Introduction to

Cybersecurity
Introduction to Cybersecurity:
Course Agenda and Objectives

Agenda

Unit 1 Cybersecurity

Unit 2 Protect your identity and data

Unit 3 Protect your apps

Unit 4 Protect your device

Unit 1:
Cybersecurity

After completing this unit, you should be able to:

• Define cybersecurity
• Understand cybercrimes and the different types that are present today
• Define phishing, spam, hacking, and identity theft
 Cybersecurity
Cybersecurity is protecting yourself from someone stealing your digital information/personal data
or from someone pretending to act as you online
Key Terms
o Password – A combination of letters and numbers that is kept secret and used to gain access to a
computer, website, etc.
o Phishing – A scam email/website that tricks you into revealing personal information such as username,
password, location, etc.
o Spam – Unwanted ‘junk’ mail that can be used to trick you into revealing information or clicking a harmful
link
o Virus –Harmful “software” that attaches to other programs to hurt or destroy a computer’s ability to
function normally
o Hacker – An unauthorized user trying to disrupt or damage a computer or network of computers

*Content was created by the IBM GBS North America Transformation Office
 Impact on your future

Cybersecurity is a BIG issue, just a couple of weeks ago Instagram was hacked and over 6 million verified
account information was stolen. The hackers went on to try and sell that information for money.

90 30,000 6 Million
Passwords Websites Accounts

Average number of passwords Average number of websites Number of Instagram accounts in

someone has hacked per day recent hack

That means that you could
have 90 passwords to keep
track of; it’s important to make
sure all of your accounts are
safe
This means you must be careful
Hackers stole over 6 million
about the websites you visit and
famous Instagram accounts’
that even if you trust them, your
information and are selling their
information could be at risk
personal information

*Content was created by the IBM GBS North America Transformation Office
 Imagine this…

Your friends and followers get

Someone logs into your They post and send
angry and ask about your
Instagram without YOU messages posing as you
posts or unfollow – but you
knowing
have no idea what happened!

Sound annoying or scary? You can prevent it!

*Content was created by the IBM GBS North America Transformation Office
 Cybercrimes
Cybercrime is carrying out illegal activities by means of using a computer or the internet.

Currently, the cost of cybercrime is $445 Billion per year. That’s more than all the illegal drug
trade in the world

*Content was created by the IBM GBS North America Transformation Office
Types of cybercrimes

There are many different types of cybercrimes, and for this course we will be looking
at the following:

Phishing Spam Hacking Identity theft

 Phishing
Phishing /ˈfiSHiNG/

The attempt to acquire sensitive information such as usernames, passwords, and credit card
details by masquerading as a something trustworthy, like a bank.

*Content was created by the IBM GBS North America Transformation Office
 An example of Phishing
Dear Heather,

Your Apple ID was used to sign in to iCloud on an iPhone.

Time: July 06, 2014

Operating System: iOS;6.0.1
• Looks legitimate
If you recently signed in to this device, you can disregard this
email. If you have not recently signed in to an iPhone with your
• You are an Apple customer
Apple ID and believe someone may have accessed your • Convincing detail
account, please click here to confirm your details and change
your password.
• Convincing epilogue
• Increased potential for users to
Apple Support
My Apple ID | Support | Privacy Policy | Copyright © 2014
click links provided without
iTunes thinking
Apple Canada
7495 Birchmount Road
Markham, ON L3R 5G2. All rights reserved.

Go to Apple Canada for more information on our latest new

products.

*Content was created by the IBM GBS North America Transformation Office
Spam

Spam is unwanted ‘junk’ mail that can be used to trick you into revealing information or clicking
a harmful link

Spamming is the act of sending mail to a large number of e-mail addressees, and is often
compared to the term "junk mail" used to describe similar activities performed via postal
services.

What can you do when you are spammed?

• Move mail to the Junk folder
• Block or filter mail from a sender, domain, or subject
• Use Spam protection
Hacking

Hacking is when someone gets unauthorized access to your computer/laptop and your personal
data. A Hacker is an unauthorized user trying to disrupt or damage a computer or network of
computers

How do you know if you’ve been hacked?

