Explain the importance of information security (IS). 5.1 Identify potential cyberthreats presented with electronic communications.

SEC 3302, Advanced IS Security 1

Course Learning Outcomes for Unit I
Upon completion of this unit, students should be able to:
5. Explain the importance of information security (IS).
5.1 Identify potential cyberthreats presented with electronic communications.
5.2 Develop a security policy.
5.3 Investigate strategies for instigating an email security testing campaign.

Required Unit Resources
Chapter 1: The Threat Environment
In order to access the following resources, click the links below. You can access transcripts for the videos by
clicking on the three dots below the video on the right, then clicking “Open transcript.”
Professor Messer. (2020, December 10). Other social engineering attacks – SY0-601 CompTIA Security+ :

1.1 [Video]. YouTube. https://www.youtube.com/watch?v=trAs7C5h1BU
Professor Messer. (2020, December 10). Principles of social engineering – SY0-601 CompTIA Security+ : 1.1

[Video]. YouTube. https://www.youtube.com/watch?v=ndwCR1kYz5M
Professor Messer. (2020, December 10). Threat actors – SY0-601 CompTIA Security+ : 1.5 [Video]. YouTube.

Professor Messer. (2020, December 20). Bots and botnets – SY0-601 CompTIA Security+ : 1.2 [Video].

YouTube. https://www.youtube.com/watch?v=CHrES3Swpw4
Professor Messer. (2021, January 7). Denial of service – SY0-601 CompTIA Security+ : 1.4 [Video]. YouTube.

Professor Messer. (2021, January 11). Attack vectors – SY0-601 CompTIA Security+ : 1.5 [Video]. YouTube.

Unit Lesson
The Threat Environment
Corporate security is vitally relevant in today’s business world. One cannot look at their newsfeed on any day
without seeing a story about an organizational cyberattack, customer data theft, or some newly detected
threat. These types of attacks can have an enormous impact on infrastructure, resources, reputation, assets,
customer information, and corporate data. Attacks come in many forms, evolve almost daily, and may include
malware, phishing, social engineering, web-based attacks, malicious code, botnets, stolen devices, denial of
service (DoS), malicious insiders, or ransomware (Boyle & Panko, 2021).
Businesses obviously have a strong interest in protecting infrastructure from these threats, but protection
requires corporations to have comprehensive information technology (IT) security policies, procedures,
hardened applications, and secure hardware. Because all of these topics are also covered in your Chapter 1
readings, you may have guessed that the topic for this unit is the threat environment.
IS Security and Basic Threats

SEC 3302, Advanced IS Security 2

Threats to the Entity Are Threats to the Individual
Let’s start with a general understanding of how the threat environment impacts both entities and individuals.
While we could separate personal from corporate threats, the reality is that the potential for exploits overlaps
both worlds. For instance, although we do not generally concern ourselves with corporate espionage in our
personal lives, most security issues can affect us both personally and professionally.
For example, a data breach happens when an unauthorized person views, alters, or steals secured data
(Boyle & Panko, 2021). While these breaches are extremely expensive for an organization to rectify—in both
direct and indirect costs—there are also costs for the individuals whose information was stolen. Often, this is
because personally identifiable information (PII), such as bank account information and social security
numbers, is stolen during the attack and used illegally by the attackers.
Thus, it is important to understand security holistically. We need to understand what the threat is, how it is
perpetrated, how we can mitigate the threat, and how we can clean up the mess.
Motivations for Attacks
To start, we must understand the terminology and basic differences in malware, exploits, and types of attacks.
However, the purpose of this lesson is not to define and explain each of the types of attacks. You can read
that information in your textbook. The purpose of this lesson is to give you some context and to discuss some
of the concepts of attacks and why they occur. Why are individuals and organizations attacked? What is it the
attacker wants?
It is important to understand that motivations have changed over the years. Initially, years ago, hackers did
not aim to cause massive damage to systems or seek financial gain. Instead, that era of hackers were more
interested in the thrill of break-ins, the validation of their skills, and a sense of power. Hackers who
communicated and operated within groups could demonstrate their ability by breaking into well-defended
hosts, which would increase their reputations amongst other hackers. Attacks were, therefore, an essential
part of climbing the hacker social hierarchy.
Today, these motivations have largely changed in modern society. Whereas early hackers were interested in
social status and being part of a social group, nowadays, hackers are more interested in financial gain.
Therefore, they often desire personal information, such as credit card information, that may provide them with
access to financial resources. Obtaining social security numbers and other personal information may lead to
identity theft, resulting in the potential for theft of large sums of money from multiple victims. There have even
been instances when identity thieves filed bankruptcy on behalf of their victims in an attempt to buy
themselves more time to get away with their crimes.

