Index

A

  • access control, as component of Crime Prevention Through Design (CPTD), 99
  • access devices, 125, 127
  • access management, 208, 211–212
  • accounts
    • accessing of only when you're in safe location, 126
    • audible access to corporate accounts, 179
    • limiting access to corporate accounts on social media, 178–180
    • monitoring of, 122
    • reporting suspicious activity on, 122
    • securing data associated with user accounts, 119–130
    • securing of, 117–134
    • securing of external accounts, 118–119
    • setting appropriate limits regarding, 126
    • use of alerts on, 127
  • advanced attacks, 43–45
  • advanced persistent threats (APTs), 45
  • adware, 37–38
  • adware malware, 37–38
  • alarms, 100, 155
  • Alcoa, hacking of, 53
  • alerts
    • responding to fraud alerts, 127
    • setting up text alerts for payment card information, 256
    • signing up for from bank, 89
    • triggering fraud alerts, 127
    • use of on your accounts, 127
  • algorithms (for encryption), 355
  • Allegheny Technologies, hacking of, 53
  • Amazon AppStore, as reputable app store, 120
  • American Association of Retired Persons (AARP), on passwords, 143
  • Android devices, 265, 291, 296–297
  • Anthem, Inc., 255, 363–364
  • anti-money laundering laws, 193
  • Apple, backing up data on, 265–266
  • Apple App Store, as reputable app store, 120
  • apps
    • backing up data from, 262–264
    • cloud-based, 342–343
  • archives, understanding of, 312–314
  • artificial intelligence (AI), 343–346
  • assets, 74–75, 211
  • asymmetric algorithm, for encryption, 355
  • ATM cards, cautions with, 88
  • attacks. see also cyberattacks
    • advanced attacks, 43–45
    • blended attacks, 42, 45
    • brute-force attacks, 42, 46
    • buffer overflow, 48
    • calculated attacks, 42
    • credential attacks, 42
    • credential stuffing, 136
    • denial-of-service (DoS) attacks, 24, 196
    • dictionary attacks, 42, 136
    • distributed denial-of-service (DDoS) attacks, 21, 24–26
    • injection, 46–47
    • malformed URL, 47
    • man-in-the-middle attacks, 21, 31
    • opportunistic attacks, 44
    • poisoned web page attack, 39–40
    • poisoned web service attacks, 39–40
    • rootkits, 45
    • semi-targeted attacks, 45
    • session hijacking, 47
    • social engineering attacks, 42, 152–155
    • targeted attacks, 44–45
    • wiper attacks, 27
  • audible access, to corporate accounts, 179
  • augmented reality, transforming experiences with, 350
  • authentication
    • biometric authentication, 123, 146–148
    • cautions with authentication by Google, 66
    • digital certificates, as form of, 123
    • hardware tokens, as form of, 123, 149–150
    • knowledge-based authentication, 123
    • multifactor authentication, 89, 122–124, 179–180
    • password authentication, 135–136
    • SMS (text message)-based authentication, 148–149
    • USB-based authentication, 150
    • using proper authentication, 357
    • voice-based authentication, 148
  • Authy (app), 124
  • automated-task backups, 280–281
  • AutoRecover (Microsoft Word), 276
  • AutoUpdate (Windows), 125
  • availability, as part of CIA triad, 21

B

  • B2B International, 26
  • backup power, as physical security method, 101
  • backup software, 278–281
  • backup/backing up
    • from apps and online accounts, 262–264
    • automated-task backups, 280–281
    • as basic element of protection, 75, 76, 79
    • boot disks, 281
    • cloud-based backup, 282–283
    • continuous backups, 272–273, 308
    • cryptocurrency, 267
    • defined, 261
    • differential backups, 271–272, 307–308
    • disposing of, 286–287
    • downloaded software, 270
    • drive backups, 274, 309
    • drive-specific backup software, 279
    • encryption of, 283, 285
    • exclusions from, 275–276
    • folder backups, 273–274, 309
    • frequency of, 277–278
    • full backups of data, 270–271, 272, 305–306, 308
    • full system backup, 267–268, 301–306
    • importance of, 261–262
    • importance of doing so often, 356
    • in-app backups, 276–277, 312
    • incremental backups, 271, 272, 306–310, 308
    • knowing where not to store backups, 284–285
    • knowing where to backup, 282–284
    • later system images, 269
    • manual backups, 280
    • mixed backups, 272
    • mixing locations, 284
    • network storage, 283–284
    • never leaving backups connected, 318
    • original installation media, 269–270
    • original system images, 269
    • partial backups, 273, 308–309
    • passwords, 267
    • for remote workforces, 187
    • restoring from, 299–320
    • restoring using backup tools, 314–317
    • returning of to their proper locations, 317–318
    • risks from, 101
    • smartphone/tablet backup, 265–266, 280
    • storage of, 356
    • storage of local copy of, 282
    • testing of, 286, 319
    • third-party backups, 262
    • tools for, 262, 279–281
    • types of, 267–277
    • virtual drive backups, 274–275, 310
    • Windows backup, 279
  • bad guys, 50–55
  • baiting, as type of social engineering attack, 153–154
  • balance of power, as political ramification of cybersecurity, 19–20
  • banking, online, 88–89
  • battery, drain speed of, 227
  • big data, impact of on cybersecurity, 12
  • biometric authentication, 123, 146–148
  • biometric data, laws governing, 193
  • birthday, cautions in sharing of, 161
  • BitLocker, 274
  • black hat hackers, 55
  • blended attacks, 42, 45
  • blended malware, as cyberattack, 38
  • blockchain technology, 340–342
  • blue hat hackers, 56
  • bogus information, use of, 170
  • bogus press releases and social media posts, as technique of cyberattackers, 58
  • bogus smartphone ransomware, 221
  • boot disks, 281, 320
  • botnets, 26
  • breach disclosure laws, 191–192, 205–206
  • breaches. see also hacking
    • Anthem, Inc., 363–364
    • Colonial Pipeline, 364–365
    • covert breaches, 222–237
    • discovery of, 241–242
    • human errors as No. 1 catalyst for, 176, 208
    • identification of, 219–237
    • JBS, 365
    • lawsuits from, 207
    • lessons from, 359–365
    • Marriott International, 359–361
    • not using professional to help recover from, 241–247
    • overt breaches, 220–222
    • preventing of, 239–240
    • recovering from, 239–257
    • Sony Pictures, 362
    • Target, 361
    • United States Office of Personnel Management (OPM), 363
    • using professional to help recover from, 240–241
  • Bring Your Own Device (BYOD) policy, 181, 194
  • browser, 86, 125
  • browser add-ons, impact of covert breach on, 233
  • browser home page, impact of covert breach on, 234
  • brute-force attacks, 42, 46
  • buffer overflow attacks, 48
  • buffering, impact of covert breach on, 225
  • Burr, Bill (author), 138
  • business continuity plans (BCPs), 203, 213
  • business data theft, 32–33
  • business risks, as mitigated by cybersecurity, 22

