video

Lesson video

In progress...

Loading...

What's the best way to defend yourself against malware? What's a firewall? What's the key telltale signs of a phishing scam? Well, this unit's going to introduce you to the core principles of cybersecurity and how to protect yourself and networks against cyber attacks.

I'm Ben, and I'll be guiding you through this unit.

And this lesson is all to do with the cost of cybercrime.

So all you'll need for this lesson is a computer and a web browser, and it's always helpful to have a pen and paper at the ready, just in case you want to make any notes.

So if you can clear away any distractions that you might have, turn off your mobile phone, and if you've got a nice, quiet place to work, that would be perfect and when you're ready, let's get started.

Right, before we get going with this lesson, I really need your help.

I've just tried to load up my slides, and my computer's been locked.

I tried to restart, and I tried all sorts of things, but nothing is working so let me tell you what it says.

It says, "Your computer's been locked and all your files have been encrypted, and you no longer have access to your files." That sounds really bad.

So what can I do about this? Right, it says, "Only we can decrypt your files" Right, we're getting somewhere.

"As we have the encryption key and no amount of search on the internet will help you." Well, that rules out what I really wanted to do.

Okay.

"Can I get the encryption key? Of course.

We'll happily decrypt your files if you follow the link below and send us $300 of Bitcoin." I can't afford $300.

So what's going to happen if I don't pay you? Well, I don't want to pay "If you don't pay within the time specified, we will permanently delete all your files" I've only got 1:40 to do something about this.

I don't think I'm going to get a police doing anything about this in time.

It might just be a prank.

What do you think? What do you think I should do? Should, should I pay or should I not pay? You know what? I'm going to have to pay because I really can't afford to lose all my stuff.

So let me just - I'm going to follow the link and pay.

Okay.

Let's see what happens, right? Brilliant.

I've done it.

Ah, hang on a sec.

No, it hasn't.

It said we've decrypted 50% of my data and now I've got to pay an additional $300 of Bitcoin to decrypt the remaining 50%.

Oh, it's complete scam.

You know, you were right.

I really shouldn't have paid.

Right.

That's it.

You know what? It's just a scum.

I've lost $300, but they haven't got control of my computer.

I'm going to click don't pay.

I'm fed up with this.

Oh no.

This is really bad news.

I haven't backed up anything in ages.

And now my files have been deleted.

Well, hopefully you've probably gathered by now that wasn't real.

And it was such that an example of a ransomware attack, which is a common form of cyber attack that can take you by surprise, but also businesses.

Now what's the risk to you of losing your data on your computer? Is it backed up anywhere? or what's the danger to an organisation of losing this data? So this is an example of the kind of cyber crime that can take place that can leave us and organisations with huge dilemmas about what to do.

Okay.

So let's talk about what the learning objectives are for this lesson.

So in this lesson you're going to define the term cybersecurity and network security, explain their importance, and distinguish between the two.

We're going to be able to describe the features of a network that make it vulnerable to an attack.

And we're also going to understand the impact of cyber crime on businesses and as well as us as individuals as well.

Okay? So the first task that I'd like to complete is to have a go and look at a website.

It's a live cyber threat map.

Okay.

Now it's by an organisation called checkpoint.

And when you go on it it will show you a live representation of the number of attacks being detected at any moment.

So when you go on the website you will see a visual representation of cyber attacks taking place at the moment that you're looking at the website.

But I've got some questions for you to answer that encourage you to really have a look at what you're seeing and explored in a little bit more depth.

So I'd like to look at which country is initiating the most amount or number of attacks, which countries are the targets, and what type of attacks have been launched.

Okay.

Now I'd like to pause the video.

Now have a go at this.

There's a link on your worksheet.

Please do ask your pants or carer for permission before accessing this website because Oak National Academy are not responsible for any third party content that you might come across.

Okay.

So once you've got that permission, click on the link you'll see the, the live cyber attacks taking place.

So explore it - spend a little bit of time on it and then you can answer the questions on your worksheet.

Okay.

And once you've done that, restart the video, and I'll be here when you get back.

Okay.

