Week 1: Threat landscape
1 Online, the new frontline
Welcome to this free course, Introduction to cyber security: stay safe online.
Cory Doctorow is your guide through this course. He is a visiting professor at The Open University. He’ll meet you at the start of each week to let you know what’s coming up and remind you of what you’ve learned so far to help you make the most of your learning.
About the course
Your journey into the world of cyber security and protecting your digital life has been organised into eight weeks of study. The first three weeks focus on understanding the basics of cyber security. This includes an exploration of the security threat landscape, together with some of the basic techniques for protecting your computers and your online information.
You’ll then look ‘under the hood’, exploring some of the technologies that underpin the internet and cyber security. This will include gaining an understanding of how computers are connected in a network and how the data transmitted across that network is kept secure.
In the final two weeks of the course, you’ll look at what can be done if you suffer a successful cyber security attack and how to develop an action plan. As part of this, you’ll learn about both the legal and technical aspects of recovering from an attack.
This course will not only help you take steps to protect yourself online, such as how to create a strong password, but also provide an overview of cyber security from the security threat landscape to how the internet works. It will also provide a foundation for further study of this important discipline.
To test your knowledge you can try the end-of-week practice and end-of-course compulsory badge quizzes.
Before you start, The Open University would really appreciate a few minutes of your time to tell us about yourself and your expectations of the course. Your input will help to further improve the online learning experience. If you’d like to help please fill in this.
We shop online. We work online. We play online. We live online. More and more, our lives depend on online, digital services. Almost everything can be done online – from shopping and banking to socialising and card making – and all of this makes the internet, also known as cyberspace, an attractive target for criminals.
Large-scale cyber security breaches often make the headlines but about 70% of organisations are keeping their worst security incidents under wraps, so what makes the news is just a small proportion of the breaches that are actually taking place. Britain is being targeted by up to 1,000 cyber attacks every hour.
We all have a responsibility to protect services from being maliciously disrupted or misused, through our vigilance, through our own security measures and through reporting events when they arise.
The knowledge, tools and best practices relating to protecting the computers, communications networks, programs and data that make our digital lives possible are collectively referred to as cyber security, or information security. For the purposes of this course, we use the two terms interchangeably.
Behind the numbers
Cyber security is definitely one of those areas where you need to evaluate the validity of any information you find online before accepting it. The figures about the prevalence and under-reporting of cyber attacks comes from a 2010 CyberSecurity Watch survey carried out in the US by a number of organisations, including the US Computer Emergency Response Team. The survey states that ‘the public may not be aware of the number of incidents because almost three-quarters (72%), on average, of the insider incidents are handled internally without legal action or the involvement of law enforcement.’
The estimate of 1,000 attacks per hour is based on the BIS Cyber Security Breaches Survey 2014. We took the number of organisations that reported that they were attacked ‘hundreds of times a day’ in different ways, and assumed that each of these responses were attacked a minimum of 100 times per day, we worked out that there were at least 24,156 attacks per day across the 1,098 organisations surveyed. Dividing this by 24 suggests that there are a minimum of 1,000 attacks per hour.
Let’s get started by learning some of the basic terminology used when discussing cyber security.