C

  • calculated attacks, 42
  • car computers, 340
  • carve outs, 189
  • cellphone numbers, 86, 129
  • CEO fraud, as cyberattack, 28–29
  • certifications
    • adherence to code of ethics as required by, 335
    • Certified Ethical Hacker (CEH), 333–334
    • Certified Information Security Manager (CISM), 333
    • Certified Information Systems Security Professional (CISSP), 332–333
    • in cybersecurity, 332–335
    • digital certificates as form of authentication, 123
    • Global Information Assurance Certification Security Essentials Certification (GSEC), 334–335
    • Security+, 334
    • TLS/SSL certificate, 197, 354–355
    • verifiability of, 335
  • Certified Ethical Hacker (CEH), 333–334
  • Certified Information Security Manager (CISM), 333
  • Certified Information Systems Security Professional (CISSP), 332–333
  • Cheat Sheet, 4
  • chief information security officer (CISO), 210–215, 324–325, 329–330
  • China, as known for performing cyberespionage, 126
  • CIA triad, 21
  • Cialdini, Robert Beno (social psychologist), 156
  • claimed destruction, as overt breach, 221–222
  • class action lawsuits, from data breaches, 207
  • classified information, 94
  • Clinton, Hillary (former U.S. Secretary of State), 95
  • cloning, 274
  • cloud, 280, 282–283
  • cloud-based applications and data, 342–343
  • Colonial Pipeline cybersecurity breach, 364–365
  • communication, impact of covert breach on, 225
  • communication protocols, standardized, 186
  • compliance
    • for big businesses, 203–207
    • on biometric data, 193
    • breach disclosure laws, 191–192, 205–206
    • CISO's responsibility for, 213
    • cybersecurity regulations expert, 328
    • General Data Protection Regulation (GDPR), 192
    • Health Insurance Portability and Accountability Act (HIPAA), 192
    • industry-specific regulations and rules, 206
    • Payment Card Industry Data Security Standard (PCI DSS), 191, 205
    • private regulations expert, 328
    • public company data disclosure rules, 205
    • Sarbanes Oxley Act of 2002 (SOX), 203–204
    • Small Business Administration as source of guidance on, 190
    • for small businesses, 190–193
  • compromised credentials, 33–34
  • CompTIA, 334
  • computer viruses, 34
  • computer worms, 35
  • computer(s)
    • as basic element of protection, 76, 79
    • fake malware on, 38
    • locking, 124
    • resets on, 289–298
    • use of separate, dedicated one for sensitive tasks, 125
    • using your own, 124
  • confidentiality, as part of CIA triad, 21
  • Confidentiality, Integrity, and Availability (CIA), 21
  • construction, contingencies during, 101
  • consultants, considerations described in big businesses, 208–210
  • continuity planning, 62–63, 203, 213
  • continuous backups, 272–273, 308
  • corporate accounts, limiting access to, 178–180
  • Corporate and Auditing Accountability, Responsibility, and Transparency Act, 203–204
  • corporate spies, 54
  • Covid-19 pandemic, impact of on cybersecurity, 12–14
  • credential attacks, as cyberattack, 42
  • credential stuffing, 42, 136
  • credit card information, 58, 120–122
  • Crime Prevention Through Environmental Design (CPTD), 99
  • crimes, cautions in sharing of, 160
  • criminal record, overcoming of, 335–336
  • criminals, reasons of for cyberattacks, 54
  • critical infrastructure risks, 339
  • cross-site scripting (XSS), 46
  • cryptanalysts, role of, 325
  • cryptocurrency
    • backing up, 267
    • cryptocurrency miners, 37
    • defined, 340
    • effect of on cybercriminals, 10–11
    • mining of, 37, 56, 60, 341–342
    • restoring of, 319–320
    • security of, 91–92
    • use of, 340–342
  • cryptographer, role of, 325–326
  • cryptominers/cryptocurrency miners, 37, 56, 60, 341–342
  • custom systems, managing of in your big business, 202
  • cyber insurance, 189, 215, 253
  • cyberattackers
    • black hat hackers, 55
    • blue hat hackers, 56
    • defending against, 67
    • green hat hackers, 56
    • grey hat hackers, 56
    • groupings of, 55–56
    • as monetizing their actions, 56–60
    • white hat hackers, 55
  • cyberattacks
    • advanced attacks, 43–45
    • adware, 37–38
    • blended malware, 38
    • botnets and zombies, 24, 26
    • CEO fraud, 28–29
    • computer viruses, 34
    • computer worms, 35
    • credential attacks, 42
    • cryptocurrency miners, 37, 56, 60, 341–342
    • data destruction attacks, 24, 27
    • data theft, 32–34
    • denial-of-service (DoS) attacks, 24
    • distributed denial-of-service (DDoS) attacks, 24–26
    • drive-by downloads, 41
    • exploiting maintenance difficulties, 43
    • impersonation, 27–29
    • interception, 30–31
    • malvertising, 40–42
    • malware, 34–39, 42, 223, 248, 290
    • man-in-the-middle attacks, 21, 31
    • network infrastructure poisoning, 40
    • opportunistic attacks, 44
    • pharming, 29
    • phishing, 28
    • poisoned web service attacks, 39–40
    • ransomware, 35–36
    • scareware, 36
    • smishing, 29
    • social engineering attacks, 42
    • spear phishing, 28
    • spyware, 37
    • stealing passwords, 41–42
    • tampering, 30
    • targeted attacks, 44–45
    • that inflict damage, 24–27
    • Trojans, 35
    • viruses, 34
    • vishing, 29
    • whaling, 29
    • wiper attacks, 27
    • worms, 35
    • zero day malware, 38
    • zombies, 24, 26
  • cyberespionage, 126
  • cyberhygiene, 87, 171, 361
  • cybersecurity
    • and big businesses, 201–215
    • certifications in, 332–335
    • as constantly moving target, 9–20
    • goal of, 21
    • humans as Achilles heel of, 60–61, 83
    • improvement in without spending a fortune, 353–358
    • increased need for, 344–345
    • multiple meanings of, 7–8
    • no such thing as 100 percent cybersecurity, 67
    • other professions with focus on, 336
    • professional roles in, 324–328
    • pursuing career in, 323–336
    • risks as mitigated by, 20–22
    • and small businesses, 175–199
    • working from home, 105–114
  • cybersecurity fatigue, 2
  • cybersecurity professionals, bringing in/hiring of, 240–241, 358
  • cybersecurity regulations expert, role of, 328
  • cyberspies, 63–64
  • cyberwarriors, 14, 63–64, 339

