A
- access control, as component of Crime Prevention Through Design (CPTD), 99
- access devices, 125, 127
- access management, 208, 211–212
- accounts
- accessing of only when you're in safe location, 126
- audible access to corporate accounts, 179
- limiting access to corporate accounts on social media, 178–180
- monitoring of, 122
- reporting suspicious activity on, 122
- securing data associated with user accounts, 119–130
- securing of, 117–134
- securing of external accounts, 118–119
- setting appropriate limits regarding, 126
- use of alerts on, 127
- advanced attacks, 43–45
- advanced persistent threats (APTs), 45
- adware, 37–38
- adware malware, 37–38
- alarms, 100, 155
- Alcoa, hacking of, 53
- alerts
- responding to fraud alerts, 127
- setting up text alerts for payment card information, 256
- signing up for from bank, 89
- triggering fraud alerts, 127
- use of on your accounts, 127
- algorithms (for encryption), 355
- Allegheny Technologies, hacking of, 53
- Amazon AppStore, as reputable app store, 120
- American Association of Retired Persons (AARP), on passwords, 143
- Android devices, 265, 291, 296–297
- Anthem, Inc., 255, 363–364
- anti-money laundering laws, 193
- Apple, backing up data on, 265–266
- Apple App Store, as reputable app store, 120
- apps
- backing up data from, 262–264
- cloud-based, 342–343
- archives, understanding of, 312–314
- artificial intelligence (AI), 343–346
- assets, 74–75, 211
- asymmetric algorithm, for encryption, 355
- ATM cards, cautions with, 88
- attacks. see also cyberattacks
- advanced attacks, 43–45
- blended attacks, 42, 45
- brute-force attacks, 42, 46
- buffer overflow, 48
- calculated attacks, 42
- credential attacks, 42
- credential stuffing, 136
- denial-of-service (DoS) attacks, 24, 196
- dictionary attacks, 42, 136
- distributed denial-of-service (DDoS) attacks, 21, 24–26
- injection, 46–47
- malformed URL, 47
- man-in-the-middle attacks, 21, 31
- opportunistic attacks, 44
- poisoned web page attack, 39–40
- poisoned web service attacks, 39–40
- rootkits, 45
- semi-targeted attacks, 45
- session hijacking, 47
- social engineering attacks, 42, 152–155
- targeted attacks, 44–45
- wiper attacks, 27
- audible access, to corporate accounts, 179
- augmented reality, transforming experiences with, 350
- authentication
- biometric authentication, 123, 146–148
- cautions with authentication by Google, 66
- digital certificates, as form of, 123
- hardware tokens, as form of, 123, 149–150
- knowledge-based authentication, 123
- multifactor authentication, 89, 122–124, 179–180
- password authentication, 135–136
- SMS (text message)-based authentication, 148–149
- USB-based authentication, 150
- using proper authentication, 357
- voice-based authentication, 148
- Authy (app), 124
- automated-task backups, 280–281
- AutoRecover (Microsoft Word), 276
- AutoUpdate (Windows), 125
- availability, as part of CIA triad, 21
B
- B2B International, 26
- backup power, as physical security method, 101
- backup software, 278–281
- backup/backing up
- from apps and online accounts, 262–264
- automated-task backups, 280–281
- as basic element of protection, 75, 76, 79
- boot disks, 281
- cloud-based backup, 282–283
- continuous backups, 272–273, 308
- cryptocurrency, 267
- defined, 261
- differential backups, 271–272, 307–308
- disposing of, 286–287
- downloaded software, 270
- drive backups, 274, 309
- drive-specific backup software, 279
- encryption of, 283, 285
- exclusions from, 275–276
- folder backups, 273–274, 309
- frequency of, 277–278
- full backups of data, 270–271, 272, 305–306, 308
- full system backup, 267–268, 301–306
- importance of, 261–262
- importance of doing so often, 356
- in-app backups, 276–277, 312
- incremental backups, 271, 272, 306–310, 308
- knowing where not to store backups, 284–285
- knowing where to backup, 282–284
- later system images, 269
- manual backups, 280
- mixed backups, 272
- mixing locations, 284
- network storage, 283–284
- never leaving backups connected, 318
- original installation media, 269–270
- original system images, 269
- partial backups, 273, 308–309
- passwords, 267
- for remote workforces, 187
- restoring from, 299–320
- restoring using backup tools, 314–317
- returning of to their proper locations, 317–318
- risks from, 101
- smartphone/tablet backup, 265–266, 280
- storage of, 356
- storage of local copy of, 282
- testing of, 286, 319
- third-party backups, 262
- tools for, 262, 279–281
- types of, 267–277
- virtual drive backups, 274–275, 310
- Windows backup, 279
- bad guys, 50–55
- baiting, as type of social engineering attack, 153–154
- balance of power, as political ramification of cybersecurity, 19–20
- banking, online, 88–89
- battery, drain speed of, 227
- big data, impact of on cybersecurity, 12
- biometric authentication, 123, 146–148
- biometric data, laws governing, 193
- birthday, cautions in sharing of, 161
