Cybersecurity All-in-One For Dummies E-Book

Cybersecurity All-in-One For Dummies®

Published by: John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030-5774, www.wiley.com

Copyright © 2023 by John Wiley & Sons, Inc., Hoboken, New Jersey

Media and software compilation copyright © 2023 by John Wiley & Sons, Inc. All rights reserved.

Published simultaneously in Canada

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without the prior written permission of the Publisher. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.

Trademarks: Wiley, For Dummies, the Dummies Man logo, Dummies.com, Making Everything Easier, and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc. and may not be used without written permission. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.

LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: WHILE THE PUBLISHER AND AUTHORS HAVE USED THEIR BEST EFFORTS IN PREPARING THIS WORK, THEY MAKE NO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF THIS WORK AND SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. NO WARRANTY MAY BE CREATED OR EXTENDED BY SALES REPRESENTATIVES, WRITTEN SALES MATERIALS OR PROMOTIONAL STATEMENTS FOR THIS WORK. THE FACT THAT AN ORGANIZATION, WEBSITE, OR PRODUCT IS REFERRED TO IN THIS WORK AS A CITATION AND/OR POTENTIAL SOURCE OF FURTHER INFORMATION DOES NOT MEAN THAT THE PUBLISHER AND AUTHORS ENDORSE THE INFORMATION OR SERVICES THE ORGANIZATION, WEBSITE, OR PRODUCT MAY PROVIDE OR RECOMMENDATIONS IT MAY MAKE. THIS WORK IS SOLD WITH THE UNDERSTANDING THAT THE PUBLISHER IS NOT ENGAGED IN RENDERING PROFESSIONAL SERVICES. THE ADVICE AND STRATEGIES CONTAINED HEREIN MAY NOT BE SUITABLE FOR YOUR SITUATION. YOU SHOULD CONSULT WITH A SPECIALIST WHERE APPROPRIATE. FURTHER, READERS SHOULD BE AWARE THAT WEBSITES LISTED IN THIS WORK MAY HAVE CHANGED OR DISAPPEARED BETWEEN WHEN THIS WORK WAS WRITTEN AND WHEN IT IS READ. NEITHER THE PUBLISHER NOR AUTHORS SHALL BE LIABLE FOR ANY LOSS OF PROFIT OR ANY OTHER COMMERCIAL DAMAGES, INCLUDING BUT NOT LIMITED TO SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR OTHER DAMAGES.

For general information on our other products and services, please contact our Customer Care Department within the U.S. at 877-762-2974, outside the U.S. at 317-572-3993, or fax 317-572-4002. For technical support, please visit https://hub.wiley.com/community/support/dummies.

Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.

Library of Congress Control Number: 2022950725

ISBN 978-1-394-15285-8 (pbk); ISBN 978-1-394-15286-5 (ePDF); ISBN 978-1-394-15287-2 (epub)

Cybersecurity All-in-One For Dummies®

To view this book's Cheat Sheet, simply go to www.dummies.com and search for “Cybersecurity All-in-One For Dummies Cheat Sheet” in the Search box.

Table of Contents

Cover

Title Page

Copyright

Introduction

About This Book

Foolish Assumptions

Icons Used in This Book

Beyond the Book

Where to Go from Here

Book 1: Cybersecurity Basics

Chapter 1: What Exactly Is Cybersecurity?