D

  • data
    • business data theft, 32–33
    • changes in collection and storage of, 16
    • cloud-based, 342–343
    • Confidentiality, Integrity, and Availability (CIA) of, 21
    • data loss prevention, 212
    • full backups of, 270–271, 272, 305–306, 308
    • historical protection of digital data, 9–10
    • laws governing biometric data, 193
    • leaking of by sharing information as part of viral trends, 162
    • locating your vulnerable data, 97–98
    • old live data, 313
    • personal data theft, 32
    • protecting employee data, 190
    • public company data disclosure rules, 205
    • recovering from breach when data is compromised at third party, 253–257
    • restoring from full backups of, 305–306
    • securing by not connecting hardware with unknown pedigrees, 133–134
    • securing of at parties that you haven't interacted with, 132–133
    • securing of with parties you've interacted with, 130–132
    • stealing of as technique of cyberattackers, 59
    • theft of, 32–34
  • data breaches. see also hacking
    • Anthem, Inc., 363–364
    • Colonial Pipeline, 364–365
    • covert breaches, 222–237
    • discovery of, 241–242
    • human errors as No. 1 catalyst for, 176, 208
    • identification of, 219–237
    • JBS, 365
    • lawsuits from, 207
    • lessons from, 359–365
    • Marriott International, 359–361
    • not using professional to help recover from, 241–247
    • overt breaches, 220–222
    • preventing of, 239–240
    • recovering from, 239–257
    • Sony Pictures, 362
    • Target, 361
    • United States Office of Personnel Management (OPM), 363
    • using professional to help recover from, 240–241
  • data destruction attacks, 27
  • data exfiltration, 33
  • deep pockets, of big businesses, 207
  • defacement, as overt breach, 221
  • degaussing, as way of disposing of backups, 287
  • deletions, dealing with, 311
  • denial-of-service (DoS) attacks, 24–26, 196
  • detecting, defined, 80
  • devices
    • drain speed of batteries, 227
    • for remote workforces, 185
    • security of, 108–109
    • temperature of, 227
  • dictionary attacks, 42, 136
  • differential backups, 271–272, 307–308
  • digital certificates, as form of authentication, 123
  • digital currency, 340. see also cryptocurrency
  • digital data, historical protection of, 9–10
  • digital poisoning, 126
  • direct financial fraud, as way to monetize cyberattackers actions, 56–57
  • disaster recovery plans (DRPs), 62–63, 203, 213
  • distributed denial-of-service (DDoS) attacks, 21, 24–26
  • DNS poisoning, 40
  • domain name system (DNS), 40
  • double-locking, 190
  • downloaded software, 270, 304–305
  • drive backups, 274, 309
  • drive-by downloads, as cyberattack, 41
  • drive-specific backup software, 279

