Cybersecurity: Different sectors have unique definitions based on business operations and cyber threats.
References:
Kremling, Cyberspace, Cybersecurity, and Cybercrime SAGE Publishing, 2018.
Evans, Enterprise Cybersecurity in Digital Business: Building a cyber resilient organization
Types of Cyberspace Intrusions
Network-based intrusions
Wireless attacks
Man-in-the-middle
Malicious software
Network-Based Intrusions
Occur when a computer network is accessed without predefined permissions.
Common network devices:
Routers
Switches
Hubs
Modems
Firewalls
Access points
Attractive to attackers because they may go undetected and are difficult to trace.
Two main forms of attacks:
Targeted: Attackers focus on a specific victim (company/individual), researching vulnerabilities to tailor attacks.
Untargeted: Attackers aim to infect as many devices/users as possible within a network.
Wireless Attacks
Wireless networks are often less secure than traditional online networks.
Vulnerabilities and attack methods include:
Human error (intended or unintended).
Rogue access points: Unauthorized wireless access points installed on a network.
Man-in-the-middle attacks.
Rogue Access Point Example
Coffee shops, restaurants, and hotels often have open networks for easy Wi-Fi access.
Hackers create rogue access points within these networks.
Users connecting to the internet through the rogue access point unknowingly route their data through the hacker's access point.
This gives the hacker full control over the data transmitted.
Case study: https://www.linkedin.com/pulse/case-study-3-local-coffee-shop-sharee-english
Man-in-the-Middle Attacks
An attacker intercepts communication between two parties to obtain sensitive information without their awareness.
Man-in-the-Middle technical configuration
Malicious Software (Malware)
Forms of Malware:
Ransomware:
Cyber criminals hold a firm’s computer systems hostage until a ransom is paid.
In 2021, ransomware attacks occurred every 11 seconds.
The Latest 2025 Ransomware Statistics (updated January 2025) https://aag-it.com/the-latest-ransomware-statistics/#:~:text=What%20percentage%20of%20all%20current,attacks%20over%20the%20same%20period.
Crimeware:
Malware specifically designed to automate cybercriminal activities.
Uses social engineering to perpetrate identity theft and gain access to victims’ accounts.
Cybercriminals gain access to funds and make unauthorized transactions.
Espionage:
Cyber spying involves obtaining unauthorized, classified, or secret information from individuals, competitors, groups, or governments.
Motivations include personal, political, or military advantages.
Techniques involve cracking and malicious software, mainly Trojan horses.
Intellectual Property (IP) Theft:
Stealing copyrights, trade secrets, and patents using the internet and computers.
Methods include hacking into a target company’s computing environment.
Negligence accounts for approximately 42% of such breaches (e.g., leaving a laptop unattended).
Social Media:
There are almost 3 billion active Facebook users.
Blurring lines between personal and corporate use.
Common platforms with blurred boundaries: Facebook, Twitter, and LinkedIn.
Vendors:
Represent the majority of reported actors involved in data breaches.
Companies send vendors data for processing or storage.
Security of data is completely in the hands of the third party.
Social Engineering
Attackers exploit the “human factor” (weakest link in the security chain) for criminal purposes.
Takes advantage of human characteristics (willingness to help, trust, fear, respect for authority) to manipulate people.
Phishing:
Convincing victims via realistic emails to click links and enter passwords/login data on fake websites.
Attackers collect this data.
Further reading: https://www.bsi.bund.de/EN/Themen/Verbraucherinnen-und-Verbraucher/Cyber-Sicherheitslage/Methoden-der-Cyber-Kriminalitaet/Social-Engineering/social-engineering_node.html