Avast ye! This be a machine-translated text, an’ it may contain errors, aye!
Datasikkerhet be about protectin’ information an’ systems from unwanted access, alteration, or destruction. To know what we be protectin’ ourselves against, we must first understand the threats, aye.
What Be a Threat, Aye?
A threat be anythin’ that can harm information, systems, or availability. It can be anythin’ from a hacker to a crewmate clickin’ on a fishin’ link, to a power outage that brings the servers down.
Common Threats
Scallywag Software (Malware)
Scallywag software be be programmin’ crafted t’ cause harm, aye. The most common types be:
| Type | What it does | Example |
|---|---|---|
| Virus | Spreads by latchin’ onto other files | Email attachments |
| Trojan Horses | Pretends t’ be useful software | Fake installin’ file |
| Ransomware | Encrypts yer files an’ demands a ransom | WannaCry, LockBit |
| Spyware | Secretly watches yer every move | Keyloggers |
Ransomware be perhaps the most fearsome threat t’ businesses today. Imagine all files on all servers suddenly bein’ encrypted an’ unavailable, arr!
Phishing
Phishing be attempts t’ trick a landlubber inta givin’ up their precious secrets (passwords, personal info) by pretendin’ t’ be someone they ain’t. ‘Tis often delivered by sea mail (email), but also by signal fires (SMS) an’ messages on the social currents.
Signs t’ look out for:
- Belay! “Yer account be closed in 24 hours!”
- Unknown sender or a sender that looks similar, but ain’t quite right (
support@micosoft.com) - Links that lead t’ a different port than what the writin’ says
- Poorly writ or generic greetin’s (“Dear Customer”)
Service Denial Attacks (DDoS)
A DDoS attack (Distributed Denial of Service) floods a service with so much traffic that it ceases to function. Think o’ thousands o’ scallywags tryin’ to pass through a single door at the same time.
‘Tis not an attempt to plunder data, but to render the service unavailable. It can be used for ransom, sabotage, or as a diversion whilst another attack be underway.
Social Manipulatin’ (social engineerin’)
Many o’ the most effective attacks be exploitin’ folk, not technology. Social manipulatin’ be about trickin’ landlubbers into doin’ things they shouldn’t.
| Method | Explanation |
|---|---|
| Phishing | False missives that look the part |
| Pretexting | Pretendin’ to be someone else (e.g. “the IT crew”) |
| Tailgating | Followin’ someone through a locked door without yer own key |
| Baiting | Leavin’ a USB stick with cursed cargo where someone finds it |
Threats to Democracy and Society
Digital threats ain’t just about single ventures, savvy? They can affect the whole of society:
| Threat | How it affects society |
|---|---|
| Misinformation | False news spreadin’ on the social media seas can sway elections and opinions |
| Deepfakes | AI-generated videos makin’ it hard to tell truth from lies |
| Cyberattacks on critical infrastructure | Attacks on the power grid, hospitals, or water supply can cripple the whole society |
| Privacy breaches | Leakage of personal data weakens trust in digital services |
| Surveillance | Excessive surveillance threatens personal freedom |
Norge er ikke immune
Norway has been subjected to several grievous cyber-attacks. The Parliament was hacked in 2020 and 2021. Østre Toten municipality was struck by ransomware in 2021, which brought down municipal services for weeks. Norsk Hydro was hit by ransomware in 2019 with costs exceeding 800 million kroner.
Foundational Protections
Ye need not fancy tools to shield yerself from most threats:
| Measure | What it protects against |
|---|---|
| Keep systems updated | Known vulnerabilities |
| Strong, unique passwords | Brute force, reuse o’ leaked passwords |
| MFA (two-factor authentication) | Access even if the password be leaked |
| Backup | Ransomware, disk failure, mishaps |
| Firewall | Unwanted network traffic |
| Training | Phishing and social engineering |
The most important factor
Most successful attacks begin with people, not technology. An updated server with a strong firewall helps little if someone clicks on a phishing link and gives away their password. Awareness is the most effective security measure.
Task 1 - Read o’ a Famous Attack
Seek out the WannaCry attack o’ 2017. ‘T struck hospitals, businesses, an’ public services ‘round the globe.
- What sort o’ villainy was it?
- How did it spread like wildfire?
- What were the consequences, aye?
- What could ‘ave prevented it? (Hint: a simple update, savvy?)
Task 2 - Spot the Phishin’
Avast ye and check out the Jigsaw Phishing Quiz from Google. ‘Tis an interactive test where ye must discern which missives be genuine and which be phishin’ attempts.
How many can ye correctly identify, aye?
Task 3 - Who Threatens Norway?
Read the latest National Digital Risk Picture from NSM (National Security Authority) at nsm.no.
- What threats does NSM highlight as the most important?
- Which sectors be most vulnerable, aye?
- Be there anythin’ that takes ye by surprise?
Summary
- Malware, phishing and DDoS be amongst the most common threats, aye.
- Social engineering exploits the crew, not the technology.
- Digital threats can affect democracy and public trust through misinformation and attacks on critical infrastructure.
- Updates, strong passwords, MFA and backups be the most important security measures.
- Training be the most effective measure against social engineering, savvy?