Avast ye! This be a machine-translated text, an’ it may contain errors, aye!
Data security be all about protectin’ yer info and systems from unwanted access, changin’, or destruction. To know what we be defendin’ against, we first gots to understand the threats.
What Be a Threat, Aye?
A threat be anythin’ that can harm information, systems, or availability. It can be anythin’ from a hacker to a crewmate clickin’ on a fishin’ link, to a power outage that brings the servers down.
Common Scallywags and Threats
Scallywag Software (Malware)
Scallywag software be be programmin’ crafted t’ cause harm, aye. The most common types be:
| Type | What it does | Example |
|---|---|---|
| Virus | Spreads by latchin’ onto other files | Email attachments |
| Trojan Horses | Pretends t’ be useful software | Fake installin’ file |
| Ransomware | Encrypts yer files an’ demands a ransom | WannaCry, LockBit |
| Spyware | Secretly watches yer every move | Keyloggers |
Ransomware be perhaps the most fearsome threat t’ businesses today. Imagine all files on all servers suddenly bein’ encrypted an’ unavailable, arr!
Phishing
Phishing be attempts t’ trick a landlubber inta givin’ up their precious secrets (passwords, personal info) by pretendin’ t’ be someone they ain’t. ‘Tis often delivered by sea mail (email), but also by signal fires (SMS) an’ messages on the social currents.
Signs t’ look out for:
- Belay! “Yer account be closed in 24 hours!”
- Unknown sender or a sender that looks similar, but ain’t quite right (
support@micosoft.com) - Links that lead t’ a different port than what the writin’ says
- Poorly writ or generic greetin’s (“Dear Customer”)
Service Denial Attacks (DDoS)
A DDoS attack (Distributed Denial of Service) floods a service with so much traffic that it ceases to function. Think o’ thousands o’ scallywags tryin’ to pass through a single door at the same time.
‘Tis not an attempt to plunder data, but to render the service unavailable. It can be used for ransom, sabotage, or as a diversion whilst another attack be underway.
Social Manipulatin’ (social engineerin’)
Many o’ the most effective attacks be exploitin’ folk, not technology. Social manipulatin’ be about trickin’ landlubbers into doin’ things they shouldn’t.
| Method | Explanation |
|---|---|
| Phishing | False missives that look the part |
| Pretexting | Pretendin’ to be someone else (e.g. “the IT crew”) |
| Tailgating | Followin’ someone through a locked door without yer own key |
| Baiting | Leavin’ a USB stick with cursed cargo where someone finds it |
Threats to Democracy and Society
Digital threats ain’t just about single ventures, savvy? They can affect the whole of society:
| Threat | How it affects society |
|---|---|
| Misinformation | False news spreadin’ on the social media seas can sway elections and opinions |
| Deepfakes | AI-generated videos makin’ it hard to tell truth from lies |
| Cyberattacks on critical infrastructure | Attacks on the power grid, hospitals, or water supply can cripple the whole society |
| Privacy breaches | Leakage of personal data weakens trust in digital services |
| Surveillance | Excessive surveillance threatens personal freedom |
Norway ain’t immune
Norway has been hit by many a fierce cyberattack. The Parliament was hacked in 2020 and 2021. Østre Toten municipality was struck by ransomware in 2021, which sent the local services to Davy Jones’ Locker for weeks. Norsk Hydro was hit by ransomware in 2019, leavin’ behind a plunder of over 800 million kroner.
Basic Defenses
Ye don’t be needin’ fancy tools to guard yerself against most of the terrors:
| Measure | What it protects against |
|---|---|
| Keep systems updated | Known vulnerabilities |
| Strong, unique passwords | Brute force, reuse of leaked passwords |
| MFA (two-factor authentication) | Access even if the password leaks |
| Backup | Ransomware, disk failure, mishaps |
| Firewall | Unwanted network traffic |
| Training | Phishing and social engineering |
The most important factor
Most successful raids start with the crew, not the tech. An updated vessel with a strong bulkhead helps little if someone clicks on a scurvy phishing link and gives up their booty’s password. Awareness be the most effective security measure on the high seas.
Task 1 - Read o’ a Famous Attack
Seek out the WannaCry attack o’ 2017. ‘T struck hospitals, businesses, an’ public services ‘round the globe.
- What sort o’ villainy was it?
- How did it spread like wildfire?
- What were the consequences, aye?
- What could ‘ave prevented it? (Hint: a simple update, savvy?)
Task 2 - Spot the Phishin’
Avast ye and check out the Jigsaw Phishing Quiz from Google. ‘Tis an interactive test where ye must discern which missives be genuine and which be phishin’ attempts.
How many can ye correctly identify, aye?
Task 3 - Who be threaten’n Norway?
Read the latest National digital risk landscape from the NSM (National Security Authority) over at nsm.no.
- Which threats be the NSM callin’ the most dangerous?
- Which sectors be most at risk o’ plunderin’?
- Be there anythin’ that takes ye by surprise?
Summary
- Malware, phishing and DDoS be amongst the most common threats, aye.
- Social engineering exploits the crew, not the technology.
- Digital threats can affect democracy and public trust through misinformation and attacks on critical infrastructure.
- Updates, strong passwords, MFA and backups be the most important security measures.
- Training be the most effective measure against social engineering, savvy?