- BitLocker, 274
- black hat hackers, 55
- blended attacks, 42, 45
- blended malware, as cyberattack, 38
- blockchain technology, 340–342
- blue hat hackers, 56
- bogus information, use of, 170
- bogus press releases and social media posts, as technique of cyberattackers, 58
- bogus smartphone ransomware, 221
- boot disks, 281, 320
- botnets, 26
- breach disclosure laws, 191–192, 205–206
- breaches. see also hacking
- Anthem, Inc., 363–364
- Colonial Pipeline, 364–365
- covert breaches, 222–237
- discovery of, 241–242
- human errors as No. 1 catalyst for, 176, 208
- identification of, 219–237
- JBS, 365
- lawsuits from, 207
- lessons from, 359–365
- Marriott International, 359–361
- not using professional to help recover from, 241–247
- overt breaches, 220–222
- preventing of, 239–240
- recovering from, 239–257
- Sony Pictures, 362
- Target, 361
- United States Office of Personnel Management (OPM), 363
- using professional to help recover from, 240–241
- Bring Your Own Device (BYOD) policy, 181, 194
- browser, 86, 125
- browser add-ons, impact of covert breach on, 233
- browser home page, impact of covert breach on, 234
- brute-force attacks, 42, 46
- buffer overflow attacks, 48
- buffering, impact of covert breach on, 225
- Burr, Bill (author), 138
- business continuity plans (BCPs), 203, 213
- business data theft, 32–33
- business risks, as mitigated by cybersecurity, 22
C
- calculated attacks, 42
- car computers, 340
- carve outs, 189
- cellphone numbers, 86, 129
- CEO fraud, as cyberattack, 28–29
- certifications
- adherence to code of ethics as required by, 335
- Certified Ethical Hacker (CEH), 333–334
- Certified Information Security Manager (CISM), 333
- Certified Information Systems Security Professional (CISSP), 332–333
- in cybersecurity, 332–335
- digital certificates as form of authentication, 123
- Global Information Assurance Certification Security Essentials Certification (GSEC), 334–335
- Security+, 334
- TLS/SSL certificate, 197, 354–355
- verifiability of, 335
- Certified Ethical Hacker (CEH), 333–334
- Certified Information Security Manager (CISM), 333
- Certified Information Systems Security Professional (CISSP), 332–333
- Cheat Sheet, 4
- chief information security officer (CISO), 210–215, 324–325, 329–330
- China, as known for performing cyberespionage, 126
- CIA triad, 21
- Cialdini, Robert Beno (social psychologist), 156
- claimed destruction, as overt breach, 221–222
- class action lawsuits, from data breaches, 207
- classified information, 94
- Clinton, Hillary (former U.S. Secretary of State), 95
- cloning, 274
- cloud, 280, 282–283
- cloud-based applications and data, 342–343
- Colonial Pipeline cybersecurity breach, 364–365
- communication, impact of covert breach on, 225
- communication protocols, standardized, 186
- compliance
- for big businesses, 203–207
- on biometric data, 193
- breach disclosure laws, 191–192, 205–206
- CISO's responsibility for, 213
- cybersecurity regulations expert, 328
- General Data Protection Regulation (GDPR), 192
- Health Insurance Portability and Accountability Act (HIPAA), 192
- industry-specific regulations and rules, 206
- Payment Card Industry Data Security Standard (PCI DSS), 191, 205
- private regulations expert, 328
- public company data disclosure rules, 205
- Sarbanes Oxley Act of 2002 (SOX), 203–204
- Small Business Administration as source of guidance on, 190
- for small businesses, 190–193
- compromised credentials, 33–34
- CompTIA, 334
- computer viruses, 34
- computer worms, 35
- computer(s)
- as basic element of protection, 76, 79
- fake malware on, 38
- locking, 124
- resets on, 289–298
- use of separate, dedicated one for sensitive tasks, 125
- using your own, 124
- confidentiality, as part of CIA triad, 21
- Confidentiality, Integrity, and Availability (CIA), 21
- construction, contingencies during, 101
- consultants, considerations described in big businesses, 208–210
- continuity planning, 62–63, 203, 213
- continuous backups, 272–273, 308
- corporate accounts, limiting access to, 178–180
- Corporate and Auditing Accountability, Responsibility, and Transparency Act, 203–204
- corporate spies, 54
- Covid-19 pandemic, impact of on cybersecurity, 12–14
- credential attacks, as cyberattack, 42
- credential stuffing, 42, 136
- credit card information, 58, 120–122
- Crime Prevention Through Environmental Design (CPTD), 99
- crimes, cautions in sharing of, 160
- criminal record, overcoming of, 335–336
- criminals, reasons of for cyberattacks, 54
- critical infrastructure risks, 339
- cross-site scripting (XSS), 46
- cryptanalysts, role of, 325
- cryptocurrency
- backing up, 267
- cryptocurrency miners, 37
- defined, 340
- effect of on cybercriminals, 10–11
- mining of, 37, 56, 60, 341–342
- restoring of, 319–320
- security of, 91–92
- use of, 340–342
- cryptographer, role of, 325–326
