This is a machine-translated text that may contain errors!
Data security is about protecting information and systems against unwanted access, modification or destruction. To know what we need to protect ourselves against, we must first understand the threats.
What is a Threat?
A threat is anything that can harm information, systems, or availability. It can be anything from a hacker to an employee clicking on a phishing link, to a power outage that takes down the servers.
Common Threats
De vanligste truslene mot datasystemer og data er:
- Malware: Omfatter virus, ormer, trojanere og ransomware.
- Phishing: Forsøk på å lure brukere til å avsløre sensitiv informasjon, som passord og kredittkortdetaljer.
- Sosial manipulering: Utnytter menneskelig psykologi for å få tilgang til systemer eller informasjon.
- Nettverksangrep: Forsøk på å forstyrre eller kompromittere nettverksinfrastruktur. Eksempler inkluderer DDoS-angrep og man-in-the-middle-angrep.
- Datainnbrudd: Uautorisert tilgang til sensitive data.
- Insider-trusler: Trusler som kommer fra personer innenfor organisasjonen, enten med vilje eller ved uaktsomhet.
- Sårbarheter i programvare: Feil eller mangler i programvare som kan utnyttes av angripere.
Det er viktig å være oppmerksom på disse truslene og implementere tiltak for å beskytte datasystemer og data.
Malware
Malware is software designed to cause damage. The most common types are:
| Type | What it does | Example |
|---|---|---|
| Virus | Spreads by attaching itself to other files | Email attachment |
| Trojan | Poses as useful software | Fake installation file |
| Ransomware | Encrypts your files and demands ransom | WannaCry, LockBit |
| Spyware | Monitors your activity in secret | Keyloggers |
Ransomware is perhaps the most serious threat to businesses today. Imagine all files on all servers suddenly being encrypted and inaccessible.
Phishing
Phishing is an attempt to trick someone into giving away sensitive information (passwords, personal info) by pretending to be someone they are not. It often comes as email, but also SMS and messages in social media.
Characteristics:
- Urgent! “Your account will be closed in 24 hours!”
- Unknown sender or sender that resembles, but is not correct (
support@micosoft.com) - Links that go to a different address than what the text says
- Poor language or generic greetings (“Dear customer”)
Denial-of-Service Attacks (DDoS)
A DDoS attack (Distributed Denial of Service) floods a service with so much traffic that it stops functioning. Imagine thousands of people trying to go through a door at the same time.
It is not an attempt to steal data, but to make the service unavailable. It can be used for extortion, sabotage, or as a diversion while another attack is in progress.
Social engineering
Many of the most effective attacks exploit people, not technology. Social engineering is about tricking people into doing things they shouldn’t.
| Method | Explanation |
|---|---|
| Phishing | Fake emails that look credible |
| Pretexting | Pretending to be someone else (e.g. “IT department”) |
| Tailgating | Following someone through a locked door without your own access card |
| Baiting | Leaving a USB stick with malware where someone finds it |
Threats to Democracy and Society
Digital threats are not just about individual businesses. They can affect the entire society:
| Threat | How it affects society |
|---|---|
| Disinformation | False news spread on social media can influence elections and opinions |
| Deepfakes | AI-generated videos that make it difficult to distinguish real from fake |
| Cyberattacks on critical infrastructure | Attacks on the power grid, hospitals or water supply can affect the whole society |
| Privacy breaches | Leaks of personal data weaken trust in digital services |
| Surveillance | Disproportionate surveillance threatens personal freedom |
Norge er ikke immune
Norway has been subjected to several serious cyberattacks. The Storting (Norwegian Parliament) was hacked in 2020 and 2021. Østre Toten municipality was hit by ransomware in 2021, which took down municipal services for weeks. Norsk Hydro was hit by ransomware in 2019 with costs exceeding 800 million kroner.
Basic Protection
You don’t need advanced tools to protect yourself against most threats:
| Measure | What it protects against |
|---|---|
| Keep systems updated | Known vulnerabilities |
| Strong, unique passwords | Brute force, reuse of leaked passwords |
| MFA (two-factor authentication) | Access even if the password leaks |
| Backup | Ransomware, disk failure, accidents |
| Firewall | Unwanted network traffic |
| Training | Phishing and social engineering |
The most important factor
Most successful attacks start with people, not technology. An updated server with a strong firewall helps little if someone clicks on a phishing link and gives away their password. Awareness is the most effective security measure.
Task 1 - Read about a well-known attack
Look up the WannaCry attack from 2017. It affected hospitals, businesses and public services worldwide.
- What kind of malware was it?
- How did it spread?
- What were the consequences?
- What could have prevented it? (Hint: a simple update)
Task 2 - Recognize Phishing
Check out Jigsaw Phishing Quiz from Google. It is an interactive test where you have to figure out which emails are genuine and which are phishing.
How many do you get right?
Task 3 - Who Threatens Norway?
Read the latest National Digital Risk Picture from NSM (Norwegian National Security Authority) at nsm.no.
- What threats does NSM highlight as the most important?
- Which sectors are most vulnerable?
- Is there anything that surprises you?
Summary
- Malware, phishing and DDoS are among the most common threats
- Social engineering exploits people, not technology
- Digital threats can affect democracy and social trust through misinformation and attacks on critical infrastructure
- Updates, strong passwords, MFA and backup are the most important security measures
- Training is the most effective measure against social engineering