Welcome to “Security Threats: Threats and Breaches.” After watching this video, you will be able to: identify the different types of security threats, list examples of security threats, and explain the difference between a worm and a trojan. Weak security policies can lead to physical threats, tampering, or the theft of hardware. Only trusted, authorized personnel should have physical access to information systems and only for the specific systems they are responsible for. It's much easier to steal data directly from a laptop or server than it is to remotely hack into a complex network. To keep hardware safe from physical threats, tampering, and theft, lock it in a secured area with card readers on doors to limit access. Use robust surveillance on the inside and outside of the premises, and keep these maintained, updated, and tested. Hardware failure or destruction can occur during power outages, fires, and natural disasters like earthquakes, floods, tornados, hurricanes, and electrical storms. Environmental conditions such as humidity and mold also pose risks. Keep hardware safe with a well-maintained infrastructure that includes fire suppression systems, backup power, and a properly functioning HVAC system to prevent humidity and mold. Ultimately, none of these strategies will work without a detailed plan for what to do if disaster strikes or a system is breached. Regular planning and run-throughs of mock disaster and attack scenarios will help refine the process and identify security weaknesses. Unpatched systems, misconfigured firewalls, weak cybersecurity, and weak physical security are just a few ways that data threats occur. Data leaks are the accidental exposure of confidential or sensitive data through a security vulnerability. Data breaches are when a data leak is caused intentionally by a cybercriminal. These occur when social engineering or phishing attacks trick employees into leaking sensitive credentials or information. Data dumps are when cybercriminals dump stolen data onto the dark web for monetary gain. A data dump might include PII, PHI, bank account numbers, PINs, social security numbers, and more. Other cybercriminals buy and use data dumps for things like identity theft and password attacks. Dumpster diving is the act of physically searching through a literal dumpster to find something valuable. A company’s trash might contain lists of customer names, phone numbers, contact information, business plans, product designs, or an access code written on a Post-it note. Tech companies require document shredding and device destruction as a normal part of business because these can be stolen from the trash to harvest data that can be used for identity theft and data breaches. Or the data could be sold to hackers or a company's competitors. Software threats include theft, exploits, and malware. Software or license theft is the unauthorized copy or use of copyright-protected software. This includes pirating software and counterfeiting activation codes. Exploits are pieces of code that use vulnerabilities in hardware or software to get into a system. Malware-infected websites use exploits to automatically download malware to a system. This is called a drive-by download. Malware is a general term for software designed to compromise computer systems. Malware can cause system slowdowns, odd requests, browser misdirection, and pop-up ads. It can also steal data, record everything you do with or near your device, spam your contacts with infected links, and connect your computer to a network of hijacked computers that are remotely controlled (known as a botnet). Malware can come from: attachments, sketchy websites, file downloads, infected USB drives, or links in emails, ads, social media, torrents, and even text messages. Phishing and Remote Desktop Protocol attacks (or RDP attacks) are the most popular attack vectors for ransomware since they result in a higher success rate. To avoid malware, keep software updated, don’t open strange attachments or links, back up your data, use strong antivirus software, and use strong, frequently updated passwords. Malware types include viruses, worms, trojans, exploits, spyware, adware, and ransomware. Computer viruses are programs designed to spread from host to host, just like real viruses. An infected app or file has to be started by a user for a virus to activate. Viruses can turn on a webcam, record keystrokes and site visits, steal data, corrupt files, and hijack email accounts. Let’s look at some different types: Program viruses are bits of code that insert themselves into another program. Macro viruses affect Microsoft Office files via the macros they use to automate tasks. Stealth viruses copy themselves to different locations to avoid antivirus scans. Polymorphic viruses change their characteristics to get around cybersecurity defenses. Ninety-seven percent of all malware uses polymorphic viruses. Worms are viruses that start themselves after identifying system weaknesses. They don’t rely on apps or files. Unlike viruses, worms can be controlled remotely. Trojans trick you into installing legitimate-seeming software that includes harmful malware. Spyware collects personal data, login credentials, credit card information, online activity, and can record using a device’s camera or microphone. Adware is software coded into online ads that records your personal data, website visits, and keystrokes to send you personalized ads. Both adware and spyware can be legitimate or malicious. Ransomware locks a system, encrypts its files, and displays a ransom demand. To get the encryption key you must pay the ransom. Or you can regain access by doing a full system restore from a backup. In this video, you learned that: Hardware must be kept safe from physical damage, tampering, and theft. Hardware is vulnerable to natural disasters, fires, mold, and power outages. Software threats include theft, exploits, and malware. Malware includes viruses, spyware, adware, and ransomware. Ninety-seven percent of all malware includes polymorphic viruses.
