3. Introduction To Cybersecurity

[WDavid404]

• The Practice of Cybersecurity
• Threats and Threat Actors
• The CIA Triad
• Security Principles, Controls, and Strategies
• Cybersecurity Laws, Regulations, Standards, and Frameworks
• Career Opportunities in Cybersecurity

[WDavid404]

3.1. The Practice of Cybersecurity

3.1.1. Challenges in Cybersecurity

• Cybersecurity as a Unique Discipline: Cybersecurity is not just a subset of software engineering or system administration; it has emerged as its own distinct field. A key characteristic of cybersecurity is dealing with malicious and intelligent actors (attackers), which requires a different approach compared to handling accidental or naturally occurring problems.

• Dealing with Intelligent Opponents: Since attackers are intelligent beings, defenders must anticipate their actions by understanding the attackers' perspective and mindset. Both attackers and defenders can manipulate human emotions such as fear, greed, or guilt. For example, attackers might extort victims by threatening to release sensitive data, while defenders might use fear to deter attackers from attempting a breach.

• Reasoning Under Uncertainty: In cybersecurity, decisions often need to be made with incomplete information. It’s similar to playing poker, where you don’t have all the information about your opponent’s hand, unlike chess where both players have full knowledge of the game state. In cybersecurity, attackers and defenders must operate with unknowns and make educated guesses.

• Summary: Understanding cybersecurity requires a mindset that anticipates the actions of intelligent adversaries and embraces uncertainty. Both attackers and defenders need to sharpen their ability to think critically and solve problems based on incomplete or uncertain information.

3.1.2. A Word on Mindsets

• Mindset in Security: Cybersecurity isn't just about understanding technology, but also about understanding your own mindset and that of your adversary. A mindset can be viewed as a set of beliefs that shape how we approach challenges.
• Fixed vs. Growth Mindsets:

Fixed Mindset: Believes that talent and abilities are static, and that there’s no benefit to trying to improve. Growth Mindset: Embraces the idea that abilities can be developed and expanded over time.

Research supports that believing in your capacity to recover from mistakes actually makes you better at doing so, which is crucial in cybersecurity. The field requires learning from mistakes and continuously improving.

• Security Mindset: Proposed by Bruce Schneier, the security mindset involves consistently questioning how systems can be attacked or defended. Adopting this mindset allows individuals to notice recurring patterns when encountering new systems, networks, or objects.

• "Try Harder" Mindset at OffSec: OffSec promotes the "Try Harder" mindset, which focuses on perseverance and learning from failures. When a defense or attack fails, instead of seeing it as a fixed truth about your skills, you should view it as an opportunity to learn, adapt, and change your approach. These mindsets help cultivate resilience and the ability to learn from mistakes, which are essential skills in any cybersecurity field. The "Effective Learning Strategies" module expands further on the "Try Harder" mindset and learning techniques.

3.1.3. On Emulating the Minds of our Opponents

• Even cybersecurity professionals focused on defense need to understand offensive strategies to improve their defensive capabilities.
• Pentests simulate attacks to find vulnerabilities, helping defenders understand potential weaknesses and worst-case scenarios.
• Leveraging the skill-sets and mindsets of an attacker allows us to better answer questions like: "How might an attacker gain access?" "What can they do with that access?" -" What are the worst possible outcomes from an attack?"

[WDavid404]

3.2. Threats and Threat Actors

3.2.1. The Evolution of Attack and Defense":

• Dynamic Relationship of Attackers and Defenders: Cybersecurity involves attackers and defenders striving for opposing goals: attackers want access to assets, while defenders want to protect them. Each side becomes more skilled as they respond to the other's efforts, leading to increasing complexity over time.
• Alice and Bob Analogy: Bob owns a banana tree (the asset) and Alice wants to steal his bananas (the attack).

3.2.2. Risks, Threats, Vulnerabilities, and Exploits

Key Concepts:

• Risk: The likelihood of a negative event and its potential impact. Cybersecurity risks are assessed by asking how probable an attack is and what the worst outcome could be.
• Threat: Anything that can cause harm to an asset, like a natural event or a human actor (threat actor).
• Vulnerability: A flaw that allows a threat to cause damage. Not all flaws are vulnerabilities; only those that could lead to harm.
• Exploit: The process (or tool) of taking advantage of a vulnerability to achieve malicious objectives.

Example: The Log4j vulnerability (discovered in December 2021)

Attack Surface & Vector:

• Attack Surface: All potential points of entry that could be vulnerable to exploitation.
• Attack Vector: The specific method of exploiting a vulnerability to achieve an attacker's goal.

3.2.3. Threat Actor Classifications

Threat Actors in Cybersecurity: Cybercriminals vary in sophistication, resources, and motives. Here are the main categories:

• Individual Malicious Actors
• Malicious Groups
• Insider Threats
• Nation States

3.2.4. Recent Cybersecurity Breaches

• Social Engineering
• Phishing
• Ransomware
• Credential Abuse
• Authentication Bypass