Reply To: OCU ISSO Week 3 Lesson 11 Discussion
The first cybersecurity threat I choose is password theft. Password theft was the number two threat on the list I found. Password theft is so common because people tend to use simple passwords so they can remember them. Users use the same password for multiple sites making it easy to access their data. Third parties manage to steal or guess your password. There are several ways to prevent password theft. One uses a stronger password that consists of numbers, letters, and special characters. Another way is by not having your username and password automatically stored on a device. I know this makes it easier when logging into a site but if the device is lost, stolen, or compromised the intruder has free reign of your information. You can implement the use of two-step verification or use a biometric reader. Making sure that passwords are safe and secure and not easily accessible are especially important to company and security officer because some companies have hundreds of users and they all have access to the companies’ data. Making sure that data stays safe is vital, especially because so much data is stored on devices or in the cloud. It is a security officer’s job to keep that data safe and make sure the right protocols are in place.
The second attack I choose is the Trojan Virus. This kind of cyberattack happens by disguising malware as legitimate software. One of the most common ways the Trojan Virus was implemented into a computer or network was by displaying an “Alert” on the screen when you visited a website. The “Alert” recommended scanning your computer for harmful viruses. When you performed the scan the malware was delivered through that scan. As a security officer making sure that people are trained and informed on how to recognize these kinds of scams and malware can save the company time, money, and the loss of data. By being able to recognize it as a virus or scam you can avoid any harmful outcomes of the data or the company. Having the correct security protocols and training in place will help to deter these kinds of attacks.
The third type of attack I choose is the Drive-By Attack. This kind of cyber attack happens when malicious code is delivered onto a system or device. This kind of attack requires no action by the end user. There is no need to install anything or click on a link. The harm is done automatically because it is done through the code. Making sure you have the correct firewall, and other security software on your device will help to avoid this kind of attack. Since there is no action required by the end user, knowing how to recognize and defend against this kind of attack is important for both the company and the security officer because this kind of attack makes it easy to steal data and information. The proper training and protocols in place will help to defend against this kind of attack. Also avoiding questionable or compromised websites will help.