Cybersecurity &
Digital Citizenship�
www.thebiscomputing.com
In this lesson you will:
2
2
Explain the difference between data and information
Critique online services in relation to data privacy
Identify what happens to data that is entered online
Explain the need for the Data Protection Act
Motives behind
cyber attacks
What might some of these attacks be trying to steal or get access to?
DATA
3
Reference: Threat Map, Cheakpoint.com
Data social media companies might collect
Personal info: Name, date of birth
Content: Images, status updates, emojis created
User behaviour: What pages you visited, groups you are a member of, what you have ‘liked’
Data you have on others: Names of your friends and their numbers
4
The consequences of data theft
If cybercriminals successfully stole data from these companies, who would suffer and in what way?
5
Source: Pixabay
Data Protection Act 2018: Your rights
As a data subject, you have the right to find out what information the government and other organisations store about you.
You have the right to:
6
Data Protection Act 2018: Your rights
You also have rights when an organisation is using your personal data for:
7
8
Malware
9
Malware
Malware (malicious software) is software that is designed to gain access to your computer with malicious intent.
Malicious intent includes:
10
Categories of malware
Viruses
Trojans
Worms
Adware
Spyware
Ransomware
11
Viruses
Viruses are a malicious form of self-replicating software.
Once on a computer or network, a virus will replicate itself by maliciously modifying other computer programs and inserting code.
12
Viruses
Common ways to catch a computer virus:
13
Worms
Worms replicate themselves but do not attach themselves to files as a virus does.
Instead, worms spread through the network and use the system’s resources.
Most worms cause problems by using up network bandwidth and therefore slowing down the network significantly.
14
Ransomware
This is a form of virus, as it is self-replicating.
Specifically, ransomware locks a computer, encrypts files, and therefore prevents the user from being able to access the data.
The attacker will demand that a ransom be paid before they decrypt the files and unlock the computer.
15
Wannacry
This attack is estimated to have affected over 200,000 computers across 150 countries.
It exploited a known security flaw with Microsoft Windows.
All versions of Windows that hadn’t applied the update released in April 2017 were at risk. This included older versions of Windows that were no longer getting updates.
Wannacry
16
Option 1
Option 2
Option 3
Recap
What do viruses, worms and ransomware all have in common?
They are all self replicating
They all encrypt data
They all slow down the network
17
Trojans
A trojan is a piece of software that appears to perform a useful function (such as a game) but unbeknown to the user it also performs malicious actions.
For example, it might open a ‘back door’ to give an attacker remote access to your computer.
The name derives from the story of the Trojan Horse.
Source: Pixabay
18
Spyware
Spyware is unwanted software that monitors and gathers information on a person and how they use their computer.
This can include monitoring your internet usage to send you harmless but annoying adverts.
More sinister spyware will include keyloggers that record every keystroke made by a user.
Source: Pixabay
19
Adware
Adware can be a worm, virus, or Trojan. It infects a computer and causes it to download or display malicious adverts or pop-ups when the victim is online.
If you are online and see a large number of adverts, or you are receiving pop-ups when you're offline, then your computer might have been infected by malware.
20
Trojan
Spyware
Adware
Recap
Which one of the following malware might be used to monitor your keyboard in order to gain your username and password?
21
Phishing: Key indicators of a phishing email
What is Social engineering?
22
There are lots of technical ways to try and keep data safe and secure.
Human error arguably creates the largest risk of the data being compromised.
Social engineering is a set of methods used by cybercriminals to deceive individuals into handing over information that they can use for fraudulent purposes.
What is Shoulder surfing?
23
Shouldering (also known as shoulder surfing) is an attack designed to steal a victim's password or other sensitive data.
It involves the attacker watching the victim while they provide sensitive information, for example, over their shoulder. This type of attack might be familiar; it is often used to find out someone's PIN at a cash machine.
Name generator attacks
24
These are attacks in which the victim is asked in an app or a social media post to combine a few pieces of information or complete a short quiz to produce a name.
Attackers do this to find out key pieces of information that can help them to answer the security questions that protect people's accounts.
25
Phishing
A phishing attack is an attack in which the victim receives an email disguised to look as if it has come from a reputable source, in order to trick them into giving up valuable data.
The email usually provides a link to another website where the information can be inputted.
http://l0g1npage.com/B3G7?id=4n
26
Phishing
It is called phishing, as in ‘fishing’, because:
27
Blagging
Blagging (also known as pretexting) is an attack in which the perpetrator invents a scenario in order to convince the victim to give them data or money.
This attack often requires the attacker to maintain a conversation with the victim until they are persuaded to give up whatever the attacker asked for.
28
29
30
Protection methods
31
Protection
You could say that you can never make yourself 100% secure against attackers.
But you can put measures in place to make it so difficult for the attackers that they give up
Source: Pixabay
32
Firewalls
A firewall checks incoming and outgoing network traffic.
It scans the data to make sure it doesn’t contain anything malicious and that it follows the rules set by the network.
Source: Pixabay
33
Firewalls
For example:
A learner tries to use a website full of free games. The rules of the network are set to disallow this and the firewall stops the learner from accessing the website.
34
Anti-malware
Anti-malware is software that scans any file that is able to execute code.
The anti-malware will have a list of definitions of sequences of code that they are aware are malicious.
If the code in your files matches the definitions, the files are quarantined.
35
Auto-updates
Auto-updates refers to software that automatically checks for available updates for the software you have on your computer.
Once it finds an update, the software can be set either to alert the user or to install it automatically.
This software is often included with an operating system.
36
User authentication
How do you log onto the school system?
What measures are already in place to make it secure?
What could be put in place to make it even more secure?
37
What could be put in place to make it even more secure?