Cybersecurity Means Different Things to Different Folks

Cybersecurity Is a Constantly Moving Target

Looking at the Risks Cybersecurity Mitigates

Chapter 2: Getting to Know Common Cyberattacks

Attacks That Inflict Damage

Is That Really You? Impersonation

Messing around with Other People’s Stuff: Tampering

Captured in Transit: Interception

Taking What Isn’t Theirs: Data Theft

Cyberbombs That Sneak into Your Devices: Malware

Poisoned Web Service Attacks

Network Infrastructure Poisoning

Malvertising

Exploiting Maintenance Difficulties

Advanced Attacks

Some Technical Attack Techniques

Chapter 3: The Bad Guys You Must Defend Against

Bad Guys and Good Guys Are Relative Terms

Bad Guys Up to No Good

Cyberattackers and Their Colored Hats

How Cybercriminals Monetize Their Actions

Not All Dangers Come From Attackers: Dealing with Nonmalicious Threats

Defending against These Attackers

Book 2: Personal Cybersecurity

Chapter 1: Evaluating Your Current Cybersecurity Posture

Don’t be Achilles: Identifying Ways You May Be Less than Secure

Identifying Risks

Protecting against Risks

Evaluating Your Current Security Measures

Privacy 101

Banking Online Safely

Safely Using Smart Devices

Cryptocurrency Security 101

Chapter 2: Enhancing Physical Security

Understanding Why Physical Security Matters

Taking Inventory

Locating Your Vulnerable Data

Creating and Executing a Physical Security Plan

Implementing Physical Security

Security for Mobile Devices

Realizing That Insiders Pose the Greatest Risks

Chapter 3: Cybersecurity Considerations When Working from Home

Network Security Concerns

Device Security Concerns

Location Cybersecurity

Video Conferencing Cybersecurity

Social Engineering Issues

Regulatory Issues

Chapter 4: Securing Your Accounts

Realizing You’re a Target

Securing Your External Accounts

Securing Data Associated with User Accounts

Securing Data with Parties You’ve Interacted With

Securing Data at Parties You Haven’t Interacted With

Securing Data by Not Connecting Hardware with Unknown Pedigrees

Chapter 5: Passwords

Passwords: The Primary Form of Authentication

Avoiding Simplistic Passwords

Password Considerations

Creating Memorable, Strong Passwords

Knowing When to Change Passwords

Changing Passwords after a Breach

Providing Passwords to Humans

Storing Passwords

Transmitting Passwords

Discovering Alternatives to Passwords

Chapter 6: Preventing Social Engineering Attacks

Don’t Trust Technology More than You Would People

Types of Social Engineering Attacks

Six Principles Social Engineers Exploit

Don’t Overshare on Social Media

Leaking Data by Sharing Information as Part of Viral Trends

Identifying Fake Social Media Connections

Using Bogus Information

Using Security Software

General Cyberhygiene Can Help Prevent Social Engineering

Book 3: Securing a Business

Chapter 1: Securing Your Small Business

Making Sure Someone Is In Charge

Watching Out for Employees

Dealing with a Remote Workforce

Considering Cybersecurity Insurance

Complying with Regulations and Compliance

Handling Internet Access

Managing Power Issues

Chapter 2: Cybersecurity and Big Businesses

Utilizing Technological Complexity

Managing Custom Systems

Continuity Planning and Disaster Recovery

Looking at Regulations

Deeper Pockets — and Insured

Considering Employees, Consultants, and Partners

Looking at the Chief Information Security Officer’s Role

Chapter 3: Identifying a Security Breach

Identifying Overt Breaches

Detecting Covert Breaches

Chapter 4: Recovering from a Security Breach

An Ounce of Prevention Is Worth Many Tons of Response

Stay Calm and Act Now with Wisdom

Bring in a Pro

Recovering from a Breach without a Pro’s Help

Reinstall Damaged Software

Dealing with Stolen Information

Recovering When Your Data Is Compromised at a Third Party

Chapter 5: Backing Up

Backing Up Is a Must

Backing Up Data from Apps and Online Accounts

Backing Up Data on Smartphones

Conducting Cryptocurrency Backups

Backing Up Passwords

Looking at the Different Types of Backups

Figuring Out How Often You Should Backup

Exploring Backup Tools

Creating a Boot Disk

Knowing Where to Back Up

Knowing Where Not to Store Backups

Encrypting Backups

Testing Backups

Disposing of Backups

Chapter 6: Resetting Your Device

Exploring Two Types of Resets

Rebuilding Your Device after a Hard Reset

Chapter 7: Restoring from Backups

You Will Need to Restore

Wait! Do Not Restore Yet!

Restoring Data to Apps

Restoring from Full Backups of Systems

Restoring from Incremental Backups

Dealing with Deletions

Excluding Files and Folders

Understanding Archives

Restoring Using Backup Tools

Returning Backups to Their Proper Locations

Restoring to Non-Original Locations

Never Leave Your Backups Connected

Restoring from Encrypted Backups

Testing Backups

Restoring Cryptocurrency

Booting from a Boot Disk

Book 4: Securing the Cloud

Chapter 1: Clouds Aren’t Bulletproof

Knowing Your Business

Knowing Your SLA Agreements with Service Providers

Building Your Team

Creating a Risk Management Plan

When Security Is Your Responsibility

Avoiding Security Work with the Help of the Cloud

Chapter 2: Getting Down to Business

Negotiating the Shared Responsibility Model

SaaS, PaaS, IaaS, AaaA!

