Chapter 21 Flashcards
What is the current trend regarding information security breaches?
Information security breaches are on the rise.
The increasing number of breaches highlights the need for improved security measures.
What are the factors that can amplify a firm’s vulnerability to a security breach?
- Personnel issues
- Technology problems
- Procedural factors
- Operational issues
These factors can significantly increase the risk of a security compromise.
What must be a top organizational priority according to information security principles?
Information security must be made a top organizational priority.
This prioritization is essential for protecting organizational assets.
What major data breach targeted Equifax?
Hackers grabbed data on 143 million consumers, including sensitive personal information.
The breach had a global impact, affecting individuals in the U.K. and Canada.
What were the consequences of the Target hack?
- 40 million credit cards stolen
- Personal info on 70 million consumers exposed
- Largest decline in transactions
- Falling profits
- CEO ouster
The breach led to significant financial and reputational damage for Target.
What is a distributed denial of service (DDoS) attack?
An attack where a firm’s computer systems are flooded with thousands of seemingly legitimate requests.
The volume of requests can slow down or shut down a site’s use.
What is ransomware?
Malware that infiltrates networks, encrypts data, and holds it hostage for ransom.
Ransom is typically demanded in untraceable cryptocurrency.
What is corporate espionage?
Espionage performed by insiders, rivals, or foreign governments to steal sensitive information.
Various industries, including biotech and aerospace, have been targeted.
What is Stuxnet known for?
Stuxnet is known as a notorious act of cyberwarfare that infiltrated Iranian nuclear facilities.
It demonstrated the potential to destroy critical infrastructure without physical conflict.
What is the role of white hat hackers?
White hat hackers uncover computer weaknesses without exploiting them.
They contribute to improving system security.
Define phishing.
Cons executed using technology to acquire sensitive information or trick someone into installing malicious software.
Phishing is a common method of social engineering.
What are zero-day exploits?
New attacks that haven’t been clearly identified and incorporated into security screening systems.
They pose significant risks as defenses may not be in place yet.
What is multifactor authentication?
A security method that requires more than one item for proof of identity.
This can include something you know (password) and something you have (a token).
What are biometrics in the context of security?
Biometrics measure and analyze human body characteristics for identification or authentication.
Examples include fingerprint and facial recognition.
What is SQL injection?
A technique that targets poorly designed software by injecting malicious SQL code.
It exploits vulnerabilities in applications that do not validate user input.
What is push-button hacking?
Tools designed to easily automate cyberattacks.
Generative AI has contributed to the creation of such tools, making attacks more accessible.
What does the term ‘script kiddies’ refer to?
A pejorative term for unsophisticated hackers who use existing scripts or programs to hack rather than creating their own exploits.
They rely on tools developed by more skilled hackers.
What is the purpose of deepfakes in cybersecurity?
Deepfakes are sophisticated media created by AI that can impersonate real people or events.
They can be used for malicious purposes, including social engineering attacks.
What are the implications of AI in cybersecurity?
AI can increase the volume and sophistication of threats, but it can also enhance cybersecurity defenses.
Organizations need to be vigilant and adapt to new AI-driven threats.
What is a botnet?
A network of surreptitiously infiltrated computers controlled remotely.
Botnets can be used for various malicious activities, including DDoS attacks.
What are ‘bad apples’ in the context of information security?
Rogue employees who steal secrets, install malware, or hold a firm hostage.
They pose significant internal threats to organizational security.
What is the potential risk of poorly designed software?
It can lead to security vulnerabilities that attackers can exploit through methods like SQL injection.
All systems must be designed with security in mind to prevent such risks.
What are some tools specifically designed for cyberattacks?
WormGPT, DarkBERT, DarkBART, ChaosGPT
These tools assist in various malicious activities, including information gathering and malware creation.
What is dumpster diving?
Combing through trash to identify valuable assets
A physical threat method used to retrieve sensitive information.