So how do you get on with that activity? Now hopefully that gave you a sense of the global scale of cyber attacks and maybe the volume as well.

Maybe we have no idea that there's so many cyber attacks taking place, you know globally across the world happening at any one time.

But how big is the problem in the UK? Well, we find this really really interesting infographic for us to look at.

Okay.

Now this is the cybersecurity breaches survey in 2019 published by the UK government, gives some indication of how widespread the problem is and how it, but, but more importantly when you think about how does this actually affect us.

So let's just look at the statistics.

It said 32% of businesses and 22% of charities.

So roughly that's one and three businesses.

And one quarter of all charities have identified cyber security breaches or attacks in the past 12 months.

So that's an awful lot of businesses are saying they're being attacked by cyber threats.

The cost of it though, the annual cost of business or the charities that lost data or assets in breaches.

Businesses are spending, you know around 4,000 pounds, but charities are spending 9,500 pounds.

That's a huge amount of money for dealing with these attacks.

And if we delve into that even further we can see all sorts of different, interesting statistics such as half of the businesses that are reporting that they identified cybersecurity breaches.

They're saying that even getting one a month which is a huge number.

Now, I'd like to consider the next part of this which is how does this impact us? So how can this impact our daily life? We've been looking at organisations there and businesses, and that's quite abstract for us because, you know, it's not really affecting us unless we work for that business.

Okay.

But maybe it does affect us.

So I'd like to pause this video just for a moment and just think could those attacks on those charities or businesses, could that have a knock-on effect to us in our daily lives? So pause the video a moment.

And when you've thought about that a bit more, unpause and we'll continue.

Okay.

So hopefully you've had an opportunity to think about that.

And the answer is yes, absolutely, it does impact us.

And the best way to highlight that is through an example of this ransomware attack, similar to the one we started this lesson with, but this was called the WannaCry.

Now you might've heard of that before because it was quite famous at the time that it happened.

"The WannaCry ransomeware cryptoworm targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in Bitcoin currency." So very much like that example that I showed you, okay.

Now on May- on the 12th of May, 2017 some NHS services had to turn away non-critical emergencies.

And some ambulances were diverted because a cyber attack took advantage of the fact that some of the hospitals had not updated their Windows software.

So what we're saying here is that lots of NHS systems were impacted by this attack.

Now, can we just imagine for a second, if none of the computers in the whole of the NHS were working and they stopped, and doctors weren't able to access patient records, this will actually have a massive impact on us.

We might be waiting on some critical emergency care and the NHS would really struggle to deliver that for us or maybe deliver some medicines to our local pharmacy.

So those are really significant impacts on one example here.

So are there any other organisations that might have an impact on you that might you think "If that system wasn't in place could this impact my daily life?" Now let's just have a look at three examples of some scenarios that hackers- that involve hackers, sorry, and actually some systems being attacked.

Okay? And we'll explore them a little bit about why and how they do these things.

So the first one, it says "The homepage of a website of a pharmaceutical firm that tests on animals is defaced with the hashtag #hackedbyus and #animalrights." That's the first one.

Now the second one is "The CEO.

of an international bank receives an email with an attachment file detailing the bank balance of its top 500 investors.

So the message with the attachment said, 'this was easy for me.

You need to tighten up - contact your security company for full feedback.

' " Okay.

And then the third one: "A manufacturing company receives a message threatening to disable their computer systems unless they agree to pay a Bitcoin payment equivalent to hundreds of thousands of pounds." So what I'd like to do is, if you can, pause the video and just digest that information a little bit and think, well, how and why are these people doing these things? Okay.

So unpause the video, when you think you've got an answer for all three.

Okay.

So let's go through each one in turn then.

So, first scenario: why do they do it? So this scenario, just to remind you, was the homepage of a website of a pharmaceutical firm that tests on animals is defaced with two hashtags.

One that was #hackedbyus and the second one #animalrights.

Okay.

So why people doing this? Well, the company had been attacked by hacktivists which is one of my favourite words.

I love the term hacktivists because it's an amalgamation of two words.

It's a hacker and an activist.

So somebody who gains unauthorised access to a computer system, that's what we mean by hacker in this context, and an activist is somebody who's trying to make a stand against something.