Managing Your Environment

Managing Security for Devices Not Under Your Control

Applying Security Patches

Looking Ahead

Chapter 3: Developing Secure Software

Turbocharging Development

Automating Testing during Development

Running Your Applications

Like DevOps but for Data

DevSecOps for DataOps

Meeting the Challenges of DataSecOps

Understanding That No Cloud Is Perfect

Chapter 4: Restricting Access

Determining the Level of Access Required

Understanding Least Privilege Policy

Implementing Authentication

Introducing the Alphabet Soup of Compliance

Maintaining Compliance and CSPM

Controlling Access to the Cloud

Getting Certified

Chapter 5: Implementing Zero Trust

Making the Shift from Perimeter Security

Examining the Foundations of Zero Trust Philosophy

Dealing with Zero Trust Challenges

Chapter 6: Using Cloud Security Services

Customizing Your Data Protection

Validating Your Cloud

HSM: Hardware Security Modules for the Big Kids

KMS: Key Management Services for Everyone Else

Setting Up Crypto Service Gateways

Book 5: Testing Your Security

Chapter 1: Introduction to Vulnerability and Penetration Testing

Straightening Out the Terminology

Recognizing How Malicious Attackers Beget Ethical Hackers

Understanding the Need to Hack Your Own Systems

Understanding the Dangers Your Systems Face

Following the Security Assessment Principles

Using the Vulnerability and Penetration Testing Process

Chapter 2: Cracking the Hacker Mindset

What You’re Up Against

Who Breaks into Computer Systems

Why They Do It

Planning and Performing Attacks

Maintaining Anonymity

Chapter 3: Developing Your Security Testing Plan

Establishing Your Goals

Determining Which Systems to Test

Creating Testing Standards

Selecting Security Assessment Tools

Chapter 4: Hacking Methodology

Setting the Stage for Testing

Seeing What Others See

Scanning Systems

Determining What’s Running on Open Ports

Assessing Vulnerabilities

Penetrating the System

Chapter 5: Information Gathering

Gathering Public Information

Mapping the Network

Chapter 6: Social Engineering

Introducing Social Engineering

Starting Your Social Engineering Tests

Knowing Why Attackers Use Social Engineering

Understanding the Implications

Performing Social Engineering Attacks

Social Engineering Countermeasures

Chapter 7: Physical Security

Identifying Basic Physical Security Vulnerabilities

Pinpointing Physical Vulnerabilities in Your Office

Book 6: Enhancing Cybersecurity Awareness

Chapter 1: Knowing How Security Awareness Programs Work

Understanding the Benefits of Security Awareness

Knowing How Security Awareness Programs Work

Recognizing the Role of Awareness within a Security Program

Disputing the Myth of the Human Firewall

Chapter 2: Creating a Security Awareness Strategy

Identifying the Components of an Awareness Program

Figuring Out How to Pay for It All

Chapter 3: Determining Culture and Business Drivers

Understanding Your Organization’s Culture

Identifying Subcultures

Interviewing Stakeholders

Partnering with Other Departments

Chapter 4: Choosing the Best Tools for the Job

Identifying Security Ambassadors

Knowing the Two Types of Communications Tools

Exploring Your Communications Arsenal

Chapter 5: Measuring Performance

Knowing the Hidden Cost of Awareness Efforts

Meeting Compliance Requirements

Collecting Engagement Metrics

Measuring Improved Behavior

Demonstrating a Tangible Return on Investment

Recognizing Intangible Benefits of Security Awareness

Knowing Where You Started: Day 0 Metrics

Chapter 6: Assembling Your Security Awareness Program

Knowing Your Budget

Choosing to Implement One Program or Multiple Programs

Gaining Support from Management

Devising a Quarterly Delivery Strategy

Deciding Whether to Include Phishing Simulations

Planning Which Metrics to Collect and When

Branding Your Security Awareness Program

Chapter 7: Running Your Security Awareness Program

Nailing the Logistics

Getting All Required Approvals

Getting the Most from Day 0 Metrics

Creating Meaningful Reports

Reevaluating Your Program

Redesigning Your Program

Considering Breaking News and Incidents

Chapter 8: Implementing Gamification

Understanding Gamification

Identifying the Four Attributes of Gamification

Figuring Out Where to Gamify Awareness

Examining Some Tactical Gamification Examples

Putting Together a Gamification Program

Promoting the Program

Index

About the Authors

Connect with Dummies

End User License Agreement

List of Tables

Book 3 Chapter 5

TABLE 5-1 A Comparison of Full, Incremental, and Differential Backups

Book 3 Chapter 7

TABLE 7-1 Restoration Processes

Book 4 Chapter 1

TABLE 1-1 Risk Levels

Book 4 Chapter 2

TABLE 2-1 Responsibilities per Service

List of Illustrations

Book 1 Chapter 2

FIGURE 2-1: A DDoS attack.

FIGURE 2-2: A man-in-the-middle interception.

FIGURE 2-3: Ransomware demanding ransom.

Book 2 Chapter 3

FIGURE 3-1: Network setup in which the work router communicates through the hom...

FIGURE 3-2: Network setup using separate routers for work and home.

Book 2 Chapter 4

FIGURE 4-1: A (slightly edited image of) a one-time credit card number generato...

FIGURE 4-2: One-time password for Snapchat generated by the app Authy — an exam...

FIGURE 4-3: A secure website.

FIGURE 4-4: Email with a link to a phony page.

FIGURE 4-5: A website as seen in a Tor browser, with the Tor circuit informatio...

Book 2 Chapter 5

FIGURE 5-1: A password manager.

FIGURE 5-2: Secure Folder, the secure area app provided by Samsung for its Andr...

FIGURE 5-3: A phone fingerprint sensor on a Samsung Galaxy S9 in an OtterBox ca...

FIGURE 5-4: An RSA SecureID brand one-time password generator hardware token.

Book 2 Chapter 6

FIGURE 6-1: A phishing email.

FIGURE 6-2: Example of a baiting message.

FIGURE 6-3: An example of an Instagram account impersonating me, using my name,...

Book 3 Chapter 1

FIGURE 1-1: Inbound access is one major difference between businesses and indiv...

Book 3 Chapter 3

FIGURE 3-1: A ransomware screen from an overt infection.

FIGURE 3-2: A defaced website (ostensibly by the hacker group known as the Syri...

FIGURE 3-3: The Microsoft Windows Task Manager.

FIGURE 3-4: An example of communication problems while streaming video. Note th...

FIGURE 3-5: Internet connections configured to use a proxy. If you do not use a...

FIGURE 3-6: The modern version of the notorious Blue Screen of Death that appea...

FIGURE 3-7: This pop-up window from adware malware attempts to scare people int...

Book 4 Chapter 1

FIGURE 1-1: Map applications, APIs, data storage, and IoT devices.

FIGURE 1-2: Color maps help visualize your risk landscape.

FIGURE 1-3: Simple spreadsheet heatmap shows the highest risk.

Book 4 Chapter 2

FIGURE 2-1: Responsibilities based on cloud service types.

Book 4 Chapter 3

FIGURE 3-1: Comparing the waterfall and agile software development methods.

FIGURE 3-2: Moving testing into coding essentially moves it left.

FIGURE 3-3: Software is made up of various components.

FIGURE 3-4: DataSecOps is the collaborative method of data analytics developmen...

Book 4 Chapter 4

FIGURE 4-1: A role-based security system grants access based on responsibilitie...

FIGURE 4-2: Limit access to trusted employees.

FIGURE 4-3: The CASB system sits between your users and your cloud access contr...

FIGURE 4-4: Certification leads to better B2B information security trust.

FIGURE 4-5: The five pillars of SOC 2 certification.

Book 4 Chapter 5

FIGURE 5-1: Using more than one type of authentication increases security.

FIGURE 5-2: Even though people are involved, communication exists between endpo...

FIGURE 5-3: The happy story of public key/private key cryptography.

FIGURE 5-4: Privileges decrease as access to sensitive data increases.

FIGURE 5-5: The NAC and CASB systems can have the same policies when it comes t...

FIGURE 5-6: Sample data flow pattern shows how simple this process can be.

Book 4 Chapter 6

FIGURE 6-1: Fobs, often placed on keyrings, provide one-time tokens without the...

FIGURE 6-2: A simple drag-and-drop interface lets you move and share files usin...

FIGURE 6-3: A typical HSM, with tamper-resistant tape.

FIGURE 6-4: A scytale revealed a message when leather was wrapped around a spec...

FIGURE 6-5: OpenDNSSEC flow diagram.

FIGURE 6-6: The SSH daemon feeds data into the syslog, which is sent to the SIE...