E

  • eavesdropping, 110
  • EC-Council (International Council of E-Commerce Consultants), 334
  • economic model, shifts in as impact on cybersecurity, 15–16
  • education, evaluating security measures regarding, 83
  • Einstein, Albert (scientist), 50
  • election interference, as political ramification of cybersecurity, 16–18
  • emails, 129–130, 154
  • employees
    • considerations described in big businesses, 208–210
    • enforcing social media policies for, 183
    • giving everyone his or her own credentials, 178
    • implementing cybersecurity policies for, 180–183
    • incentivizing of, 177
    • limiting access of, 177–178
    • monitoring of, 183–184
    • protecting employee data, 190
    • watching out for, 176–184
  • employer-issued documents, compromise of, 257
  • encryption
    • of all private information, 87
    • of backups, 283, 285
    • end-to-end encryption, 87
    • for guest users, 78
    • one-way encryption, 255
    • ransomware as often encrypting user files, 35–36, 220
    • of sensitive information, 354–356
    • use of, 86, 102, 140, 370
    • of virtual drives, 274–275, 309
    • of Wi-Fi network, 77
  • endpoints, 75, 79
  • end-to-end encryption, 87
  • environmental risk mitigation, as physical security method, 100–101
  • ethical hacker, role of, 326
  • ethics, code of, 335
  • evil twin networks, 187
  • expunged records, as no longer really expunged, 65
  • external accounts, securing of, 118–119
  • external disasters, 62–63

F

  • Facebook
    • authentication capabilities provided by, 139
    • basic control and audibility on, 179
    • for business, 179
    • cautions in listing family members on, 158–159
    • celebrity accounts as verified on, 169
    • criminals as creating fake profiles on, 162
    • number of connections on as red flag, 164
    • red flags on, 42, 164, 167
    • use of to find someone's mother's maiden name, 85
  • factory image, 269
  • Fair Credit Reporting Act (FCRA), 64, 132–133
  • fake profiles, on social media, 162–169
  • false alarm, as type of social engineering attack, 155
  • family tree sites, cautions with, 132
  • Federal Trade Commission (FTC), 133, 144
  • fiduciary responsibilities, of big businesses, 206
  • files, 228
  • financial information, cautions in sharing of, 158
  • financial risks, as mitigated by cybersecurity, 22
  • fingerprint sensors, 146–148
  • Firefox, 87, 249
  • firewall/router, as basic element of protection, 76–78
  • folder backups, 273–274, 309
  • forced policy violations, 34
  • forensic analyst, role of, 328
  • fraud alerts, 127
  • fraud prevention, 212
  • frequency, of backups, 277–278
  • full backups of data, 270–271, 272, 305–306, 308
  • full system backup, 267–268, 301–306

G

  • genealogy sites, cautions with, 132
  • General Data Protection Regulation (GDPR), 192, 360
  • geopolitical risks, 214
  • Global Information Assurance Certification Security Essentials Certification (GSEC), 334–335
  • good guys, as relative term, 50–51
  • goods, stealing of as technique of cyberattackers, 59
  • Google, cautions with authentication by, 66
  • Google Chrome, 87, 248
  • Google Drive, data storage on, 262
  • Google Photos, backing up, 264
  • Google Play, as reputable app store, 120
  • Google Voice, 86, 129, 179
  • government-issued documents, compromise of, 256–257
  • green hat hackers, 56
  • grey hat hackers, 56
  • guessing passwords, 136
  • guest network capability, 78

H

  • hackers
    • black hat hackers, 55
    • blue hat hackers, 56
    • ethical hacker, 326
    • green hat hackers, 56
    • grey hat hackers, 56
    • history of teenage hackers, 52
    • offensive hacker, 326–327
    • white hat hackers, 55
  • hacking. see also breaches
    • of Alcoa, 53
    • of Allegheny Technologies, 53
    • by nations, 52–53
    • reasons of rogue insiders for, 55
    • reasons of terrorists for, 54–55
    • of SolarWorld, 53
    • by states, 52–53
    • of U.S. organizations by People's Liberation Army (PLA) of China, 53
    • use of artificial intelligence (AI) as tool of, 345–346
    • of Westinghouse, 53
  • hacktivism, as political ramification of cybersecurity, 18
  • hacktivists, defined, 54
  • hard resets, 292–298
  • hardware, evaluating security measures regarding, 82
  • hardware tokens, as form of authentication, 123, 149–150
  • hashed format, 255
  • Health Insurance Portability and Accountability Act (HIPAA), 114, 192
  • home computers, potential problems of regarding cybersecurity, 72
  • HTTPS, 127, 197, 354–355
  • Huawei devices running Android 8, hard resets on, 297
  • human errors, 60–62, 110, 176, 208
  • humans, as Achilles heel of cybersecurity, 60–61, 83

