Unit 11 Notes
Internal Threats
An internal threat refers to the risk of somebody from the inside of a company who
could exploit a system in a way to cause damage or steal data.
Employee Sabotage and Theft
● Employees have the privilege of accessing a wide range of physical equipment
inside the company.
● Hardware like hard drives, which could contain a lot of important data, can be
physically stolen from the company or the data can be stolen by transferring it
onto an external hard drive or a USB stick.
● Employees could damage equipment or data by deleting the data, or smashing a
hard-drive.
Unauthorised access by employees
● As employees have access to these systems within a company, they may be able
to gain access through a colleague who leaves themselves logged in, or a room
left unlocked providing access to a server.
● They could also obtain administrative privileges that allow them to perform
administrative functions, such as changing rights of other users or deactivating
network security tools.
,Weak Cyber Security Measures and Unsafe Practices
● By not having appropriate digital and physical security, the company increases
the chance of a vulnerability being exploited.
● For example, if the servers’ for a company’s network are left in an unlocked room,
anybody can walk into it and damage/steal property. This can be an employee or
a visitor who hasn’t been properly security checked.
● Another example, security vulnerabilities may be accidentally exploited by an
ordinary employee, by viewing an untrustworthy website - a virus can be
unintentionally downloaded that can affect the whole network.
Physical Ways to protect your physical security network (Server):
● Security Cameras
● Lock rooms
● ID Doors or swipe card access (this means trusted visitors get an ID badge)
● Privacy Screens
Accidental Loss or Disclosure of Data
● Simple accidents can occur such as a person may carry their laptop to and from
work, they might forget it on the train back home one day - this means that
anybody can get a hold of the laptop and access it.
● Employee simply accidentally deleting data from a folder or spilling a drink on a
device.
External Threats
An external threat refers to the risk of somebody from the outside of a company who
attempts to exploit system vulnerabilities through the use of malicious software,
hacking, sabotage or social engineering.
These are much harder to deal with compared to internal threats as you cannot monitor
people from the outside.
Malicious Software
● Spyware gathers information on the user it has infected, secretly sending it away
to third-party sources - keyloggers can track what you type such as passwords.
, ● Viruses modify existing programs with malicious code and constantly replicate
itself throughout a computer, this causes the corruption of data and applications,
system failure and takes up storage or processing power.
● Worms are similar to viruses, however they can replicate themselves through a
network to spread to other computers, rather than through infecting files that are
spread. This allows them to perform similar functions to viruses but on a larger
scale.
● Rootkits are used to get unauthorised remote administrator access to a
computer or network. These are spread through by hiding in software that
appears to offer legitimate functionality.
● Trojans are malicious code that hides within a seemingly legitimate program.
Hacking
Hacking is a general term that describes the exploitation of vulnerabilities in a computer
system to gain unauthorised access to the system and its data.
There are a broad range of motivations which can be carried out by an individual,
company or government;
● Individual - profit to protest to recreation, actions for a political or social agenda
or simply to cause harm.
● Companies and Governments - will hire others to hack themselves (white
hackers) which is used to detect system vulnerabilities to prevent threat from
malicious (black hat) hackers.
Sabotage
Sabotage is a general term that describes an activity to deliberately disrupt services,
through the use of:
● Denial of service attacks
● Distributing malware
● Physically destroy computer equipment.
These can be carried out by individuals, terrorist organisations, companies or
government. Sabotage is specifically malicious, with the goal of causing damage.
Social Engineering
, Social engineering involves deceiving people into revealing private and confidential
information.
A common form of social engineering is phishing, which involves a user pretending to
be a trusted organisation, asking for another individual’s details.
Impact of Threats
No matter how much preparation goes into preventing an acting upon existing threats, it
is likely that some kind of damage will still be caused.
Impact level of the damage can be financial, operational, reputation or intellectual
property loss.
The types of Impact
Operational Loss
Operational loss refers to damages of the operating capability of an organisation. For
example, a business whose operations rely on IT systems can be prevented from
performing any work due to cybersecurity threats.
Financial Loss
● Financial Loss refers to damages to the wealth of an organisation, this includes
losses, compensation and legal fees.
● By financial loss, we mean actual increased costs, reduced income, caused by
the threat. This could be replacing damaged equipment or loss of sales due to
your website being down.
● Compensation fees and legal fees come as a result to compensate customers
that are affected by the threat and pay data protection fines placed on the
business.
Reputation Loss
● Reputation loss refers to the loss of trust and lower opinion of people to a
business as a result of them being affected by a threat.
● Customers no longer want to do business as they have concerns over whether
the service will be available (going down due to cybersecurity threats).