Book 5 Chapter 4

FIGURE 4-1: Netcraft’s web server version utility.

Book 5 Chapter 6

FIGURE 6-1: Using LUCY to start an email phishing campaign.

FIGURE 6-2: Sample email phishing template options in LUCY.

Book 6 Chapter 6

FIGURE 6-1: A sample quarterly awareness program interspersing topics.

Book 6 Chapter 7

FIGURE 7-1: Consolidated metrics dashboard.

FIGURE 7-2: Mobile device loss.

FIGURE 7-3: Phishing results bar graph.

Guide

Cover

Title Page

Copyright

Table of Contents

Begin Reading

Index

About the Authors

Pages

i

ii

1

2

3

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

338

339

340

341

342

343

344

345

346

347

348

349

350

351

352

353

354

355

356

357

358

359

360

361

362

363

364

365

366

367

368

369

370

371

372

373

374

375

376

377

378

379

380

381

382

383

384

385

386

387

388

389

390

391

392

393

394

395

396

397

398

399

400

401

402

403

404

405

406

407

408

409

410

411

412

413

414

415

416

417

418

419

420

421

422

423

424

425

426

427

429

430

431

432

433

434

435

436

437

438

439

440

441

442

443

444

445

446

447

448

449

451

452

453

454

455

456

457

458

459

460

461

462

463

464

465

466

467

468

469

470

471

473

474

475

476

477

478

479

480

481

482

483

484

485

486

487

488

489

490

491

492

493

494

495

496

497

498

499

500

501

502

503

504

505

506

507

508

509

510

511

512

513

514

515

516

517

518

519

520

521

522

523

524

525

526

527

529

530

531

532

533

534

535

536

537

538

539

541

542

543

544

545

546

547

548

549

550

551

552

553

554

555

556

557

558

559

560

561

562

563

564

565

566

567

568

569

570

571

573

574

575

576

577

578

579

580

581

582

583

584

585

586

587

589

590

591

592

593

594

595

596

597

598

599

600

601

602

603

604

605

606

607

608

609

610

611

612

613

614

615

616

617

618

619

620

621

622

623

624

625

626

627

628

629

630

631

632

633

634

635

636

637

638

639

641

642

643

644

645

646

647

648

649

650

651

652

653

654

655

656

657

658

659

660

661

662

663

664

665

666

667

668

669

670

671

672

673

674

675

676

677

678

679

680

681

682

683

684

685

686

687

688

689

690

691

692

693

694

Introduction

Computer and network security is a complex subject and an ever-moving target. Protecting your information means understanding the threats that are out there, and knowing how to defend against them. Whether you’re securing a business network, cloud data, personal computer, or smart device, the techniques and tools outlined in Cybersecurity All-in-One For Dummies can help.

About This Book

Cybersecurity All-in-One For Dummies provides the guidance, instruction, and tools you need to protect your information from cyberthieves and other ne’er do wells.

The book describes common cyberattacks and how to defend against them. You also gain insight into the bad guys who perform the attacks. Leading cybersecurity experts detail the actions you can take to enhance your personal cybersecurity and that of your small or big business. You see how to protect your devices, and data stored on a network and on the cloud.

This book provides essential instructions for testing the security of your systems. And when you’re ready to create and implement a security awareness program to help reduce potential damage caused by social engineering, physical, phishing, and other attacks, this book has got you covered.

A quick note: Sidebars (shaded boxes of text) provide details that may be of interest but are not crucial to understanding the topics being covered in the main text. Feel free to read them or skip them. You also can skip over paragraphs accompanied by the Technical Stuff icon, as text marked with this icon provides more detail about theory or other aspects of the topic covered in a section.

Foolish Assumptions

Here are some assumptions about you and why you’re picking up this book:

You want to secure your personal or business data and systems against cyberattack.

You are an aspiring information technology (IT) or security professional, or you have some background in managing or working directly in the information security field.

You’re familiar with basic computer, network, and information security concepts and terms.

You have access to a computer and a network on which to use these techniques and tools.

You have the go-ahead from your employer or your client to perform the hacking techniques described in this book.

Disclaimer: This book is intended solely for information technology (IT) and information security professionals to test the security of their (or their clients’) systems in an authorized fashion. If you choose to use the information in this book to hack or break into computer systems maliciously and without authorization, you’re on your own. Neither the authors nor anyone else associated with this book shall be liable or responsible for any unethical or criminal choices that you might make and execute using the methodologies and tools that are described in this book.

Icons Used in This Book

This important information merits repeating — and is worth remembering.

This icon flags information that is a little deeper or more conceptual than the main text. If you’re in a hurry, feel free to skip these paragraphs.

This icon flags actions that can make life easier when you’re working to secure your data and systems.

Take heed of information flagged with this icon to save yourself from problems down the road.

Beyond the Book

In addition to the material in the print or e-book you’re reading right now, this product comes with some access-anywhere goodies on the web. Check out the free Cheat Sheet for information on combatting social engineering attacks, selecting from password-cracking utilities, and creating a security awareness interview. To get this Cheat Sheet, simply go to www.dummies.com and search for “Cybersecurity All-in-One For Dummies Cheat Sheet” in the Search box.

Where to Go from Here

You don’t have to read this book from cover to cover, but you can if you like! If you want to find information on a specific aspect of cybersecurity, take a look at the table of contents or index, and then turn to the chapter or section that interests you.

For example, if you want to understand the most common cybersecurity attacks and the people to defend against, turn to Book 1. If you’re interested in enhancing your personal cybersecurity, see Book 2. To secure business data stored on your network and in the cloud, see Books 3 and 4. To test your business’s vulnerability and increase security awareness throughout your organization, see Books 5 and 6.

No matter where you start, you’ll find the information you need to secure the information stored on your personal and business devices, on networks and on the cloud. Good luck!

