In a world so connected, cyber security awareness is key to a safe online experience, because the weakest information security link to any organisation is the users of technology. This presentation speaks to basic cyber security awareness for everyday internet users
2. www.safecybersense.com
WHAT IS CYBERSECURITY
WHY CYBERSECURITY AWARENESS
CYBER CRIME MOTIVES
CYBER THREATS OVERVIEW
PASSWORD PROTECTION
SAFE CYBER HABITS AND HYGIENE
OUTLINE
3. www.safecybersense.com
What is Cybersecurity?
Cyber security refers to the body of
technologies, processes, and practices
designed to protect networks, devices,
programs, and data from attack, damage, or
unauthorized access.
Cyber security may also be referred to as
information technology security or computer
security.
4. www.safecybersense.com
Three Pillars of
Cybersecurity
Cyber security is a framework that
evolves and adapts to a situation and
includes oversight, prevention, and
maintenance
Cyber security is therefore broken down
into three main pillars: people,
processes, and technology.
5. www.safecybersense.com
Three Pillars of
Cybersecurity
People: People naturally is the pillar that has the most amount of risk associated
with it, as human error and human intervention is more difficult to predict and
guarantee than systems and software. Training, awareness and resources are
therefore key
Process: Processes and policy help provide the framework for governance and
also define procedures that can be measured over time. Processes inform an IT
department’s preventative and responsive controls.
Technology: Technology is the hardware and software that departments use to
achieve reliable cyber security. The IT personal build processes around
technology so as to protect IT infrastructure.
6. www.safecybersense.com
Key Cybersecurity Concept
• Organizations develop and implement an information security policy to
impose a uniform set of rules for handling and protecting essential
data.
• Most IT security policies focus on protecting three key aspects of data
and information: confidentiality, integrity, and availability.
• These are often referred to as the CIA triad concept of information
security.
7. www.safecybersense.com
Key Cybersecurity
Concept
• Confidentiality measures are designed to prevent
sensitive information from unauthorized access
attempts
• Integrity involves maintaining the consistency,
accuracy and trustworthiness of data over its
entire lifecycle.
• Availability means information should be
consistently and readily accessible for authorized
parties.
8. www.safecybersense.com
Why is cybersecurity awareness
important?
● Technology alone cannot protect you from everything
● Attackers go where security is weakest
● Humans -> a link in the chain & the last first line of defence
● Essential to reducing cybersecurity risk
● Cybersecurity awareness is for...everyone
Security: We must protect our computers, smart devices and data in the same way
that we secure the doors to our homes and offices. We must take along our offline
security mindset to the online space.
Safety: We must behave in ways that protect us against risks and threats that come
with technology.
9. www.safecybersense.com
Cybersecurity is not
about computers
but about behaviour
• I am not important, and no one will find me
• I don’t have anything anyone would want to steal
• I can’t stop them even if I want to.
Cyber Security Erroneous
beliefs
You are exactly
what an attacker
wants!
11. www.safecybersense.com
• PHISHING
MALWARE
DISTRIBUTED DENIAL
OF SERVICE
MAN-IN-THE-MIDDLE
ATTACK
Cyber crooks are online daily, monitoring and seeking victims to attack.
There are basic strategies that they apply to get a victim started in their lead to
strike. So as an Internet user, it is important you have an idea of the prevailing
approach and how to safeguard yourself.
• SPAM
Cyber Threat Overview
SOCIAL ENGINEERING
• VIRUS • TROJAN
HORSE
• WORM
S
12. www.safecybersense.com
Social engineering
Social engineering attacks involve some form of
psychological manipulation, fooling otherwise
unsuspecting users or employees into handing over
confidential or sensitive data.
It applies to the use of deception to gain
information or manipulate people into performing
actions or divulging confidential information.
Some forms of Social Engineering including
Phishing, Spam messaging, tailgating, pretexting etc
Phone Call:
This is John, the
System
Administrator. What
is your password?
In Person:
What ethnicity are
you? Your mother’s
maiden name?
I have come to
repair your
machine…
and have some
lovely software
patches!
13. www.safecybersense.com
Phishing
Phishing is a way of extracting personal information by using deceptive
email and website link. It is one of the most used methods of cyber-attack.
• The attacker sends an email which is disguised to be from a trusted source -it
can read from your bank, a company you deal with or a trusted friend or
colleague.
• The email would always have a link you will need to click or an attachment to
download.
• And the tone of the email will always be that of urgency – making you believe
it is something you need to do and you must do it right now.
15. www.safecybersense.com
Phishing: How to Avoid Being a Victim
• Point your mouse momentarily to the senders email address, the real email address
from where the email came from will be revealed. Most times you will notice it is not
coming from the source being branded in the email
• If there is link to click, may be for an offer, do not click the link.
