Module 1: Introduction to

Cybersecurity
Introduction to Cybersecurity (I2CS)
Module Objectives
Module Title: Introduction to Cybersecurity
Module Objective: Explain the basics of being safe online, including what cybersecurity is and its potential
impact.

Topic Title Topic Objective

The World of Cybersecurity Explain what cybersecurity is and its potential impact.
Identify types of sensitive information that hackers can use to invade
Organizational Data your privacy and/or damage your reputation, where they can access this
information, and why it’s of interest to cyber criminals.
What Was Taken? Explain what organizational data is and why it must be protected.

Cyber Attackers Describe who cyber attackers are and what they want.
Explain what cyberwarfare is and why nations and governments need
Cyberwarfare cybersecurity professionals to help protect their citizens and
infrastructure.

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
1.1 The World of Cybersecurity

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
The World of Cybersecurity
What is Cybersecurity?

• Cybersecurity is the ongoing effort to protect individuals, organizations, and governments from
digital attacks by protecting networked systems and data from unauthorized use or harm.

• Personal: On a personal level, you need to safeguard your identity, your data, and your computing
devices.

• Organizational: At an organizational level, it is everyone’s responsibility to protect the

organization’s reputation, data, and customers.

• Government: As more digital information is being gathered and shared, its protection becomes
even more vital at the government level, where national security, economic stability, and the safety
and wellbeing of citizens are at stake.

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
The World of Cybersecurity
Protecting Your Personal Data
• Personal data is any information that can be used to identify you, and it can exist both offline and
online.

• Offline identity
• It is the real-life persona that you present daily at home, school, or work.
• As a result, family and friends know details about your personal life, including your full name,
age, and address.
• It’s important not to overlook the importance of securing your offline identity.
• Identity thieves can easily steal your data from right under your nose when you’re not looking!

• Online identity
• It is not just a name, it’s who you are and how you present yourself to others online.
• It includes the username or alias you use for your online accounts, as well as the
social identity you establish and portray on online communities and websites.
• You should take care to limit the amount of personal information you reveal through your
online identity.
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
The World of Cybersecurity
Your Data
• Personal data describes any information about you (name, social security number, driver's license
number, date and place of birth, your mother’s maiden name, pictures, or messages exchanged with
others).
• Cybercriminals can use this sensitive information to identify and impersonate you, infringing on your
privacy, and potentially causing serious damage to your reputation.
Hackers can get their hands on your personal data through records including:

Medical Every time you visit the doctor, personal information regarding your physical and mental health
Records and wellbeing is added to your electronic health records (EHRs). Since most of these records
are saved online, you need to be aware of the medical information that you share. These
records go beyond the bounds of the doctor’s office.
Education They contain information about your academic qualifications and achievements. They may also
Records include your contact information, attendance records, disciplinary reports, health and
immunization records, as well as any special education records including individualized
education programs (IEPs).
Employment Employment data can be valuable to hackers if they can gather information on your past
and employment - or even your current performance reviews. Your financial records may
Financial include information about your income and expenditure. Your tax© 2020records may
Cisco and/or its affiliates. include
All rights reserved. Cisco Confidential 6

Records paychecks, credit card statements, your credit rating, and your bank account details.
The World of Cybersecurity
Where Is Your Data?

Imagine that yesterday you shared a couple of photos of your first day on the job with a few of your
close friends. But that should be OK, right? Let’s see…
• You took some photos at work on your mobile phone.
• Copies of these photos are now available on your mobile device.
• You shared these with five close friends, who live in various locations across the world.
• All of your friends downloaded the photos and now have copies of your photos on their
devices.
• One of your friends was so proud that they decided to post and share your photos online.
• The photos are no longer just on your device.
• They have in fact ended up on servers located in different parts of the world and people
whom you don’t even know now have access to your photos.

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
The World of Cybersecurity
What's More?
• This is just one example that reminds us that every time we collect or share personal data, we
should consider our security.
• There are different laws that protect your privacy and data in your country.
• Do you know where your data is?
• Following an appointment, the doctor will update your medical record.
• For billing purposes, this information may be shared with the insurance company.
• In such cases, your medical record, or part of it, is now accessible at the insurance
company.
• Store loyalty cards may be a convenient way to save money on your purchases.
• However, the store is using this card to build a profile of your purchasing behavior,
which it can then use to target you with special offers from its marketing partners.

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
The World of Cybersecurity
Smart Devices

• Consider how often you use your computing devices to access your personal data.