Book 1

Cybersecurity Basics

Contents at a Glance

Chapter 1: What Exactly Is Cybersecurity?

Cybersecurity Means Different Things to Different Folks

Cybersecurity Is a Constantly Moving Target

Looking at the Risks Cybersecurity Mitigates

Chapter 2: Getting to Know Common Cyberattacks

Attacks That Inflict Damage

Is That Really You? Impersonation

Messing around with Other People’s Stuff: Tampering

Captured in Transit: Interception

Taking What Isn’t Theirs: Data Theft

Cyberbombs That Sneak into Your Devices: Malware

Poisoned Web Service Attacks

Network Infrastructure Poisoning

Malvertising

Exploiting Maintenance Difficulties

Advanced Attacks

Some Technical Attack Techniques

Chapter 3: The Bad Guys You Must Defend Against

Bad Guys and Good Guys Are Relative Terms

Bad Guys Up to No Good

Cyberattackers and Their Colored Hats

How Cybercriminals Monetize Their Actions

Not All Dangers Come From Attackers: Dealing with Nonmalicious Threats

Defending against These Attackers

Chapter 1

What Exactly Is Cybersecurity?

IN THIS CHAPTER

Understanding the difference between cybersecurity and information security

Showing why cybersecurity is a constantly moving target

Understanding the goals of cybersecurity

Looking at the risks mitigated by cybersecurity

To improve your ability to keep yourself and your loved ones cybersecure, you need to understand what cybersecure means, what your goals should be vis-à-vis cybersecurity, and what exactly you’re securing against.

While the answers to these questions may initially seem simple and straightforward, they aren’t. As you see in this chapter, these answers can vary dramatically between people, company divisions, organizations, and even within the same entity at different times.

Cybersecurity Means Different Things to Different Folks

While cybersecurity may sound like a simple enough term to define, in actuality, from a practical standpoint, it means quite different things to different people in different situations, leading to extremely varied relevant policies, procedures, and practices. Individuals who want to protect their social media accounts from hacker takeovers, for example, are exceedingly unlikely to assume many of the approaches and technologies used by Pentagon workers to secure classified networks.

Typically, for example:

For

individuals,

cybersecurity

means that their personal data is not accessible to anyone other than themselves and others they have authorized, and that their computing devices work properly and are free from malware.

For

small business owners,

cybersecurity

may include ensuring that credit card data is properly protected and that standards for data security are properly implemented at point-of-sale registers.

For

firms conducting online business,

cybersecurity

may include protecting servers that untrusted outsiders regularly interact with.

For

shared service providers,

cybersecurity

may entail protecting numerous data centers that house numerous servers that, in turn, host many virtual servers belonging to many different organizations.

For

the government,

cybersecurity

may include establishing different classifications of data, each with its own set of related laws, policies, procedures, and technologies.

The bottom line is that while the word cybersecurity is easy to define, the practical expectations that enters people’s minds when they hear the word vary quite a bit.

Technically speaking, cybersecurity is the subset of information security that addresses information and information systems that store and process data in electronic form, whereas information security encompasses the security of all forms of data (for example, securing a paper file and a filing cabinet).

That said, today, many people colloquially interchange the terms, often referring to aspects of information security that are technically not part of cybersecurity as being part of the latter. Such usage also results from the blending of the two in many situations. Technically speaking, for example, if someone writes down a password on a piece of paper and leaves the paper on a desk where other people can see the password instead of placing the paper in a safe deposit box or safe, that person has violated a principle of information security, not of cybersecurity, even though those actions may result in serious cybersecurity repercussions.

Cybersecurity Is a Constantly Moving Target

While the ultimate goal of cybersecurity may not change much over time, the policies, procedures, and technologies used to achieve it change dramatically as the years march on. Many approaches and technologies that were more than adequate to protect consumers’ digital data in 1980, for example, are effectively worthless today, either because they’re no longer practical to employ or because technological advances have rendered them obsolete or impotent.

While assembling a complete list of every advancement that the world has seen in recent decades and how such changes impact cybersecurity is effectively impossible, we can examine several key development areas and their impacts on the ever-evolving nature of cybersecurity: technological changes, economic model shifts, and outsourcing.

Technological changes

Technological changes tremendously impact cybersecurity. New risks come along with the new capabilities and conveniences that new offerings deliver. As the pact of technological advancement continues to increase, therefore, so does the pace of new cybersecurity risks. While the number of such risks created over the past few decades as the result of new offerings is astounding, the areas described in the following sections have yielded a disproportionate impact on cybersecurity.

Digital data

In the last few decades, dramatic changes have occurred in the technologies that exist, as well as who use such technologies, how they do so, and for what purposes. All of these factors impact cybersecurity.

Consider, for example, that when many of the people alive today were children, controlling access to data in a business environment simply meant that the data owner placed a physical file containing the information into a locked cabinet and gave the key to only people the owner recognized as being authorized personnel and only when they requested the key during business hours. For additional security, the data owner may have located the cabinet in an office that was locked after business hours and which itself was in a building that was also locked and alarmed.

Today, with the digital storage of information, however, simple filing and protection schemes have been replaced with complex technologies that must automatically authenticate users who seek the data from potentially any location at potentially any time, determine whether the users are authorized to access a particular element or set of data, and securely deliver the proper data — all while preventing any attacks against the system servicing data requests, any attacks against the data in transit, and any of the security controls protecting the both of them.

Furthermore, the transition from written communication to email and chat has moved tremendous amounts of sensitive information to Internet-connected servers. Likewise, society’s move from film to digital photography and videography has increased the stakes for cybersecurity. Nearly every photograph and video taken today is stored electronically rather than on film and negatives — a situation that has enabled criminals situated anywhere to either steal people’s images and leak them, hold people’s valuable images ransom with ransomware, or use them to create turmoil in people’s personal lives by creating fake profiles on dating sites, for example. The fact that movies and television shows are now stored and transmitted electronically has likewise allowed pirates to copy them and offer them to the masses — sometimes via malware-infested websites.