- cryptominers/cryptocurrency miners, 37, 56, 60, 341–342
- custom systems, managing of in your big business, 202
- cyber insurance, 189, 215, 253
- cyberattackers
- black hat hackers, 55
- blue hat hackers, 56
- defending against, 67
- green hat hackers, 56
- grey hat hackers, 56
- groupings of, 55–56
- as monetizing their actions, 56–60
- white hat hackers, 55
- cyberattacks
- advanced attacks, 43–45
- adware, 37–38
- blended malware, 38
- botnets and zombies, 24, 26
- CEO fraud, 28–29
- computer viruses, 34
- computer worms, 35
- credential attacks, 42
- cryptocurrency miners, 37, 56, 60, 341–342
- data destruction attacks, 24, 27
- data theft, 32–34
- denial-of-service (DoS) attacks, 24
- distributed denial-of-service (DDoS) attacks, 24–26
- drive-by downloads, 41
- exploiting maintenance difficulties, 43
- impersonation, 27–29
- interception, 30–31
- malvertising, 40–42
- malware, 34–39, 42, 223, 248, 290
- man-in-the-middle attacks, 21, 31
- network infrastructure poisoning, 40
- opportunistic attacks, 44
- pharming, 29
- phishing, 28
- poisoned web service attacks, 39–40
- ransomware, 35–36
- scareware, 36
- smishing, 29
- social engineering attacks, 42
- spear phishing, 28
- spyware, 37
- stealing passwords, 41–42
- tampering, 30
- targeted attacks, 44–45
- that inflict damage, 24–27
- Trojans, 35
- viruses, 34
- vishing, 29
- whaling, 29
- wiper attacks, 27
- worms, 35
- zero day malware, 38
- zombies, 24, 26
- cyberespionage, 126
- cyberhygiene, 87, 171, 361
- cybersecurity
- and big businesses, 201–215
- certifications in, 332–335
- as constantly moving target, 9–20
- goal of, 21
- humans as Achilles heel of, 60–61, 83
- improvement in without spending a fortune, 353–358
- increased need for, 344–345
- multiple meanings of, 7–8
- no such thing as 100 percent cybersecurity, 67
- other professions with focus on, 336
- professional roles in, 324–328
- pursuing career in, 323–336
- risks as mitigated by, 20–22
- and small businesses, 175–199
- working from home, 105–114
- cybersecurity fatigue, 2
- cybersecurity professionals, bringing in/hiring of, 240–241, 358
- cybersecurity regulations expert, role of, 328
- cyberspies, 63–64
- cyberwarriors, 14, 63–64, 339
D
- data
- business data theft, 32–33
- changes in collection and storage of, 16
- cloud-based, 342–343
- Confidentiality, Integrity, and Availability (CIA) of, 21
- data loss prevention, 212
- full backups of, 270–271, 272, 305–306, 308
- historical protection of digital data, 9–10
- laws governing biometric data, 193
- leaking of by sharing information as part of viral trends, 162
- locating your vulnerable data, 97–98
- old live data, 313
- personal data theft, 32
- protecting employee data, 190
- public company data disclosure rules, 205
- recovering from breach when data is compromised at third party, 253–257
- restoring from full backups of, 305–306
- securing by not connecting hardware with unknown pedigrees, 133–134
- securing of at parties that you haven't interacted with, 132–133
- securing of with parties you've interacted with, 130–132
- stealing of as technique of cyberattackers, 59
- theft of, 32–34
- data breaches. see also hacking
- Anthem, Inc., 363–364
- Colonial Pipeline, 364–365
- covert breaches, 222–237
- discovery of, 241–242
- human errors as No. 1 catalyst for, 176, 208
- identification of, 219–237
- JBS, 365
- lawsuits from, 207
- lessons from, 359–365
- Marriott International, 359–361
- not using professional to help recover from, 241–247
- overt breaches, 220–222
- preventing of, 239–240
- recovering from, 239–257
- Sony Pictures, 362
- Target, 361
- United States Office of Personnel Management (OPM), 363
- using professional to help recover from, 240–241
- data destruction attacks, 27
- data exfiltration, 33
- deep pockets, of big businesses, 207
- defacement, as overt breach, 221
- degaussing, as way of disposing of backups, 287
- deletions, dealing with, 311
- denial-of-service (DoS) attacks, 24–26, 196
- detecting, defined, 80
- devices
- drain speed of batteries, 227
- for remote workforces, 185
- security of, 108–109
- temperature of, 227
- dictionary attacks, 42, 136
- differential backups, 271–272, 307–308
- digital certificates, as form of authentication, 123
- digital currency, 340. see also cryptocurrency
- digital data, historical protection of, 9–10
- digital poisoning, 126
- direct financial fraud, as way to monetize cyberattackers actions, 56–57
- disaster recovery plans (DRPs), 62–63, 203, 213
- distributed denial-of-service (DDoS) attacks, 21, 24–26
- DNS poisoning, 40
- domain name system (DNS), 40
- double-locking, 190
- downloaded software, 270, 304–305
- drive backups, 274, 309
- drive-by downloads, as cyberattack, 41
- drive-specific backup software, 279
E
- eavesdropping, 110
- EC-Council (International Council of E-Commerce Consultants), 334
- economic model, shifts in as impact on cybersecurity, 15–16