I

  • iCloud, backing up using, 266
  • icons, explained, 4
  • identity and access management, 211–212
  • impersonation, as cyberattack, 27–29, 154
  • in the cloud, defined, 280
  • in-app backups, 276–277, 312
  • inbound access, handling of, 194–196
  • incident response plan, 213
  • incident response team member, role of, 328
  • incineration, as way of disposing of backups, 287
  • incremental backups, 271, 306–310, 308
  • incremental system backups, 306–307
  • indirect financial fraud, as way to monetize cyberattackers actions, 56, 57–59
  • industry-specific regulations and rules, for big businesses, 206
  • Influence: The Psychology of Persuasion (Cialdini), 156
  • information
    • bogus information, 170
    • classified information, 94
    • credit card information, 58, 120–121, 121–122
    • dealing with stolen information, 250–253
    • financial information, 158
    • insider information, 58
    • personal information, 158–160
    • private information, 120
    • sensitive information, 120, 124, 125, 251, 354–356
    • stolen information, 250–253
    • that is not private but can help criminals with identity theft, 250–251
  • information asset classification and control, 211
  • Information Commissioner's Office of the United Kingdom (ICO), 360
  • information security
    • defined, 7–8
    • standards of, 191
    • starting out in, 328–330
    • strategy of, 211
    • training in, 176, 209
  • Information Systems Audit and Control Association (ISACA), 333
  • infractions, cautions in sharing of, 160
  • injection attacks, 46–47
  • insider information, as technique of cyberattackers, 58
  • insiders, as posing greatest risk, 102–103
  • Instagram, 154, 162, 167, 169, 179
  • insurance, 83, 189, 215, 253
  • integrity, as part of CIA triad, 21
  • intellectual property (IP), theft of, 33
  • interception, as cyberattack, 30–31
  • internal politics, dealing with, 209
  • International Council of E-Commerce Consultants (EC-Council), 334
  • international sanctions, 193
  • Internet
    • handling access of in your small business, 193–198
    • impact of on cybersecurity, 10
    • proxies, 228–229
    • segregating access to, 357–358
    • settings, 228–229
  • Internet of Things (IoT), 12, 73–74, 90, 197, 338–340
  • investigations, CISO's responsibility for, 213–214
  • iPhones, 292, 298
  • iris scanners/readers, 146–148
  • iris-based authentication, 146–148
  • iTunes, backing up using, 266

J

  • JBS cybersecurity breach, 365

K

  • Kaspersky Lab, 26
  • keylogger, 37
  • knowledge-based authentication, 123

L

  • latency issues, impact of covert breach on, 224
  • later system images, 269, 303
  • lawsuits, from data breaches, 207
  • legal advice, cautions in sharing of, 160–161
  • lighting, as physical security method, 100
  • limits, setting appropriate limits regarding accounts, 126–127
  • LinkedIn, 162, 164, 166, 167
  • location, 109–110, 161
  • locks, as physical security method, 100
  • logging out, when you're finished, 124
  • login info, 127, 356

M

  • MAC address filtering, 78
  • Mac computers, 291, 297–298
  • maintenance difficulties, exploitation of, 43
  • malformed URL attacks, 47
  • malvertising, as cyberattack, 40–42
  • malware
    • adware malware, 37–38
    • blended malware, 38
    • capturing of passwords using, 42
    • as cyberattack, 34–39
    • fake, on computers, 38
    • fake, on mobile devices, 38
    • fake security subscription renewal notifications, 39
    • impact of on device performance, 223
    • as modifying settings, 248
    • resetting of device after, 290
    • zero day malware, 38
  • man-in-the-middle attacks, 21, 31
  • manmade environmental problems, risk from, 63
  • manual backups, 280
  • marking, as component of Crime Prevention Through Design (CPTD), 99
  • Marriott International, cybersecurity breach, 359–361
  • medical advice, cautions in sharing of, 160–161
  • Microsoft Edge, 87, 249
  • Microsoft Word, AutoRecover, 276
  • mistakes, learning from, 80
  • mixed backups, 272
  • mobile device location tracking, potential consequences of, 66–67
  • mobile devices
    • defined, 95
    • fake malware on, 38
    • keeping of up to date, 125
    • potential problems of regarding cybersecurity, 73
    • security for, 101–102
    • taking inventory of physical security regarding, 97
    • using your own, 124
  • mobile hotspot, using your cellphone as, 368
  • mobile workforces, impact of on cybersecurity, 11
  • multifactor authentication, 89, 122–124, 179–180
  • multiple network segments, use of, 198

N

  • National Socialist Party of America v. Village of Skokie, 50–51
  • nations, hacking by, 52–53
  • natural disasters, risk from, 62–63
  • Network Address Translation, 77
  • network connectivity, terminating of on Windows computer, 243–247
  • network infrastructure poisoning, as cyberattack, 40
  • network sniffing, 42
  • network storage of backup, restoring from, 317–318
  • network traffic, 230
  • networking equipment, potential problems of regarding cybersecurity, 74
  • networks
    • evil twin, 187
    • known, 186–187
    • for remote workforces, 185, 186–187
    • security of, 106–108
  • 9/11, learnings from, 63
  • noise machines, 188
  • nonmalicious threats, dealing with, 60–67
  • Nuclear Regulatory Commission (NRC), 206

O

  • offensive hacker, role of, 326–327
  • Office of Personnel Management (OPM) (US), cybersecurity breach, 363
  • official apps/websites, use of, 120
  • one-way encryption, 255
  • online accounts, backing up data from, 262–264
  • online banking, 88–89
  • Opera, privacy mode, 87
  • opportunistic attacks, 44
  • original installation media, 269–270, 304
  • original system images, 269, 303
  • overwriting, as way of disposing of backups, 287

