A basic cybersecurity introduction for managers, explaining how they and their organisation can guard against common types of attacks, based on the UK National Cyber Security Centre’s Cyber Essentials programme
3. NOTPETYA, “THE MOST DEVASTATING
CYBER ATTACK IN HISTORY”
• Malware which rapidly spread across networks, locked and encrypted machines,
originating from Russian military via Ukraine
• It “hit at least four hospitals in Kiev alone, six power companies, two airports, more than
22 Ukrainian banks, ATMs and card payment systems in retailers and transport, and
practically every federal agency.”
• Maersk, “responsible for 76 ports on all sides of the earth and nearly 800 seafaring
vessels, including container ships carrying tens of millions of tons of cargo, representing
close to a fifth of the entire world’s shipping capacity, was dead in the water.”
• Estimated costs: Maersk $300m; Merck $870m; FedEx $400m; Mondelēz $188m. US
assessed total damages around $10bn
• Source: Andy Greenberg, Wired, Sept. 2018
• See also WannaCry, which cost UK NHS £92m in 2017, probably originating with the North
4.
5. HOW CAN USERS PROTECT THEMSELVES
AGAINST SECURITY BREACHES?
1. Secure settings and passwords
2. Protect devices/networks using firewalls
3. Control access to data and software
4. Protect against viruses and other malicious software
5. Keep devices and software up to date
6. Watch out for phishing e-mails
6. SECURE SETTINGS
• New devices are often configured to be open and “easy to use”
– but therefore hackable – as possible. Make sure you disable
or remove any functions, accounts or services you don’t need
(e.g. “guest” accounts on laptops)
• Always password/PIN-protect your computers and devices –
they allow access to your data and your online accounts
• CHANGE DEFAULT PASSWORDS
8. SECURE
PASSWORDS
• Use password managers where possible
(generate strong random passwords for
every account)
• Make passwords from three words (not
related to you, like family/pet names,
favourite teams, significant dates – these
might be discovered from social media or
elsewhere)
• Don’t share passwords between accounts
• Don’t force users to change passwords
unless they have been breached
• Use multi-factor authentication for sensitive
accounts
Source: Sueheim on
Wikimedia
9.
10. ACCESS TO DATA AND SOFTWARE
• Don’t use administrator accounts for normal work – if you are
hacked, an attacker can then do much more damage
• Restrict the software that can be installed on devices – use a
whitelist or approved sources, such as Google Play or Apple’s
App Store (which screen apps for malicious code)
11. DEVICE AND
NETWORK
FIREWALLS
• Firewalls block unauthorised
traffic from a network onto
your device – can protect
against both external hackers,
and compromised internal
machines
• Most PC operating systems (eg
Windows, macOS) contain
them – make sure they are
turned on, especially for
devices that access public WiFi
• Can also be configured in your
network’s gateway(s) to other
networks (and the Internet)
12. VIRUSES AND
OTHER
MALICIOUS
SOFTWARE
• Malicious software such as
viruses and ransomware can
come in e-mail attachments,
from websites, public WiFi
networks, and even USB sticks
• Protect against it using built-
in operating system tools,
such as Windows Defender
and macOS XProtect
• Use tools with sandboxes,
which contain malicious
software and stop it accessing
the rest of your system
• BACKUP data frequently
13. KEEP SOFTWARE
AND DEVICES UP
TO DATE
• It’s essential you enable
automatic updates for your
operating system, software,
apps etc.
• Once manufacturers stop
providing updates for
systems, you should
replace them
14. AVOID PHISH
• Fake e-mails, trying to “hook” users
to click on a website or malicious
attachment that will infect their
system or steal passwords
• “Spear” phishing uses targeted
messages, often sent to senior staff
15.
16. CHECKLIST
Configure software and devices securely, and use strong passwords
Use firewalls on devices and networks
Control access to data and software by separating administrator
accounts and using whitelists and app stores
Protect against viruses and other malicious software by using tools
such as Windows Defender, macOS XProtect, and sandboxing
Keep devices and software up to date, and stop using out-of-date
software
Watch out for phishing e-mails
Hinweis der Redaktion
Q – what is the largest breach suffered to date in terms of numbers of people’s data compromised?
https://informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
Large breaches can happen by targeting large centralised databases – but also by infecting many PCs and local systems