0xor1day

THM-Security-Awareness

3 min read

THM - Security Awareness

TryHackMe | Security Awareness

Michael Jack | 06/22

Task 1 - Introduction

What is security awareness?

Based on a report from IBM, human errors were the main reason for 95% of successful cyber attacks. The study concluded that people are the main threat to the security of a business. Being more security-aware will significantly help mitigate potential threats and risks to your organization.

Task 2 - Why Security Awareness is Essential

Security awareness can obviously have benefits such as:

  • Helping to prevent data beaches
  • Minimizing and reducing risks and threats
  • Improving IT defenses
  • Improving customer confidence

Security awareness training has been shown to drastically reduce:

  • Malware and viruses in a fiancial institution
  • Attempted phishing attacks in an educational institution
  • Fraud attacks in government employees

The above shown in a study by Proofpoint.

Task 3 - Data and Account Security

Everyone holds sensitive information, to varrying degrees.

Protecting this data is important to individuals, organizations, and everyone.

(A infographic of the top 10 data breaches is included.)

Questions

How many people were affected by eBay being hacked?

145 million

What data was leaked from Playstation being hacked?

names, addresses, e-mail, birth dates

Task 4 - Check if You’ve Ever Been Part of a Cyber Breach

Cyber threats have only increased in potential impact, certainly with the increase in remote work due to the COVID-19 pandemic.

Individuals can see if their information has been leaked with the service: Have I Been Pwned

Task 5 - Cyber Threat Actors

Cyber threat actors are individuals or groups of people who maliciously aim to take advantage of system security weaknesses to compromise and gain unauthorized access to victim data, computers, or networks.

Different classes of threat actors will have different motives:

  • Nation-state cyber threat actors are geopolitically motivated.
  • Cybercriminals are mostly financially motivated.
  • Hacktivists are ideologically motivated.
  • Terrorists are motivated by ideological violence.
  • Thrill-seekers are motivated by satisfaction.
  • Insider threat actors are usually motivated by discontent.

Questions

Who would most likely be insterested in exploiting a business?

Cybercriminals

Who would most likely be interesting in exploiting a personal computer for fun?

Thrill-seekers

Who would be most likely to be interested in exploiting a website to deliver a message?

Hacktivists

Task 6 - Conclusion

This room introduced you to the basics of security awareness concepts and knowledge that can help you stay safe online. We discussed the importance of security awareness and why it’s essential that you play your part in helping to prevent cyber attacks.

Graph View