Before beginning to look at some of the methods adversaries use, it's important to understand some of the key concepts and players in the world of cybersecurity. We'll cover this over two videos. By the end of this video, you'll be able to list the universal constants of cybersecurity, list the three tenets of information security, and define a subset of cybersecurity threat actors. Regardless of all the security measures an organization might put in place, eventually something will slip through the net. Unfortunately, this is the grim reality of cybersecurity. Being as educated as possible is the best defense against cyber attacks. As Kevin Mitnick, formerly convicted of hacking and now chief hacking officer at the training company, KnowBe4, put it, "The methods that will most effectively minimize "the ability of intruders to compromise information security "are comprehensive user training and education. "Enacting policies and procedures simply won't suffice. "Even with oversight, "the policies and procedures may not be effective. "My access to Motorola, Nokia, ATT, Sun "depended upon the willingness of people "to bypass policies and procedures "that were in place for years "before I compromised them successfully." The image on screen shows a map attacks being made in real time. You can view the real-time map by going to threatmap.checkpoint.com. Once you have understood the reality of cybersecurity, you can begin to implement measures to minimize the risk of attack. We can make an attacker's life all but impossible by preventing an attack, monitoring hosts, network segments, access requests, privilege escalation, and other metrics. Then detecting an attack. Finding a compromised machine or system and responding to an attack with an already established plan by knowing how to quarantine an infected machine or subnet, perform postmortem in order to understand the nature of the infection, rule out the infection of other machines, and recover functionality of those systems. This framework is not just applied to machines however, users have perhaps the largest role to play in the prevent, detect, and respond triad. Users must behave in a way to remove the attacker's ability to exploit a vector, detect when it happens, and know how to respond when it does. The seriousness of the threat of attack in cybersecurity warrants reflection on what it is you are defending. There are numerous things that you could be defending, and it could be just a single one of these or multiple. And information security management system, or ISMS, is often used in organization to defend against attacks. Let's take a look at the core concept of an ISMS. There are three aims of any ISMS, to create conditions in an organization which safeguard the confidentiality, integrity, and availability of information, and of the systems that carry them. By confidentiality, we mean that information is only available to authorized users. Integrity is maintaining the consistency, accuracy, and trustworthiness of the information, and availability is about information being available when required. These three areas together form the CIA triad and cover all forms of information system, be there mobile devices, USB media, desktop, or even paper media. Balancing the CIA triad is a difficult task, as over doing it in one area might compromise one or more of the others. For example, you might have a data server with really sensitive data on. You could keep it really confidential by putting the server in an air-tight safe, throwing away the key, and dropping the safe at the bottom of the ocean. Whilst this might make the data super secure and really confidential, you will have almost completely removed any availability. Furthermore, an ISMS typically addresses employee behavior and processes, as well as data and technology. It can be targeted towards a particular type of data, such as customer data, or it can be implemented in a comprehensive way that becomes part of the company's culture. With any system, there is an inescapable and universal trade-off between security, functionality, and usability. It is simple to create a system that is totally secure all of the time by turning it off and burying it underground. However, this will be at the absolute cost of usability and functionality. It is a difficult task to establish the right amount of functionality that the system uses and applying security around that functionality that allows it to be usable in a way that creates value. Those who seek to undermine the CIA triad by trying to compromise those system are commonly referred to as hackers. However, there are various different forms of hackers with both positive and negative motivations. We are focusing on what are better known as threat actors whose intentions are contrary to an ISMS. Having an understanding of what these adversaries seek and their modus operandi will help us better prepare our defenses. This allows us to focus our efforts on protecting the things these adversaries are after and hardening the roots they aim to take. Let's take a look at some case studies of the various threat actors. Criminal hackers. Criminal hackers are often motivated by financial gain, but some other motivations include revenge or trolling. They typically use tools that have been written by others known as script-kiddie applications. Their means of entry, known as attack vectors, include mobile device exploitation, phishing, blackmailing human targets, and targeted attacks against credit and debit card data, like vulnerable e-commerce sites. They often target financial information such as banking logins. There are plenty of examples often making the headlines, such as a 22-year-old from Whales who helped hack multiple global organizations reaching 77 million pounds in stolen assets. Hacktivists. Hacktivists are often motivated by political aims. They usually affect the availability of services in order to further political messages. Like criminal hackers, they often use script-kiddie tools. Their attacks usually center around distributed denial of service, DDoS, and are usually quickly resolved. Damage incurred by hacktivists is mostly reputational, such as the group Anonymous' attack operation, Chanology, which attacked the Church of Scientology who were attempting to remove a video of one of the church's members from the internet. Black hat hackers. Black hat hackers are the archetypal hacker. They're often motivated by strong personal interest and are extremely computer literate to the point of genius-level computer skills. They often author their own tools that are at the cutting edge of security, which are then used by cyber criminals. Common activities including breaching data repositories, such as credit card data, to sell that data to criminals. Hacking systems for the fun of it, often referred to as lulz, attempting to crack into high security systems, such as military systems, simply to show off. Insider threats. Insider threats are normally current or former employees that have some knowledge of the computer and network systems of the organization. They are often motivated by grievance or possibly to subvert the mission of the organization. They use legitimate access, such as having a login, to attack one or more aspect of CIA. They typically steal or damage business critical information for personal gain or revenge, such as the case of a former Morrisons Supermarket worker who dumped the personal details of over 100,000 colleagues online. Competitors. Competitors are often looking to get an advantage. Competing organizations can become threat actors by accessing information about projects in development, or intellectual property, or even to disrupt competing services. An example includes the Lonestar attack in which a Liberian internet service provider hired a hacker to launch a DDoS attack on a competitor. State-sponsored hackers. State-sponsored hackers are often organized and funded by a nation's military intelligence or security services. These groups will attempt to gain access to a foreign adversary's state secret or military intelligence. An example includes the Stuxnet worm, developed jointly by US and Israeli security services to disrupt uranium enrichment machines. In this video, we've looked at the defend, detect, and respond triad, the CIA triad, and the common types of threat actors. That's the end of this video. Next, we'll look at how a threat actor will begin to disrupt an organization's systems, utilizing what is referred to as the attack surface.