A presentation made during the international Youth Exchange called Digital Danger and financed Erasmus+ Programme through Dům zahraniční spolupráce and the European Union
2. What is cybersecurity,
how does it work?
Cybersecurity is designed to provide multiple layers of protection across all of the
computers, networks, and programs used by a business. In order to create a
unified defence against potential cyberattacks, it is important that the business,
employees, processes, and technology are designed to work seamlessly together.
Cybersecurity systems that function properly will be able to detect, investigate, and
resolve potential weaknesses and vulnerabilities in the system before they can be
exploited by a hacker or malicious software.
4. By implementing security, businesses and individuals can protect
themselves against the full range of cyber security threats outlined
below, as well as the numerous others that exist.
With cyber security, companies do not have to worry about
unauthorized users accessing their network or data. It helps them
protect both their end users and their employees.
What are the benefits
of cybersecurity?
Even in those rare cases that security does not prevent an attack or
breach, it improves the recovery time afterward. In addition companies
will often notice that customers and developers are more confident in
products that have strong cyber security solutions in place.
5. Threats vs vulnerabilities vs consequences
Threat:
Threats can include social
engineering attacks, DDoS
attacks, and advanced
persistent threats, to name a
few. Threat actors may be
associated with nation-
states, insiders, criminal
enterprises, and are typically
motivated by financial gain
or political agendas.
Vulnerability:
In cybersecurity, a
vulnerability refers to
weakness, flaw, or error that
can be exploited by attackers
to gain unauthorized access.
Vulnerabilities can be taken
advantage of in a number of
ways, which is why
vulnerability management is
crucial for staying ahead of
criminals.
Consequence:
The consequence is the actual
harm or damages that occur as a
result of a network disruption.
Typically, an organization will
incur both direct and indirect
consequences as they work to
remediate the problem.
Depending on the attack,
consequences may impact an
organization’s finances,
operations, reputation, and
regulatory compliance status.
6. What are the different types
of cybersecurity threats?
1. Malware
Malware is malicious software such as spyware, ransomware, viruses
and worms. Malware is activated when a user clicks on a malicious link
or attachment, which leads to installing dangerous software.
2. Emotet
An advanced, modular banking Trojan that primarily functions as a
downloader or dropper of other banking Trojans. Emotet continues to
be among the most costly and destructive malware.
3. Denial of Service
A denial of service (DoS) is a type of cyber attack that floods a
computer or network so it can’t respond to requests. A distributed DoS
(DDoS) does the same thing, but the attack originates from a computer
network. Cyber attackers often use a flood attack to disrupt the
“handshake” process and carry out a DoS. Several other techniques
may be used, and some cyber attackers use the time that a network is
disabled to launch other attacks.
7. What are the different types
of cybersecurity threats?
4. Man in the Middle
MITM attacks often occur when a visitor uses an unsecured public Wi-Fi
network. Attackers insert themselves between the visitor and the network, and
then use malware to install software and use data maliciously.
5. Phishing
Phishing attacks use fake communication, such as an email, to trick the
receiver into opening it and carrying out the instructions inside, such as
providing a credit card number.
6. SQL Injection
A Structured Query Language (SQL) injection is a type of cyber attack that
results from inserting malicious code into a server that uses SQL. When
infected, the server releases information. Submitting the malicious code can
be as simple as entering it into a vulnerable website search box.
7. Password Attacks
With the right password, a cyber attacker has access to a wealth of
information. Password attacks include accessing a password database or
outright guessing.
8. Cybersecurity in Poland
The Polish cybersecurity market is relatively
small. The most important group of clients is
(for many years) several large clients, i.e. the
largest public and private companies, state
apparatus, as well as universities and other
public entities (e.g. hospitals). The second
important group are small and medium-
sized enterprises. Warsaw is by far the
dominant center in Poland, where almost
one third of the surveyed companies
conduct their activities. Other important
centersare: Poznań, Wrocław, Kraków and
Silesia.
The vast majority of cybersecurity
companies are located in western or central
Poland, which is also related to the wealth
and population of these regions. When it
comes to the dynamics of the emergence of
companies in Poland dealing with
cybersecurity, there has been a clear upward
trend in recent years.
