한국어Cyber Security is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from Cybercrime.
Cybersecurity Common Sense:
Cybersecurity may seem frightening and intimidating at first glance, but most cybersecurity best practices are just common sense! You use cyber principles in your everyday life without realizing it—from delegating tasks to friends or coworkers to building toy castles with your kids! And the best way to apply those skills to ensure your cyber safety is to learn what kinds of attacks you are vulnerable to, and to learn the easiest way to defeat them.
Commonly Used Terms:
The terminology surrounding cybersecurity may be confusing at first, so let’s go over a few of the words we’ll be using throughout this activity.
• A “bad actor” is anyone looking to make trouble for you and your computer system. This can include a variety of cybercriminals—hackers, social engineers, and even shoulder surfers!
• Hackers use computers and other digital devices to gain unauthorized access to information or damage computer systems. Sometimes, hackers have impressive computer skills, but expert knowledge of programming isn’t always necessary for a successful hack.
• Any attempt by hackers or bad actors to gain unauthorized access to a digital computer system can constitute a cyber-attack.
As always, if you come across a term or phrase about cyber or computer science – or even in your everyday life – that you don’t understand, look it up! Many cyber-specific terms are already part of the dictionary, and a simple online search can make a big difference in your understanding of the cyber ecosystem.
Cybersecurity isn’t just a limited concept only used and needed by cyber professionals. Cybersecurity is the responsibility of every person who uses an internet-connected device.
Cybersecurity also isn’t just important to large businesses. Cybersecurity is essential to all businesses no matter their size and to all people.
Cybersecurity starts with YOU and is everyone’s responsibility.
There are currently an estimated 5.8 billion internet users worldwide. That’s over 63% of the world’s population! This number will continue to grow, making cybersecurity more important than ever.
(source: https://internetworldstats.com/stats.htm pulled 7/8/2021).
Cyber Crime
What is it?
Cybercrime is any crime which is committed electronically.
This can include:
• Theft
• Fraud
• Sometimes even murder
We don’t often consider whether or not the people we interact with online might be breaking the law. But legal wrongdoing is just as prevalent on the internet as it is in the physical world. Cybercrime is any crime, including, but not limited to, theft, fraud, and even sometimes murder, which is committed electronically.
Examples:
• Identity theft
• Child sexual abuse materials
• Financial theft
• Intellectual property violations
• Malware
• Malicious social engineering
Why should you care?
• Crime is a danger offline and on!
• Cyber self-defense basics can go a long way to keeping you and your data out of the hands of Cyber Criminals.
We all want a safer world to live in, and it’s clear, now more than ever, that computers and other internet-connected devices are part of that world. Being safe on the computer is often very similar to being safe in your daily offline routine. You wouldn’t leave your car unlocked in the middle of a crowded city – so why not apply those same safety principles to your online life?
MALWARE
What is it?
Any software intended to:
• Damage
• Disable
• Or give someone unauthorized access to your computer or other internet-connected device
Malware, short for “malicious software,” is software intended to damage, disable, or give someone unauthorized access to your computer or other internet-connected device. This includes adware, botnets, ransomware, rootkits, spyware, viruses, worms, and numerous others.
Examples:
• Ransomware
• Adware
• Botnets
• Rootkits
• Spyware
• Viruses
• Worms
Why should you care?
Most cybercrime begins with some sort of malware. You, your family, and your personal information is almost certainly at risk if malware finds its way onto your computer or devices
RANSOMWARE
What is it?
Malware designed to make data or hardware inaccessible to the victim until a ransom is paid.
It’s easy to forget sometimes how valuable the information we store on our computers and devices really is to us. Family photos, financial information, address books, homework assignments—so much of our lives is stored digitally! Ransomware is a type of malware in which the attacker encrypts the victim’s data to make it as inaccessible as possible, often by locking a person completely out of their computer. Then the hacker demands a ransom to release or unencrypt that information.
Examples
• Cryptolocker
• Winlock
• C ryptowa 11
• Reveton
• Bad rabbit
• Crysis
• Wannacry
Why should you care?
