Professional Documents
Culture Documents
1
Objectives
• Review the threat landscape
• To introduce the UK Cybersecurity strategy
• To discuss the government’s approach to
cybersecurity
• To consider the societal impact of
cybersecurity
2
Introduction to Cyber Security Policies
and Procedures
• Principle of least privilege
1. Grant access only to those who need it
2. Grant as little access as possible
3. Grant it only for as long as needed
3
Introduction to Cyber Security Policies
and Procedures
• Defence in Depth
1. Firewall, IDS, Access Control, File System
• Secrecy
• Kerckhoff’s principle
1. the security of a mechanism should not be
dependent on the secrecy of the mechanism
4
Agencies Involved in UK Cybersecurity
5
Threat Landscape
What cyber threats can you identify?
Examples:
• Advanced persistent threats
• Cyber crime (dependent and enabled)
• Hactivism
• Insider threats
• Nuisance threats
6
Advanced Persistent Threats
• Attack profile
– targeted, organised and funded attacks potentially
associated to Nation State sponsorship or other powerful
entities
• Primary Objectives
– typically medium to long term; exfiltration of intellectual
property for purposes of eliminating years of R&D,
competitive economic and/or nation state advantage
• Attack methods
– social engineering, spear phishing, drive-by download
attacks, espionage, focused perimeter breaches 7
Cyber Crime
• Attack profile
– opportunistic, broad-based, often motivated by financial
gain
• Primary Objectives
– typically short term; identity theft, credit card fraud,
extortion, botnet creation & management
• Attack methods
– phishing attacks, hosting malware on legitimate websites,
SPAM related attacks, cyber extortion techniques
8
Hactivism
• Attack profile
– organised attacks associated to group of individuals with
political, ethical, religious, or retaliatory motives
• Primary objectives
– typically short term; cause havoc & chaos, disrupt operations,
discredit and malign via disclosure of sensitive information
• Attack methods
– distributed denial of service attacks (DDOS), traditional
hacking techniques, spear phishing
9
Insider Threats
• Attack profile
– legitimate internal user with hidden malicious intentions
• masqueraders (those who operate under the identity of another user)
• clandestine users (those who evade access controls and auditing)
• misfeasors (those who have legitimate authorisation but misuse their privileges)
• Primary objectives
– short to long term; compromise of sensitive information, destruction,
revenge, espionage, harassment
• Attack methods
– access via legitimate credentials and privileges, data exfiltration, physical
and logical sabotage, surveillance
10
Nuisance Threats
• Attack profile
– unskilled attackers, scanners & crawlers, SPAM,
worms/viruses, basic malware
• Primary objectives
– often unknown or irrelevant; recognition& status,
reconnaissance, financial
• Attack methods
– automated scanners, public exploit kits, generic SPAM
email, propagating worms/viruses, adware, scareware
11
Quick break
12
National Concern and Steps
• National security threat
– A number of countries including the United States, Russia,
Japan, Kenya, European Union countries have declared the
issue of cyber security, and specifically cyber attacks against
their governments and citizens as a national security threat
• Outcome
– As a result they have developed national cybersecurity
strategies or initiatives
– Such cyber security initiatives and strategies normally outline
the country’s primary goals, concerns, set of principles or
norms, and actions to be taken related to cybersecurity
– In many of the national strategies there has been the creation
of new agencies to deal with cyber security domestically 13
National Concern and Steps
• Other strategies have tried to embed cybersecurity into the role of
already existing agencies, such as law enforcement, military,
defense and foreign affairs ministries.
Defend Deter
Develop
Source: https://www.gov.uk/government/publications/national-cyber-security-strategy-2016-to-2021
17
Cyber Security in Organisations
Cybersecurity Actions in Organisations
• Ensure that there are clear processes and procedure to:
– Define the cybersecurity environment, including risks,
threats and implications of breaches.
– Detect when a breach of cybersecurity has happened –
including ways of identifying issues with policy and
implementation of policy
– Defend against potential threats and attacks – considering
appropriate layers of security
– Deter potential attackers and misusers – both from outside
the organisation and inside.
18
Cyber Security in Organisations
• Training and Awareness of Employees
– Ensuring that there is a robust cybersecurity policy
in the organisation
– Ensuring that all staff are trained (and aware) of
threats from cybersecurity
– Raising awareness of the threat from social
engineering
19
Summary
• Organisations and individuals face many cyber
threats from many different directions
• Need to raise awareness of threats
• Strategic approach to addressing issues
• However ………..
20
Lab session – Identification of Threats
• How can we prepare for threats / attacks / breaches?
• How do we know what to defend against?
• Task
– In groups put together a strategy for identifying current and
future threats.
– Consider action plan for addressing these threats.
– Consider a business model for providing a service which
offers warnings (include who to warn) about cyber threats.
– Produce an executive summary 200 word max!
21