2.2 How to keep up to date
This section is part of the amber and green pathways.
Attackers are constantly finding new vulnerabilities and ways of attacking computer systems. Therefore, it is important to keep yourself informed and up to date with threats that are relevant to your situation.
There are many sources of news about cyber security. Many of them are extremely technical and are designed for security specialists to communicate their findings with one another, for software developers to improve their programs or academic publications. There are also plenty of free resources, written by journalists, security professionals and enthusiastic amateurs, where you can learn more even if you are new to the field. Thewebsite is a good example of this type of online resource.
The links provided below are a selection of others that are available. You are not expected to look at all of them in detail.
The best places to get started are the major media outlets, most of whom employ technology journalists. These sites will give you readable information intended for as wide an audience as possible. Many of them are updated several times a day, but they will only consider ‘newsworthy’ events such as a major hack or virus outbreak, and some will only cover news in a particular country – so you may need to look at a variety of sites:
Many sites devoted to technology will cover aspects of security on a regular basis. Most of the sites below cover other topics, so you might need to use their search functions to find relevant information.
Information security companies
There are a large number of companies selling security software to home users and to businesses. Almost all of them maintain regularly updated websites explaining new and emerging security threats and how they can be overcome.
Much of this information is technical and aimed at administrators responsible for large computer systems, but the introductory material is often quite easily understood. These sites can be the best to use when a new security issue is identified.
- National Cyber Security Centre The NCSC blog provides thought leadership and the latest news and updates from across the organisation. It provides links to other NCSC publications, and events and initiatives of the NCSC
- Krebs On Security Brian Krebs is an American journalist and investigative reporter. He is best known for his coverage of profit-seeking cybercriminals. His interest grew after a computer worm locked him out of his own computer in 2001.
- Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon’s.
- Bruce Schneier is an internationally renowned security technologist who writes a monthly newsletter, called ‘Crypt-o-gram’. He provides commentary and insights into critical security issues of the day. The content of this blog can be accessed in multiple forms, including a podcast and an email newsletter.
- Troy Hunt provides analyses of different system breaches and useful hints on how to avoid being attacked.
Activity 3 Knowing your enemies
- Cybercriminal: those carrying out cyber attacks for personal financial gain.
- Spies: those engaged in espionage activities on behalf of either commercial organisations or national governments.
- Hacktivists: those who carry out cyber attacks as a form of protest against organisations or governments.
- Insider attacker: disgruntled or dishonest staff who attack their organisation’s computer systems.
Spend 10 minutes on the internet researching the threats listed below; then spend five minutes matching the threats to one of the above type of cyber enemies.
Using the following two lists, match each numbered item with the correct letter.
b.A Facebook employee abused his access rights to stalk women
c.A hacker from one company posed as a competitor's employee in order to learn company trade secrets
d.A group of hackers changed the content of an online shopping website, for the purpose of spreading a political message
- 1 = a
- 2 = b
- 3 = d
- 4 = c