• Your anti virus program triggers an alert that your system has been infected, especially if it
says that it was unable to remove the virus
• Get a pop up message that your computer has been encrypted and you must pay a ransom to
recover it or that your computer is infected and you must call a text support phone number to
fix it
• There are new accounts on your computer or device that you did not create or new programs
running that you did not install
• Your browser is taking you to unwanted websites and you cannot close them
• Your password no longer works when you try to login into your online accounts
• Your friends and workers are receiving odd messages from you that you know you never sent
 Identity theft

Identity theft is the illegal use of someone else's personal information in order to obtain money
or credit.

Did you know?

• 18-29 year old's issue the most identity theft complaints.
• 31% of all identity theft complaints received by the Federal Trade Commission in 2012 were
filed by young adults.

*Homeland Security Cyber Kit

Unit 2:
Protect your identity
and data
After completing this unit, you should be able to:

• Module I: Understanding personal data

• Explain what is personal data
• Define digital footprint
• Explain the role of IP address and cookies
• Module II: How to protect yourself
•Presented by basic cybersecurity and online hygiene tips
Understand
Unit 2: Module I
Understanding personal data

Presented by
 Personal data

Personal School Leisure

Name Grades Friends
Address Attendance Hobbies
Phone # Awards Interests
Email Schedule Photos

Each of these components really marks a part of your online identity

*Content was created by the IBM GBS North America Transformation Office
 Digital Footprint

1. Devices are the Key

Phone or desktop, when you
use the internet – you’re
Every time you surf the Internet, you leave
making a mark. behind bits of information.

2. (Un)Conscious You publish some of this data voluntarily –

When you publish or browse like on Instagram.
things, you are leaving
footprints. Sometimes you aren't aware that data of
yours is being gathered and used for other
3. How Everyone Sees You purposes.
This is what you are telling to
the world about yourself.

*Content was created by the IBM GBS North America Transformation Office
 Social media

• Attackers are using Social Networks to gather

information.

• This information has many uses for various illegal

activities

When you take a quiz, what information about you

can the quiz see?
Make sure to review your privacy settings!
A. Only my answers to the questions

B. Only info that’s on my profile that’s public

C. Almost everything, regardless of my privacy

settings

*Content was created by the IBM GBS North America Transformation Office
 Cookies

Your Cookies are bits of text

Your Password stored on your computer
Name by the sites you visit.
Payment
Info They’re used to let the site
know who you are and to
store any specific
preferences you’ve set.
Your Your Unfortunately, they’re also
Address Preferences used by ad-trackers to
track the sites you visit.

*Content was created by the IBM GBS North America Transformation Office
 IP Address
An IP address is the address the computer has
when it connects to the internet.

Public IPs will have things like your location stored

and your surfing history.

An IP address is assigned to every

computer/mobile-phone/ipad which is connected
to the Internet. These IP addresses are given to
them by the Internet Service Providers (like
Safaricom, MTN, Vodafone, etc).

With this information, combined with cookies, a

person can find out a lot about who you are, where
you’ve been, where you love, and what you like to
browse.
*Content was created by the IBM GBS North America Transformation Office
 Protect your data

Keep personal data to yourself

Personal data includes your social security number, biometric records, passport number,
home/cell phone number, passwords, and date of birth. When combined with other personal or
identifying information, such as your place of birth or your mother’s maiden name, these details
can result in identity theft or even worse.

Look for the S in https

The 'S' at the end of HTTPS stands for 'Secure,' which means that encryption is being used as
you transmit your data across the internet.

*Content was created by the IBM GBS North America Transformation Office
Unit 2: Module II
How to protect yourself
 Cybersecurity tips
Stop, Think, and Connect is a memorable
Passwords needs to be complicated but Always keep your personal information
way for you to stop and consider your
something you can remember. private.
actions online

Password Protection Personal Information Stop. Think. Connect.

Avoid simple passwords like password, Stop before clicking on any links, opening
Keep your personal information private
123456, qwerty – they’re easy to guess messages, sending information
Avoid sharing your name, address, phone Think about who is on the other side of
Longer passwords are more secure; try for
number, birthday, passwords to anyone anything you send and about the information
8-12 characters
you’re sending
Connect once you stopped and thought
Don’t talk to strangers or let strangers
about it, decide whether you really want to
Make them easy to remember friend/follow you
connect, send, post

Use a combination of character sets,

numbers, and letters (!@#$; 1594)

*Content was created by the IBM GBS North America Transformation Office
 The 10 hygiene tips to keep you safe online

Keep private
Look for the “S” in Think before you Be cautious with Update software
information
HTPPS click email regularly
PRIVATE

Change passwords Create complex Be cautious of free Log out of all Spread awareness
regularly passwords WiFi accounts to other

*Content was created by the IBM GBS North America Transformation Office
Unit 3:
Protect Your Apps

After completing this unit, you should be able to:

• Understand what can happen to your apps

• Understand the high costs involved in an app security breach
• Understand how to protect your apps
 Cost of an application security breach?

