Page 108 - Data Science class 11
P. 108

Only after the scam messages were published and noticed by the press, Twitter noticed the dubious activity in the
        admin tool. User and entity behavior analytics and privileged access management solutions could have helped the
        company prevent access to the admin tools and speedily detect forbidden activity.





             Scammer is a person who makes unsolicited phone calls by posing as a representative of a renowned computer or software
             company. He/she may even place deceptive pop-up Internet advertisements to try persuade someone that something is
             seriously wrong with their computer that must be fixed on an urgent basis.

        1.7  cyBEr attacks

        A cyber attack is an assault launched to incapacitate computers or networks, steal, modify or expose data, or use a
        breached computer system to launch further attacks. Cybercriminals use different methods to launch a cyber attack
        that includes malware, phishing, ransomware, man-in-the-middle attack, etc.

        1.7.1 methods of cyber attacks
        There are various methods an external attacker can use to gain access to internal systems and data:

           • Social  engineering  and  phishing  attacks: In this, sensitive information can be guessed or acquired through
          employees. For example, an outsider posing as a known in the company.
           • Hacking: It is through hacking that malicious individuals gain access to code and authentication systems via security
          loopholes.
           • Ransomware: It is defined as a malicious code that encrypts existing files. Once, the encryption is employed, the
          attacker demands ransom money from victim in exchange for releasing the data.
           • Denial of Service (DoS) Attacks: This attack makes websites or online services unreachable by users by flooding the
          server with requests.
           • Physical theft: When through theft, an unauthorised access through a system or devices like mobile phones, laptops,
          etc. is made, allowing users access to sensitive data, this is known as physical theft.
           • Malicious  USB  drop  attack: It happens when hackers  get malware onto a system by leaving pen drive loaded
          with malicious software in a place where they know such pen drives will be picked up and plugged into systems by
          someone due to curiosity.
           • 3rd-party apps: Hackers use such apps to infect systems with malware. Gooligan is one such example of a 3rd-party
          app.


        1.8  sEcUrity chEckUP

        You must ensure your organisation has policies and training in place to prevent data breaches before hackers get
        through. This includes:
           • Training employees on security hygiene.
           • Having a BYOD (bring your own device) policy.
           • Segment your Wi-Fi network, so that employees who want to use it for their devices can do so without.
           • Use multilevel access authorisations, only allowing those who need access to the most sensitive information in your
          organization.
           • Monitor your network for anything out of the ordinary.
           • Use encryption to protect the most sensitive data.



          106   Touchpad Data Science-XI
   103   104   105   106   107   108   109   110   111   112   113