- education, evaluating security measures regarding, 83
- Einstein, Albert (scientist), 50
- election interference, as political ramification of cybersecurity, 16–18
- emails, 129–130, 154
- employees
- considerations described in big businesses, 208–210
- enforcing social media policies for, 183
- giving everyone his or her own credentials, 178
- implementing cybersecurity policies for, 180–183
- incentivizing of, 177
- limiting access of, 177–178
- monitoring of, 183–184
- protecting employee data, 190
- watching out for, 176–184
- employer-issued documents, compromise of, 257
- encryption
- of all private information, 87
- of backups, 283, 285
- end-to-end encryption, 87
- for guest users, 78
- one-way encryption, 255
- ransomware as often encrypting user files, 35–36, 220
- of sensitive information, 354–356
- use of, 86, 102, 140, 370
- of virtual drives, 274–275, 309
- of Wi-Fi network, 77
- endpoints, 75, 79
- end-to-end encryption, 87
- environmental risk mitigation, as physical security method, 100–101
- ethical hacker, role of, 326
- ethics, code of, 335
- evil twin networks, 187
- expunged records, as no longer really expunged, 65
- external accounts, securing of, 118–119
- external disasters, 62–63
F
- Facebook
- authentication capabilities provided by, 139
- basic control and audibility on, 179
- for business, 179
- cautions in listing family members on, 158–159
- celebrity accounts as verified on, 169
- criminals as creating fake profiles on, 162
- number of connections on as red flag, 164
- red flags on, 42, 164, 167
- use of to find someone's mother's maiden name, 85
- factory image, 269
- Fair Credit Reporting Act (FCRA), 64, 132–133
- fake profiles, on social media, 162–169
- false alarm, as type of social engineering attack, 155
- family tree sites, cautions with, 132
- Federal Trade Commission (FTC), 133, 144
- fiduciary responsibilities, of big businesses, 206
- files, 228
- financial information, cautions in sharing of, 158
- financial risks, as mitigated by cybersecurity, 22
- fingerprint sensors, 146–148
- Firefox, 87, 249
- firewall/router, as basic element of protection, 76–78
- folder backups, 273–274, 309
- forced policy violations, 34
- forensic analyst, role of, 328
- fraud alerts, 127
- fraud prevention, 212
- frequency, of backups, 277–278
- full backups of data, 270–271, 272, 305–306, 308
- full system backup, 267–268, 301–306
G
- genealogy sites, cautions with, 132
- General Data Protection Regulation (GDPR), 192, 360
- geopolitical risks, 214
- Global Information Assurance Certification Security Essentials Certification (GSEC), 334–335
- good guys, as relative term, 50–51
- goods, stealing of as technique of cyberattackers, 59
- Google, cautions with authentication by, 66
- Google Chrome, 87, 248
- Google Drive, data storage on, 262
- Google Photos, backing up, 264
- Google Play, as reputable app store, 120
- Google Voice, 86, 129, 179
- government-issued documents, compromise of, 256–257
- green hat hackers, 56
- grey hat hackers, 56
- guessing passwords, 136
- guest network capability, 78
H
- hackers
- black hat hackers, 55
- blue hat hackers, 56
- ethical hacker, 326
- green hat hackers, 56
- grey hat hackers, 56
- history of teenage hackers, 52
- offensive hacker, 326–327
- white hat hackers, 55
- hacking. see also breaches
- of Alcoa, 53
- of Allegheny Technologies, 53
- by nations, 52–53
- reasons of rogue insiders for, 55
- reasons of terrorists for, 54–55
- of SolarWorld, 53
- by states, 52–53
- of U.S. organizations by People's Liberation Army (PLA) of China, 53
- use of artificial intelligence (AI) as tool of, 345–346
- of Westinghouse, 53
- hacktivism, as political ramification of cybersecurity, 18
- hacktivists, defined, 54
- hard resets, 292–298
- hardware, evaluating security measures regarding, 82
- hardware tokens, as form of authentication, 123, 149–150
- hashed format, 255
- Health Insurance Portability and Accountability Act (HIPAA), 114, 192
- home computers, potential problems of regarding cybersecurity, 72
- HTTPS, 127, 197, 354–355
- Huawei devices running Android 8, hard resets on, 297
- human errors, 60–62, 110, 176, 208
- humans, as Achilles heel of cybersecurity, 60–61, 83
I
- iCloud, backing up using, 266
- icons, explained, 4
- identity and access management, 211–212
- impersonation, as cyberattack, 27–29, 154
- in the cloud, defined, 280
- in-app backups, 276–277, 312
- inbound access, handling of, 194–196
- incident response plan, 213
- incident response team member, role of, 328
- incineration, as way of disposing of backups, 287
- incremental backups, 271, 306–310, 308
- incremental system backups, 306–307
- indirect financial fraud, as way to monetize cyberattackers actions, 56, 57–59
- industry-specific regulations and rules, for big businesses, 206
- Influence: The Psychology of Persuasion (Cialdini), 156
- information
- bogus information, 170