What are the biggest barriers to the
development of cybersecurity in Poland?
1.Low market awareness of the need to use
cybersecurity solutions.
2. Difficulty recruiting cybersecurity experts
and other specialists.
3. Lack of sufficient capital for development.
4. Difficulties in reaching key stakeholders in
the sales process.
5. Unclear legal regulations
9. 2.Anna Kournikova
She may be a famous tennis player, but
she makes a world-beating computer
virus. Thousands of people have been
tricked into opening a mail message
that says it contains a picture of Anna
Kournikova but actually hides a
malicious program. If set off, the
programme plunders the address book
of the Microsoft Outlook e-mail
programme and attempts to send itself
to all the people listed there.
3.Deskop Goose
This could also be the case for the popular
Desktop Goose mini-game. Although it is not
a virus, Desktop Goose can interrupt any
activity on your computer. Will not hesitate to
appear during a PC game by dragging the
note that says "good job".
Can virus look cute?
1. ILOVEYOU
While ILOVEYOU sounds like a cheerful
bon mot you might find printed on the
inside of a Valentine’s Day card, it’s
actually far, far more sinister than that.
ILOVEYOU is one of the most well-known
and destructive viruses of all time. The
virus came in an email with a subject
line that said “I love you”. Being curious
types, people clicked into the email with
aplomb—regardless of the fact the email
wasn’t from anyone they knew. The
malware was a worm that was
downloaded by clicking on an
attachment called ‘LOVE-LETTER-FOR-
YOU.TXT.vbs’. ILOVEYOU overwrote system
files and personal files and spread itself
over and over and over again.
10. Cybersecurity
challenges
Ransomware attacks - hacking into a user’s data and preventing them from
accessing it until a ransom amount is paid
Cloud attacks - hacking cloud-platforms to steal user data
Phishing attacks - type of social engineering attack often used to steal user data,
including login credentials and credit card numbers
Blockchain and cryptocurrency attacks - it can compromise the customer data
and business operations
Software vulnerabilities - an older software version might contain patches for
security vulnerabilities that are fixed by the developers in the newer version
Machine learning and AI attacks - hese technologies can be used to identify
high-value targets among a large dataset
BYOD policies - your own device may not be strong enough and you risk leaking
the data of your work place
Insider attacks - Employees with malicious intent can leak or export confidential
data to competitors or other individuals
Outdated hardware - Hardware isn’t advanced enough to run the latest software
versions. This leaves such devices on an older version of the software, making them
highly susceptible to cyberattacks.
11. Cybersecurity vendors and tools
Antivirus Software - program which is designed to prevent, detect, and remove viruses
and other malware attacks on the individual computer, networks, and IT systems
Firewall - Its job is to prevent unauthorized access to or from a private network. It can be
implemented as hardware, software, or a combination of both.
PKI Services - Public Key Infrastructure. This tool supports the distribution and identification
of public encryption keys.
Managed Detection Services - MDR is an advanced security service that provides threat
hunting, threat intelligence, security monitoring, incident analysis, and incident response.
Penetration Testing - In Penetration testing, cybersecurity professionals will use the same
techniques and processes utilized by criminal hackers to check for potential threats and
areas of weakness.
Staff training - it's not a 'cybersecurity tool' but ultimately, having knowledgeable
employees who understand the cybersecurity which is one of the strongest forms of defence
against cyber-attacks.
12. How to protect yourself?
Install anti-virus software
Set a password, gesture or fingerprint that must be
entered to unlock
Set the device to require a password before applications
are installed
Leave Bluetooth hidden when not in use and disabling
automatic connection to networks
Enable remote locking and/or wiping functions, if your
device supports them.
Change your passwords often and remember - the
longer the password, the better.
Secure your device:
13. Report a crime
Report it to the sites that has been influenced, for example Facebook Help
Community
Collect and keep evidence
Change all of your passwords
Close any unauthorized or compromised credit or charge accounts
Think about what other personal information may be at risk
You have been a victim of cyber crime
- what to do?