P

  • padlock icon, meaning of, 127
  • pandemics, 63
  • partial backups, 273, 308–309
  • partners, considerations described in big businesses, 208–210
  • passphrases, defined, 138
  • password authentication, 135–136
  • password managers, 140–142, 357
  • passwords
    • AARP (American Association of Retired Persons) on, 143
    • alternatives to, 146–150
    • app-based one-time ones, 149
    • avoid maintaining default passwords, 90
    • avoid sharing of, 356
    • avoid simplistic ones, 136–137
    • avoiding simplistic, 136–137
    • backing up, 267
    • capturing of using malware, 42
    • cautions with resetting of when using public Wi-Fi, 369
    • changing of after breach, 144
    • classification of, 139
    • complicated ones as not always better, 138
    • considerations described, 137–142
    • considerations for, 137–142
    • creating memorable, strong ones, 142
    • described, 135–136
    • easily guessable personal passwords, 137
    • employing proper password strategy, 123
    • establishing policies for, 139
    • establishing voice login passwords, 129
    • Federal Trade Commission (FTC) on, 144
    • knowing when to change, 143
    • most common ones of 2021, 137
    • one-time passwords, 123, 149
    • as primary form of authentication, 135–136
    • providing of to humans, 144–145
    • reuse of, 139–140, 144
    • reusing, 139–140
    • RSA SecureID one-time password generator hardware token, 149–150
    • stealing of, 41–42
    • storage of, 140–142
    • storing, 145
    • theft of password databases, 255
    • transmitting of, 146
    • use of password manager, 140–142
    • as usually stored in hashed format, 255
    • voice login passwords, 129
  • Payment Card Industry Data Security Standard (PCI DSS), 191, 205
  • payment cards, 198, 256
  • payment services, use of, 120–121
  • penetration tests, running of, 197
  • People's Liberation Army (PLA) of China, hacking of U.S. organizations by, 53
  • perimeter defense, as basic element of protection, 76
  • perimeter security, as physical security method, 100
  • personal data theft, 32
  • Personal Identification Number (PIN), selection of, 88
  • personal information, cautions in sharing of, 158–160
  • personal risks, as mitigated by cybersecurity, 22
  • pharming, 40
  • pharming, as cyberattack, 29
  • phishing, as cyberattack, 28, 153
  • physical danger risks, as mitigated by cybersecurity, 22
  • physical security
    • CISO's responsibility for, 214
    • creating and executive a plan for, 98–99
    • implementing of, 100–101
    • locating your vulnerable data, 97–98
    • taking inventory for, 94–97
    • why it matters, 94
  • piggy-backing, 225
  • poisoned web page attack, 39–40
  • poisoned web service attacks, 39–40
  • Pokémon Go, 350
  • political shifts, impact of on cybersecurity, 16–20
  • pop-ups, impact of covert breach on, 233
  • ports, open, 230–231
  • power failures, contingencies for, 101
  • power issues, managing of in your small business, 198–199
  • pretexting, 153
  • privacy, basics of, 84–87
  • privacy mode, 87
  • privacy regulations expert, role of, 328
  • privacy risks, as mitigated by cybersecurity, 22
  • private information, cautions with providing unnecessary sensitive information, 120
  • private mode, limitations of, 132
  • professional risks, as mitigated by cybersecurity, 22
  • professionals, bringing in/hiring of, 240–241, 358
  • protection, elements of, 75–80
  • public companies, defined, 205
  • Public Company Accounting Reform and Investor Protection Act, 203–204
  • pump and dump, as technique of cyberattackers, 57

Q

  • quantum computers, 347–348
  • quid pro quo, as type of social engineering attack, 154

