2.2 How to keep up to date
Attackers are constantly finding new vulnerabilities and ways of attacking computer systems. Therefore, it is important to keep yourself informed and up to date with threats that are relevant to your situation.
There are many sources of news about cyber security. Many of them are extremely technical and are designed for security specialists to communicate their findings with one another, for software developers to improve their programs or academic publications. There are also plenty of free resources, written by journalists, security professionals and enthusiastic amateurs, where you can learn more even if you are new to the field. Thewebsite is a good example of this type of online resource.
The links provided below are a selection of others that are available. You are not expected to look at all of them in detail.
The best places to get started are the major media outlets, most of whom employ technology journalists. These sites will give you readable information intended for as wide an audience as possible. Many of them are updated several times a day, but they will only consider ‘newsworthy’ events such as a major hack or virus outbreak, and some will only cover news in a particular country – so you may need to look at a variety of sites:
Many sites devoted to technology will cover aspects of security on a regular basis. Most of the sites below cover other topics, so you might need to use their search functions to find relevant information.
Information security companies
There are a large number of companies selling security software to home users and to businesses. Almost all of them maintain regularly updated websites explaining new and emerging security threats and how they can be overcome.
Much of this information is technical and aimed at administrators responsible for large computer systems, but the introductory material is often quite easily understood. These sites can be the best to use when a new security issue is identified.
- Krebs On Security Brian Krebs is an American journalist and investigative reporter. He is best known for his coverage of profit-seeking cybercriminals. His interest grew after a computer worm locked him out of his own computer in 2001.
- Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon’s.
- Bruce Schneier is an internationally renowned security technologist who writes a monthly newsletter, called ‘Crypt-o-gram’. He provides commentary and insights into critical security issues of the day. The content of this blog can be accessed in multiple forms, including a podcast and an email newsletter.
- Troy Hunt provides analyses of different system breaches and useful hints on how to avoid being attacked.
Activity _unit2.2.1 Activity 3 Knowing your enemies
Carry out some research about different cyber security threats and the types of groups who pose the threat.
Using the information sources above find out about:
- a threat to your information, computers and other devices that arise from malware
- a threat to your communications (such as spam and denial of service (DoS) or distributed denial of service (DDoS) attacks, often launched using botnets).
For each threat, try to identify the type of individuals or organisations that are posing the threat. Which of the following types would best describe them?
- Cybercriminal: those carrying out cyber attacks for personal financial gain.
- Spies: those engaged in espionage activities on behalf of either commercial organisations or national governments.
- Hacktivists: those who carry out cyber attacks as a form of protest against organisations or governments.
- Insider attacker: disgruntled or dishonest staff who attack their organisation’s computer systems.
If you identify a different type of attacker, how would you describe it?
Spend 10–15 minutes researching, then spend five minutes noting down your findings in the space below.