• Unless you have chosen to receive paper statements, you probably access digital copies of bank
account statements via your bank’s website.

• And when paying a bill, it’s highly likely that you’ve transferred the required funds via a mobile
banking app.

• But besides allowing you to access your information, computing devices can now also generate
information about you.

• Wearable technologies such as smartwatches and activity trackers collect your data for clinical
research, patient health monitoring, and fitness and wellbeing tracking.

• As the global fitness tracker market grows, so also does the risk to your personal data.

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
The World of Cybersecurity
Identity Theft

• Not content with stealing your money for short-term financial gain, cybercriminals are invested in
the long-term gain of identity theft.

Medical theft
• Rising medical costs have led to an increase in medical identity theft, with cybercriminals stealing
medical insurance to use the benefits for themselves.
• Where this happens, any medical procedures carried out in your name will then be saved in your
medical records.

Banking
• Stealing private data can help cybercriminals access bank accounts, credit cards, social profiles,
and other online accounts.
• Armed with this information, an identity thief could file a fake tax return and collect the refund.
• They could even take out loans in your name and ruin your credit rating (and your life as well).

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
The World of Cybersecurity
Who Else Wants My Data?
• It’s not just criminals who seek your personal data.

• The table describes other entities interested in your online identity and why.

Your ISP tracks your online activity, and in some countries, they can sell this data
Your Internet
to advertisers for a profit. In certain circumstances, ISPs may be legally required to
Service Provider
share your information with government surveillance agencies or authorities.
Targeted advertising is part of the internet experience. Advertisers monitor and
Advertisers track your online activities such as shopping habits and personal preferences and
send targeted ads your way.
Search engines and These platforms gather information about your gender, geolocation, phone
social media number, and political and religious ideologies based on your search histories and
platforms online identity. This information is then sold to advertisers for a profit.
Websites use cookies to track your activities to provide a more personalized
Websites you visit experience. But this leaves a data trail that is linked to your online identity that can
often end up in the hands of advertisers!
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
1.2 Organizational Data

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Organizational Data
Types of Organizational Data

Traditional data is typically generated and maintained by all organizations, big and small.

• It includes the following:

• Transactional data such as details relating to buying and selling, production activities, and
basic organizational operations such as any information used to make employment
decisions.

• Intellectual property such as patents, trademarks, and new product plans, allows an
organization to gain economic advantage over its competitors. This information is often
considered a trade secret and losing it could prove disastrous for the future of a company.

• Financial data such as income statements, balance sheets, and cash flow statements,
provide insight into the health of a company.

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Organizational Data
Types of Organizational Data (Cont.)

Internet of Things (IoT) and Big Data

• IoT is a large network of physical objects, such as sensors, software, and other equipment.

• All of these ‘things’ are connected to the Internet, with the ability to collect and share data.

• Data storage options are expanding through the cloud and virtualization.

• The emergence of IoT has led to exponential growth in data, creating a new area of interest
in technology and business called 'Big Data.'

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Organizational Data
The Cube
This security model has three dimensions:
1. The foundational principles for protecting information systems

• Confidentiality is a set of rules that prevents

sensitive information from being disclosed
to unauthorized people, resources, and processes. Methods to
ensure it includes data encryption, identity proofing, and
two factor authentication.

• Integrity ensures that system information or processes are

protected from intentional or accidental modification. One way
to ensure it is to use a hash function or checksum.

• Availability means that authorized users are able to access

systems and data when and where needed and those that do
not meet established conditions, are not. This can be achieved
by maintaining equipment, performing hardware repairs,
keeping operating systems and software up to date, and
creating backups. © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Organizational Data
The Cube (Cont.)

2. The protection of information in each of its possible states

• Processing refers to data that is being used to

perform an operation such as updating a database record
(data in process).

• Storage refers to data stored in memory or on a permanent

storage device such as a hard drive, solid-state drive, or
USB drive (data at rest).

• Transmission refers to data traveling between information

systems (data in transit).

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Organizational Data
The Cube (Cont.)
3. The security measures used to protect data

• Awareness, training and education are the measures

put in place by an organization to ensure that users are
knowledgeable about potential security threats and the
actions they can take to protect information systems.

• Technology refers to the software- and hardware-based

solutions designed to protect information systems such as
firewalls, which continuously monitor your network in
search of possible malicious incidents.