R

  • ransoms, paying of, 251–253
  • ransomware, 35–36, 56, 59, 220–221
  • recovering, defined, 80
  • Registry Editor, impact of covert breach on, 223–224
  • regulations
    • for big businesses, 203–207
    • on biometric data, 193
    • breach disclosure laws, 191–192, 205–206
    • cybersecurity regulations expert, 328
    • General Data Protection Regulation (GDPR), 192
    • Health Insurance Portability and Accountability Act (HIPAA), 192
    • industry-specific regulations and rules, 206
    • Payment Card Industry Data Security Standard (PCI DSS), 191, 205
    • private regulations expert, 328
    • public company data disclosure rules, 205
    • Sarbanes Oxley Act of 2002 (SOX), 203–204
    • Small Business Administration as source of guidance on, 190
    • for small businesses, 190–193
  • regulatory issues, 113–114
  • remote access technologies, impact of on cybersecurity, 11
  • remote workforces, 184–188
  • renovations, contingencies during, 101
  • replicated environments, use of, 209–210
  • resets, 289–298
  • responding, defined, 80
  • restarting systems, 247
  • restoring
    • from archives, 312–314
    • from backups, 301–314
    • booting from boot disk, 320
    • cautions described, 300
    • from combination of locations, 318
    • to computing device that was originally backed up, 301
    • cryptocurrency, 319–320
    • dealing with deletions in, 311
    • to different device than one that was originally backed up, 302
    • from differential backups, 307–308
    • of downloaded software, 304–305
    • from drive backups, 309
    • from encrypted backups, 319
    • entire virtual drive, 310
    • excluding files and folders in, 311–312
    • files and/or folders from virtual drive, 310
    • from folder backups, 309
    • from full backups of data, 305–306
    • from full backups of systems, 301–306
    • from incremental backups, 306–310
    • from incremental backups of data, 306
    • from incremental backups of systems, 306–307
    • installing security software, 303–304
    • of later system images, 303
    • from manual file or folder copying backups, 316
    • of modified settings in Safari, 248–249
    • need for, 299
    • to network storage, 317–318
    • to non-original locations, 318
    • of original installation media, 304
    • of original systems images, 303
    • from partial backups, 308–309
    • returning backups to their proper locations, 317–318
    • from smartphone/tablet backup, 315–316
    • to system restore point, 315
    • testing backups, 319
    • using backup tools, 314–317
    • utilizing third-party backups of data hosted at third parties, 317
    • from virtual-drive backups, 310
    • from Windows backup, 315
  • reusing passwords, 139–140
  • risks
    • addressing of through various methods, 67
    • from backups, 101
    • environmental risk mitigation, 100–101
    • financial risks, 22
    • human risk management, 211
    • identification of, 74–75
    • insiders as posing greatest risk, 102–103
    • from manmade environmental problems, 63
    • as mitigated by cybersecurity, 20–22
    • from natural disasters, 62–63
    • from pandemics, 63
    • personal risks, 22
    • physical danger, 22
    • privacy risks, 22
    • professional risks, 22
    • protecting against, 75–80
    • realizing insiders pose greatest risks, 102–103
    • from social media, 66
  • rogue groups, 52
  • rogue insiders, reasons of for hacking, 55
  • root your phone, cautions with, 120
  • rooting smartphones, 120
  • rootkits, 45
  • RSA SecureID one-time password generator hardware token, 149–150

S

  • Safari, 87, 249
  • Samsung Galaxy Series running Android 11, hard resets on, 296
  • Samsung tablets running Android 11, hard resets on, 296–297
  • sanctions, as political ramification of cybersecurity, 18–19
  • sandboxing, 141, 194
  • SANS Institute, 334
  • Sarbanes Oxley Act of 2002 (SOX), 203–204
  • scambaiting, 153–154
  • scams, 254–255
  • scareware, as cyberattack, 36
  • schedule, cautions in sharing of, 157–158
  • school-issued documents, compromise of, 257
  • script kiddies (a.k.a. skids or kiddies), 51
  • Section 302 (SOX), 204
  • Section 404 (SOX), 204
  • secure area, 141
  • Security+, 334
  • security administrator, role of, 325
  • security analyst, role of, 325
  • security architect, role of, 325
  • security architecture, 214
  • security auditor, role of, 325
  • security breaches. see also hacking
    • Anthem, Inc., 363–364
    • Colonial Pipeline, 364–365
    • covert breaches, 222–237
    • discovery of, 241–242
    • human errors as No. 1 catalyst for, 176, 208
    • identification of, 219–237
    • JBS, 365
    • lawsuits from, 207
    • lessons from, 359–365
    • Marriott International, 359–361
    • not using professional to help recover from, 241–247
    • overt breaches, 220–221
    • preventing of, 239–240
    • recovering from, 239–257
    • Sony Pictures, 362
    • Target, 361
    • United States Office of Personnel Management (OPM), 363
    • using professional to help recover from, 240–241
  • security consultant, role of, 327
  • security director, role of, 324
  • security engineer, role of, 324
  • security expert witness, role of, 327
  • security guards, as physical security method, 100
  • security manager, role of, 324
  • security measures, evaluating yours, 71–74,80–83–78
  • security operations, 211
  • security program, 210–211
  • security questions, cautions with, 66
  • security researcher, role of, 326
  • security software, 76, 79, 125, 170–171, 246–247, 303–304, 354, 370
  • security specialist, role of, 327
  • security subscription renewal notifications, fake, 39
  • semi-targeted attacks, 45
  • senior security architect, career path of, 329
  • sensitivity, for passwords, 138–139
  • session hijacking, 47
  • sharing, turning off of, 370
  • shoulder surfing, 109–110
  • shredding, as way of disposing of backups, 287
  • “sins,” cautions in sharing of, 161
  • Small Business Administration, as source of guidance on regulations, 190
  • smart devices, 12, 90
  • smartphones
    • backing up, 265–266
    • backup of, 280
    • as full-blown computer, 97
    • restoring from backup to, 315–316
    • rooting, 120
  • smishing, as cyberattack, 29
  • SMS (text message)-based authentication, 148–149, 179, 226, 230, 263
  • Snapchat, 124
  • social engineering
    • defined, 61, 128
    • examples of, 62
    • exploitation of, 156
    • preventing of, 151–171
    • for remote workforces, 188
    • security of, 113
    • types of social engineering attacks, 152–155
  • social engineering attacks, 42, 152–155
  • social media. see also Facebook; Instagram; LinkedIn; Snapchat; Twitter
    • backing up, 263–264
    • cautions in oversharing on, 156–161
    • compromise of, 257
    • considering implications of, 85
    • enforcing social media policies, 183
    • as generating serious risks to cybersecurity, 66
    • identifying fake connections, 162–169
    • limiting access to corporate accounts on, 178–180
    • use of privacy settings on, 86
    • warning systems on, 157
    • wise use of, 357
  • social media impersonation, as type of social engineering attack, 154
  • Social Security numbers, 65
  • social shifts, impact of on cybersecurity, 14–15
  • soft resets, 290–292
  • software. see also security software
    • backup software, 278–281
    • cautions with installing of from untrusted parties, 120
    • downloaded software, backup of, 270
    • downloaded software, restoring of, 304–305
    • drive-specific backup software, 279
    • evaluating security measures regarding, 81–82
    • installed, 226–227
    • reinstalling damaged software after breach, 247–249
    • from untrusted parties, 120
  • software security engineer, role of, 327
  • software source code security auditor, role of, 327
  • SolarWorld, hacking of, 53
  • Sony Pictures, cybersecurity breach, 362
  • spear phishing, as cyberattack, 28
  • spies, 54, 63–64, 126
  • spyware, 37
  • SQL injection, 46–47
  • SSL/TLS encryption, 197, 354–355
  • standardized communication protocols, 186
  • states, hacking by, 52–53
  • stationary devices, 95, 96–97
  • stolen information, dealing with, 250–253
  • storage (of backup), 282–286
  • Stuxnet, 339
  • Sun Tzu (Chinese military strategist and philosopher), 49
  • Supervisory Control and Data Acquisition systems (SCADA), 206
  • supply risks, 346
  • surveillance, as component of Crime Prevention Through Design (CPTD), 99
  • symmetric algorithm, for encryption, 355
  • Syrian Electronic Army, 221
  • system administrators, 178, 215
  • system restoration, 301–306
  • System Restore, use of, 248–249
  • system restore point, restoring to, 315

