Chapter 2 Exploring Cybersecurity Threats

Audio

Transcript

So let's look at classifying cybersecurity threats.

So the first thing is understanding our adversary. You have to kind of know who you're going up against.

What they're trying to do?

Where they're coming from, you need to understand them a little bit in order to put up a defense against them. Think of it as if.

You were.

Going to play a baseball game, but everybody else was playing football. You wouldn't stand too much of a chance of doing well.

But if you know what kind of attacker you have, you know a little bit about what their objectives are, then you have a better chance of defeating them.

So let's talk about the first one, which is internal versus external.

 It's pretty simple, it's just as it says. Internal means they're on your team. They're an inside threat. They either work there, they're in the building constantly. They have permission to be there. They're not trespassing. There's somebody, and maybe it's a subcontractor.

 Maybe it's an employee E that feels they've been slighted in some way, shape or form. They're disgruntled. They're looking to get back at you, something like that. That's an internal threat. So those are really dangerous because you think they're on your side and they're not. They're on the bad guys.

So then the other one is an external, so that's a threat from outside the company from outside your floor walls from outside your network, they're coming at you from outside trying to attack your network, either physically or through the web.

So those are different defenses to an external defense. You're putting up security guards, things like that, access keypads, retina, retina scanners, fingerprint scanners, and then.

Protections on your network for people coming in trying to come in when they shouldn't be. Firewalls intrusion protection, intrusion detection systems, things like that. And then for an internal it's hard to put a defense up. You're you're putting up things like.

At a loss prevention where you're looking for files that are going out. I know companies who you cannot hook a USB drive up in their system without sending out a.

Mark and that's to keep from having data copied. There are alerts where if it's so large of a file or if it's a file being renamed where it will alert so that you know something's happening. You may it may be after the fact. It may be like seconds.

After the fact.

But it alerts and at least you know who. Then your target is if something's going awry. So that's the difference between internal and external is that one is in your building in your network, and they have permission to be there. And then the other is extern.

So let's talk about levels of sophistication and capability. So threat actors vary greatly in their levels of cyber security, sophistication and capability. So and that that tend depends on who your attacker is. Is it Joe, Bob down the street?

Who's just doing it for fun? Or maybe has a grudge against your company. They didn't like something that happened, and they're going to DDoS attack you and try to shut down your website. Or are you big enough that nation state is coming after you?

Why is this different? Why is this level of sophistication and capability of it's different? Simply money Joe Bob down the street probably can't afford the same thing that Russia can. They can't afford to have teams of hackers going all day long trying to penetrate your system.

Teams that do ransomware, you know, these are large groups and they have more resources, more people and they can afford to do more things. They can spend more.

Time is is if John down the street, who is mad at your company or who you fired last week, is trying to do something through your network.

If they're worked in, they only have some hours in the day that they can spend trying to do something to you, whereas some of these more sophisticated and more capable teams could spend 24 hours a day hitting your.

Your system and then we start looking at resources and funding. Same thing you know, Nation state, actor, nation, state threat or large gang threats or large group of threats. These people have more act, more money they have more resources.

They have more computers, more computing power, things like that, so they can do more to you. And then the last thing is intent and motivation. Why are they motivated to attack you, your, your network, your system? What is their intent?

Again, is it Billy Bob down the street who's mad at you? Who you fired? You know, his intent is to get back at you, you know? So maybe he tries once or twice and goes away. Or is it China and you've got the latest, greatest patent for a chip and they're trying to steal that technology. You know, that's a that's a different motivation.

They're not going to quit just because you stopped them the 1st 100 times, they're going to keep coming and coming. And so you always have to be on your guard and be ready for them.