• Policy and procedure refers to the administrative

controls that provide a foundation for how an organization
implements information assurance, such as incident
response plans and best practice guidelines.
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Organizational Data
Is This For Real?

• Phishing is very common and often works.

• For example, in August 2020, elite gaming brand Razer experienced a data breach which exposed
the personal information of approximately 100,000 customers.

• A security consultant discovered that a cloud cluster (a group of linked servers providing data
storage, databases, networking, and software through the Internet), was misconfigured and
exposed a segment of Razer’s infrastructure to the public Internet, resulting in a data leak.

• It took Razer more than three weeks to secure the cloud instance from public access, during which
time cybercriminals had access to customer information that could have been used in social
engineering and fraud attacks.

• Organizations, therefore, need to take a proactive approach to cloud security to ensure that
sensitive data is secured.

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Organizational Data
Data Security Breaches

• Data security breaches are becoming all too common, and the implications are
severe.
• The IoT is connecting more and more devices, creating more opportunities
for cybercriminals to attack.
• Two well-known data security breaches include: The Persirai botnet
• In 2017, a malware called Persirai attacked IoT devices (IP cameras)
• It targeted more than 1,000 types of cameras
• The attacker:
• Found open ports (security weakness)
• Sent a command to cameras
• Forced them to connect to a malicious website
• Installed malware on them
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Organizational Data
Data Security Breaches

• After installing:
• Malware deleted itself from storage
• Ran in memory, so it was hard to detect
• About 122,000 cameras were hacked
• Owners did not know their devices were infected
• These cameras were used for DDoS attacks
• Many infected devices send huge traffic
• This crashes or slows down a target system
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Organizational Data
Data Security Breaches (Cont.)

• Equifax Inc.
• In September 2017, Equifax, a consumer credit reporting agency in the US, publicly
announced a data breach event: attackers had been able to exploit a vulnerability in its
web application software to gain access to the sensitive personal data of millions of
customers.
• In response to this breach, Equifax established a dedicated website that allowed Equifax
customers to determine if their information was compromised.
• However, instead of using a subdomain of [Link], the company set up a new
domain name, which allowed cybercriminals to create unauthorized websites with similar
names.
• These websites were used to try and trick customers into providing personal information.
• Attackers could use this information to assume a customer’s identity.
• In such cases, it would be very difficult for the customer to prove otherwise, given that
the hacker is also aware of to their personal information.

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Organizational Data
Consequences of a Security Breach
These examples show that the potential consequences of a security breach can be severe.
A security breach can damage an organization’s reputation that took many years to build. Customers, especially
Reputational those affected by the breach, must be informed and may ask for compensation or move to a more secure
damage competitor. Employees may also leave because of the incident. Depending on how serious the breach is, it can
take a long time to rebuild the organization’s reputation.
A hacker or group may damage an organization’s website by adding false information. They might also make
Vandalism small changes like editing the phone number or address, which are harder to notice. In both cases, this kind of
online vandalism makes the organization look unprofessional and can harm its reputation and trust.
A data breach often involves an incident where sensitive personal data has been stolen. Cybercriminals can
Theft
make this information public or exploit it to steal an individual’s money and/or identity.
The financial impact of a security breach can be devastating. For example, hackers can take down an
Loss of organization’s website, preventing it from doing business online. A loss of customer information may slow
revenue company growth and expansion. It may demand further investment in an organization’s security infrastructure.
And let’s not forget that organizations may face large fines or penalties if they do not protect online data.
Damaged
A security breach could also have a devastating impact on the competitiveness of an organization, particularly if
intellectual
hackers are able to get their hands on confidential documents, trade secrets and intellectual property.
property

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
1.3 What Was Taken?

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
What Was Taken?
Scenario 1
• Security breaches are very common today, as attackers keep finding new ways to enter
organizations and steal valuable information.
• Consider the following two simple examples.

Scenario 1:

• According to our sources, a well-known hotel chain that operates across the world has reported a
massive data breach, with the personal information of over three million guests exposed to
hackers.

• The hotel discovered that hackers gained access to its customer database by using the login
details of one of its employees.

• At this point, the hotel doesn’t believe that the hackers were able to access any account
passwords or financial information.

• Recent guests are encouraged to check the hotel chain’s web portal to see if they have been
impacted by this breach. © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
What Was Taken?
Scenario 2

Scenario 2:

• The team at @Apollo is concerned because eLearning platforms are becoming prime targets for
attackers as more and more organizations make the move to digital learning.

