MODULE CONTENTS
This first introductory module presents an overview of the cyber threat, its context, its stakes and the importance of taking IT security into account for companies and organizations. It also aims to motivate employees to get involved in the subject.
PEDAGOGICAL OBJECTIVES
Introduce the subject of e-learning
Knowing the different types of computer attacks
Understand the motivations of hackers
Engaging employees
The digital world has evolved along with the changing threats.
Hackers are constantly adapting their techniques to achieve their goals. The hacker can work alone or in a team. Their motivations differ, such as data theft and identity theft, espionage, destabilization of a company or a country, or simply by personal challenge. For example, the famous "Anonymous" organize punitive operations against companies by attacking them through hacking sites or databases.
There are different types of attacks: mass attacks and targeted attacks.
Mass attacks do not care about the person being attacked. The principle is to take control of several poorly secured connected objects, such as computers but also surveillance cameras, to form a network of devices called a "botnet". This botnet will allow to send fraudulent mass emails to obtain information. This is the case of "phishing" or "ransomware" type attacks. They are inexpensive to carry out for an experienced hacker.
Targeted attacks are focused on an individual or a company. Hackers collect information carefully to penetrate their networks and find what they are looking for. These attacks take longer to execute. The consequences for the company can be catastrophic, such as theft of patents, money, damage to image or even paralysis.
To protect against these attacks, it is necessary to :
destroy suspicious messages without responding to them
choose secure passwords
do not execute instructions from a stranger
catch up
be vigilant about the information you disclose on the web and on social networks
Today we are connected everywhere, at work, at home, in transport, abroad... We increasingly mix private and professional life, connecting to business services at home or connecting to personal services at work.
In order to be responsible and actors in cybersecurity we must :
develop our security culture because we are all exposed to these threats and depend on each other
know how to create and manage strong passwords
understand what is called social engineering, which consists in manipulating one or several people in order to get information from them, or to make them act without their knowledge: by telephone, physically, by e-mail, by social networks, etc.
Personal and sensitive data is very valuable to malicious minds. And even as companies are constantly upgrading their security levels, we each have a role to play in protecting them.
