Major threats:
Phishing
Phishing is a cyberattack that tricks users into revealing sensitive information or installing malware by impersonating trusted organizations.Common Types
- Email Phishing
- Spear Phishing (targeted)
- Smishing (text messages)
- Vishing (phone calls)
- Clone Phishing
How to Protect Yourself
- Verify the sender and hover over links before clicking
- Don’t open unknown attachments
- Use strong, unique passwords and MFA
- Report suspicious messages immediately
- Malware / Ransomware – Harmful software
- Password attacks – Guessing or stealing your login
- Insider threats – Mistakes or misuse from inside
- Social engineering – Manipulation to gain information
Malware & Ransomware
Malware is malicious software designed to damage systems, steal data, spy on users, or gain unauthorized access. Examples:- Viruses
- Trojans
- Spyware
- Worms
- Keyloggers
Ransomware
Ransomware is a type of malware that encrypts files or locks systems and demands payment to restore access. Examples:- WannaCry
- Ryuk
- LockBit
- CryptoLocker
How Systems Get Infected
- Phishing emails and malicious links
- Infected attachments or downloads
- Unpatched software vulnerabilities
- Malicious websites or USB devices
How to Prevent Malware/Ransomware
- Keep systems and software updated
- Use antivirus / endpoint protection
- Enable firewalls and email filtering
- Use strong passwords + MFA
- Back up data regularly (offline or secure backups)
- Avoid unknown links and attachments
Password Attacks
A password attack occurs when attackers attempt to steal, guess, or crack passwords to gain unauthorized access to accounts or systems.Common Types
- Brute Force: Tries many password combinations
- Credential Stuffing: Uses leaked passwords from other sites
- Phishing: Tricks users into revealing passwords
- Keylogging: Records keystrokes secretly
How to Prevent it
- Use strong, unique passwords
- Enable Multi-Factor Authentication (MFA)
- Never reuse passwords
- Use a password manager
- Lock accounts after failed login attempts
- Stay alert for phishing messages
Insider Threats
An insider threat occurs when a current or former employee, contractor, or partner misuses authorized access—intentionally or accidentally—to harm an organization.Types of Insider Threats
- Malicious: Steals data or sabotages systems
- Negligent: Makes mistakes (weak passwords, phishing clicks)
- Compromised: Account taken over by attackers
How to Prevent it
- Apply least-privilege access
- Use MFA and strong passwords
- Monitor user activity and logs
- Provide regular security training
- Enforce clear security policies
- Remove access immediately when roles change
Social Engineering
A social engineering threat is an attack that manipulates people rather than systems to trick them into revealing sensitive information or performing unsafe actions.Common Examples
- Phishing emails and fake websites
- Pretexting: Fake identity or story to gain trust
- Baiting: Infected USB devices or free downloads
- Tailgating: Unauthorized physical access
- Vishing and Smishing
How to Prevent
- Verify identities before sharing information
- Be cautious of urgent or emotional requests
- Never share passwords or OTPs
- Use MFA and strong passwords
- Follow security policies and report suspicious activity
- Provide regular security awareness training