- classified information, 94
- credit card information, 58, 120–121, 121–122
- dealing with stolen information, 250–253
- financial information, 158
- insider information, 58
- personal information, 158–160
- private information, 120
- sensitive information, 120, 124, 125, 251, 354–356
- stolen information, 250–253
- that is not private but can help criminals with identity theft, 250–251
- information asset classification and control, 211
- Information Commissioner's Office of the United Kingdom (ICO), 360
- information security
- defined, 7–8
- standards of, 191
- starting out in, 328–330
- strategy of, 211
- training in, 176, 209
- Information Systems Audit and Control Association (ISACA), 333
- infractions, cautions in sharing of, 160
- injection attacks, 46–47
- insider information, as technique of cyberattackers, 58
- insiders, as posing greatest risk, 102–103
- Instagram, 154, 162, 167, 169, 179
- insurance, 83, 189, 215, 253
- integrity, as part of CIA triad, 21
- intellectual property (IP), theft of, 33
- interception, as cyberattack, 30–31
- internal politics, dealing with, 209
- International Council of E-Commerce Consultants (EC-Council), 334
- international sanctions, 193
- Internet
- handling access of in your small business, 193–198
- impact of on cybersecurity, 10
- proxies, 228–229
- segregating access to, 357–358
- settings, 228–229
- Internet of Things (IoT), 12, 73–74, 90, 197, 338–340
- investigations, CISO's responsibility for, 213–214
- iPhones, 292, 298
- iris scanners/readers, 146–148
- iris-based authentication, 146–148
- iTunes, backing up using, 266
J
- JBS cybersecurity breach, 365
K
- Kaspersky Lab, 26
- keylogger, 37
- knowledge-based authentication, 123
L
- latency issues, impact of covert breach on, 224
- later system images, 269, 303
- lawsuits, from data breaches, 207
- legal advice, cautions in sharing of, 160–161
- lighting, as physical security method, 100
- limits, setting appropriate limits regarding accounts, 126–127
- LinkedIn, 162, 164, 166, 167
- location, 109–110, 161
- locks, as physical security method, 100
- logging out, when you're finished, 124
- login info, 127, 356
M
- MAC address filtering, 78
- Mac computers, 291, 297–298
- maintenance difficulties, exploitation of, 43
- malformed URL attacks, 47
- malvertising, as cyberattack, 40–42
- malware
- adware malware, 37–38
- blended malware, 38
- capturing of passwords using, 42
- as cyberattack, 34–39
- fake, on computers, 38
- fake, on mobile devices, 38
- fake security subscription renewal notifications, 39
- impact of on device performance, 223
- as modifying settings, 248
- resetting of device after, 290
- zero day malware, 38
- man-in-the-middle attacks, 21, 31
- manmade environmental problems, risk from, 63
- manual backups, 280
- marking, as component of Crime Prevention Through Design (CPTD), 99
- Marriott International, cybersecurity breach, 359–361
- medical advice, cautions in sharing of, 160–161
- Microsoft Edge, 87, 249
- Microsoft Word, AutoRecover, 276
- mistakes, learning from, 80
- mixed backups, 272
- mobile device location tracking, potential consequences of, 66–67
- mobile devices
- defined, 95
- fake malware on, 38
- keeping of up to date, 125
- potential problems of regarding cybersecurity, 73
- security for, 101–102
- taking inventory of physical security regarding, 97
- using your own, 124
- mobile hotspot, using your cellphone as, 368
- mobile workforces, impact of on cybersecurity, 11
- multifactor authentication, 89, 122–124, 179–180
- multiple network segments, use of, 198
N
- National Socialist Party of America v. Village of Skokie, 50–51
- nations, hacking by, 52–53
- natural disasters, risk from, 62–63
- Network Address Translation, 77
- network connectivity, terminating of on Windows computer, 243–247
- network infrastructure poisoning, as cyberattack, 40
- network sniffing, 42
- network storage of backup, restoring from, 317–318
- network traffic, 230
- networking equipment, potential problems of regarding cybersecurity, 74
- networks
- evil twin, 187
- known, 186–187
- for remote workforces, 185, 186–187
- security of, 106–108
- noise machines, 188
- nonmalicious threats, dealing with, 60–67
- Nuclear Regulatory Commission (NRC), 206
O
- offensive hacker, role of, 326–327
- Office of Personnel Management (OPM) (US), cybersecurity breach, 363
- official apps/websites, use of, 120
- one-way encryption, 255
- online accounts, backing up data from, 262–264
- online banking, 88–89
- Opera, privacy mode, 87
- opportunistic attacks, 44
- original installation media, 269–270, 304
- original system images, 269, 303
- overwriting, as way of disposing of backups, 287
P
- padlock icon, meaning of, 127
- pandemics, 63
- partial backups, 273, 308–309
- partners, considerations described in big businesses, 208–210
- passphrases, defined, 138
- password authentication, 135–136