The Internet

The most significant technological advancement when it comes to cybersecurity impact has been the arrival of the Internet era, and, more specifically, the transformation of the Internet from a small network connecting researchers at a few universities to an enormous worldwide communication system utilized by a tremendous number of people, businesses, and organizations. In recent years, the Internet has also become the conduit for communication both by billions of smart devices and by people remotely connecting to industrial control systems. Just a few decades ago, it was unfathomable that hackers from across the globe could disrupt a business, manipulate an election, create a fuel shortage, pollute drinking water, or steal a billion dollars. Today, no knowledgeable person would dismiss any such possibilities.

Prior to the Internet era, it was extremely difficult for the average hacker to financially profit by hacking. The arrival of online banking and commerce in the 1990s, however, meant that hackers could directly steal money or goods and services — which meant that not only could hackers quickly and easily monetize their efforts, but unethical people had strong incentives to enter the world of cybercrime.

Cryptocurrency

Compounding those incentives severalfold has been the arrival and proliferation of cryptocurrency over the past decade, along with innovation that has dramatically magnified the potential return-on-investment for criminals involved in cybercrime, simultaneously increasing their ability to earn money through cybercrime and improving their ability to hide while doing so. Criminals historically faced a challenge when receiving payments since the account from which they ultimately withdrew the money could often be tied to them. Cryptocurrency effectively eliminated such risks.

In addition, not only has the dramatic rise in the value of cryptocurrencies held by criminals over the past few years enriched many crooks, providing evildoers with the resources to invest in enhancing their cyber-arsenals, but also the public’s perception of cryptocurrency as a quick way to get rich has helped scammers perpetuate all sorts of social engineering–based cybercrimes related to cryptocurrency investing.

Furthermore, the availability and global liquidity of cryptocurrency has helped criminals launder money obtained through the perpetration of all sorts of crimes.

Mobile workforces and ubiquitous access

Not that many years ago, in the pre-Internet era, it was impossible for hackers to access corporate systems remotely because corporate networks were not connected to any public networks, and often had no dial-in capabilities. Executives on the road would often call their assistants to check messages and obtain necessary data while they were remote. In later years they may have connected to corporate networks via special dial-up connections using telephone-line–based private lines for extremely limited access to only one or two specific systems.

Connectivity to the Internet, of course, created risk, but initially most firewalls were set up in ways that did not allow people outside the organization to initiate communications — so, short of firewall misconfigurations and/or bugs, most internal systems remained relatively isolated. The dawn of e-commerce and e-banking, of course, meant that certain production systems had to be reachable and addressable from the outside world, but employee networks, for example, usually remained generally isolated.

The arrival of remote access technologies — starting with services like Outlook Web Access and pcAnywhere, and evolving to full VPN and VPN-like access — has totally changed the game.

The dramatic reduction in the cost of cellular-based high-speed Internet access and the availability of mobile data plans supporting data limits sufficient enough to allow effective full-time use have dramatically reduced the need for utilizing public Wi-Fi connections. Risks that one might have deemed reasonable to take a few years ago in order to achieve various business aims have become unnecessary, and as such, policies and procedures regarding public Wi-Fi access must be updated.

Smart devices

Likewise, the arrival of smart devices and the Internet of Things (the universe of devices that are connected to the Internet, but that are not traditional computers) — whose proliferation and expansion are presently occurring at a startling rate — means that unhackable solid-state machines are being quickly replaced with devices that can potentially be controlled by hackers halfway around the world.

Globalization has also meant that cheap Internet of Things (IoT) devices can be ordered by consumers in one country from a supplier in another country halfway around the world — introducing without any oversight all sorts of unknown hardware into personal and corporate environments.

Big data

While big data is helping facilitate the creation of many cybersecurity technologies, it also creates opportunities for attackers. By correlating large amounts of information about the people working for an organization, for example, criminals can more easily than before identify ideal methods for social engineering their way into the organization or locate and exploit possible vulnerabilities in the organization’s infrastructure. As a result, various organizations have been effectively forced to implement all sorts of controls to prevent the leaking of information, and the practices of many organizations have invited all sorts of accusations around data misuse and inappropriate protections from both employees and outsiders.

The COVID-19 pandemic

The COVID-19 pandemic served as a watershed moment in the history of cybersecurity. By forcing people to stay home in environments that are unprecedentedly isolated from one another, the novel coronavirus dramatically — and likely permanently — changed the way people in the Western world work, thereby yielding multiple, significant impacts on cybersecurity.

In the short term, the pandemic created all sorts of cybersecurity problems. Organizations that had no work-from-home infrastructures in place, or had such infrastructure but only for a limited portion of their employee populations, were suddenly faced with having to enable people to work from home — often without the ability to prepare users, policies, procedures, and technologies in advance. Many such businesses could not distribute laptops or security devices fast enough to prevent work stoppages, and as a result, relied on users to utilize their personal devices for work purposes without any additional security layers added.

Likewise, few organizations offered their employees separate Internet connections or separate routers for their remote workstations, so remote workers were nearly always sharing physical and logical networks with their other personal devices and possibly with their children who may have been gaming and/or attending virtual school. The security risks of doing such is discussed in detail in Book 2, Chapter 3.

Compounding COVID-19–inflicted cybersecurity problems was the fact that while many employers did provide some forms of endpoint security software, many did not, and even those that did rarely addressed any hardware-based risks. To this day, for example, many employers have no idea what router models their employees are using for remote access or when such devices were last updated.

Another major cybersecurity concern created by the pandemic has been that communications between employees shifted from conference rooms to remote meetings, opening the doors for hackers to disrupt communications or steal confidential information. The problems were so bad that a new term “zoom bombing” was coined in 2020 to refer to the practice of mischievous folks joining and wreaking havoc in virtual meetings to which they were never invited.