So a hacktivist is a hacker, who's also an activist.

So you use a technology to announce a social, ideological, religious, or political message.

So most hacktivism involves a website defacement or denial of service attacks.

So what the hackers doing here is not necessarily trying to gain information in this instance, it's not necessarily trying to do damage in terms of bringing systems down in this case, but it is a case of trying to do something Where putting a message out there.

So putting a message on their website that actually helps people understand what they're trying to be an activist against.

Okay.

Now they're also might do things like a denial of service attack, which we'll explore in a future lesson, but that would involve doing some kind of activism to bring down a system and make their stand.

So that's scenario one, let's have a look at scenario two.

So "The CEO for an international bank receives an email with an attachment file detailing the bank balance of its top 500 investors." So somebody is able to hack into their system and pick out some really sensitive data about those investors.

Now the message with the attachment said "This was easy for me.

You need to tighten up - contact your security company for full feedback." Now that's a really interesting concept because they, in theory, have hacked in.

They gained access to really confidential data, but they've actually then given it back to the bank and said "Actually, your security system is really weak.

We're not going to do anything about this, but you need to do something about this.

Now I've done this to prove a point." Now, interestingly, you could say the bank was hacked by a hacker who was employed by the bank security specialist to find out how secure the network is.

And this is known as ethical hacking, or if they actually do this as a job there is a job out there called a penetration tester.

Now a penetration test is this scenario: people employed to hack into a system to work out where the vulnerabilities are in the system.

So in this scenario here we've got an ethical hacker who's hacked into the system to prove a point and to make them aware of the fact that there are these vulnerabilities.

So the idea is then the bank can know exactly where those vulnerabilities are, so they can do something about them.

Patch up the the holes in their defence and such.

Okay.

And let's go to a third scenario.

Now this is "A manufacturing company who receives a message threatening to disable their computer systems unless they agreed to pay a Bitcoin payment equivalent to hundreds of thousands of pounds." So this example is another example of the ransomware attack that we've explored in this lesson so far.

Now, the manufacturing company was hacked by a hacker who gained unauthorised access to a system, but with intent to harm its operations, steal data, or extort payments.

Now this is a different type of hacker.

This is the more kind of traditional, I suppose, what we would consider a computer hacker to be.

Doing something for the sake of doing damage.

Okay.

Now, "There are other types of hackers who don't intend to do damage or extort, but hack for fun as well." So they would do this to maybe gain prestige from their peers to show off that they're able to.

Maybe hack into a really famous system to just show that they're able to, they have the skillset to do it.

And they're just going to do it.

This is also known as "planting the flag".

Now it must be noted, although all of the things we've looked at here, possibly with the exception to penetration testing, if they've got the consent to hack in, if they're pen testers, and they've had that consent, is that gaining unauthorised access without permission possibly not, but the rest of them, this is all completely illegal.

And if you haven't yet taken the impacts of technology unit we have an impacts of technology unit where we discuss law in a lot more detailed than this unit.

But if you've done that, you'll be aware that this breaks what we call the Computer Misuse Act.

And there are severe and serious punishments for hacking that are punishable under this crime.

Okay? So that's now look at cybersecurity versus network security.

So we'll start off with a definition of what network security is compared to cybersecurity.

So the following two sentences are definitions.

One of them is a definition for cybersecurity and the other one is definition for network security.

So just take a moment, read the two sentences pause the video for a moment, and see if you can work out which one is network security and which one is cybersecurity.

Okay, so hopefully you've got an answer.

So which one is that box on the left hand side? So I'll read it to you.

"Any activity designed to protect the usability and integrity of a network and its data by managing access to the network" Okay.

So is that network security, or is it cybersecurity? So shout out to the screen for me.

So three, two, one.

It is network security.

So, let's just take a look at the other one.

So, the other one is obviously cybersecurity.

"The practise of protecting systems networks and programmes are from digital attacks." Now this one mentions networks, So what's different about that one compared to network security? Well, they are really similar, but the difference is that cybersecurity is a more broader type of security, so it's protecting up multiple different systems. So it's not just networks we're protecting against, it's any other type of system, digital device, or programme.