- password managers, 140–142, 357
- passwords
- AARP (American Association of Retired Persons) on, 143
- alternatives to, 146–150
- app-based one-time ones, 149
- avoid maintaining default passwords, 90
- avoid sharing of, 356
- avoid simplistic ones, 136–137
- avoiding simplistic, 136–137
- backing up, 267
- capturing of using malware, 42
- cautions with resetting of when using public Wi-Fi, 369
- changing of after breach, 144
- classification of, 139
- complicated ones as not always better, 138
- considerations described, 137–142
- considerations for, 137–142
- creating memorable, strong ones, 142
- described, 135–136
- easily guessable personal passwords, 137
- employing proper password strategy, 123
- establishing policies for, 139
- establishing voice login passwords, 129
- Federal Trade Commission (FTC) on, 144
- knowing when to change, 143
- most common ones of 2021, 137
- one-time passwords, 123, 149
- as primary form of authentication, 135–136
- providing of to humans, 144–145
- reuse of, 139–140, 144
- reusing, 139–140
- RSA SecureID one-time password generator hardware token, 149–150
- stealing of, 41–42
- storage of, 140–142
- storing, 145
- theft of password databases, 255
- transmitting of, 146
- use of password manager, 140–142
- as usually stored in hashed format, 255
- voice login passwords, 129
- Payment Card Industry Data Security Standard (PCI DSS), 191, 205
- payment cards, 198, 256
- payment services, use of, 120–121
- penetration tests, running of, 197
- People's Liberation Army (PLA) of China, hacking of U.S. organizations by, 53
- perimeter defense, as basic element of protection, 76
- perimeter security, as physical security method, 100
- personal data theft, 32
- Personal Identification Number (PIN), selection of, 88
- personal information, cautions in sharing of, 158–160
- personal risks, as mitigated by cybersecurity, 22
- pharming, 40
- pharming, as cyberattack, 29
- phishing, as cyberattack, 28, 153
- physical danger risks, as mitigated by cybersecurity, 22
- physical security
- CISO's responsibility for, 214
- creating and executive a plan for, 98–99
- implementing of, 100–101
- locating your vulnerable data, 97–98
- taking inventory for, 94–97
- why it matters, 94
- piggy-backing, 225
- poisoned web page attack, 39–40
- poisoned web service attacks, 39–40
- Pokémon Go, 350
- political shifts, impact of on cybersecurity, 16–20
- pop-ups, impact of covert breach on, 233
- ports, open, 230–231
- power failures, contingencies for, 101
- power issues, managing of in your small business, 198–199
- pretexting, 153
- privacy, basics of, 84–87
- privacy mode, 87
- privacy regulations expert, role of, 328
- privacy risks, as mitigated by cybersecurity, 22
- private information, cautions with providing unnecessary sensitive information, 120
- private mode, limitations of, 132
- professional risks, as mitigated by cybersecurity, 22
- professionals, bringing in/hiring of, 240–241, 358
- protection, elements of, 75–80
- public companies, defined, 205
- Public Company Accounting Reform and Investor Protection Act, 203–204
- pump and dump, as technique of cyberattackers, 57
Q
- quantum computers, 347–348
- quid pro quo, as type of social engineering attack, 154
R
- ransoms, paying of, 251–253
- ransomware, 35–36, 56, 59, 220–221
- recovering, defined, 80
- Registry Editor, impact of covert breach on, 223–224
- regulations
- for big businesses, 203–207
- on biometric data, 193
- breach disclosure laws, 191–192, 205–206
- cybersecurity regulations expert, 328
- General Data Protection Regulation (GDPR), 192
- Health Insurance Portability and Accountability Act (HIPAA), 192
- industry-specific regulations and rules, 206
- Payment Card Industry Data Security Standard (PCI DSS), 191, 205
- private regulations expert, 328
- public company data disclosure rules, 205
- Sarbanes Oxley Act of 2002 (SOX), 203–204
- Small Business Administration as source of guidance on, 190
- for small businesses, 190–193
- regulatory issues, 113–114
- remote access technologies, impact of on cybersecurity, 11
- remote workforces, 184–188
- renovations, contingencies during, 101
- replicated environments, use of, 209–210
- resets, 289–298
- responding, defined, 80
- restarting systems, 247
- restoring
- from archives, 312–314
- from backups, 301–314
- booting from boot disk, 320
- cautions described, 300
- from combination of locations, 318
- to computing device that was originally backed up, 301
- cryptocurrency, 319–320
- dealing with deletions in, 311
- to different device than one that was originally backed up, 302
- from differential backups, 307–308
- of downloaded software, 304–305
- from drive backups, 309
- from encrypted backups, 319
- entire virtual drive, 310
- excluding files and folders in, 311–312
- files and/or folders from virtual drive, 310
- from folder backups, 309