• Media attention / brand damage

• Communication / monitoring service costs
• Legal fees (reported $3-4 million)
• New security spending
• User loss

*Content by the IBM Dev Ex team

 Prevent application security breach

Sensitive Data Identity theft

Leakage (Impersonating a person and Brand theft
using their name, number, (impersonating a company)
(sensitive info about
passport etc.)
corporates)

Corporates may lose Illegal use of someone else's Hurts the brand
clients, or Business personal information can be image, misleads
Partners or Customers used to obtain money, or for customers
other serious crimes

*Content by the IBM Dev Ex team

 Prevent application security breach

Encryption of Strong
Digital signatures
data passwords (the source contains a digital
(storing data in such a way (Create password using certificate that authenticates the
that only authorized parties different characters, and store message)
can access it) them safely)

Prevents Prevents Prevents

sensitive data identity theft brand theft
leakage

*Content by the IBM Dev Ex team

Unit 4:
Protect Your Device

After completing this unit, you should be able to:

• Define what is a personal device

• Understand how to protect your computer
• Explain how to protect your mobile device
 Protect your computer
• Be cautious about opening attachments or clicking on links. They may contain viruses or
spyware.
• Learn about security software and how your
• home computer, the kids’ laptop, and their
• computer tablets are protected. Maintain up-to date antivirus software on all your devices that
connect to the Internet to increase your devices’ security.
• Remember that, sometimes, free stuff—like games, ring tones, or screen savers—can
• hide viruses or spyware. Don’t download unless you trust the source and scan the file with
security software.
• Use peer-to-peer (P2P) file-sharing services
• with caution. Make sure you install file-sharing software properly, and scan downloaded files
with security software before you open or play them. Otherwise, you could be sharing
information your family expects to keep private, like financial records.

*Homeland Security Cyber Kit

 Mobile security
In 2015, mobile technologies and services generated 6.7% of GDP in Africa, a contribution that amounted to around $150
billion of economic value. In the period to 2020 we expect this to increase to more than $210 billion (7.6% of GDP) as
countries benefit from the improvements in productivity and efficiency brought about by increased take-up of mobile
services - (The Mobile Economy Africa, 2016)

We are increasingly using phones for banking, online shopping, and social media. The more we travel and access the
Internet on the go, the more risks we face on our mobile devices.

Tips for Securing Mobile Devices:

• Think Before You Connect. Before you connect to any public Wi-Fi hotspot, confirm the name of the network and exact login
procedures to ensure that the network is legitimate.
• Guard Your Mobile Device. In order to prevent theft, unauthorized access, and loss of sensitive information, never leave your mobile
devices unattended in a public place.
• Keep It Locked. Always lock your device when you are not using it. Use strong PINs and passwords to prevent others from accessing
your device.
• Update Your Mobile Software. Keep your operating system software and apps updated, which will improve your device’s ability to
defend against malware.
• Know Your Apps. Be sure to thoroughly review the details and specifications of an application before you download it. Delete any apps
that you are not using to increase your security. Double-check how the app will be using your information (Example: does it need access
to your pictures or contact list? If so, why?)
• Only Connect to the Internet if Needed. Disconnect your device from the Internet when you aren’t using it and make sure your device
isn’t programmed to automatically connect to Wi-Fi.
*Homeland Security Cyber Kit
Thank
you.
Explorers
Cybersecurity
Case A: IBM Security helps Wimbledon focus on the court, not the cloud

Transcript

Alexandra Willis
Content & Digital, AELTC

The Wimbledon experience today is such a curious mix of fantastic traditions things such as grass court
tennis, white clothing, the celebrations with the trophies, the opening of the grass on the very first day of
the championships but then there's also the way that Wimbledon has kept pace with change and
innovated to ensure that its experiences what fans would expect. So by the Wimbledon app you can have
real-time scoring, you can have alerts. We try to make sure that wherever you are in the world you don't
miss a single thing that happens. We are the go-to place for content about Wimbledon and so the security
strategy that we put around that is paramount.

