An introduction to security awareness; why its important, the impact of being attacked, different threat actors and basic account security.
You are at the heart of your organization and play a key role in keeping it safe against cyber attacks. Understand what it takes to be security conscious by walking through the most common attacks seen in the industry, and learn how to mitigate potential threats. Become more security-aware and improve your cyber hygiene in the security awareness module.
Based on a report from IBM, human errors were the main reason for 95% of successful cyber attacks. The study concluded that people are the main threat to the security of a business. Being more security-aware will significantly help mitigate potential threats and risks to your organization.
Everyone! It's everyone's responsibility to be security-aware. No matter your role at your company, you could be a potential target for cybercriminals; especially given your access and knowledge inside your organization.
1. Read why security awareness is so important for everyone.
No answer needed.
Nowadays, remote working is common in many organizations, and many will spend most of their time working on their personal computers, which increases the risk of being a primary target for cyber security attacks.
Hackers use a variety of tools and methods to gain access to staff computers and corporate networks. Security breaches can cost a company millions of dollars; based on an online report, the average cost of a data breach was a massive $3.86 million. As well as the huge cost to handle a cyberattack, it also damages the reputation and trust of customers and partners.
Security awareness training is a must-have skill to counter efforts by attackers and reduce risks within the business. A few of the benefits are below:
- Help prevent data breaches
- Minimize and reduce risks and threats
- Improve IT defenses
- Improves customer confidence
Based on Proofpoint's study, the following diagrams show the effectiveness of security awareness training.
- 95% reduction in malware and viruses and a greater awareness of cybersecurity threats in a financial institution.
- 90% reduction in attempted phishing attacks in an educational institution.
- 80% reduction in fraud attacks on government employees.
1. Read the above.
No answer needed.
Everyone holds sensitive data, whether it be personal information, customer data, financial reports, or company details, obtaining data (or holding it to ransom) is a cybercriminal's main objective.
Sensitive data can be in many different forms. For example, the HR department has all details and information of employees while the finance department will have the credit card and bank account details of customers. Protecting this data is important not only to the organization but also to its clients and customers.
Now that we know why data protection is so important we now need to understand the type of data we have, why it must be protected and the methods we can take to secure it.
The following diagram illustrates the top 10 data breaches by some of the large companies in history, the number of people who were affected and the type of data that was leaked.
1. How many people were affected by eBay being hacked?
Answer
145 million
2. What data was leaked from Playstation being hacked?
Hint: Answer format should be in the order as shown in the diagram above.
Answer
Names, addresses, e-mail, birth dates
The impact of cyber threats increased significantly during the pandemic, primarily due to the increase in home working. The following points are potential consequences of a successful cyberattack:
- Legal penalties (lawsuits and GDPR)
- Reputational damage
- Disruption to trading
- Financial loss
- Loss of Sensitive Data
Criminals can use the information found in data breaches of companies to perform targeted social engineer attacks or phishing campaigns (more on this in future security awareness rooms). Have I Been Pwned is a service that keeps track of data breaches leaked information, giving you the ability to find out if you've been a victim of a previous data breach. Search your email or phone number, and it will reveal if your personal information has ever been leaked.
1. Go to haveibeenpwned.com and see if your information has ever been part of a breach. If you have, don't panic - ensure you change the breached accounts password. The next room in this module will talk about how you can use a password manager to create unique passwords for all your accounts.
No answer needed.
A cyber threat is the possibility of a malicious attempt to damage or disrupt a computer network or system. Cyber threat actors are individuals or groups of people who maliciously aim to take advantage of system security weaknesses to compromise and gain unauthorized access to victim data, computers, or networks.
The motivation of threat actors may vary and can be categorized into different groups:
- Nation-state cyber threat actors are geopolitically motivated.
- Cybercriminals are financially motivated.
- Hacktivists are ideologically motivated.
- Terrorist groups are motivated by ideological violence.
- Thrill-seekers are motivated by satisfaction.
- Insider threat actors are motivated by discontent.
1. Who would most likely be interested in exploiting a business?
Answer
Cybercriminals
Explanation
Business usually has something that can bring financial benefit to cybercriminals, based on the aforementioned points.
2. Who would most likely be interested in exploiting a personal computer for fun?
Answer
Thrill-seekers
Explanation
"For fun" usually involves satisfaction.
- Who would most likely be interested in exploiting a website to deliver a message?
Answer
Hacktivists
Explanation
Just like an activist campaigning through protest etc., hacktivists campaign through means online (eg., exploiting)
This room introduced you to the basics of security awareness concepts and knowledge that can help you stay safe online. We discussed the importance of security awareness and why it's essential that you play your part in helping to prevent cyber attacks.
In the next room, we will be reviewing some of the common attacks that cyber threat actors can use to gain access to sensitive data, computers, or networks using practical scenarios and exercises.
1. Complete this task and join the "Common Attacks" room.
No answer needed.
END OF ROOM