Question

What specific concepts from below do you find the most interesting and/or impactful to Cybersecurity? Explain the concept thoroughly, explain your position (e.g. why is it impactful to the field of Cybersecurity and/or so interesting to you) and provide several examples that support your argument.

Threats and Adversaries (threat actors, malware, natural phenomena)

Common Attacks

Malicious activity detection / forms of attack

Appropriate Countermeasures

Legal issues

Attack Timing (within x minutes of being attached to the net)

Covert Channels

Social Engineering

State, US and international standards / jurisdictions

Understand the interaction between security and system usability and the importance for minimizing the effects of security mechanisms.

Answer 1

For me Social Engineering concept find the most interesting and/or impactful to Cybersecurity

Social Engineering:

When a person’s privacy is compromised using non-technical means—including something as normal as receiving a telephone call while at the office—hackers can quickly acquire sensitive information. Hackers might pretend they work in the IT department when in reality they’re attempting to gain access to the company’s network through one of its employees.

Definition: This social engineering, as it is called, is defined by Webroot as “the art of manipulating people so they give up confidential information.”

In Detail: Social engineering is the term used for a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.

This is social engineering, and it can have a devastating impact on your organisation.

How it impact on Cyber Security

Employees could be tricked into anything, from allowing someone to physically follow them into your data centre, to give up their passwords or user IDs over the phone. Social engineers go to great lengths to gain access to data they can exploit, including:

• Personal Information – passwords, account numbers
• Sensitive Company Information – phone lists, identity badges
• Server Info – servers, networks, non-public URLs

Main important thing into preventing is to define and implement a thorough security policy. This is the type of policy that is worth investing in, because it can have a huge impact on the organization and prevent cyber attacks from happening and leading to serious consequences.

Examples of these are:

1.Phishing: tactics include deceptive emails, websites, and text messages to steal information.
2. Spear Phishing: email is used to carry out targeted attacks against individuals or businesses.
3. Baiting: an online and physical social engineering attack that promises the victim a reward.
4. Malware: victims are tricked into believing that malware is installed on their computer and that if they pay, the malware will be removed.
5. Pretexting: uses false identity to trick victims into giving up information.

The below examples of social engineering emphasize how emotion is used to commit cyber attacks:
1. Fear
2. Greed
3. Curiosity
4. Helpfulness
5. Urgency

Ways to Protect Yourself:

• Delete any request for financial information or passwords.
• Reject requests for help or offers of help
• Set your spam filters to high.
• Secure your computing devices.