You won’t know what you
need to defend until you know what you have and where it is.

• Control measures are the various security controls used to safeguard information,
devices and networks, such as card-restricted access to certain computing
resources, antivirus software that monitors network activity, password protection for
accounts and computers, and special approval procedures for a defined set of high-
risk operations.

• Penetration testing is when white-hat hackers attempt to hack into a system in an


effort to detect vulnerabilities that a black-hat hacker could exploit. Any security
flaws they discover are brought to the attention of company leaders, who decide
how best to address the gaps before a bad actor slips through the cracks. (invite
others to crack your system)
End Users

These are the IT devices individuals use every day—the smartphones, tablets,
laptops and desktop computers we use for school, work or personal purposes.
Every one of these devices constitutes a potential point of entry for hackers,
which is why we use passwords, antivirus software, network firewalls and other
cybersecurity measures to keep our individual devices safe.

A network security system that monitors


and can control information entering and
leaving a computer network.
Energy Firms & Other Utilities

If a government or a terrorist organization wanted to attack a hostile nation


from a remote distance, for a minimal cost and without risking any lives, a
cyberattack on that nation’s energy grid, water supply or other public utilities
would be a great way to do it. Perhaps that’s why the U.S. Department of
Homeland Security recorded 79 hacking incidents at energy companies in
fiscal year 2014.
Financial Sector

Many economists will tell you that if you really want to make money, you need
to get into the financial sector: firms that make money in the business of
investing money itself, including investment firms, banks, and mortgage
lenders. This of course makes such firms attractive targets to hackers. In 2016
and 2017, a single hacker group called MoneyTaker conducted 20 confirmed
attacks on financial institutions in the United States, Russia and the United
Kingdom, stealing in excess of $11 million from the companies.

Aman Shah Story 1990


Government

At the federal level, IT systems contain valuable state secrets. For example,
hackers likely working for the Chinese government hacked into the U.S. Office
of Personnel Management and stole records on 4.2 million people in 2014 and
2015, including the highly confidential forms people filled out to qualify for
classified, secret and top-secret security clearances.

When it comes to protecting their own systems and information, the greatest
threats facing federal organizations are malicious outsider hacks and
inadvertent breaches caused by negligent employees or contractors.
Government

• State governments are taking steps to fend off criminal hackers, but they’re
also concerned about the difficulties they face in trying to obtain the
personnel and funding they need to fix known vulnerabilities in a timely
fashion. Some states are doing a great job of allocating resources to
cybersecurity and implementing best practices; others, not so much

• Local governments are facing the same challenges but even more so, which
is why a number of city government IT systems have recently fallen prey to
costly attacks.

Baltimore’s IT systems ransomware case (it’s all about preventing)


The IoTs

The internet of things (IoT) allows us to use a doorbell camera to check on our
porch activity from work, or to turn our lights or music on or off by telling the
smart home assistant what to do. You can even use the IoT to track the
temperature in an aquarium.

The Aquarium Casino Case


Conclusion

Where needed?
• Automobile
Key points
• Energy Firm
• Cybersecurity
• End Users
• Ransomware
• Government
• Network Firewalls
• Business
• Financial Sectors
• IoT
End of Lecture 1
[email protected]

You might also like