• Often downloaded as malicious email links
• Damage to both financial stability and reputation
• No guarantee that you will get your data back, even if you pay
• Often used as a decoy for other malicious activity
The fees extorted by cybercriminals through ransomware can be extreme or prohibitive—not to mention that there’s no guarantee that your data will actually be returned to you after you pay! Luckily, there’s a simple way to make yourself and your data resistant to ransomware attacks. In addition to keeping your software and antivirus programs up to date, regularly back up your system on the cloud or on an external hard drive. That way, you always have a spare copy of the information that’s most important to you.
BOTS
What is it?
Bots are a type of program used for automating tasks on the internet.
FYI!
Not all bots are bad. When you use a search engine, these results are made possible by the help of bots “crawling” the internet and indexing content. Chatbots like Siri and Alexa are another common type of “good” bot.
Why should you care?
Malicious bots can:
• Gather passwords
• Log keystrokes
• Obtain financial information
• Hijack social media accounts
• Use your email to send spam
• Open back doors on the infected device
PHYSICAL CYBERATTACKS
What is it?
Physical cyber-attacks use hardware, external storage devices, or other physical attack vectors to infect, damage, or otherwise compromise digital systems. This can include…
• USB storage devices
• CD/DVD
• Internet of Things (loT)
Why should you care?
• Easy to overlook
• Difficult to identify and detect
• Extremely difficult to remove
• Can do anything from installing ransomware, to sending copies of or modifying information systems, to dismantling networks
These kinds of attacks are frighteningly versatile, very difficult to identify and detect, and painfully difficult – sometimes close to impossible – to remove. Always try to keep track of where your storage devices have been, and don’t plug “lost-and-found” USB drives into your computer. Keep your personal and workplace data storage and other devices separate to avoid transferring malware from one system to another – just like washing your hands to prevent the flu from spreading!
FYI!
Anything connected to the internet is potentially vulnerable, from e-scooters to laptops to cargo ships.
SOCIAL ENGINERING
What is it?
Cybercriminals can take advantage of you by using information commonly available through…
• Social media platforms
• Location sharing
• In-person conversations
Sometimes bad actors don’t need computers to gain access to your information. Social Engineering is when bad actors gather commonly available information about you and things you care about in order to trick you into revealing information or giving unauthorized access to information systems. Social Engineering attacks can be quite sophisticated, and are not always easy to recognize. This includes attacks such as Phishing, Swatting, and more.
Why should you care?
• Your privacy isn’t just a luxury – it’s a security measure
• Attacks can be successful with little to no programming knowledge or ability
• Technological security measures can only protect you so much – you are your best defense
Examples
• Phishing
• Pretexting
• Baiting
• Quid pro quo
• Tailgating
• Inside job
• Swatting
Social engineering attacks don’t require super powered programming skills to be successful. The information you post on social media and other sharing platforms may make you especially vulnerable to this attack vector, and it may be difficult to tell when you are being targeted.
PHISHING
What is it?
Fake messages from a seemingly trusted or reputable source designed to convince you to…
• Reveal information
• Give unauthorized access to a system
• Click on a link
• Commit to a financial transaction
Phishing is a kind of Social Engineering attack in which a bad actor poses as a trusted or reputable source and sends fraudulent digital messages, such as emails, with the intent of manipulating individuals into revealing personal or protected information, or with the intent of gaining unauthorized access to a system through a download or link.
Why should you care?
• Extremely common
• Can have severe consequences
Example
Take a look at this sample Phishing email. Would this email fool you?
Phishing attacks are some of the most common—and most commonly successful—types of attacks. Learning how to recognize fraudulent messages by paying close attention to detail and never clicking on embedded hyperlinks, as well as remembering to report phishing attempts when you are targeted, are the best ways to defeat this kind of cyber-attack. When clicking on links ensure that URLs begin with “https.” The “s” indicates encryption is enabled to protect users’ information.
Not all phishing attacks are as obvious as this, showing the need to learn the signs of these types of attacks and think before you click. Check that emails and links and legitimate. Verify all attachments come from a trusted source.
SWATTING
What is it?
An attack centered around location sharing in which bad actors call the police claiming the victim has committed a crime…
• Bomb Threat
• Armed Intruder
• Violent Incident
Think Social Engineering is just for Phishing? Think again. Swatting is an attack centered around location sharing. Bad actors use your location to call the police, claiming that the victim has committed a serious crime. Sometimes, the intent behind these attacks are merely pranks – but the consequences are almost always severe.