- from full backups of data, 305–306
- from full backups of systems, 301–306
- from incremental backups, 306–310
- from incremental backups of data, 306
- from incremental backups of systems, 306–307
- installing security software, 303–304
- of later system images, 303
- from manual file or folder copying backups, 316
- of modified settings in Safari, 248–249
- need for, 299
- to network storage, 317–318
- to non-original locations, 318
- of original installation media, 304
- of original systems images, 303
- from partial backups, 308–309
- returning backups to their proper locations, 317–318
- from smartphone/tablet backup, 315–316
- to system restore point, 315
- testing backups, 319
- using backup tools, 314–317
- utilizing third-party backups of data hosted at third parties, 317
- from virtual-drive backups, 310
- from Windows backup, 315
- reusing passwords, 139–140
- risks
- addressing of through various methods, 67
- from backups, 101
- environmental risk mitigation, 100–101
- financial risks, 22
- human risk management, 211
- identification of, 74–75
- insiders as posing greatest risk, 102–103
- from manmade environmental problems, 63
- as mitigated by cybersecurity, 20–22
- from natural disasters, 62–63
- from pandemics, 63
- personal risks, 22
- physical danger, 22
- privacy risks, 22
- professional risks, 22
- protecting against, 75–80
- realizing insiders pose greatest risks, 102–103
- from social media, 66
- rogue groups, 52
- rogue insiders, reasons of for hacking, 55
- root your phone, cautions with, 120
- rooting smartphones, 120
- rootkits, 45
- RSA SecureID one-time password generator hardware token, 149–150
S
- Safari, 87, 249
- Samsung Galaxy Series running Android 11, hard resets on, 296
- Samsung tablets running Android 11, hard resets on, 296–297
- sanctions, as political ramification of cybersecurity, 18–19
- sandboxing, 141, 194
- SANS Institute, 334
- Sarbanes Oxley Act of 2002 (SOX), 203–204
- scambaiting, 153–154
- scams, 254–255
- scareware, as cyberattack, 36
- schedule, cautions in sharing of, 157–158
- school-issued documents, compromise of, 257
- script kiddies (a.k.a. skids or kiddies), 51
- Section 302 (SOX), 204
- Section 404 (SOX), 204
- secure area, 141
- Security+, 334
- security administrator, role of, 325
- security analyst, role of, 325
- security architect, role of, 325
- security architecture, 214
- security auditor, role of, 325
- security breaches. see also hacking
- Anthem, Inc., 363–364
- Colonial Pipeline, 364–365
- covert breaches, 222–237
- discovery of, 241–242
- human errors as No. 1 catalyst for, 176, 208
- identification of, 219–237
- JBS, 365
- lawsuits from, 207
- lessons from, 359–365
- Marriott International, 359–361
- not using professional to help recover from, 241–247
- overt breaches, 220–221
- preventing of, 239–240
- recovering from, 239–257
- Sony Pictures, 362
- Target, 361
- United States Office of Personnel Management (OPM), 363
- using professional to help recover from, 240–241
- security consultant, role of, 327
- security director, role of, 324
- security engineer, role of, 324
- security expert witness, role of, 327
- security guards, as physical security method, 100
- security manager, role of, 324
- security measures, evaluating yours, 71–74,80–83–78
- security operations, 211
- security program, 210–211
- security questions, cautions with, 66
- security researcher, role of, 326
- security software, 76, 79, 125, 170–171, 246–247, 303–304, 354, 370
- security specialist, role of, 327
- security subscription renewal notifications, fake, 39
- semi-targeted attacks, 45
- senior security architect, career path of, 329
- sensitivity, for passwords, 138–139
- session hijacking, 47
- sharing, turning off of, 370
- shoulder surfing, 109–110
- shredding, as way of disposing of backups, 287
- “sins,” cautions in sharing of, 161
- Small Business Administration, as source of guidance on regulations, 190
- smart devices, 12, 90
- smartphones
- backing up, 265–266
- backup of, 280
- as full-blown computer, 97
- restoring from backup to, 315–316
- rooting, 120
- smishing, as cyberattack, 29
- SMS (text message)-based authentication, 148–149, 179, 226, 230, 263
- Snapchat, 124
- social engineering
- defined, 61, 128
- examples of, 62
- exploitation of, 156
- preventing of, 151–171
- for remote workforces, 188
- security of, 113
- types of social engineering attacks, 152–155
- social engineering attacks, 42, 152–155
- social media. see also Facebook; Instagram; LinkedIn; Snapchat; Twitter
- backing up, 263–264
- cautions in oversharing on, 156–161
- compromise of, 257
- considering implications of, 85
- enforcing social media policies, 183
- as generating serious risks to cybersecurity, 66
- identifying fake connections, 162–169
- limiting access to corporate accounts on, 178–180
- use of privacy settings on, 86
- warning systems on, 157
- wise use of, 357