Okay.

Whereas network security is a subset to cybersecurity.

So it is cybersecurity, but only a part of it.

Okay? So, let's have a look at networks in particular then, okay.

Now to start this, what I'd like you to do is think about the answer to two questions.

What are the advantages to networks? Now, again if you haven't done the network units, or if you have done the networks unit, sorry, you may wonder the answer to this and if you haven't done the network units, there is a network where you cover this again in a bit more detail, but even if you haven't, don't worry you still should be able to think about this.

Maybe to help you with the answer to what are the main advantages of a network.

Think about your school network compared to maybe your home device.

What's the advantage there? What can we do in a school system that we can't do on your home device? Okay.

And also then secondly, from a network security point of view, what are the disadvantages of networks? So again, pause the video if you can.

See if you can maybe jot down some ideas about what you think the answers would be.

And then once you've got some answers written down then come back and we'll go through some of the answers.

Okay.

So let's go through some of those answers then.

So that starts off with the main advantages.

Well, the number one advantage and networks personally, I think this could be debatable, is sharing devices.

And what we mean by that is maybe sharing things like printers.

So rather than each individual computer having to be hooked up to a printer, you can have one printer that's shared across multiple devices.

And you might even have that in your home too.

You might even have one printer that you can connect to with your phone, your computer, your tablet, etc.

Like that, okay? It's also sharing resources as well.

So, having these central places where your files are stored.

Being able to use different computers on the network which would access that file system.

Okay.

So also we can share files between users.

We talked about that.

Network users can communicate by email or instant messenger and maybe even data can be backed up.

Okay? Rather than each individual computer time to backup his own information or maybe not even backup at all.

Then if we've got a network, we can essentially back up with a touch of a button everything just getting backed up to a central place as well.

So if we lose anything, we can always make sure we get that back.

So those are the main advantages I would say.

There are others as well, but that's a summary of them.

So let's now look at the dangers and what makes networks vulnerable to attack.

Okay.

Well, first of all, it's the connectiveness of networks that makes them attractive to hackers to enable viruses, to spread.

The very fact that you know, you can get access to one computer, You may well therefore have access to a whole system.

Or it may well be, if you infect one device on it on a network, then that device, because it's communicating with all of the different systems or the servers on the network, then all of a sudden they can be impacted too.

By just because one has been affected, all of them kind of are at risk of become vulnerable to that infection as well.

Okay? So it says that viruses can spread to other computers throughout a computer network because there's a particular danger of hacking with wide area networks.

Because we have a difference between LANs and WANs.

Again, you'd explore this in a lot more detail in the network unit, but WANs use internet technologies, therefore it becomes a bit more open or a bit more exposed to attack in that way.

Okay, so next activity I'd like you to do is go to task two on your worksheet.

Now this lesson has been about the cost of cybercrime and hacker motivation.

So what I'd like to do is go to task two because the questions will help you summarise and reflect on the learning for this lesson.

Now don't be afraid to look back over the slides to help you answer the questions.

So I fully expect you to go back over the slides to help you find the answers.

It doesn't need to be done necessarily from memory.

Okay, so if you can pause this video now, go to your worksheet, answer the questions.

Like I say, use a slide deck to, for reference to remind you of what we've learned about, and then unpause when you're done.

Okay, so how did you get on with that? Now hopefully that gave you an opportunity to really reflect on the scale of cyber attacks, what impact they could have in organisations, but also what knock-on effect that can have on us as individuals.

Okay? So I hope you enjoyed the lesson and if you'd like to share your work with us, please do.

I mean, maybe let us know what you thought.

Maybe let us know about what you thought of that live cyber threat map and the scale of it.

What surprised you about that? Okay? So if you'd like to share your work with us, please ask your parents or carer to share your work on Instagram, Facebook, or Twitter tagging @OakNational and using the hashtag #LearnwithOak.

Now there's also a quiz for you to do at the end of this lesson to kind of recap on your learning and get a little bit feedback as well.

So once you've done that, I hope I'll see you in lesson two of this unit.

So, I'll see you then.