Page 108 - Data Science class 11
P. 108
Only after the scam messages were published and noticed by the press, Twitter noticed the dubious activity in the
admin tool. User and entity behavior analytics and privileged access management solutions could have helped the
company prevent access to the admin tools and speedily detect forbidden activity.
Scammer is a person who makes unsolicited phone calls by posing as a representative of a renowned computer or software
company. He/she may even place deceptive pop-up Internet advertisements to try persuade someone that something is
seriously wrong with their computer that must be fixed on an urgent basis.
1.7 cyBEr attacks
A cyber attack is an assault launched to incapacitate computers or networks, steal, modify or expose data, or use a
breached computer system to launch further attacks. Cybercriminals use different methods to launch a cyber attack
that includes malware, phishing, ransomware, man-in-the-middle attack, etc.
1.7.1 methods of cyber attacks
There are various methods an external attacker can use to gain access to internal systems and data:
• Social engineering and phishing attacks: In this, sensitive information can be guessed or acquired through
employees. For example, an outsider posing as a known in the company.
• Hacking: It is through hacking that malicious individuals gain access to code and authentication systems via security
loopholes.
• Ransomware: It is defined as a malicious code that encrypts existing files. Once, the encryption is employed, the
attacker demands ransom money from victim in exchange for releasing the data.
• Denial of Service (DoS) Attacks: This attack makes websites or online services unreachable by users by flooding the
server with requests.
• Physical theft: When through theft, an unauthorised access through a system or devices like mobile phones, laptops,
etc. is made, allowing users access to sensitive data, this is known as physical theft.
• Malicious USB drop attack: It happens when hackers get malware onto a system by leaving pen drive loaded
with malicious software in a place where they know such pen drives will be picked up and plugged into systems by
someone due to curiosity.
• 3rd-party apps: Hackers use such apps to infect systems with malware. Gooligan is one such example of a 3rd-party
app.
1.8 sEcUrity chEckUP
You must ensure your organisation has policies and training in place to prevent data breaches before hackers get
through. This includes:
• Training employees on security hygiene.
• Having a BYOD (bring your own device) policy.
• Segment your Wi-Fi network, so that employees who want to use it for their devices can do so without.
• Use multilevel access authorisations, only allowing those who need access to the most sensitive information in your
organization.
• Monitor your network for anything out of the ordinary.
• Use encryption to protect the most sensitive data.
106 Touchpad Data Science-XI