T

  • tablet, 315–316
  • tablets, 280
  • tailgating, as type of social engineering attack, 155
  • tampering, as cyberattack, 30
  • target, understanding that you are one, 117–118, 353–354
  • Target cybersecurity breach, 361
  • targeted attacks, 44–45
  • Task Manager, impact of covert breach on, 223
  • technical failure, as type of social engineering attack, 155
  • technological complexity, use of, 202
  • technologies, 151–152, 337–350
  • teenage hackers, history of, 52
  • temperature, of devices, 227
  • terrorist groups, 52
  • terrorists, reasons of for hacking, 54–55
  • text message (SMS)-based authentication, 148–149, 179, 226, 230, 263
  • text messages, cautions in clicking on links in, 129–130, 263
  • thefts
    • business data theft, 32–33
    • from home offices, 110
    • of intellectual property (IP), 33
    • of password databases, 255
    • personal data theft, 32
  • threats
    • advanced persistent threats (APTs), 45
    • dealing with nonmalicious ones, 60–67
    • emerging technologies as bringing new ones, 337–350
  • TLS/SSL certificate, 197, 354–355
  • Tor Browser Bundle, 86, 87, 131, 369
  • travel plans, cautions in sharing of, 157–158
  • Trojans, as cyberattack, 35
  • 2016 Presidential election (U.S.), 52–53

U

  • uninterruptible power supply (UPS), 198
  • United States Office of Personnel Management (OPM), cybersecurity breach, 363
  • updates, installing of to reduce exposure to vulnerabilities, 125
  • U.S. Supreme Court, National Socialist Party of America v. Village of Skokie, 50–51
  • USB-based authentication, 150
  • user accounts, securing data associated with, 119–130

V

  • verifiability, of certification, 335
  • video cameras, as physical security method, 100
  • video conferencing, security of, 111–113
  • viral trend, 162
  • virtual credit card numbers, use of, 121–122
  • virtual drive backups, 274–275, 310
  • virtual kidnapping scams, 66, 158
  • virtual locker, 270
  • Virtual Private Network (VPN)/VPN service, 72, 106–107, 131, 185–186, 197, 369
  • virtual reality, 348–350
  • virus hoax, as type of social engineering attack, 155
  • viruses, as cyberattack, 34
  • vishing, as cyberattack, 29
  • Vivaldi, privacy mode, 87
  • voice login passwords, 129
  • voice-based authentication, 148
  • VOIP number, 179
  • vulnerability assessment analyst, role of, 326

W

  • WannaCry, 36
  • water holing, as type of social engineering attack, 155
  • websites, appearance of, 228
  • Westinghouse, hacking of, 53
  • whaling, as cyberattack, 29
  • WhatsApp, backing up, 264
  • white hat hackers, 55
  • Wi-Fi
    • cautions with performing sensitive tasks over public Wi-Fi, 125, 369
    • cautions with using public Wi-Fi for any purpose in high-risk places, 126
    • recommended protocols for, 78
    • turning off Wi-Fi connectivity when not using Wi-Fi, 368
    • understanding difference between true public Wi-Fi and shared Wi-Fi, 370
    • using public Wi-Fi safely, 358, 367–370
  • Windows AutoUpdate, 125
  • Windows backup, 279, 315
  • Windows Blue Screen of Death, 290
  • Windows computers, 291, 293–296
  • wiper attacks, 27
  • work environment, potential problems of regarding cybersecurity, 74
  • work information, cautions in sharing of, 160
  • working from home, cybersecurity and, 105–114
  • worms, as cyberattack, 35
  • WPA2 standard, 77

Z

  • zero day malware, as cyberattack, 38
  • zero trust, 347
  • zombies, 26
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.133.156.156