CCCU

Week-1: Cybersecurity Fundamental Module

Credits: 20

Module Leader: Ali Jaddoa, PhD, MSc, PgCet, BSc, FHEA.

Lecture Name: Introduction to Cybersecurity
CSF-P19133
CCCU

WHAT IS CYBERSECURITY?

  • Exploring the possible meanings of the term

  • Before defense is possible, one must understand:

    • Exactly what security is?
    • How security relates to information security?
CSF-P19133
CCCU

Security

  • To be free from danger is the goal

  • The process that achieves that freedom

  • The more secure something is, the less convenient it may become to use

width:1OO% center

CSF-P19133
CCCU

Definition of Cybersecurity

  • Refers to the practice of protecting systems, networks, and DATA from digital attacks.

  • Aims: accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes.

  • Implementing effective cybersecurity measures is particularly challenging today? Due to innovative attacking methods

CSF-P19133
CCCU
CSF-P19133
CCCU

Cybersecurity principles: CIA

  • Confidentiality: Access is only by authorised individuals.
  • Integrity: Protecting information from being altered or tampered with.
  • Availability: Resources are available to those who need them when they need them.
CSF-P19133
CCCU

Confidentiality

  • Scenario: Healthcare organisation stores patient records.
  • Implementation: Uses AES-256 encryption so only authorised personnel can access the data.

width:1OO% center

CSF-P19133
CCCU

Integrity

  • Scenario: Financial institution processes transactions.
  • Implementation: Uses SHA-256 hashing to verify transaction records, ensuring data has not been altered.

width:1OO% center

width:1OO% center

CSF-P19133
CCCU

Availability and Its Metrics

  • Scenario: E-commerce platform operates 24/7.
  • Implementation: Employs redundant servers and regular backups to keep the website accessible even during failures.
Metric Description
Uptime Total time a system is accessible, typically measured in hours and expressed as a percentage (e.g., 99.5% uptime).
Downtime Total time a system is not accessible, measured similarly to uptime.
Availability Calculated as:
MTTF (Mean Time to Failure) Average time between system failures. Electronics have high MTTF (25+ years); physical components have lower MTTF (≤5 years).
MTTR (Mean Time to Repair) Average time to repair a system, aiming for quick recovery.
MTBF (Mean Time Between Failures) Predicted time between system failures during operation.
RTO (Recovery Time Objective) Time required to restore a system after an outage, crucial for business continuity planning.
CSF-P19133
CCCU

Key Availability Metrics in Cybersecurity: Example

width:1OO% center

CSF-P19133
CCCU

FYI
width:1OO% center

CSF-P19133
CCCU

Cybersecurity Challenges:

  • No simple solution
  • Human Error
  • Many different types of attacks
  • Complexity
  • Phishing sites commonly appear then vanish in < 24 hours
  • Jurisdictional delays
  • Cost
CSF-P19133
CCCU

Cyber attacks as they're happening

CSF-P19133
CCCU

Cybersecurity Attacks/Breaches, e.g.

Organisation Nature of Breach Impact Src
Emma Sleep Company Checkout cyber attack Skimmed customers' credit or debit card data The Register
The Works Cybersecurity incident Issues with tills, restocking stores, and making online deliveries The Guardian
Currency.com DDoS attack was attempted on Tuesday, 12 April. Halting operations for residents of the Russian Federation (Russia) Accesswire
CSF-P19133
CCCU

Reasons for Successful Attacks

  • Widespread vulnerabilities
  • Configuration issues
    • Default configurations/passwords
  • Poorly designed software
    • Lack of input validation, eg: SQL Injection, Poor programming, eg: Buffer overflow
  • Hardware limitations
    • Limited resources (CPU, RAM) exploited, leading to a Denial of Service (DoS)
  • Inadequate incident response planning
  • Sophisticated attacks
  • Lack of employee training
CSF-P19133
CCCU

Reasons for Successful Attacks

Reason Description
1. Universally connected devices (IoT) Attackers from anywhere in the world can send attacks
2. Increased speed of attacks Attackers can launch attacks against millions of computers within minutes
3. Greater sophistication of attacks Attack tools vary their behavior, so the same attack appears differently each time
4. Availability and simplicity of attack tools Attacks are no longer limited to highly skilled attackers (e.g., JTR tool)
5. Faster detection of vulnerabilities Attackers can discover security holes in hardware or software more quickly
6. Delays in security updating Vendors are overwhelmed trying to keep pace with updating their products against the latest attacks (e.g., SMB protocol - WannaCry)
7. Distributed attacks Attackers use thousands of computers in an attack against a single computer or network
8. Use of personal devices (BYOD) Enterprises are having difficulty providing security for a wide array of personal devices
9. User confusion (Muggles) Users are required to make difficult security decisions with little or no instruction
CSF-P19133
CCCU

