SlideShare a Scribd company logo

Understanding Cyber Threats and Motivations

S
Sighbearuk

This is the 3rd slide deck in a series covering Cyber by SighBearUK in association with the CiBears. This deck (with notes) covers what makes up threat (capability and motivation)

Technology
1 of 13
Download to read offline
Welcome to more Cyber by Sighbear in association with the CiBears. This slide deck expands on the initial story of Cybersecurity and continues the journey for those who wish to get into the industry and as a refresher to those already in the industry as to how and why we do Cyber Security. This is the third slide deck and there will be others that expand on the areas covered in this one and related areas. Cyber by Sighbear Threats What risk are the CiBears at without threat? v1.0
Previously on SighBearUK Education ● In the first slide deck we covered Cyber & Risk. ● If you have not seen part 1 or part 2 or need a detailed refresher see https://www.sighbear.uk/Cyber-Education/ ● In the second deck we cover CONTEXT In the first slide deck we covered Cyber & Risk and definitions for them both. We joined Cyber and Risk together for Cyber-Risk with simple risk equation (R = V * L * I) along with risk management approaches . ● Avoid ● Control ● Accept ● Transfer In the second deck it was all about CONTEXT (sorry for shouting but it seems to be an issue for some, understanding context) Lady - Is four a lot Man - Depends on the context Man - Dollars? no Man - Murders? yes
Credit @warmana (on twitter)
The story today! Threat - Introduce it As it says on the slide today we are going to cover threat.
What is threat? ● Definition of threat ○ “a statement of an intention to inflict pain, injury, damage, or other hostile action on someone in retribution for something done or not done.” Understand what threat is Who wants to do harm to you, what will they use to do harm to you and how much effort are they going to expend to do that harm?
Threat - questions to think about • Threat (questions to ask yourself as the asset owner) • Who would want to attack your assets • Why would they want to (what is their motivation) • How skilled are they (what is their capability, script kiddies or state sponsored) • What is most important to the attacker (disclosure, integrity, availability) • how would they go about the attack, technical or social, pay an insider, etc • This gives you an idea of likelihood for the risk equation So as the slide states, think about who is a cyber threat. Who are the attackers (the persons carrying out the attacks)? Why do they want to attack you (what’s their motivation), maybe rather than attack someone else instead of you? What skills and resources (money, time, computing power, etc) do the attackers have? What is the outcome the attacker wishes to inflict on you? How would the attacker go about attacking you? All these are covered in the next few slides.
Likelihood is mostly made up of two things / events. In the case of our Cyber education we are going to use Motivation and Capability which will be expanded upon in the next couple of slides. As the image shows the SighBear has ladders (capability) but already has a pot of honey (so no motivation to disturb the bees for some honey) Threat as in input into likelihood • Likelihood is made up of two parts • Motivation • having a reason to do something • Capability • Having the skills, tools, etc Note: This is a follow on / expansion of the likelihood slide in Slide Deck One @ https://www.sighbear.uk/Cyber-Education/
This slide covers the wider definition of motivation “a reason or reasons for acting or behaving in a particular way.”, along with a couple of examples of motivation in the Cyber world and the Sighbear world. In the Cyber world ● A Cyber Criminal wants to steal money ● An activist to embarrass a government through website defacement. In the Sighbear world ● The bears want to some honey to provide energy to catch some salmon These are just a few examples of what motivates people and bears. • Definition • “a reason or reasons for acting or behaving in a particular way.” • Cyber Motivation • Cyber Criminal wants to steal money, activist to embarrass a government through website defacement, etc • Sighbear Motivation • to get some honey to provide energy to catch some salmon Motivation
This slide covers the wider definition of capability “the power or ability to do something”, along with couple of examples of capabilities in the Cyber world and the Sighbear world. In the Cyber world ● Having the right skills (not just technical but can be social as well), tools, finances, resources etc In the Sighbear world ● Skills (i.e. climbing trees) ● Tools (claws to help climb trees) These are just a few examples of of what capabilities people and bears have. • Definition of capability • “the power or ability to do something.” • Cyber Capability • Having the skills (not just technical but can be social as well), tools, finances, etc • Sighbear Capability • Skills (i.e. climbing trees) tools (claws to help climbing) Capability
This slide covers threats to the security triad (watch the video link for explanation https://youtu.be/SP8cr0fg5Sg, we might expand on in future slide decks). And how the threats might apply to Confidentiality, Integrity and Availability Examples of possible threats • Threat to Confidentiality (“the state of keeping or being kept secret or private.”) - • Cyber Criminal wants to know your login details to your bank so they can steal your money. • Threat to Integrity (“ensuring that data/information is real, accurate and safeguarded from unauthorized user modification”) • Organised crime want to change prison records to get someone released early. • Threat to Availability (“ensure that required data/information is always accessible when and where needed”) • Foreign government wants to take another government’s online voting service offline at key moment.
What's coming next? Vulnerabilities expanded Likelihood (introduce probability subjectiveness ) Art of A+D (Attack + Defence) Threat modelling Risk methodologies Some things that we are planning to do slide decks on.
Credits If you have a cyber challenge, maybe you would like to hire the CiBears and friends? Twitter @sighbearuk web www.sighbear.uk Artwork by Claire Brown https://clairebrown.myportfolio.com Why should you consider hiring the CiBears? Because we are like a breath of fresh air compared to some other Cyber consultants we come across because we won’t: 1) Try to sell you snake oil (there is no silver bullet, or 100% security) 2) We are not security charlatans (we have a great mix of academia and real world experience) 3) We will get to know your business to ensure we give appropriate advice aligned to your needs Mantra “Security does not say No, it says yes but ………..” understand the risks. It’s a shame that @NCSC withdrew it. User experience should be fantastic - security should be good enough
As it provided something we have believed in from before they ever published it

