This here’s a machine-translated text that might contain errors!
Data security is all about protectin’ yer information and systems from folks gettin’ in where they ain’t supposed to, changin’ things, or just plain breakin’ ‘em. To know what we gotta defend against, we gotta first understand the dangers lurkin’ about.
What’s a Threat, Anyways?
A threat is anythin’ that can harm information, systems, or availability. It can be anythin’ from a hacker to an employee clickin’ on a phishin’ link, to a power outage that takes down the servers.
Common Threats
Critters (Malware)
Critters are software built to cause harm. The most common types:
| Type | What it does | Example |
|---|---|---|
| Virus | Spreads by attachin’ itself to other files | Email attachments |
| Trojans | Pretends to be useful software | Fake installation file |
| Ransomware | Encrypts yer files and demands ransom | WannaCry, LockBit |
| Spyware | Secretly monitors yer activity | Keyloggers |
Ransomware is maybe the most serious threat to businesses today. Imagine all the files on all yer servers suddenly bein’ encrypted and unavailable.
Phishing
Phishing’s when some varmint tries to trick ya into givin’ up yer private info (passwords, personal details) by pretendin’ to be someone they ain’t. It usually comes as an email, but also as texts and messages on them social media sites.
Signs to look out for:
- It’s urgent! “Yer account’ll be shut down in 24 hours!”
- Sender’s unknown or looks similar, but ain’t quite right (
support@micosoft.com) - Links that lead to a different place than what the text says
- Poor writin’ or generic greetin’s (“Dear Customer”)
Service Denial Attacks (DDoS)
A DDoS attack (Distributed Denial of Service) floods a service with so much traffic it stops workin’. Think of thousands of folks tryin’ to go through a door all at once.
It ain’t an attempt to steal data, but to make the service unavailable. It can be used for blackmail, sabotage, or as a distraction while another attack is happenin’.
Social Manipulatin’ (social engineerin’)
Many o’ the most effective attacks take advantage o’ folks, not technology. Social manipulatin’ is about trickin’ people into doin’ things they shouldn’t.
| Method | Explanation |
|---|---|
| Phishing | Fake emails that look the real deal |
| Pretexting | Pretendin’ to be someone else (like “the IT department”) |
| Tailgating | Followin’ someone through a locked door without yer own keycard |
| Baiting | Leavin’ a USB stick with malware where someone’ll find it |
Threats to Democracy and Society
Digital threats ain’t just about single businesses. They can affect the whole darn community:
| Threat | How it affects the community |
|---|---|
| Misinformation | Fake news spreadin’ on social media can sway elections and opinions |
| Deepfakes | AI-generated videos makin’ it hard to tell what’s real from what’s not |
| Cyberattacks on critical infrastructure | Attacks on the power grid, hospitals, or water supply can hit the whole community hard |
| Privacy breaches | Leakin’ personal data weakens trust in digital services |
| Surveillance | Excessive surveillance threatens personal freedom |
Norge er ikke immune
Norway ain’t safe from this neither.
Norway’s been hit with a heap of serious cyberattacks. Parliament got hacked in 2020 and 2021. Østre Toten municipality got slammed with ransomware in 2021, which shut down town services for weeks. Norsk Hydro got hit with ransomware in 2019, costin’ ‘em over 800 million kroner.
Basic Protection
You don’t need fancy tools to protect yerself from most threats:
| Measure | What it protects against |
|---|---|
| Keep systems updated | Known vulnerabilities |
| Strong, unique passwords | Brute force, reuse of leaked passwords |
| MFA (two-factor authentication) | Access even if the password leaks |
| Backup | Ransomware, disk failure, accidents |
| Firewall | Unwanted network traffic |
| Training | Phishing and social engineering |
The most important factor
Most successful attacks start with people, not technology. An updated server with a strong firewall helps little if someone clicks on a phishing link and gives away their password. Awareness is the most effective security measure.
Task 1 - Read ‘bout a Famous Attack
Look up the WannaCry attack from 2017. It hit hospitals, businesses, and public services ‘round the world.
- What kinda malware was it?
- How did it spread?
- What were the consequences?
- What coulda prevented it? (Hint: a simple update)
Task 2 - Spot the Phishin’
Check out the Jigsaw Phishing Quiz from Google. It’s an interactive test where ya gotta figure out which emails are legit and which ones are tryin’ to swindle ya.
How many can ya get right?
Task 3 - Who’s Threatenin’ Norway?
Read the latest National Digital Risk Picture from NSM (National Security Authority) at nsm.no.
- What threats does NSM highlight as the most important?
- Which sectors are most vulnerable?
- Is there anything that surprises ya?
Summin’ It Up
- Malware, phishin’, and DDoS are amongst the most common threats, y’all.
- Social engineerin’ takes advantage of folks, not the technology itself.
- Digital threats can affect democracy and public trust through misinformation and attacks on critical infrastructure.
- Updates, strong passwords, MFA, and backups are the most important security measures.
- Trainin’ is the most effective measure against social engineerin’.