• Type in the website address of your bank on a web browser to confirm if they have
such offer and if it is a request for your login details kindly ignore the mail, delete it or
reach out directly to your bank via phone or possibly a visit.
• Never be in a hurry to respond.
In the event of you receiving an email mimicking for instance, an email
from your bank, you should do the following.;
16. www.safecybersense.com
Spam
A spam is an unsolicited message sent in bulk, that is to many persons at
same time, over the internet or through any electronic messaging system.
• Spamming is a method where by the fraudster sends a message either by email,
SMS or chat, dangling a reward, most times so good to be true.
• The message will solicit that user fill out a form, send back a code, or signup
in other to receive something or avert a danger.
• Anyone who responds to a spam email or message, will likely give away
information which the cyber crook uses for immediate or future attack.
17. www.safecybersense.com
Spam
Email spam – Those emails that clog-up your mail box sometimes
preventing you from seeing relevant emails
Social media spam – This is where a spammer throw around accounts on
social media to connect to prospective victims.
You must have received friend requests on Facebook from a profile posing to
be a custom officer or on Twitter, getting followed by several related handles,
all at the same time. These are examples of spam accounts.
There are several forms of spam messages
18. www.safecybersense.com
SPAM
Mobile Spam – These are SMS spam messages, always sent as bulk SMS to
random phone numbers. The message would either request recipient to send
back a code, or call a number to avert imminent danger or to key into a ‘too
good’ offer.
• Never respond to any message from an unknown person claiming to offer you a
contract or help or asking you send back a code.
• Sometimes, the sender would claim to have mistakenly entered your number for a
sign on and request you send them a code you received by SMS. This is a pointer
that if you respond, you will fall victim.
When you get a spam message or call;
19. www.safecybersense.com
Malware : ( Malicious software)
Malware is collective name for codes developed by cyber attackers,
typically designed to cause extensive damage to computer system and
data or to gain unauthorized access to a network.
Malware codes are delivered in different ways. The payload delivery format
results to the different forms of malware.
Forms of Malware include Virus, Worms, Trojan Horse, Ransomware, and
spyware
20. www.safecybersense.com
Malware
Virus: This is the most common type of malware that can execute
itself and spread by infecting other programs or files. Viruses attach
their malicious code to clean code and wait for an unsuspecting user
or an automated process to execute them, causing damage to the
core system file
Worm: Worms get their name from the way they infect systems.
They can self-replicate without a host program and typically spreads
without any human interaction or directives from the malware
authors. Starting from one infected machine, they weave their way
through the network.
21. www.safecybersense.com
Malware
Spyware, as its name suggests, is designed to spy
on what a user is doing. Hiding in the background
on a computer, this type of malware will collect
information without the user knowing, such as
credit card details, passwords and other sensitive
information.
Trojan horse is designed to appear as a legitimate
software program to gain access to a system. It derived its
name from Greek soldiers, hid in a giant horse to deliver
their attack. Acting discretely, it will breach security by
creating backdoors that give other malware variants easy
access.
22. www.safecybersense.com
Malware
•Ransomware is designed to infect a user's system
and encrypt its data. Cybercriminals then demand a
ransom payment from the victim in exchange for
decrypting the system's data.
•Also known as scareware, ransomware comes with
a heavy price. It is able to lockdown networks and
lock out users until a ransom is paid, ransomware
has targeted some of the biggest organizations in
the world.
23. www.safecybersense.com
Man-In-The-Middle Attack
An attacker pretends to be your final
destination on the network or your link to a
service, e. g Internet access.
When a person tries to connect to a specific
destination, an attacker can mislead him to a
different service and pretend to be that
network access point or server.
Example is a Rogue Access Point
24. www.safecybersense.com
Distributed Denial of Service Attack (DoS)
A distributed denial-of-service (DDoS) attack is a malicious attempt to
disrupt the normal traffic of a targeted server, service or network by
overwhelming the target with a flood of Internet traffic.
DDoS attacks are carried out with networks of Internet-connected
machines.
•Suspicious amounts of traffic originating from a single IP address or IP
range
•A flood of traffic from users who share a single behavioural profile, such
as device type, geolocation, or web browser version
26. www.safecybersense.com
PASSWORD PROTECTION
Password is the digital equivalent of a key to a lock fixed to your home or
office – a security system
• Password protection allows only those with an
authorized password to gain access to certain
information.
• Passwords are a first line of defence against
cyber security compromise. And one of the most
important ways to prevent information security
breaches is the use of a strong password.
27. www.safecybersense.com
PASSWORD PROTECTION
Passwords compromise is a potentially major source of cyber security
headache for any individual or organization that uses computer systems or has
presence online.
Most hacking cases involves compromised passwords and most times because
these password were simple to guess.