Why should you care?
• Physical and immediate consequences
• Sometimes was intended merely as a prank
• Arrest and serious injury can result
• Reduce risk by sharing your location only with trusted individuals, and share vacation photos only after you’ve returned safely home
Example
Your location is embedded as metadata in every picture you take with your phone. Turn location services off when you aren’t using them to make it more difficult for bad actors to view this information.
Unlike many cyber-based attacks, Swatting has clear, physical, and immediate consequences. Imagine police raiding your home on a Swatting bomb threat tip! These attacks can easily result in injury and arrest, and sometimes even death to the victim. Your location is your business. Text or call friends the old-fashioned way if you want to meet up, share vacation photos only after you’ve gotten safely home, and remember to turn off location services on your devices when you don’t need them.
OTHER AVENUES OF ATTACK
What is it?
• Internet of everything
• Any device connected to your network
• Information collection
• Remote access
• Bluetooth
• Open ports
Any device that stores information or is connected to the internet can be a way for cyber criminals to gain access to your information systems – or, in some cases, use your devices to attack someone else. And with the advent of the Internet of Everything, you may have more of these kinds of devices around you than you think! Think about how much information is being gathered about you and your lifestyle and take the necessary precautions against that information being accessed unethically or misused.
Why should you care?
• Your network can be used to attack someone else
• Any device that stores information or is connected to the internet can be a vulnerability
• Assume that you are vulnerable, and take measures to understand and mitigate risk
• Don‘t be the “low-hanging fruit”
Examples
• Smart devices
• Mobile phone
• Thermostat
• Vehicles
• Gaming consoles
• Printers
• Medical equipment
• Industrial systems
The number of ways a bad actor can exploit you and your information is nearly limitless. But don’t let that get you down! Hackers and other cyber criminals will usually be most interested in the most vulnerable targets, which is good news for you. In the same way that you can’t entirely prevent a determined criminal from stealing something from you in the physical world, you likely also can’t be entirely impervious to malware and other hacks. However, making your devices and information as resistant as possible to cyber-attacks can make you “not worth the effort” of trying to gain access to your information systems.
One of the first lines of defense on keeping your information safe online is the use of a password. Some password tips are as follows:
• Use different passwords on different systems and accounts. One of the leading causes of unauthorized access to accounts is the reuse of login credentials.
• Use the longest password allowed. The longer and more complicated a password is, the harder it will be for someone to access your accounts.
• Use a mix of uppercase and lowercase letter, numbers, and symbols. Everyone has seen that many sites require this, and it’s not there to inconvenience you, but to protect you and your data.
• Reset your password every few months. It’s good to get into the habit of resetting your passwords regularly, especially when these passwords allow access to important personal information such as bank accounts or medical data. It is also especially important given that it takes most companies an average of six and a half months to notice that a data breach has happened. By the time a data breach is reported, a bad actor could have been using and/or selling your data for a considerable amount of time.
• Use a password manager. The most secure way to store all of your unique passwords is by using a password manager. With just one master password, a computer can generate and retrieve passwords for every account that you have – protecting your online information, including credit card numbers and their three-digit Card Verification Value (CVV) codes, answers to security questions, and more.
FYI!
Password or credential stuffing is a cyberattack that tries “stuffing” already comprised username and passwords from one site into another site in hopes that the user uses the same login information across platforms.
“Do Your Part. #BeCyberSmart.”
This theme encourages everyone to take proactive steps to enable lasting, positive cybersecurity behavior change at home, school, and at work.
All internet-connected devices are potentially vulnerable, and as such, Cybersecurity Awareness Month emphasizes the critical need for individuals and organizations of all sizes in both public and private sectors to protect themselves against cyber threats.
Adequate protection from cyber threats is a critical challenge for individuals and organizations of all sizes in both the public and private sectors and serves as a constant reminder of the need to promote cybersecurity awareness across the Nation. Cybersecurity Awareness Month highlights the importance of empowering citizens, businesses, government, and schools to improve their cybersecurity preparedness. It reminds us that being more secure online is a shared responsibility and creating a safer cyber environment requires engagement from the entire Nation.