- social media impersonation, as type of social engineering attack, 154
- Social Security numbers, 65
- social shifts, impact of on cybersecurity, 14–15
- soft resets, 290–292
- software. see also security software
- backup software, 278–281
- cautions with installing of from untrusted parties, 120
- downloaded software, backup of, 270
- downloaded software, restoring of, 304–305
- drive-specific backup software, 279
- evaluating security measures regarding, 81–82
- installed, 226–227
- reinstalling damaged software after breach, 247–249
- from untrusted parties, 120
- software security engineer, role of, 327
- software source code security auditor, role of, 327
- SolarWorld, hacking of, 53
- Sony Pictures, cybersecurity breach, 362
- spear phishing, as cyberattack, 28
- spies, 54, 63–64, 126
- spyware, 37
- SQL injection, 46–47
- SSL/TLS encryption, 197, 354–355
- standardized communication protocols, 186
- states, hacking by, 52–53
- stationary devices, 95, 96–97
- stolen information, dealing with, 250–253
- storage (of backup), 282–286
- Stuxnet, 339
- Sun Tzu (Chinese military strategist and philosopher), 49
- Supervisory Control and Data Acquisition systems (SCADA), 206
- supply risks, 346
- surveillance, as component of Crime Prevention Through Design (CPTD), 99
- symmetric algorithm, for encryption, 355
- Syrian Electronic Army, 221
- system administrators, 178, 215
- system restoration, 301–306
- System Restore, use of, 248–249
- system restore point, restoring to, 315
T
- tablet, 315–316
- tablets, 280
- tailgating, as type of social engineering attack, 155
- tampering, as cyberattack, 30
- target, understanding that you are one, 117–118, 353–354
- Target cybersecurity breach, 361
- targeted attacks, 44–45
- Task Manager, impact of covert breach on, 223
- technical failure, as type of social engineering attack, 155
- technological complexity, use of, 202
- technologies, 151–152, 337–350
- teenage hackers, history of, 52
- temperature, of devices, 227
- terrorist groups, 52
- terrorists, reasons of for hacking, 54–55
- text message (SMS)-based authentication, 148–149, 179, 226, 230, 263
- text messages, cautions in clicking on links in, 129–130, 263
- thefts
- business data theft, 32–33
- from home offices, 110
- of intellectual property (IP), 33
- of password databases, 255
- personal data theft, 32
- threats
- advanced persistent threats (APTs), 45
- dealing with nonmalicious ones, 60–67
- emerging technologies as bringing new ones, 337–350
- TLS/SSL certificate, 197, 354–355
- Tor Browser Bundle, 86, 87, 131, 369
- travel plans, cautions in sharing of, 157–158
- Trojans, as cyberattack, 35
- 2016 Presidential election (U.S.), 52–53
U
- uninterruptible power supply (UPS), 198
- United States Office of Personnel Management (OPM), cybersecurity breach, 363
- updates, installing of to reduce exposure to vulnerabilities, 125
- U.S. Supreme Court, National Socialist Party of America v. Village of Skokie, 50–51
- USB-based authentication, 150
- user accounts, securing data associated with, 119–130
V
- verifiability, of certification, 335
- video cameras, as physical security method, 100
- video conferencing, security of, 111–113
- viral trend, 162
- virtual credit card numbers, use of, 121–122
- virtual drive backups, 274–275, 310
- virtual kidnapping scams, 66, 158
- virtual locker, 270
- Virtual Private Network (VPN)/VPN service, 72, 106–107, 131, 185–186, 197, 369
- virtual reality, 348–350
- virus hoax, as type of social engineering attack, 155
- viruses, as cyberattack, 34
- vishing, as cyberattack, 29
- Vivaldi, privacy mode, 87
- voice login passwords, 129
- voice-based authentication, 148
- VOIP number, 179
- vulnerability assessment analyst, role of, 326
W
- WannaCry, 36
- water holing, as type of social engineering attack, 155
- websites, appearance of, 228
- Westinghouse, hacking of, 53
- whaling, as cyberattack, 29
- WhatsApp, backing up, 264
- white hat hackers, 55
- Wi-Fi
- cautions with performing sensitive tasks over public Wi-Fi, 125, 369
- cautions with using public Wi-Fi for any purpose in high-risk places, 126
- recommended protocols for, 78
- turning off Wi-Fi connectivity when not using Wi-Fi, 368
- understanding difference between true public Wi-Fi and shared Wi-Fi, 370
- using public Wi-Fi safely, 358, 367–370
- Windows AutoUpdate, 125
- Windows backup, 279, 315
- Windows Blue Screen of Death, 290
- Windows computers, 291, 293–296
- wiper attacks, 27
- work environment, potential problems of regarding cybersecurity, 74
- work information, cautions in sharing of, 160
- working from home, cybersecurity and, 105–114
- worms, as cyberattack, 35
- WPA2 standard, 77
Z
- zero day malware, as cyberattack, 38
- zero trust, 347
- zombies, 26
..................Content has been hidden....................
You can't read the all page of ebook, please click
here login for view all page.