Recommended

HACKING
HACKINGHACKING
HACKINGUpendraSingamsetty
 
Cyber threat-by-sighbear 1-0
Cyber threat-by-sighbear 1-0Cyber threat-by-sighbear 1-0
Cyber threat-by-sighbear 1-0Sighbearuk
 
Cyber by-sighbear-1 1-notes
Cyber by-sighbear-1 1-notesCyber by-sighbear-1 1-notes
Cyber by-sighbear-1 1-notesSighbearuk
 
ethics final project
ethics final projectethics final project
ethics final projectVictoriya Poplavskaya
 
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Steve Poole
 
Effective Cybersecurity Communication Skills
Effective Cybersecurity Communication SkillsEffective Cybersecurity Communication Skills
Effective Cybersecurity Communication SkillsJack Whitsitt
 
Understanding Cyber Crime and Cyber Security by Sajibe Kanti
Understanding Cyber Crime and Cyber Security by Sajibe Kanti Understanding Cyber Crime and Cyber Security by Sajibe Kanti
Understanding Cyber Crime and Cyber Security by Sajibe Kanti SajibeKanti
 
Social engineering
Social engineeringSocial engineering
Social engineeringRobert Hood
 

Recommended

HACKING
HACKINGHACKING
HACKINGUpendraSingamsetty
 
Cyber threat-by-sighbear 1-0
Cyber threat-by-sighbear 1-0Cyber threat-by-sighbear 1-0
Cyber threat-by-sighbear 1-0Sighbearuk
 
Cyber by-sighbear-1 1-notes
Cyber by-sighbear-1 1-notesCyber by-sighbear-1 1-notes
Cyber by-sighbear-1 1-notesSighbearuk
 
ethics final project
ethics final projectethics final project
ethics final projectVictoriya Poplavskaya
 
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Devnexus 2017 Cybercrime and the Developer: How do you make a difference?
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Steve Poole
 
Effective Cybersecurity Communication Skills
Effective Cybersecurity Communication SkillsEffective Cybersecurity Communication Skills
Effective Cybersecurity Communication SkillsJack Whitsitt
 
Understanding Cyber Crime and Cyber Security by Sajibe Kanti
Understanding Cyber Crime and Cyber Security by Sajibe Kanti Understanding Cyber Crime and Cyber Security by Sajibe Kanti
Understanding Cyber Crime and Cyber Security by Sajibe Kanti SajibeKanti
 
Social engineering
Social engineeringSocial engineering
Social engineeringRobert Hood
 
C3 Cyber
C3 CyberC3 Cyber
C3 CyberDeepak Kumar (D3)
 
What Are Script Kiddies.pdf
What Are Script Kiddies.pdfWhat Are Script Kiddies.pdf
What Are Script Kiddies.pdfuzair
 
Red vs. Blue Why we’ve been getting it wrong for 25 years
Red vs. Blue Why we’ve been getting it wrong for 25 yearsRed vs. Blue Why we’ve been getting it wrong for 25 years
Red vs. Blue Why we’ve been getting it wrong for 25 yearsEC-Council
 
Hacking a cause of cyber crime final
Hacking a cause of cyber crime finalHacking a cause of cyber crime final
Hacking a cause of cyber crime finalHarsha Matta
 
