In the last week of this course, I'm going to talk about attacks. And what I want you to understand about attacks are that they are inevitable. Every organization, every connection on the Internet is going to have some kind of attack, even your home system. If you look at your home router, you'll see people trying to get in all the time. A few years ago what I did at home is I took my firewall at home and started logging all the connections. And had a daily printout which I'll show you guys, you can look at the readings. But you'll be shocked about how many people are trying to get in to your home network. Now that the typical person doesn't know that they're being attacked because you don't need to know, because your router is supposed to be blocking all this stuff. Same thing with your cellphone, people are trying to get into your cellphones. It's a network connection. You can get out, so people are trying to get in. Any attack can happen at any time. There are two kinds of organizations out there, and many different organizations say this. But the two different kinds of organizations out there are those that have been compromised and those who will be compromised. It's just inevitable. Something is going to happen where you're going to be attacked. And whether or not that attack causes a data breach or you actually realize a compromise on your network or on your systems is a little bit different, but you're being attacked all the time. This is a printout of the attacks that the university has seen in the last hour. Now, this was yesterday's report, actually. And what you'll see here is I have a ton of critical high and medium threats, okay. These are threats, these are what I would call attacks. Or people attempting to get into my network. So if I didn't have defenses in place, then these attacks would actually be compromises of people trying to get in, or have gotten in. Okay, so look at how many that we are logging. Same thing with your home. You're going to see this on your home if, not to this extent obviously, but to a lesser degree, you're going to see people trying to get in to your network. Threats are not necessarily attacks, okay. So when I say threats, from the previous slide and the previous graph, what I mean by that are, threats are something that could be a compromise if they're not mitigated properly. Now attacks could be somebody, there has to be some kind of threat actor behind them like you just can't scan the network and call that attack. That previous graph was not, people just scanning, we get scanned all the time because people are looking to get in. The attacks, they're actually trying to actively get into the network. Or they're trying to get into a system. So you can turn the attacks or the threats into compromises if your policies and procedures are not keeping up. So, you can be compromised if patching isn't completed, defense in depth strategies aren't implemented. Poor security management isn't in place or your organization and your people aren't diligent and on guard. This is your most important point here where you're people and the education that your people have are so important to protect your network. Okay, so we have almost 13,000 students and we have 1,500 faculty and staff. Well, if not everyone is diligent. How many times are they bypassing the firewall and getting into the network, and installing things that shouldn't be installed or compromising accounts. Because somebody isn't diligent in opening up an email that they shouldn't and installing malware, for example. And I'll talk about that in the next couple weeks, I'm sorry, the next couple modules, of an attack that we suffered because of a user. So if an attacker wants in, they are going to get in. So they'll just keep on trying and trying, and trying. This is called APT, Advanced Persistent Threats. Somebody that really wants to get into a network because of some valuable data, is going to get in. Advanced means that it takes some more sophistication, it's not just some script kiddie out there that is a running a scanner and sending phishing to you. They know what to do. Persistent meaning that if one thing doesn't work, they're going to try another. And the threat is well, they are a threat. They are a threat actor and putting all three together, the advanced persistent threats. If somebody wants to get in, they are going to get in. It may take a long time and it may only be one small attack a day because what happens if you make a lot of noise? Somebody's going to realize it. So they're going to be persistent about it. So understanding security goes a long way in becoming more diligent about the threats and attacks that are affecting your systems and your network. People fall for social engineering all the time. This is how most attacks start. Even a lot of the large compromises out there. You see Target, you see Home Depot, you see HBGary Federal. All these start is because somebody wanted to get into their network so much that they just dripped little information to, which were phishing messages, to those employees that they thought might actually open it up and then it got them into their network. So let's talk about the next few lessons here. I'm going to talk about a major disaster that we actually averted, however, it was a threat, it was an attack, and we did suffer from it. It was a compromise. It was ransomware called, Locky. If you read more in your readings, I'll show you a little bit about what Locky is and what Locky does. But this happened to us about eight months ago. But note some of the steps that we're going to talk about in the next couple of lessons we didn't all apply. And we were very lucky that we were, actually, as lucky as we were, that not any information was lost because of it. So be thinking about your organization. Be thinking about how you follow security and how you were being attacked. Right now, are you being attacked? You're on the network right now. What security principles are you putting in place to protect yourself?
