This doth be a machine-wrought text which may contain errors!
Data security doth concern itself with the shielding of information and systems from unwelcome access, alteration, or ruin. To wit, ere we may know against what we must defend ourselves, ‘tis first needful we comprehend the threats.
What Doth Constitute a Threat?
A threat is aught that may harm information, systems, or accessibility. ‘Tmay be all manner of things, from a hacker to a servant who doth click upon a phishing link, to a power outage which doth bring down the servers.
Common Threats
Vile Software (Malware)
Vile software doth be software wrought to do harm. The most common kinds be:
| Kind | What it doth | Example |
|---|---|---|
| Virus | Spreadeth by attaching itself to other files | Attachment in email |
| Trojan | Doth pretend to be useful software | False installation file |
| Ransomware | Encrypteth thy files and demandeth ransom | WannaCry, LockBit |
| Spyware | Doth secretly monitor thy activity | Keyloggers |
Ransomware, perchance, is the most grievous threat to enterprises this day. Imagine, if thou wilt, that all files on all servers are suddenly encrypted and inaccessible.
Phishing
Phishing doth be attempts to beguile one into yielding sensitive particulars (passwords, personage details) by posing as one they are not. ‘Tis oft conveyed as an epistle, yet also by text message and missives within the social medias.
Markings thereof:
- Hasteth! “Thine account shall be closed within 24 hours!”
- Unknown sender, or sender resembling, yet not being correct (
support@micosoft.com) - Links which lead to an address other than that which the text doth proclaim
- Poor language or generic salutations (“Dear Customer”)
Distributed Denial of Service (DDoS)
A DDoS attack (Distributed Denial of Service) doth floodeth a service with such great abundance of traffic that it doth cease to function. Imagine, if thou wilt, thousands of folk attempting to pass through a single door at the selfsame moment.
‘Tis not an endeavor to steal data, but rather to render the service unavailable. It may be employed for extortion, sabotage, or even as a diversion whilst another attack doth proceed.
Social Manipulation (social engineering)
Many of the most potent assaults do exploit men, not technology. Social manipulation doth concern itself with beguiling folk to perform deeds they ought not.
| Method | Explanation |
|---|---|
| Phishing | False missives which appear credible to the eye |
| Pretexting | To pose as another (e.g., “the IT department”) |
| Tailgating | To follow one through a locked door without a key of thine own |
| Baiting | To leave a USB stick with malware where one may discover it |
Threats to Democracy and Society
Digital threats concern not merely single enterprises, but may affect the whole commonwealth:
| Threat | How it doth affect the commonwealth |
|---|---|
| Misinformation | False tidings spread through the social media may sway elections and opinions |
| Deepfakes | AI-generated visions which make it hard to discern truth from falsehood |
| Cyber-attacks upon critical infrastructure | Assaults upon the power grid, hospitals, or waterworks may afflict the whole society |
| Privacy breaches | Leakage of personal data doth weaken trust in digital services |
| Surveillance | Disproportionate watching doth threaten personal liberty |
Norway is not immune
Norway hath been beset by several grievous cyberattacks. The Parliament was hacked in the years 2020 and 2021. The municipality of Østre Toten was struck by ransomware in 2021, which did bring municipal services to a halt for many weeks. Norsk Hydro was smitten by ransomware in 2019, with costs exceeding 800 million kroner.
Fundamental Protection
Thou needest no advanced tools to defend thyself against most threats:
| Measure | That which it doth protect against |
|---|---|
| Keep systems updated | Known vulnerabilities |
| Strong, unique passwords | Brute force, reuse of leaked passwords |
| MFA (two-factor authentication) | Access even should the password be leaked |
| Backup | Ransomware, disk failure, mishap |
| Firewall | Unwanted network traffic |
| Training | Phishing and social manipulation |
The most weighty factor
Most prosperous assaults commence with men, not with technology. An updated server, though fortified with a mighty firewall, doth avail thee little if some soul doth click upon a phishing link and surrendereth his password. Awareness is the most potent measure of security.
Task the First - Of a Notable Assault
Seek ye knowledge of the WannaCry assault of the year of our Lord 2017. ‘Twas a plague upon hospitals, businesses, and public services throughout the world.
- What manner of malicious software did it prove to be?
- By what means did it spread its contagion?
- What were the consequences thereof?
- What might have stayed its hand? (Hint: a simple updating of systems)
Task 2 - Discern Phishing
Mark well this Jigsaw Phishing Quiz from Google. ‘Tis an interactive assay wherein thou shalt determine which missives be true and which do feign.
How many dost thou answer aright?
Task the Third – Who Doth Threaten Norway?
Read the latest National Digital Risk Portrait from NSM (National Security Authority) at nsm.no.
- What perils doth NSM bring forth as most significant?
- Which sectors are most vulnerable?
- Doth aught surprise thee?
Summary
- Malware, phishing and DDoS be amongst the most common of threats.
- Social engineering doth exploit men, not technology.
- Digital threats may affect democracy and public trust through misinformation and assaults upon critical infrastructure.
- Updates, strong passwords, MFA and backup be the most important security measures.
- Training is the most effective measure against social engineering.