[Hungary] I play Jack of Information Disclosure
[Hungary] I play Jack of Information Disclosure[Hungary] I play Jack of Information Disclosure
[Hungary] I play Jack of Information DisclosureOWASP EEE
 
Threat Modeling In 2021
Threat Modeling In 2021Threat Modeling In 2021
Threat Modeling In 2021Adam Shostack
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingHarshit Upadhyay
 
hamad.pwrpoint.pdf
hamad.pwrpoint.pdfhamad.pwrpoint.pdf
hamad.pwrpoint.pdfhmooodes115
 
Corp Web Risks and Concerns
Corp Web Risks and ConcernsCorp Web Risks and Concerns
Corp Web Risks and ConcernsPINT Inc
 
Ethical Hacking
Ethical Hacking Ethical Hacking
Ethical Hacking Harshit Upadhyay
 
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...HackerOne
 
Cyber security
Cyber securityCyber security
Cyber securityLuke Veltjens-Swan
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering OWASP Foundation
 
CST 20363 Session 6 Cyberspace
CST 20363 Session 6 CyberspaceCST 20363 Session 6 Cyberspace
CST 20363 Session 6 Cyberspaceoudesign
 
Practical approach to combating cyber crimes
Practical approach to combating cyber crimesPractical approach to combating cyber crimes
Practical approach to combating cyber crimesChinatu Uzuegbu
 
Progscon cybercrime and the developer
Progscon cybercrime and the developerProgscon cybercrime and the developer
Progscon cybercrime and the developerSteve Poole
 
The Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityThe Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityStephen Cobb
 
Using Motive, Opportunity, and Means (M.O.M.) and ISO 27001 as Cyber Crime Pr...
Using Motive, Opportunity, and Means (M.O.M.) and ISO 27001 as Cyber Crime Pr...Using Motive, Opportunity, and Means (M.O.M.) and ISO 27001 as Cyber Crime Pr...
Using Motive, Opportunity, and Means (M.O.M.) and ISO 27001 as Cyber Crime Pr...FitCEO, Inc. (FCI)
 
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, IndiaGovernance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, IndiaDinesh O Bareja
 
Social Engineering Attacks & Principles
Social Engineering Attacks & PrinciplesSocial Engineering Attacks & Principles
Social Engineering Attacks & PrinciplesLearningwithRayYT
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 

More Related Content

Similar to Understanding Cyber Threats and Motivations

What Are Script Kiddies.pdf
What Are Script Kiddies.pdfWhat Are Script Kiddies.pdf
What Are Script Kiddies.pdfuzair
 
Red vs. Blue Why we’ve been getting it wrong for 25 years
Red vs. Blue Why we’ve been getting it wrong for 25 yearsRed vs. Blue Why we’ve been getting it wrong for 25 years
Red vs. Blue Why we’ve been getting it wrong for 25 yearsEC-Council
 
Hacking a cause of cyber crime final
Hacking a cause of cyber crime finalHacking a cause of cyber crime final
Hacking a cause of cyber crime finalHarsha Matta
 
[Hungary] I play Jack of Information Disclosure
[Hungary] I play Jack of Information Disclosure[Hungary] I play Jack of Information Disclosure
[Hungary] I play Jack of Information DisclosureOWASP EEE
 
Threat Modeling In 2021
Threat Modeling In 2021Threat Modeling In 2021
Threat Modeling In 2021Adam Shostack
 
hamad.pwrpoint.pdf
hamad.pwrpoint.pdfhamad.pwrpoint.pdf
hamad.pwrpoint.pdfhmooodes115
 
Corp Web Risks and Concerns
Corp Web Risks and ConcernsCorp Web Risks and Concerns
Corp Web Risks and ConcernsPINT Inc
 
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...HackerOne
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering OWASP Foundation
 
CST 20363 Session 6 Cyberspace
CST 20363 Session 6 CyberspaceCST 20363 Session 6 Cyberspace
CST 20363 Session 6 Cyberspaceoudesign
 
Practical approach to combating cyber crimes
Practical approach to combating cyber crimesPractical approach to combating cyber crimes
Practical approach to combating cyber crimesChinatu Uzuegbu
 
Progscon cybercrime and the developer
Progscon cybercrime and the developerProgscon cybercrime and the developer
Progscon cybercrime and the developerSteve Poole
 
The Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityThe Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityStephen Cobb
 
