cybersecurity

Data Protection Principles

All organizations and people using or storing personal data must follow rules set by the Data Protection Act 2018.

Rights of Data Subjects

Individuals can access information about themselves held by governments and organizations. Key rights include:

  • Knowing what data is stored about them.

Automated Decision-Making and Profiling

People have rights concerning automated decisions made without human input (like loan approvals). These rights also apply when organizations use data to predict behavior or interests.

Data Security

While technical methods can protect data, human error remains a big risk. For example, social engineering tricks people into giving out personal information.

Social Engineering

This attacks people's trust to get sensitive information directly. Common techniques rely on human interactions rather than tech vulnerabilities.

Shouldering (Shoulder Surfing)

An attacker watches someone to steal personal info like passwords, often in public places.

Name Generator Attacks

Attackers get individuals to share personal info through quizzes or apps for account security questions.

Phishing Attacks

Scammers send emails that seem real, tricking victims into revealing info. These emails can lead to fake websites. "Smishing" is the same, but via SMS.

Indicators of Phishing Emails

Look for unexpected requests, spelling mistakes, strange links, and generic greetings.

Hacking

This means getting unauthorized access to a computer system. Reasons include:

  • Data theft

  • Service disruption

  • Financial gain

  • Political motives

  • Fun or ethical reasons.

Ethical vs. Unethical Hacking

Ethical hacking tries to find and fix vulnerabilities; unethical hacking seeks personal gain or to cause harm.

Blagging (Pretexting)

This involves creating fake stories to gain trust and information from victims, often with suspicious emails.

Script Kiddies

Inexperienced hackers who use existing tools for attacks with limited skills.

Denial of Service Attacks (DoS and DDoS)

  • DoS: Makes a network unavailable by overwhelming it.

  • DDoS: Uses multiple computers to attack simultaneously, hard to trace.

The Computer Misuse Act (1990)

This law introduced three offenses:

  1. Unauthorized access

  2. Intent to facilitate further offenses

  3. Unauthorized acts to harm computer functions.

Malware

This is software designed to harm or illegally access computers:

  • Viruses

  • Trojans

  • Adware

  • Spyware

  • Worms

  • Ransomware

Virus Characteristics and Infection Methods

Self-replicating software disrupting operations, often spread via:

  • Email attachments

  • Unverified downloads

Ransomware

Locks and encrypts files, demanding money to unlock them.

WannaCry Attack

In May 2017, over 200,000 computers were affected due to an unpatched Windows flaw.

Trojans

Seem harmless but perform harmful actions without the user's knowledge.

Spyware

Collects user info, sometimes using keyloggers to capture private data.

Adware

Shows unsolicited ads, often annoying users.

Bots and Botnets

Malware-infected devices controlled by attackers for attacks like DDoS.

Security Measures

100% security is impossible, but strong protections reduce risks:

  • Firewalls: Block harmful data based on rules.

  • Anti-Malware Software: Finds and quarantines harmful code.

  • Auto-Updates: Keep software current to lessen risks.