Applying a sound password protection policy is essential for a safer Internet
presence.
Pay attention to the following rules of the thumb regarding passwords;
28. www.safecybersense.com
Password Protection checklist
1. In Creating Passwords
• Avoid using personal information like birthday, address, anniversary, pet
name or any easy to guess information
• Use a long phrase that is easy to remember but difficult to guess. It could
be a favourite line from a book. Length is better than complex.
• Randomly include symbols, capitalising and numbers with the letters.
2. Enable 2-factor Authentication (2FA)
• 2FA requires two different methods to ‘prove’ your identity before you
get granted access. Many of the services you use today—social
networks, banks etc—offer an added layer of protection, use it.
29. www.safecybersense.com
Password Protection checklist
3. Use Password Manager
• Password manager is an online tool that auto-generate and store strong
passwords on your behalf.
• Passwords are stored in an encrypted, centralised location which is only
accessible via a ‘master’ password.
• Rather than having to memorize dozens of meticulously crafted passwords,
you just have one master password to remember.
4. Use Different Passwords for Different Applications
• Every online application should have a different password. Make sure that you
do not reuse passwords across different accounts. If you do, when one
account is compromised, the rest is prone to be hacked.
30. www.safecybersense.com
Pattern Calculation Result Time to Guess
Personal Info: interests, relatives 20 Manual 5 minutes
Social Engineering 1 Manual 2 minutes
American Dictionary 80,000 < 1 second
4 chars: lower case alpha 264 5x105
8 chars: lower case alpha 268 2x1011
8 chars: alpha 528 5x1013
8 chars: alphanumeric 628 2x1014 3.4 min.
8 chars alphanumeric +10 728 7x1014 12 min.
8 chars: all keyboard 958 7x1015 2 hours
12 chars: alphanumeric 6212 3x1021 96 years
12 chars: alphanumeric + 10 7212 2x1022 500 years
12 chars: all keyboard 9512 5x1023
16 chars: alphanumeric 6216 5x1028
Password Cracking: Dictionary Attack and Brute Force
31. www.safecybersense.com
SAFE CYBER HABITS
1. Look, pause, confirm before you click
• Be mindful of the links you click on while surfing the Internet. A click on a malicious link can lead
you to chains of agony.
• Know the difference between a secure site and an unsecure site. (http:// and https://)
• Avoid “click bait” headlines or promo popups that are too good to be true.
2. Keep your software and applications up to date.
• An updated version of an application would among other features, tighten the security features so
as to keep users free from backdoor hackers.
• Ensure to install licenced software and that you get your mobile app from trusted sites/stores.
• Avoid pirated software, they can expose you to hackers.
• So next time you get a prompt for software update, ensure you install the update.
32. www.safecybersense.com
SAFE CYBER HABITS
3. Use up to date Antivirus Software on your devices.
• An antivirus software is a utility software that is installed on a computer or mobile device
with aim of protecting the device from virus, trojans, spyware and spam attacks
• Ensure you install an original licensed antivirus or internet security software.
• Keep your virus software and virus database updated daily. You can set your antivirus update
feature to automatic to guarantee a transparent update.
4. Always log out from sites/portals when you are done using them.
• Signing on to an account online is more like unlocking a personal safe or your home. And to
not log out when you are done using that platform is more like leaving your home wide open
and going out. You know definitely it will take luck for you not to be rubbed
• If you must leave any of your accounts logged on, ensure it is on your personal device, and
that your device security lock in enabled.
33. www.safecybersense.com
SAFE CYBER HABITS
5. Limit the personal information your share online
• The way you cannot physically hand over your personal information to a total stranger, except
you get to know the person, so also you should limit the personal information you share with
millions of persons online especially on your social media accounts.
• No matter how well you may think you know the person you met online, you cannot really be
sure of who they are and how dangerous they can be.
6. Keep your online accounts privacy settings enabled and regularly updated.
• Privacy settings are control buttons provided within your browser or an online account, which
you can use to define your information sharing boundaries online.
• Most browsers and social media platforms have provision for privacy and security settings.
• With your privacy setting properly configured, you can limit who can have access to your
shared information.
34. www.safecybersense.com
SAFE CYBER HABITS
7. Regularly clear your browser cache and cookies.
• A Cooky is a file attached to your browser by websites so as to record your browsing
history
• Through cookies, your social media, email and many other services can easily be
compromised.
• Cached data on your system/device helps for faster browsing experience but it can also
be an avenue for housing malware on your system
8. Do not use public Wi-Fi always use private Wi-Fi.
• Public Wi-Fi networks like the ones at restaurants, parks, airport etc, are very unsecure.
Hackers can latch on the network in other to gain unauthorised access to your system.
• If you happen to always be on the go, try and use a VPN service or software to encrypt
your data.