Using Motive, Opportunity, and Means (M.O.M.) and ISO 27001 as Cyber Crime Pr...
Using Motive, Opportunity, and Means (M.O.M.) and ISO 27001 as Cyber Crime Pr...Using Motive, Opportunity, and Means (M.O.M.) and ISO 27001 as Cyber Crime Pr...
Using Motive, Opportunity, and Means (M.O.M.) and ISO 27001 as Cyber Crime Pr...FitCEO, Inc. (FCI)
 
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, IndiaGovernance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, IndiaDinesh O Bareja
 
Social Engineering Attacks & Principles
Social Engineering Attacks & PrinciplesSocial Engineering Attacks & Principles
Social Engineering Attacks & PrinciplesLearningwithRayYT
 

Similar to Understanding Cyber Threats and Motivations (20)

C3 Cyber
C3 CyberC3 Cyber
C3 Cyber
 
What Are Script Kiddies.pdf
What Are Script Kiddies.pdfWhat Are Script Kiddies.pdf
What Are Script Kiddies.pdf
 
Red vs. Blue Why we’ve been getting it wrong for 25 years
Red vs. Blue Why we’ve been getting it wrong for 25 yearsRed vs. Blue Why we’ve been getting it wrong for 25 years
Red vs. Blue Why we’ve been getting it wrong for 25 years
 
Hacking a cause of cyber crime final
Hacking a cause of cyber crime finalHacking a cause of cyber crime final
Hacking a cause of cyber crime final
 
[Hungary] I play Jack of Information Disclosure
[Hungary] I play Jack of Information Disclosure[Hungary] I play Jack of Information Disclosure
[Hungary] I play Jack of Information Disclosure
 
Threat Modeling In 2021
Threat Modeling In 2021Threat Modeling In 2021
Threat Modeling In 2021
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
hamad.pwrpoint.pdf
hamad.pwrpoint.pdfhamad.pwrpoint.pdf
hamad.pwrpoint.pdf
 
Corp Web Risks and Concerns
Corp Web Risks and ConcernsCorp Web Risks and Concerns
Corp Web Risks and Concerns
 
Ethical Hacking
Ethical Hacking Ethical Hacking
Ethical Hacking
 
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...
 
Cyber security
Cyber securityCyber security
Cyber security
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering
 
CST 20363 Session 6 Cyberspace
CST 20363 Session 6 CyberspaceCST 20363 Session 6 Cyberspace
CST 20363 Session 6 Cyberspace
 
Practical approach to combating cyber crimes
Practical approach to combating cyber crimesPractical approach to combating cyber crimes
Practical approach to combating cyber crimes
 
Progscon cybercrime and the developer
Progscon cybercrime and the developerProgscon cybercrime and the developer
Progscon cybercrime and the developer
 
The Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityThe Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise Security
 
Using Motive, Opportunity, and Means (M.O.M.) and ISO 27001 as Cyber Crime Pr...
Using Motive, Opportunity, and Means (M.O.M.) and ISO 27001 as Cyber Crime Pr...Using Motive, Opportunity, and Means (M.O.M.) and ISO 27001 as Cyber Crime Pr...
Using Motive, Opportunity, and Means (M.O.M.) and ISO 27001 as Cyber Crime Pr...
 
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, IndiaGovernance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
 
Social Engineering Attacks & Principles
Social Engineering Attacks & PrinciplesSocial Engineering Attacks & Principles
Social Engineering Attacks & Principles
 

Recently uploaded

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 

Recently uploaded (20)

