Security Studies year 2
Cyber threats: Literature summaries
1.1 Meeuwisse, R. (2017). Cyber Security for Beginners. Cyber Simplicity Ltd
- Malware: general term for malicious software, it is a disruptive/malicious programme
inserted into a digital device.
- Virus: Form of malware that spreads by infecting (attaching itself) to other files and
want to continue that process.
- Cryptanalysis: Examining ciphered information to determine the technique that was
used to encode/hide that information (first used in WW2 > Enigma Code).
- Cloud: General term for services not managed/developed by the person using the
service. Instead Cloud-providers run these services (example: online file storage).
Advantages are large scalability and cheaper operating cost for consumers.
- Vector: Method (“they used three vectors for the attack”).
- Bleeding edge: using inventions so new they have a significant likelihood to cause
damage before they become safe/stable.
- BYOD: bring your own device (to work), severe security risks involved.
Cybersecurity is much broader than just protection from data theft or financial reasons. It is
also about military/geopolitical implications. It is useful to understand that humans are the
weakest link in Cybersecurity. Cybersecurity can broadly be defined as:
- The protection of digital devices and their communication channels to keep them
stable and reasonably safe form danger/threat. The digital device being any electronic
appliance that can transmit/receive/create information in an electronic setting.
Cybersecurity is not only about protecting computers but more importantly about protecting
people who rely on anything electronic.
History of Cyberspace software adoption:
In the early days of cyberspace most operators bought and created their own specific software,
it was expensive. IT-departments were in charge of whole cyber process including security/
development etc. This slowly changed to Cloud services, developed by external companies
and much cheaper and more reliable. IT departments now changed roles to consultancy and
security only. Now it was harder to secure systems as they were developed by other actors.
Because changes in the technology landscape have been so extreme over the last two decades
many people working with new technologies do not really understand them.
The problem is that when adopting new external cheaper technologies, companies must make
counter investments in security and adaptation/integration. This process has fallen short over
the last decades. The tech departments view the value of security systems in three ways. 1.
Information is valuable 2. Risk costs money to control 3. Until a company is attacked it is
tempted to save money on security. There is often a large disconnect between adoption of
“bleeding edge technology” and its security risk and the profitable business case of the
The rise of Cybersecurity threats:
Mainly caused by increased speed, lower cost and increased adoption of internet connections.
And faster computer processing made more applications like banking and shopping more
viable to go through cyberspace, thus attracting more cyber threats. Finally wider adoption
made other non-cyber services less viable, less attractive and more expensive.
Organisations must protect themselves against:
- Intentional malicious attacks
- Unintentional cyber threats/events
They do this by:
- Detection of unexpected/unauthorized disruptions
- Quickly diagnose the issue
- Resolve/resolve affected services
Defense in depth:
Tries to reduce chance of successful attack by implementing multiple layers of security
techniques. So when one security technique fails there are still others to address the attack.
The best way for defense is to include not just 1. technological factors but also 2. people and
3. operations (processes) factors.
- Hacker: a person who attempts to gain unauthorized access to digital devices.
- Cyber-attack: hostile action targeting digital devices, intended damage not
necessarily limited to digital environment.
- Path management: process to deploy updates to software on digital devices, usually
in response to gap in security. Considered a critical component of Cybersecurity.
- Botnet: Robotic network, connected set of programs designed to operate together,
often used for Ddos attacks. Can have good or bad purposes.
- Incident response: prepared set of processes triggered after known/suspected event
takes place that could cause damage to an organisation.
- Breach notification procedure: information known/suspected to be stolen must be
reported to authorities and owners of the stolen data in a certain time frame.
Basic rule in cyberspace:
The costs of repairing damage after Cyber- attack often much greater than the value of the
Outsourcing and investing in security:
In a race to outsource (goal of cost reduction) more and more
operations/information/responsibilities companies lost control over a no longer closed
environment. This mindset first started to shift after major data breaches of some US firms in
2013/2014 (Target and Home Depot). These breaches had severe damage to corporate image
and finance. A positive note is that companies who were attacked in the past are far less likely
to be attacked in the future as most of them asses and address their security problems. But the
overarching problem is that most firms/governments invest in cybersecurity reactively!
For governments this mindset also changed in 2013 because Edward Snowden leaked millions
of classified documents of the NSA.
Exfiltration: movement of information through detection systems with secrecy so not to be
Root causes of Target (2013) Cyber- attack:
1. Poorly implemented “defense in depth” strategy, everyone relied upon somebody
else’s controls to see if their own controls had failed.
2. The security/risk/budget culture was flawed, the threat of all “small risks” combined
3. Existing security controls only met minimum requirements and were not updated on
time to response to evolving threats.
Note: many Cyber- attacks do not occur at one moment but over extended periods of time,
chance for detection is still feasible if good infrastructure is in place.
Truths about Cybersecurity breach:
- Many defense controls failed to be in place or to be effective.
- One or more people miscalculated risk involved.
- One or more people did trigger the alarm on time or knew how to do that.
- Firewall: hardware/software used to monitor inbound/outbound data streams, it is
achieved by implementation of a Firewall Policy (rules). They are usually deployed at
the systems access points.
- Governance: Methods used by any executive to track management goals, usually
policies/controls are developed that match the vision of the organisation.
- Denial of Service (DoS)/Distributed DoS (DDoS): attack designed to disrupt
people’s use of a system. If the attack is from multiple sources it is a DDoS attack.
- Ethical hacking/Penetration Tester (White-Hat): process by which supportive
testing experts assist in finding weaknesses in a system.
- Zero-day: refers to very first time a new type of “exploit” is discovered. At that
moment none of the anti-malware may be set up to defend against this new exploit.
- Backdoor: method of accessing software that bypasses normal authentication.
The ability to hack into a computer does not necessarily equate to the ability to perform
effective security over a Cyber domain. Criminal hackers only need to find one weakness
while cybersecurity regimes need to address every potential point of weakness.
Cybersecurity as a discipline:
Cybersecurity is a complex and fairly recent discipline which evolves at an enormously fast
rate. Last years knowledge might be completely irrelevant this year. Because of this a good
Cybersecurity regime has multiple Cyber experts as the speed of change and amount of
knowledge in the field is far to much for one expert to comprehend.
Roles and tasks within Cybersecurity are divided in six main groups >
1. Management: responsible for Governance
2. Cyber Audit & Assessment: responsible for checking security/integrity of all
technology. And identify any potential gaps in security.
3. Event Monitoring and Alerts: constant monitoring of real time information for threats.
4. Proactive Operations: Access monitoring, Encryption specialist, Risk Consultant for
adoption of new technologies etc….
5. Environment Testing: Ethical hacking part of this role,
6. Experts (Cryptologist for example)
All these six roles combined allow for reactive and proactive security management which is
Encryption: Act of encoding data so that if intercepted by an unauthorized part it cannot be
read, unless decoding mechanism is deciphered.
Edward Snowden case study:
Snowden had years of insider knowledge, vast experience in security administration and
access to vast amounts of sensitive data. Normally people involved in security administration