Cyber Threat Trends
What does the term “vishing” mean?
Social engineering attack where scammers use phone calls to trick individuals into revealing sensitive information like passwords or financial details.
What is one example of a supply chain attack?
When a vendor’s systems are compromised and malicious code is inserted into a software update.
What does a firewall do?
Blocks or filters unauthorized network traffic.
What does PII stand for?
Personally Identifiable Information.
What is the main goal of an incident response plan?
Provide a structured approach to handle security incidents quickly and effectively.
What is the main goal of ransomware?
Encrypt files and demand payment for decryption.
What does code signing verify?
That the software is authentic and untampered, using a digital certificate issued by a trusted authority.
What is the primary purpose of an antivirus program?
Protect against traditional computer viruses by detecting and removing them.
(Note: Antimalware tools protect against a broader range of modern threats, including viruses.)
What is one example of PII?
Social Security number (SSN), Home address, Phone number, etc.
What is the first step in an incident response process?
Identify and confirm the incident.
What does the term “spyware” refer to?
Software that secretly collects user information without consent.
What is the main reason third-party risk is difficult to manage?
Limited visibility into vendor security practices.
What does a password manager help you do?
Store and generate strong, unique passwords securely.
What is the principle of data minimization?
To collect only the minimum data necessary for the intended purpose.
What is the role of a Cyber Incident Response Team (CIRT)?
Coordinate and manage incident response activities.
What is the main purpose of a botnet?
Launch large-scale attacks like DDoS using compromised devices.
What is one reason to review a vendor’s incident response plan?
To confirm they can respond effectively to security breaches.
What is the main function of a Data Loss Prevention (DLP) tool?
Prevent unauthorized transfer or leakage of sensitive data.
Name the European data regulation organization focused on data privacy.
General Data Protection Regulation (GDPR)
What is the purpose of a containment step during an incident?
Limit the spread of the threat.
What does the term “zero-day vulnerability” mean?
A software flaw unknown to the vendor and exploited before a patch is available.
From a security perspective, what is the best reason to keep an inventory of all vendors?
To track and manage potential security risks.
What does endpoint detection and response (EDR) software monitor?
Suspicious activity or threats on endpoints like laptops and mobile devices.
What is one method to protect PII in storage?
Encryption of data at rest.
What is one reason to conduct a post-incident review?
Identify lessons learned to improve future response.