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 

Understanding Cyber Threats and Motivations

  • 1. Welcome to more Cyber by Sighbear in association with the CiBears. This slide deck expands on the initial story of Cybersecurity and continues the journey for those who wish to get into the industry and as a refresher to those already in the industry as to how and why we do Cyber Security. This is the third slide deck and there will be others that expand on the areas covered in this one and related areas. Cyber by Sighbear Threats What risk are the CiBears at without threat? v1.0
  • 2. Previously on SighBearUK Education ● In the first slide deck we covered Cyber & Risk. ● If you have not seen part 1 or part 2 or need a detailed refresher see https://www.sighbear.uk/Cyber-Education/ ● In the second deck we cover CONTEXT In the first slide deck we covered Cyber & Risk and definitions for them both. We joined Cyber and Risk together for Cyber-Risk with simple risk equation (R = V * L * I) along with risk management approaches . ● Avoid ● Control ● Accept ● Transfer In the second deck it was all about CONTEXT (sorry for shouting but it seems to be an issue for some, understanding context) Lady - Is four a lot Man - Depends on the context Man - Dollars? no Man - Murders? yes
  • 4. The story today! Threat - Introduce it As it says on the slide today we are going to cover threat.
  • 5. What is threat? ● Definition of threat ○ “a statement of an intention to inflict pain, injury, damage, or other hostile action on someone in retribution for something done or not done.” Understand what threat is Who wants to do harm to you, what will they use to do harm to you and how much effort are they going to expend to do that harm?
  • 6. Threat - questions to think about • Threat (questions to ask yourself as the asset owner) • Who would want to attack your assets • Why would they want to (what is their motivation) • How skilled are they (what is their capability, script kiddies or state sponsored) • What is most important to the attacker (disclosure, integrity, availability) • how would they go about the attack, technical or social, pay an insider, etc • This gives you an idea of likelihood for the risk equation So as the slide states, think about who is a cyber threat. Who are the attackers (the persons carrying out the attacks)? Why do they want to attack you (what’s their motivation), maybe rather than attack someone else instead of you? What skills and resources (money, time, computing power, etc) do the attackers have? What is the outcome the attacker wishes to inflict on you? How would the attacker go about attacking you? All these are covered in the next few slides.
  • 7. Likelihood is mostly made up of two things / events. In the case of our Cyber education we are going to use Motivation and Capability which will be expanded upon in the next couple of slides. As the image shows the SighBear has ladders (capability) but already has a pot of honey (so no motivation to disturb the bees for some honey) Threat as in input into likelihood • Likelihood is made up of two parts • Motivation • having a reason to do something • Capability • Having the skills, tools, etc Note: This is a follow on / expansion of the likelihood slide in Slide Deck One @ https://www.sighbear.uk/Cyber-Education/
  • 8. This slide covers the wider definition of motivation “a reason or reasons for acting or behaving in a particular way.”, along with a couple of examples of motivation in the Cyber world and the Sighbear world. In the Cyber world ● A Cyber Criminal wants to steal money ● An activist to embarrass a government through website defacement. In the Sighbear world ● The bears want to some honey to provide energy to catch some salmon These are just a few examples of what motivates people and bears. • Definition • “a reason or reasons for acting or behaving in a particular way.” • Cyber Motivation • Cyber Criminal wants to steal money, activist to embarrass a government through website defacement, etc • Sighbear Motivation • to get some honey to provide energy to catch some salmon Motivation
  • 9. This slide covers the wider definition of capability “the power or ability to do something”, along with couple of examples of capabilities in the Cyber world and the Sighbear world. In the Cyber world ● Having the right skills (not just technical but can be social as well), tools, finances, resources etc In the Sighbear world ● Skills (i.e. climbing trees) ● Tools (claws to help climb trees) These are just a few examples of of what capabilities people and bears have. • Definition of capability • “the power or ability to do something.” • Cyber Capability • Having the skills (not just technical but can be social as well), tools, finances, etc • Sighbear Capability • Skills (i.e. climbing trees) tools (claws to help climbing) Capability
  • 10. This slide covers threats to the security triad (watch the video link for explanation https://youtu.be/SP8cr0fg5Sg, we might expand on in future slide decks). And how the threats might apply to Confidentiality, Integrity and Availability Examples of possible threats • Threat to Confidentiality (“the state of keeping or being kept secret or private.”) - • Cyber Criminal wants to know your login details to your bank so they can steal your money. • Threat to Integrity (“ensuring that data/information is real, accurate and safeguarded from unauthorized user modification”) • Organised crime want to change prison records to get someone released early. • Threat to Availability (“ensure that required data/information is always accessible when and where needed”) • Foreign government wants to take another government’s online voting service offline at key moment.
  • 11. What's coming next? Vulnerabilities expanded Likelihood (introduce probability subjectiveness ) Art of A+D (Attack + Defence) Threat modelling Risk methodologies Some things that we are planning to do slide decks on.
  • 12. Credits If you have a cyber challenge, maybe you would like to hire the CiBears and friends? Twitter @sighbearuk web www.sighbear.uk Artwork by Claire Brown https://clairebrown.myportfolio.com Why should you consider hiring the CiBears? Because we are like a breath of fresh air compared to some other Cyber consultants we come across because we won’t: 1) Try to sell you snake oil (there is no silver bullet, or 100% security) 2) We are not security charlatans (we have a great mix of academia and real world experience) 3) We will get to know your business to ensure we give appropriate advice aligned to your needs Mantra “Security does not say No, it says yes but ………..” understand the risks. It’s a shame that @NCSC withdrew it. User experience should be fantastic - security should be good enough
  • 13. As it provided something we have believed in from before they ever published it