Martin Borrett
CTO IBM Security Europe

Wimbledon.com faces a myriad of external threats and attacks. Last year we already saw a tremendous
increase in the number of cyber attacks against Wimbledon. 300% year-over-year and this year shows no
signs of changing. We saw 200 million attacks across the whole tournament.

Alexandra Willis
Content & Digital, AELTC

The most important thing in working with any partner is having trust and so the fantastic thing about the
relationship between Wimbledon and IBM is that it has stood the test of time, we've been partners for
more than 25 years. Thankfully we haven't had a major challenge in the security area which is
fundamental proof that IBM are offering us a good service but particularly in the context of today's day
and age when hacks and security breaches are more common, we read about them in the paper often it's
even more important to know that that trust is there and that resilience is there if ever it should arise.

If there was to be a security breach and our presence to the world be damaged in some way its
inextricably linked to the health of our brand. Wimbledon does have this association with the very fabric of
British identity and so attack on that could be perceived as an attack on more than just a tennis event.

Martin Borrett
CTO IBM Security Europe

At this year's tournament we really saw two main dynamics: one was the sheer volume of attacks, and the
other was the sophistication of those attacks. We saw for the first time I think deception techniques,
where perhaps there was a low and slow attack going on under the covers while something else was going
on over here trying to distract us from the from the real threat.

At Wimbledon we use a range of IBM security technologies. At the heart of it is IBM security Qradar, our
security intelligence platform that brings together data from literally thousands of endpoints and devices
Explorers
Cybersecurity
Case A: IBM Security helps Wimbledon focus on the court, not the cloud

across the infrastructure, correlates it and helps our security team prioritize and identify the threats that
they're facing.

Alexandra Willis
Content & Digital, AELTC

It's easy for people to forget that actually we are here all year round and our digital
properties are here all year round and as soon as one tournament finishes we actually the very next day
start planning for the next one. So that's another aspect of our security protection and the role that IBM
plays with us, making sure that we're set up for success for the fortnight by planning properly during the
year but also keeping us secure and alive for the rest of the year.

Martin Borrett
CTO IBM Security Europe

What we see today is the emergence of a new type of security operation center, a cognitive security
operation center, underpinned by capabilities like Watson for cyber security that bring with them
tremendous efficiencies, the ability to respond to threats far more rapidly than we've been able to do
before, reducing the investigation times from 60 minutes to just a minute. Confident in the knowledge that
they’re eliminating false positives that can be safely ignored and really focusing on the real threats,
investigating those thoroughly and then importantly responding to them.

Wimbledon trusts IBM security and our secure cloud infrastructure to keep the tournament safe from
harm so that the fans can enjoy a really world-class experience
Explorers
Cybersecurity
Skill Overview: How it Works: Cybersecurity

Transcript

Cybercrime is a global problem that's been dominating the news cycle. It poses a threat to individual
security and an even bigger threat to large international companies, banks and governments. Today's
organized cyber crimes far out shadow loan hackers of the past. Now large organized crime rings function
like startups and often employ highly-trained developers who are constantly innovating online attacks.
Most companies have preventive security software to stop these types of attacks but no matter how
secure we are, cybercrime is going to happen.

Meet Mia, she's the chief security officer for a company that makes a mobile app, to help customers track
and manage their finances, so security is a top priority. Mia's company has an incident response platform
(IRP) in place that automates the entire cybersecurity process. The IRP software integrates all the
security and IT software needed to keep a large company like Mia's secured into a single dashboard and
acts as a hub for the people, processes and technology needed to respond to and contain cyber attacks.

Let's see how this platform works in the case of a security breach. While Mia is on vacation, irregular
activity occurs on her account. A user behavior analytics engine that monitors account activity recognizes
the suspicious behavior involving late-night logins and an unusual amount of data being downloaded. This
piece of software is the first signal that something is wrong. An alert is sent to the next piece of software in
the chain, the security information and event management system. Now the IRP can orchestrate a chain
of events that ultimately prevents the company from encountering a serious security disaster.

The IRP connects to a user directory software that Mia's company uses, which immediately recognizes
that the user account belongs to an executive who's on vacation. Next the IRP sends the incidents IP
address to a threat intelligence software, which identifies the address as a suspected malware server. As
each piece of security software runs, the findings are recorded in the IRP’s incident which is already busy
creating a set of instructions called a playbook for a security analyst to follow. The analyst then locks Mia's
account and changes her passwords. By this time the software has determined the attempted attack
came from a well-known cybercrime organization using stolen credentials.

