This article focuses on the fundamentals of cybersecurity. First, it covers fundamental security concepts. Using security concepts it then describes common scenarios that result in security incidents. Finally, it provides lessons on how to increase security.
The fundamental cybersecurity concepts aren’t too different from traditional physical security. There are three main concepts: threats, vulnerabilities, and risks.
A threat is something with the potential to breach security. In cybersecurity, a person attempting to exploit a vulnerability is referred to as a threat actor. A vulnerability is a weakness that could be exploited to cause a security breach. A typical cybersecurity vulnerability is a flaw in software that can be exploited to allow remote access of a system by a threat actor. Risk is the probability of security breach multiplied by the severity of the security breach. If a software flaw makes it likely that a threat actor can gain unauthorized access and control of a system with confidential information, then the risk of security breach is high. A high probability multiplied by high damage means high risk. On the other hand, if the software flaw was difficult to exploit, that would lower the risk.
An ironic pop-up ad.
How do these concepts apply to common real world cybersecurity scenarios? In many scenarios the vulnerability in the system is the user rather than a flaw in the software. Threat actors exploit vulnerabilities in human psychology. Humans tend to be trusting. Suppose a person sees a pop up on a website telling them their computer is infected. The pop up also says they must download a program to clean their computer. A human may trust this information and download the program. Unfortunately, the program is harmful. While attempting to appear helpful, the program is actually designed to allow a threat actor to remotely access the victim’s computer. With remote access they can steal information from the victim, install other programs, and in general control the victim’s computer. This type of program is known as a remote access trojan (RAT). “Remote access” refers to the fact that it allows a threat actor to access the victim’s computer remotely. And “trojan” refers to the fact that the program masquerades as a useful (cleaning tool), but in reality is harmful.
Operating systems like Windows can lower the risk of a user installing a RAT or other harmful programs. On a properly configured Windows system, if a program wants administrative level access a window appears requiring the user to confirm they want to run the program. This is known as User Account Control (UAC). If the user does not confirm, then the program will not run. The operating system is basically asking the user “Are you sure you want to run this program?” It gives the user one more chance to realize they are not sufficiently skeptical.
Sometimes the vulnerability a threat actor exploits is a flaw in software rather than human psychology. Ransomware is software that encrypts a victim’s data and requests payment for the decryption keys. In 2017 ransomware was spread using a vulnerability in Windows. The vulnerability had already been patched by Microsoft, but many systems had not installed the update that patched the vulnerability. As a result, over 300,000 computers were infected including those in hospital networks (see Article about WannaCry Ransonware).
Know the fundamentals. Reducing vulnerabilities reduces the risk of a threat causing a security breach.
What lessons can we learn from these scenarios? Be very skeptical of websites or pop ups requesting you to download software to clean or fix your computer. Do not allow your trust to be exploited by a threat actor. In general, pay close attention to what you install on your system. Software has vulnerabilities. To decrease the number of vulnerabilities in your system, software updates and patches should be downloaded from the proper channels. Knowing the proper channel is a matter of becoming informed by reading the software’s documentation. Some software can be updated from within the program itself. Windows can be updated from within Windows’ system settings. But other software may require you to visit the vendor’s website to download updates. Read your software’s documentation to learn how to safely update. On one hand, think twice before installing software on your computer or phone. Does it come from a trustworthy source? Do you really need this app or program? On the other hand, keeping your trusted software up to date will reduce the risk of a vulnerability being exploited. This in turn will reduce the risk of a harmful security breach.