Hello Everyone
An introduction to security awareness; why its important, the impact of being attacked, different threat actors and basic account security.
This is a room on TryHackMe created by Yas3r. This room is a part of Pre Security Learning Path on TryHackMe.You can find the link here for this room.
This room has various tasks that need to be performed to complete the room.
Task 1 Introduction to Security Awareness
What is security awareness?
You are at the heart of your organization and play a key role in keeping it safe against cyber attacks. Understand what it takes to be security conscious by walking through the most common attacks seen in the industry, and learn how to mitigate potential threats. Become more security-aware and improve your cyber hygiene in the security awareness module.
Based on a report from IBM, human errors were the main reason for 95% of successful cyber attacks. The study concluded that people are the main threat to the security of a business. Being more security-aware will significantly help mitigate potential threats and risks to your organization.
Who is security awareness for?
Everyone! It’s everyone’s responsibility to be security-aware. No matter your role at your company, you could be a potential target for cybercriminals; especially given your access and knowledge inside your organization.
Task 2 Why Security Awareness is Essential
Nowadays, remote working is common in many organizations, and many will spend most of their time working on their personal computers, which increases the risk of being a primary target for cyber security attacks.
Hackers use a variety of tools and methods to gain access to staff computers and corporate networks. Security breaches can cost a company millions of dollars; based on an online report, the average cost of a data breach was a massive $3.86 million. As well as the huge cost to handle a cyberattack, it also damages the reputation and trust of customers and partners.
Security awareness training is a must-have skill to counter efforts by attackers and reduce risks within the business. A few of the benefits are below:
- Help prevent data breaches
- Minimize and reduce risks and threats
- Improve IT defenses
- Improves customer confidence
Based on Proofpoint’s study, the following diagrams show the effectiveness of security awareness training:
- 95% reduction in malware and viruses and a greater awareness of cybersecurity threats in a financial institution.
- 90% reduction in attempted phishing attacks in an educational institution.
- 80% reduction in fraud attacks on government employees.
Task 3 Data and Account Security
Everyone holds sensitive data, whether it be personal information, customer data, financial reports, or company details, obtaining data (or holding it to ransom) is a cybercriminal’s main objective.
Sensitive data can be in many different forms. For example, the HR department has all details and information of employees while the finance department will have the credit card and bank account details of customers. Protecting this data is important not only to the organization but also to its clients and customers.
Now that we know why data protection is so important we now need to understand the type of data we have, why it must be protected and the methods we can take to secure it.
The following diagram illustrates the top 10 data breaches by some of the large companies in history, the number of people who were affected and the type of data that was leaked.
Task 4 Check if you’ve been part of a cyber breach
The impact of cyber threats increased significantly during the pandemic, primarily due to the increase in home working. The following points are potential consequences of a successful cyberattack:
- Legal penalties (lawsuits and GDPR)
- Reputational damage
- Disruption to trading
- Financial loss
- Loss of Sensitive Data
Criminals can use the information found in data breaches of companies to perform targeted social engineer attacks or phishing campaigns (more on this in future security awareness rooms). Have I Been Pwned is a service that keeps track of data breaches leaked information, giving you the ability to find out if you’ve been a victim of a previous data breach. Search your email or phone number, and it will reveal if your personal information has ever been leaked.
Task 5 Cyber Threat Actors
A cyber threat is the possibility of a malicious attempt to damage or disrupt a computer network or system. Cyber threat actors are individuals or groups of people who maliciously aim to take advantage of system security weaknesses to compromise and gain unauthorized access to victim data, computers, or networks.
The motivation of threat actors may vary and can be categorized into different groups:
- Nation-state cyber threat actors are geopolitically motivated.
- Cybercriminals are financially motivated.
- Hacktivists are ideologically motivated.
- Terrorist groups are motivated by ideological violence.
- Thrill-seekers are motivated by satisfaction.
- Insider threat actors are motivated by discontent.
Task 6 Conclusion
This room introduced you to the basics of security awareness concepts and knowledge that can help you stay safe online. We discussed the importance of security awareness and why it’s essential that you play your part in helping to prevent cyber attacks.
In the next room, we will be reviewing some of the common attacks that cyber threat actors can use to gain access to sensitive data, computers, or networks using practical scenarios and exercises.
If you enjoyed this post, share it with your friends and colleagues!