• A popular online training platform admitted leaving the personal data of millions of its students
(many of them minors) exposed on a publicly accessible cloud database.

• Hackers were able to directly access students’ full names, email addresses, phone numbers, and
school enrollment details from the Internet!

• While it’s unclear what the hackers have done with this acquired information, it’s safe to say that
they have everything they need to carry out widespread phishing or malware attacks.

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
What Was Taken?
Key Takeaways

• A security breach is an incident that results in unauthorized access to data, applications, services
or devices, exposing private information that attackers can use for financial gain or other
advantages.

• There are many ways to protect yourself and your organization.

• It’s important to be aware of common cyber threats and remain vigilant so that you don’t become
the next victim.

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
What Was Taken?
Find out More

Search for a few additional examples of recent security breaches.

• In each case, can you identify:

• what was taken?

• what exploits the attackers used?
• what actions could be taken to prevent the breach from occurring again in the future?

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
1.4 Cyber Attackers

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
Cyber Attackers
Types of Attackers

• Cyber attackers will try anything to get their hands on personal information.
• They are often categorized as white hat, gray hat, or black hat attackers.

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
Cyber Attackers
Types of Attackers (Cont.)

Hackers

• This group of attackers break into computer systems or networks to gain access.

• Depending on the intent of their break-in, they can be classified as the following:
• White hat attackers break into networks or computer systems to identify any
weaknesses so that the security of a system or network can be improved. These
break-ins are done with prior permission and any results are reported back to the
owner.

• Gray hat attackers may set out to find vulnerabilities in a system, but they will only
report their findings to the owners of a system if doing so coincides with their agenda.
They might even publish details about the vulnerability on the internet so that other
attackers can exploit it.

• Black hat attackers take advantage of any vulnerability for illegal personal, financial,
or political gain.
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
Cyber Attackers
Types of Attackers (Cont.)

Organized Hackers

• These attackers include organizations of cyber criminals, hacktivists, terrorists, and

state-sponsored hackers.

• They are usually highly sophisticated and organized and may even provide cybercrime as a
service to other criminals.

• Hacktivists make political statements to create awareness about issues that are important to
them.

• State-sponsored attackers gather intelligence or commit sabotage on behalf of their

government.

• They are usually highly trained and well-funded, and their attacks are focused on specific
goals that are beneficial to their government.

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
Cyber Attackers
Internal and External Threats
• Cyber attacks can originate from within an organization as well as from outside of it.

• Internal
• Employees, contract staff, or trusted partners can accidentally or intentionally:
• mishandle confidential data
• facilitate outside attacks by connecting infected USB media into the organization’s
computer system
• invite malware onto the organization’s network by clicking on malicious emails or
websites
• threaten the operations of internal servers or network infrastructure devices

• External
• Skilled attackers outside of the organization can:
• exploit vulnerabilities in the network
• gain unauthorized access to computing devices
• use social engineering to gain unauthorized access to organizational data
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
1.5 Cyberwarfare

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
Cyberwarfare
Sign of the times (Stuxnet)

• One example of a state-sponsored attack involved the Stuxnet malware that was designed not just
to hijack targeted computers but to actually cause physical damage to equipment controlled by
computers!

• Watch a short video on the case of Stuxnet and discover the impact this malware had on Iran’s
nuclear enrichment plant.

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
Cyberwarfare
The Purpose of Cyberwarfare

• The main reason for resorting to cyberwarfare is to gain advantage over adversaries, whether they
are nations or competitors.
• Cyberwarfare is used in the following ways:

• To gather compromised information and/or defense secrets

• A nation or international organization can engage in cyberwarfare to steal defense secrets

and gather information about technology that will help narrow the gaps in its industries and
military capabilities.

• Furthermore, compromised sensitive data can give attackers leverage to blackmail personnel
within a foreign government.

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
Cyberwarfare
The Purpose of Cyberwarfare (Cont.)

• To impact another nation’s infrastructure

• Besides industrial and military espionage, a nation can continuously invade another
nation’s infrastructure to cause disruption and chaos.

• For example, a cyber attack could shut down the power grid of a major city.

• Consider the consequences if this were to happen; roads would be congested, the
exchange of goods and services would be halted, patients would not be able to get
the care they would need if an emergency occurred, access to the internet would be
interrupted.

• By shutting down a power grid, a cyber attack could have a huge impact on the
everyday life of ordinary citizens.

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36