Mia's credentials were stolen when the hackers found a vulnerability in her company's firewall software
and used it to upload a malware infected file. Now that we know how the attack happened, the analyst
uses the IRP to identify the specific server vulnerability that allowed the attack, what other machines on
the network are vulnerable and the malware file. The IRP uses information from the endpoint tool to
determine which machines need to be patched, recommends how to patch them, and then allows the
analyst to push the patches to all the computers and mobile devices instantly.

Meanwhile Mia has to alert the legal department of the breach. The IRP instantly notifies the correct
person of the situation and the status of the incident. After the attack is contained and Mia's account is
secured the analyst communicates which data may have been stolen or compromised during the incident.
He identifies which geographies, jurisdictions and regulatory agencies cover the users and information
affected by the attack. Then the IRP creates a series of tasks so the organization can notify the affected
parties and follow all relevant compliance and liability procedures.
Explorers
Cybersecurity
Skill Overview: How it Works: Cybersecurity

In the past, a security breach this large would have required Mia's company to involve several agencies
and third parties to solve the problem, a process that could have taken months or longer. In a matter of
hours the Incident Response platform organized all of the people, processes and technology to identify
and contain the problem, find the source of the attack, fix the vulnerability and notify all affected parties
and in the future Mia and her team will be able to turn to cognitive security tools.

These tools will read and learn from tens of thousands of trusted publications, blogs and other sources of
information. This knowledge will uncover new insights and patterns, anticipate, isolate and minimize
attacks as they happen and immediately recommend actions for security professionals to take keeping
data safe and companies like Mia's out of the headlines
Explorers
Cybersecurity
Case B: How West Virginia University Protects Sensitive Student Data

Transcript

Alex Jalso
Director, Information Security Services, West Virginia University

West Virginia University located in Morgantown West Virginia founded in 1867, is the state's flagship
university and one of two land-grant institutions. Within the state there are 29,000 students at the
Morgantown campus, around 31,000 when you include the regional campuses. Information security is
important to West Virginia University because we have to ensure the security and integrity of student’s
academic records as set forth in the Family Educational Rights and Privacy Act federal law. That is the law
that governs what has to be done to protect student records and what actions need to be take in the event
of a compromise. We want to make sure a compromise or an information security incident does not occur
on campus.

The office of information technology, lowers the probability of an information security incident occurring
by working with application owners to do a security assessment of their applications by using IBM's
AppScan enterprise security assessment tool. The owners of the applications work with the office of
information technology, conduct an assessment, share with the application owners the results, the
owners remediate their results, and the office of information technology ensures remediation was done
effectively. Once all of the vulnerabilities have been remediated the application can proceed their
production.

I’m using IBM’s AppScan enterprise the office of information technology has been able to achieve a
reduction year-on-year of information security events occurring within applications at the university. By
reducing the number of information security events which have occurred, we have lowered the risk
exposure to West Virginia University. the objectives of the Office of Information Security is to continue the
proactive use of IBM's AppScan Enterprise so that we can lower the probability of an information security
incident occurring at the university which lowers the risk exposure for West Virginia University, which then
leads to securing the students’ academic information as they progress from enrollment through
graduation.
Explorers
Cybersecurity
Case C: MyEyeDr. - Protection Against Insider Threats with IBM Security

Transcript

James Davenport
IT Director, MyEyeDr.

MyEyeDr is based in Washington DC and we have offices throughout the southeastern United States. We
work primarily with independent doctors of Optometry and provide management services for them for all
of their non-doctor related services support. With all the additional people that we have joining the
organization we have to keep security and manage all these individuals, we have people coming and going
as part of the acquisitions and so keeping track of who's who, what they're doing within the systems is
vital.

For security, we use IBM Guardium, IBM Mass 360, IBM PIM and IBM Qradar, so a broad across-the-
board collection of products and then roll them all up into QRadar. So I have a complete dashboard of
what's going on within my organization. The thing that I like about the IBM products is that it gives me
visibility, it gives me information that I've never had before and you know I never had the insight.

Before the IBM security products, it would take us weeks to go through and analyze the data. Now that we
have the IBM security products we get those reports in real time. So that we know what's happening
externally and internally to our network. MyEyeDr’s security is now very proactive versus reactive we are
looking at the threats as they as they come into the organization, as opposed to wondering if they
happened and then researching to determine if they did in fact happen.