Of course, the fact that people who would otherwise work together in the same location are suddenly unable to communicate quickly in person has also opened the door for many social engineering attacks. For example, a CFO who receives an email from the boss asking that the company pay a certain party for services cannot verify the validity of the request as the CFO has done many times in the past by walking ten feet to the boss’s office to confirm that the boss actually sent the message.

Likewise, people working in homes in which children are in virtual school, or quarantined, or simply living, often suffer from far more interruptions than they would had they been working in an office setting. Interruptions often lead to mistakes, and mistakes often lead to cybersecurity problems. The stress of remaining socially isolated for long periods of time also increases the odds of people making dangerous cybersecurity errors.

At a macro level, the sudden shift to work-at-home arrangements has meant that many cybersecurity professionals are increasingly overwhelmed, a problem further exacerbated by organizations having to reallocate resources — sometimes shifting both people and money from security projects to efforts to ensure continuity of operations.

And, of course, being confined to their homes has afforded many hackers more time to work on their crafts as well, perhaps contributing to the significant rise in the number of zero-day attacks and other newer forms of cybersecurity attacks seen since the pandemic’s onset. Book 1, Chapter 2 dives into many of the common cyberattacks that are out there.

Entire books have been written on the impact of technological advancement. The main point to understand is that technological advancement has had a significant impact on cybersecurity, making security harder to deliver and raising the stakes when parties fail to properly protect their assets. In addition, unforeseen developments, such as pandemics, can bring sudden, huge technological changes that carry with them tremendous cybersecurity dangers.

Social shifts

Various changes in the ways that humans behave and interact with one another have also had a major impact on cybersecurity. The Internet, for example, allows people from all over the world to interact in real-time. Of course, this real-time interaction also enables criminals all over the world to commit crimes remotely. But it also allows citizens of repressive countries and free countries to communicate, creating opportunities for dispelling the perpetual propaganda utilized as excuses for the failure of totalitarianism to produce quality of lives on par with the democratic world. At the same time, it also delivers to the cyberwarriors of governments at odds with one another the ability to launch attacks via the same network.

The conversion of various information management systems from paper to computer, from isolated to Internet-connected, and from accessible-only-in-the-office to accessible from any smartphone or computer has dramatically changed the equation when it comes to what information hackers can steal. And the COVID-19 pandemic has brought many of these issues to the forefront.

Furthermore, in many cases in which technological conversions were, for security reasons, not initially done, the pressure emanating from the expectations of modern people that every piece of data be available to them at all times from anywhere has forced such conversions to occur, creating additional opportunities for criminals. To the delight of hackers, many organizations that, in the past, wisely protected sensitive information by keeping it offline have simply lost the ability to enjoy such protections if they want to stay in business. No modern example portrays this as well as the sudden global shift to remote working arrangements in 2020.

Social media has also transformed the world of information — with people growing accustomed to sharing far more about themselves than ever before — often with audiences far larger than before as well. Today, due to the behavioral shift in this regard, it is trivial for evildoers from anywhere to assemble lists of a target’s friends, professional colleagues, and relatives and to establish mechanisms for communication with all those people. Likewise, it is easier than ever before to find out what technologies a particular firm utilizes and for what purposes, discover people’s travel schedules, and ascertain their opinions on various topics or their tastes in music and movies. The trend toward increased sharing continues. Most people remain blindly unaware of, and unconcerned with, how much information about them lives on Internet-connected machines and how much other information about them can be extrapolated from the aforementioned data.

All these changes have translated into a scary reality: Due to societal shifts, evildoers can easily launch much larger, more sophisticated social engineering attacks today than they could just a few years.

Economic model shifts

Connecting nearly the entire world has allowed the Internet to facilitate other trends with tremendous cybersecurity ramifications. Operational models that were once unthinkable, such as that of an American company utilizing a call center in India and a software development shop in the Philippines, have become the mainstay of many corporations. These changes, however, create cybersecurity risks of many kinds.

The last 20 years have seen a tremendous growth in the outsourcing of various tasks from locations in which they’re more expensive to carry out to regions in which they can be accomplished at much lower costs. The notion that a company in the United States could rely primarily on computer programmers in India or in the Philippines or that entrepreneurs in New York seeking to have a logo made for their business could, shortly before going to bed, pay someone halfway around the globe $5.50 to create it and have the logo in their email inbox immediately upon waking up the next morning, would have sounded like economic science-fiction a generation ago. Today, it’s not only common, but also in many cases, it is more common than any other method of achieving similar results.

Of course, many cybersecurity ramifications result from such transformations of how people do business.

Data being transmitted needs to be protected from destruction, modification, and theft, and globalization means that greater assurance is needed to ensure that back doors are not intentionally or inadvertently inserted into code. Greater protections are needed to prevent the theft of intellectual property and other forms of corporate espionage. Code developed in foreign countries, for example, may be at risk of having backdoors inserted by agents of their respective governments. Likewise, computer equipment may have backdoors inserted into hardware components — a problem the U.S. government is struggling with addressing as this book goes to print.

Hackers no longer necessarily need to directly breach the organizations they seek to hack; they merely need to compromise one or more of the organizations’ providers. And such providers may be far less careful with their information security and personnel practices than the ultimate target, or may be subject to manipulation by governments far less respectful of people’s rights than are the powers-that-be in the ultimate targets’ location.

Political shifts

As with advances in technology, political shifts have had tremendous cybersecurity repercussions, some of which seem to be permanent fixtures of news headlines. The combination of government power and mighty technology has often proven to be a costly one for ordinary people. If current trends continue, the impact on cybersecurity of various political shifts will continue to grow substantially in the foreseeable future.

Data collection

The proliferation of information online and the ability to attack machines all over the world have meant that governments can spy on citizens of their own countries and on the residents of other nations to an extent never before possible.