Cybersecurity Concept

Security Layers

Layer Description
Products Form the security around the data. Maybe as basic as door locks or as complicated as network security equipment.
People Those who implement and properly use security products to protect data.
Policies and Procedures Plans and policies are established by an enterprise to ensure that people correctly use the products.
CSF-P19133
CCCU

Cybersecurity Concept: Terminologies-1

Concept Description Example
Asset An item that has value (e.g., data, device, software). Customer data in a database.
Threat An action that has the potential to cause harm. A phishing email attempt.
Threat Actor A person or element with the power to carry out a threat. A cybercriminal hacking a system.
Vulnerability A flaw or weakness that allows a threat agent to bypass security. An unpatched software vulnerability in a web application.
Threat Vector The means by which an attack can occur. An unsecured Wi-Fi network exploited by a hacker.
Risk A situation that involves exposure to some type of danger. The risk of a ransomware attack if security patches aren't applied.
CSF-P19133
CCCU
CSF-P19133
CCCU

Cybersecurity Concept

Terminologies-2: Risk response techniques

Risk Management Strategies

Accept Risk is acknowledged but no steps are taken to address it.
Transfer Transfer risk to a third party.
Avoid Identifying risk but making the decision to not engage in the activity.
Mitigate Attempt to address risk by making the risk less serious.
CSF-P19133
CCCU

Who Is the Opponent: Threat Actors

"False face must hide what the false heart doth know, MACBETHM"

width:1OO% center

CSF-P19133
CCCU

Script Kiddies

  • Individuals who lack the knowledge of computers and networks to hack
  • Download automated hacking software (scripts) from websites
  • Tools used are written by other (more skilled) people

width:1OO% center

CSF-P19133
CCCU

Hactivists/ Hacktivists

Attackers who attack for ideological reasons that are generally not as well-defined as a cyberterrorist’s motivation

  • Breaking into a website and changing the contents on the site to make a political statement
  • Disabling a website belonging to a bank because the bank stopped accepting payments

width:1OO% center

CSF-P19133
CCCU

Nation State Actors

An attacker commissioned by a government to attack enemies’ systems

CSF-P19133
CCCU

CSF-P19133
CCCU

Insiders

A person or group within an organisation who has authorised access to sensitive information

  • Employees, contractors, and business partners

  • Over 58 percent of breaches are attributed to insiders1
    width:1OO% center

CSF-P19133
CCCU

Activity: discuss, who is the most dangerous?

CSF-P19133
CCCU

Other Threat Actors

Threat Actor Description Explanation
Competitors Launch attack against an opponent’s system to steal classified information Competitors may steal new product research or list of current customers to gain a competitive advantage.
Organised crime Moving from traditional criminal activities to more rewarding and less risky online attacks Criminal networks are usually run by a small number of experienced online criminal networks who do not commit crimes themselves but act as entrepreneurs.
Brokers Sell their knowledge of a vulnerability to other attackers or governments Individuals who uncover vulnerabilities do not report it to the software vendor but instead sell them to the highest bidder.
Cyberterrorists Attack a nation’s network and computer infrastructure to cause disruption and panic among citizens Targets may include a small group of computers or networks that can affect the largest number of users, such as the computers that control the electrical power grid of a state or region.
CSF-P19133
CCCU

Lab

  • We have a few exercises; and can be found here
    • Cybersecurity concerns
    • Linux: an introduction
CSF-P19133

| Metric | Description | |---------------------------------|-----------------------------------------------------------------------------------------------| | **Uptime** | Total time a system is accessible, typically measured in hours and expressed as a percentage (e.g., 99.5% uptime). | | **Downtime** | Total time a system is not accessible, measured similarly to uptime. | | **Availability** | Calculated as: | | **MTTF (Mean Time to Failure)** | Average time between system failures. Electronics have high MTTF (25+ years); physical components have lower MTTF (≤5 years). | | **MTTR (Mean Time to Repair)** | Average time to repair a system, aiming for quick recovery. | | **MTBF (Mean Time Between Failures)** | Predicted time between system failures during operation. |

| **RTO (Recovery Time Objective)** | Time required to restore a system after an outage, crucial for business continuity planning. |

---

# Discussion: Real-World Breaches `Choose one`, and let’s discuss what could have been done differently. Do you think stronger cybersecurity principles could have prevented the attack? Goal: Use real-world case studies to encourage students to think about cybersecurity in practice and what actions could have mitigated the impact of those breaches.