1.

2 Types of Cyber Security Incidents

A wide range of cyber security events can befall individuals and organisations, some of which we
identified in table 3.1. In this section, we will look more closely at a range of activities and their
effects.

Unauthorised Access:

Unauthorised access refers just to gaining access to computer systems, networks, data and programs
without permission – it does not include carrying out any other activities. Examples;

 Hacking is carried out by hackers and involves gaining access to the system through any
means other than being given a legitimate username and password. This can be achieved
through the carelessness of the user leaving these items in plain sight so that they can easily
be seen, or by generating thousands of different passwords to find the correct one.
 Escalation of privileges gives an individual rights of access and editing which normal users do
not have. There are two types of escalation:
- Vertical: the invader obtains or may have legally received permission for low level
access. By finding flaws in the security systems or operating system, they increase their
access level to allow access to username creation, access levels, networks or data files.
This method has been used to gain access to Android and IOS smartphones.
- Horizontal: the invader does not add higher levels of access but gains access to other,
normal users’ areas. They might have stolen the username and password or seen
another’s data because of a program fault.

Information Disclosure:

Organisations and individuals maintain large amounts of information, some of it personal and
confidential to the employee or employer, such as salary scale, court judgements, disciplinary
activity, state of health, national insurance number, tax codes and bank details.

For many organisations, information is one of their most valuable assets. These can include new
ideas and research into new products, business plans for expansion, takeovers or cutbacks as well as
stock levels, purchasing agreements, customer contracts and discount arrangements, all of which
could be useful to another organisation. Additionally, there may be evidence of events which could
prove damaging to the organisation if they were reported in the media, such as large payoffs or the
employment of family members in jobs with significant salaries.

Governments handle and retain huge amounts of information, ranging in the United Kingdom from
handwritten documents to recent digital data. Most will be of limited interest or value, but some
information can be valuable, such as how many soldiers are available for deployment; how many
aircrafts can take to their at one time; feedback from ambassadors on their opinion of new heads of
states or senior politicians agents working in other countries; and the monitoring of other countries’
leaders or communications.

Insiders who are unhappy or have carried out activities which make them susceptible to blackmail
can be preyed upon by people with no right to the information, to obtain copies. Hacker can use
their knowledge of human behaviour (e.g. use of simple passwords or using the same password for
everything), or computing to obtain access to the information system and obtain electronic copies of
information which can be used against the organisation, individual or country.

Modification of data:

Data is entered, amended, stored and deleted by those with authorisation. Sometimes this may be
accidental, when the security or access levels are lax and someone with poor knowledge or
understanding of the system manages to alter or delete information. On other occasions, individuals
or group seek access to the system using a range of tools to steal, destroy or alter the data or the
software which operates or manages the information system. When data is illegally modified, it is to
blackmail and/or to cause disruption or harm to an organisation or individual.

Inaccessible data:

There are ways in which users can be denied access to services or data to which they require and
have the necessary permissions. These attacks are normally linked to malicious software. Most
username and password systems have an automatic account lockout (you will have noticed this if
you have mistyped your password, usually at least 3 times) to reduce the likelihood of a hacker
trying to guess your password.

Alternatively, you may receive an email claiming that you have been locked out of your account and
asking you to download an attachment and go through a process to reinstate your account. The
attachment is a piece of malicious code which will damage your computer system, preventing you
from accessing the data you need.

Another way in which access can be prevented is through a denial of service (DoS) attack. This
involves sending so much traffic to a particular computer system or website that it cannot cope,
denying access to legitimate users. This approach is usually used to bring down corporate systems,
such those used by banks, news networks and other financial systems.