Internal Threats
An internal threat refers to the risk of somebody from the inside of a company who
could exploit a system in a way to cause damage or steal data.
Employee Sabotage and Theft
● Employees have the privilege of accessing a wide range of physical equipment
inside the company.
● Hardware like hard drives, which could contain a lot of important data, can be
physically stolen from the company or the data can be stolen by transferring it
onto an external hard drive or a USB stick.
● Employees could damage equipment or data by deleting the data, or smashing a
hard-drive.
Unauthorised access by employees
● As employees have access to these systems within a company, they may be able
to gain access through a colleague who leaves themselves logged in, or a room
left unlocked providing access to a server.
● They could also obtain administrative privileges that allow them to perform
administrative functions, such as changing rights of other users or deactivating
network security tools.
,Weak Cyber Security Measures and Unsafe Practices
● By not having appropriate digital and physical security, the company increases
the chance of a vulnerability being exploited.
● For example, if the servers’ for a company’s network are left in an unlocked room,
anybody can walk into it and damage/steal property. This can be an employee or
a visitor who hasn’t been properly security checked.
● Another example, security vulnerabilities may be accidentally exploited by an
ordinary employee, by viewing an untrustworthy website - a virus can be
unintentionally downloaded that can affect the whole network.
Physical Ways to protect your physical security network (Server):
● Security Cameras
● Lock rooms
● ID Doors or swipe card access (this means trusted visitors get an ID badge)
● Privacy Screens
Accidental Loss or Disclosure of Data
● Simple accidents can occur such as a person may carry their laptop to and from
work, they might forget it on the train back home one day - this means that
anybody can get a hold of the laptop and access it.
● Employee simply accidentally deleting data from a folder or spilling a drink on a
device.
External Threats
An external threat refers to the risk of somebody from the outside of a company who
attempts to exploit system vulnerabilities through the use of malicious software,
hacking, sabotage or social engineering.
These are much harder to deal with compared to internal threats as you cannot monitor
people from the outside.
Malicious Software
● Spyware gathers information on the user it has infected, secretly sending it away
to third-party sources - keyloggers can track what you type such as passwords.
, ● Viruses modify existing programs with malicious code and constantly replicate
itself throughout a computer, this causes the corruption of data and applications,
system failure and takes up storage or processing power.
● Worms are similar to viruses, however they can replicate themselves through a
network to spread to other computers, rather than through infecting files that are
spread. This allows them to perform similar functions to viruses but on a larger
scale.
● Rootkits are used to get unauthorised remote administrator access to a
computer or network. These are spread through by hiding in software that
appears to offer legitimate functionality.
● Trojans are malicious code that hides within a seemingly legitimate program.
Hacking
Hacking is a general term that describes the exploitation of vulnerabilities in a computer
system to gain unauthorised access to the system and its data.
There are a broad range of motivations which can be carried out by an individual,
company or government;
● Individual - profit to protest to recreation, actions for a political or social agenda
or simply to cause harm.
● Companies and Governments - will hire others to hack themselves (white
hackers) which is used to detect system vulnerabilities to prevent threat from
malicious (black hat) hackers.
Sabotage
Sabotage is a general term that describes an activity to deliberately disrupt services,
through the use of:
● Denial of service attacks
● Distributing malware
● Physically destroy computer equipment.
These can be carried out by individuals, terrorist organisations, companies or
government. Sabotage is specifically malicious, with the goal of causing damage.
Social Engineering
, Social engineering involves deceiving people into revealing private and confidential
information.
A common form of social engineering is phishing, which involves a user pretending to
be a trusted organisation, asking for another individual’s details.
Impact of Threats
No matter how much preparation goes into preventing an acting upon existing threats, it
is likely that some kind of damage will still be caused.
Impact level of the damage can be financial, operational, reputation or intellectual
property loss.
The types of Impact
Operational Loss
Operational loss refers to damages of the operating capability of an organisation. For
example, a business whose operations rely on IT systems can be prevented from
performing any work due to cybersecurity threats.
Financial Loss
● Financial Loss refers to damages to the wealth of an organisation, this includes
losses, compensation and legal fees.
● By financial loss, we mean actual increased costs, reduced income, caused by
the threat. This could be replacing damaged equipment or loss of sales due to
your website being down.
● Compensation fees and legal fees come as a result to compensate customers
that are affected by the threat and pay data protection fines placed on the
business.
Reputation Loss
● Reputation loss refers to the loss of trust and lower opinion of people to a
business as a result of them being affected by a threat.
● Customers no longer want to do business as they have concerns over whether
the service will be available (going down due to cybersecurity threats).