Furthermore, as more and more business, personal, and societal activities leave behind digital footprints, governments have much easier access to a much greater amount of information about their potential intelligence targets than they could acquire even at dramatically higher costs just a few years ago. Coupled with the relatively low cost of digital storage, advancing big data technologies, and the expected eventual impotence of many of today’s encryption technologies due to the emergence of quantum computing and other cutting-edge developments, governments have a strong incentive to collect and store as much information as they can about as many people as they can, in case it is of use at some later date. It is more likely than not, for example, that hostile governments may have already begun compiling dossiers on the people who will eventually serve as president and vice president of the United States 25 years from now.

The long-term consequences of this phenomenon are, obviously, as of yet unknown, but one thing is clear: If businesses do not properly protect data, less-than-friendly nations are likely to obtain it and store it for use in either the short term, the long term, or both.

Election interference

A generation ago, for one nation to interfere in the elections of another was no trivial matter. Of course, such interference existed — it has occurred as long as there have been elections — but carrying out significant interference campaigns was expensive, resource-intensive, and extremely risky.

To spread misinformation and other propaganda, materials had to be printed and physically distributed or recorded and transmitted via radio, meaning that individual campaigns were likely to reach only small audiences. As such, the efficacy effects of such efforts were often quite low, and the risk of the party running the campaign being exposed was relatively high, and often carried with it the potential for severe repercussions.

Manipulating voter registration databases to prevent legitimate voters from voting and/or to allow bogus voters to vote was extremely difficult and entailed tremendous risks; someone “working on the inside” would likely have had to be nothing short of a traitor in order to have any real significant on election results. In a country such as the United States, in which voter registration databases are decentralized and managed on a county level, recruiting sufficient saboteurs to truly impact a major election would likely have been impossible, and the odds of getting caught while attempting to do so were likely extremely high.

Likewise, in the era of paper ballots cast in person and of manual vote counting, for a foreign power to manipulate actual vote counts on any large scale was impractical, if not impossible.

Today, however, the game has changed. A government can easily spread misinformation through social media at an extremely low cost. If it crafts a well-thought-out campaign, it can rely on other people to spread the misinformation — something that people could not do en masse in the era of radio recordings and printed pamphlets. The ability to reach many more people, at a much lower cost than ever before, has meant that more parties are able to interfere in political campaigns and can do so with more efficacy than in the past. Similarly, governments can spread misinformation to stir up civil discontent within their adversaries’ nations and to spread hostility between ethnic and religious groups living in foreign lands.

Insecure mail-in ballots as used throughout the United States during the 2020 presidential election aggravated mistrust. And, with voter registration databases stored electronically and sometimes on servers that are at least indirectly connected to the Internet, records may be able to be added, modified, or deleted from halfway across the globe without detection. Even if such hacking is, in reality, impossible, the fact that many citizens today believe that it may be possible has led to an undermining of faith in elections, a phenomenon that we have witnessed in recent years and that has permeated throughout all levels of society. Even Jimmy Carter, a former president of the United States, expressed at one point that that he believed that full investigation into the 2016 presidential election would show that Donald Trump lost the election — despite there being absolutely no evidence whatsoever to support such a conclusion, even after a thorough FBI investigation into the matter. Statements and actions from the other side of the political aisle — including the terrible chaos at the U.S. Capitol after the 2020 presidential election — showed clearly that concerns about election integrity, and the perception that elections might be manipulatable through cyberattacks and other technology-based techniques, are bipartisan. It is also not hard to imagine that if online voting were ever to arrive, the potential for vote manipulation by foreign governments, criminals, and even political parties within the nation voting — and for removing the ballot auditability that exists today — would grow astronomically.

In an indication of how much concern is growing around potential election manipulation, consider that a decade ago, the United States did not consider election-related computer systems to be critical infrastructure, and did not directly provide federal funding to secure such systems. Today, most people understand that the need for cybersecurity in such areas is of paramount importance, and the policies and behavior of just a few years ago seems nothing short of crazy.

Hacktivism

Likewise, the spread of democracy since the collapse of the Soviet Union a generation ago, coupled with Internet-based interaction between people all over the globe, has ushered in the era of hacktivism. People are aware of the goings-on in more places than in the past. Hackers angry about some government policy or activity in some location may target that government or the citizens of the country over which it rules from places far away. Likewise, citizens of one country may target entities in another country with whose policies they disagree, or whose government they consider a national adversary.

Greater freedom

At the same time, repressed people are now more aware of the lifestyles of people in freer and more prosperous countries, a phenomenon that has both forced some governments to liberalize, and motivated others to implement cybersecurity-type controls to prevent using various Internet-based services.

Sanctions

Another political ramification of cybersecurity pertains to international sanctions: Rogue states subject to such sanctions have been able to use cybercrime of various forms to circumvent such sanctions.

For example, North Korea is believed to have spread malware that mines cryptocurrency for the totalitarian state to computers all over the world, thereby allowing the country to circumvent sanctions by obtaining liquid money that can easily be spent anywhere.

Thus, the failure by individuals to adequately secure their personal computers can directly impact political negotiations.

New balances of power

While the militaries of certain nations have long since grown more powerful than those of their adversaries — both the quality and quantity of weapons vary greatly between nations — when it comes to cybersecurity the balance of power is totally different.

While the quality of cyberweapons may vary between countries, the fact that launching cyberattacks costs little means that all militaries have an effectively unlimited supply of whatever weapons they use. In fact, in most cases, launching millions of cyberattacks costs little more than launching just one.

Also, unlike in the physical world in which any nation that bombed civilian homes in the territory of its adversary can reasonably expect to face a severe reprisal, rogue governments regularly hack with impunity people in other countries. Victims often are totally unaware that they have been compromised, rarely report such incidents to law enforcement, and certainly don’t know whom to blame.