Cyber Security Ontario: CSAM_KL_Introduction_to_Cyber

Introduction to Cyber Security

Cyber security refers to the body of technologies, processes and practices designed to protect networks, devices, programs and information from unauthorized access.

Cyber security is important because government and organizations collect, process, store and send information. Much of this information is sensitive, and unauthorized access or exposure could have negative consequences.

The most difficult challenge in cyber security is the rapidly evolving nature of security risks.

What is cyber security?

Cyber security describes the discipline dedicated to protecting information and the systems used to process or store it.

Cyber security encompasses the following elements:

What is cybercrime?

Cybercrime is generally defined as a criminal offence that targets a computer system or an electronic device, or where a computer system is used as a tool to commit the crime.

Cybercrime occurs when malicious actors take advantage of vulnerabilities in software, hardware and human behavior online. Their goals include obtaining information, which can be sold, traded, revealed or used to perpetrate more cybercrime.

These malicious actors are often referred to as threat actors.

Cybercrime costs include damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.

Cybercrime is a significant threat to every organization, government and individual in the world. Cybercrime is increasing in frequency and complexity every year. By 2025, cybercrime is expected to cost the world $10.5 trillion USD.¹ To put that number in perspective, the gross domestic product (GDP) of the United States was $22.68 trillion USD in 2021.

Malicious threat actors take a similar approach to perpetrate a cyber attack. Understanding this approach helps you detect and counter potential attacks.

First, a threat actor will:

Do research on the target organization. Knowing the organization well allows them exploit human or system vulnerabilities. During this phase, you may experience unusual emails, texts, or calls.

Then, they will:

Coordinate resources and tailor tools needed for the attack. Many threat actors have a large tool kit available. This includes malware or vulnerability exploits, and tools to support the social engineering attack. It’s unlikely for you to have indicators of this activity.

Then, they will:

Execute the attack. This typically involves exploiting one or more avenues, entries or software vulnerabilities, to gain information or system access. This is where you may notice computer issues or even encounter a ransom message. During social engineering attacks, you will receive emails, texts, or phone calls enticing you to act on the threat actor’s goals, often through a simple click or a request for specific information.

Finally, they will take actions to:

Achieve goals. Unless the threat actor was able to get the desired information, they will continue to use their increasing level of access to achieve their goals. You may not be aware that anything is happening, but unusual computer or network activity could be visible.

Source:

¹Cybercrime To Cost The World $10.5 Trillion Annually By 2025 (cybersecurityventures.com)

Why am I a target?

If you handle information and use information systems, you are a target.

Like anyone in your organization, you could be targeted by threat actors attempting to get access to organizational information or information systems.

While your organization takes steps to reduce and eliminate threats, threat actors will target people like you to gain access to information and information systems. Your organization therefore relies on you to stay vigilant and help detect anomalies that may indicate that an attack is imminent or underway.

To understand why you might be a target for threat actors, you need to consider:

What services does my organization provide? If these services were disrupted, would this cause hardship?
What information and networks do I have access to? Could the information or networks hold value for a threat actor?
Am I an easy target? Am I skeptical of requests asking me to do something, and am I willing to think critically and ask questions before taking action?

We all play a significant part in protecting our organization’s information and assets. If we are part of an organization, no matter what our job title is, we are a conduit to the organization’s most critical information and information systems. In cyber security, these are known as crown jewels.

What to do if you're a victim?

If you think that you may have been the victim of a cybercrime, you should take the following steps:

Best practices

Here are common cyber security best practices that you can adopt. Use them on all your devices – laptops, desktop computers, mobile phones, and smart devices. These best practices are easy to adopt and significantly reduce risk.

Cyber hygiene

Cyber hygiene refers to incorporating good cyber habits or practices into your daily routine.

Adopt these habits to help you and your organization stay cyber safe:

Best practices for managers

People managers have a critical role to play in cyber security. As a leader, you help ensure your team has the resources it needs to protect your organization’s information and assets.

Help your team prepare by:

Learning the indicators and signs of compromise and ensuring that your team is aware of them as well
Providing team members with training such as regular simulations so they can recognize social engineering attacks
Building rapport with the security personnel in your organization to ensure that you have open lines of communication and established trust
Empowering team members to question any communication that seems suspicious (even from senior leaders) and to hold off taking any requested action until the communication is confirmed as authentic
Identifying processes for reporting suspicious communication and determining the authenticity of suspicious communication
Listening to people who have concerns about suspicious communications and directing them to the appropriate authority
Supporting people should they mistakenly identify a legitimate email as a threat

You need to understand your information environment and any possible threats to this information.

You should regularly conduct a team security audit with a focus on:

Compliance with local security policies
Proper information handling
Team member security responsibilities
Adherence to policies and best practices
Regular security awareness activities

People manager checklist

Are all the information assets within your team appropriately identified with the correct sensitivity classification label?
Are your employees fully aware of their security responsibilities for the information they handle?
Do they know what needs to be protected and what doesn’t?
If you’re not sure, consult with your security official to better understand the team’s information environment, and provide your team with adequate guidance

Free applications (apps)

While you may not pay financially to use free apps, when you accept the terms of use, you agree to share your personal information. This information is sold or shared with third parties, generating revenue for the company who collected your information.

Here are some tips to help protect your personal information when downloading free software or apps:

Choose trusted sources such as Apple’s App Store or Google Play for downloading software or applications. Although they’re not entirely free of malware, these sources have security mechanisms to limit malicious and insecure software and apps.

Check permissions that the apps request and determine if they are justified. If they seem excessive, it’s better to opt for a less intrusive option.

Know what you’re agreeing to. Before you install software or applications, review the terms and conditions.

Use the private browsing option on your device. This safeguard deletes cookies, temporary internet files and browsing history after you close the browser.

Download cautiously. It’s better to avoid danger than to deal with the consequences of a malicious app.

Knowledge Library

Bibliothèque des connaissances

Introduction to Cyber Security

What is cyber security?

Application security

Cloud security

Disaster recovery and business continuity

End user education

Endpoint security

Information security

Mobile security

Network security

What is cybercrime?

What is the motivation for cybercime?

How do threat actors work?

Why am I a target?

What to do if you're a victim?

Gather information

Report the incident

Change any passwords

Contact your financial institution

Report the incident to your local police

Report the incident to the Canadian Anti-Fraud Centre

Call Service Canada

Call your province/territory

Best practices

Use security software

Use strong passwords

Use multi-factor authentication (MFA)

Encrypt sensitive information

Secure storage and backups

Ensure operating systems and applications are up to date

Avoid public Wi-Fi

Secure your home Wi-Fi network

Be suspicious

Check URLs before clicking

Cyber hygiene

Classify information

Disable your camera and location services

Clear your browser cache and delete cookies

Lock your computer

Participate in safe browsing

Ensure all privacy and security settings are reviewed

Be cautious about people

Avoid oversharing

Think before you click

Best practices for managers

People manager checklist

Free applications (apps)