Hackers are a reality in today’s world, and their work is becoming more prevalent and far-reaching.

Whether they are beginners working in a basement with purchased malware or highly skilled experts
working in a terrorist cell, they can cause issues for individuals as well as for large companies. Note:

As shown in the photo on the right, hacking is not limited to computers—cellphones and other devices
may also be used as tools or become targets.

(Photos from left: Stevanovicigor, n.d.; Hackcapital, 2018; Flynt, n.d.)

SEC 3302, Advanced IS Security 3

These segments (Segments 1–4) from the video The Rise of the Hackers provide interesting information
concerning hackers, and, as a part of that information, it details the experiences of one man who was hacked.
In the video, hackers’ keyboards are being equated to bombs when describing the amount of destruction they
can cause.
For a transcript of the video, click on “Transcript” at the top of the video segment menu to the right of
the video.
Attacks for Financial Gain
Password gathering may mean obtaining bank account information, which means the potential for stolen
money. In an organization, accessing the network via hacking usually means the hacker is looking for
information. That information could include employee social security numbers or customer credit card
information. The thieves may be middlemen who sell that information to others rather than using it
themselves, but either way, the end result is always financial gain. In rare cases, the attacks may involve
extortion or the selling of trade secrets. Again, the result being sought is financial gain.
There are also known cases of corporate identity theft. Imagine gaining access to the personal information of
the owners of a partnership or small business that is incorporated. If the business owners have good credit
and the business is in good standing, the thief could potentially borrow a lot of money in the name of the
business owners.
Although financial gain is often the major reason for hacking, it is not the only one. In some cases, such
attacks are not about financial gain.
Attacks Intended to Harm Infrastructure
Besides monetary gain, what are some other reasons that organizations are attacked by hackers? Let’s take
the example of a distributed denial-of-service (DDoS) attack to illustrate our inquiry. DDoS attacks are created
to disrupt systems and stall operations. A fundamental question is, “Why?” Why would someone put in the
time, effort, risk, and resources to do something like that if there is no monetary return?
The answer must take into account the multiplicity of reasons that attacks occur in our modern society.
Usually, it is because the attacker is upset and trying to either make a political statement or do malicious harm
to the infrastructure of the victim. Hacktivism, for instance, is the use of hacking techniques to promote an
activist agenda or express an opinion. These tactics may be illegal, but they do not create a high degree of
fear or concern among the larger community.
On the other hand, cyberterrorism is an ideologically motivated attack against electronic data, applications,
and networks that is intended to cause serious harm to noncombatant targets to effect ideological, political, or
social change. In contrast, the attacker may simply be an angry customer who feels wronged. There are many
possibilities and motivations that are not necessarily financially driven.
As you may have guessed, the victims of these attacks can come from a variety of sectors. Victims may be
government offices, financial institutions, educational institutions, political sites, news sites, and the like.
DDoS can also be a form of cyber warfare. One government may use DDoS to attack the governmental
websites of another country. This is because militaries, in recognition of cyberspace’s communications and
critical infrastructure aspects, have started to treat cyberspace as a new warfare domain like land, air, and
sea. Cyberwarfare may, therefore, be classified as an act of violence. This is like using military operations by
virtual means to achieve the same ends that could be obtained by using conventional means.
An interesting contemporary example of cyber warfare that you may want to research is the Soviet-Estonia
conflict over removing a war memorial that had honored Russia. This conflict resulted in riots in the streets as
well as virtual attacks on Parliament, news agencies, and banks. Another example is the development and
use of Stuxnet, a worm used against an Iranian uranium enrichment facility. Stuxnet accessed supervisory

SEC 3302, Advanced IS Security 4

control and data acquisition (SCADA) systems and logic controllers controlling centrifuges and allowed them
to be remotely controlled.
Unfortunately, in most cases, it is hard to tell who the perpetrator of the attack is, so it may be difficult to
definitively determine the reason for the attack. In most cases, hacking seems to originate from highly skilled
individuals. However, that is not always the case, as a hacker may have only basic skills but can buy the
scripts and software they need. There is no longer a need for them to be able to write their own programming.
Accessibility of Malicious Software
Boyle and Panko (2021) describe amateur hackers as script kiddies. This term refers to new hackers who rely
on premade scripts or tools but do not understand how they work, which can cause their efforts to fail or to
create more damage than intended. It reflects the reality that many of the tools one needs in order to hack or
send malware to an individual or organization can be purchased illegally and do not require a great deal of
programming skill.
This does not mean that all hackers are amateurs. Many hackers are very skilled individuals. They may
be members of teams and may work in groups, which are called cells, and may be located in a number
of countries.
International Attacks
As we discussed earlier, attacks can take the form of cyber warfare or cyberterrorism. Nation-state actors
from foreign nations may also effectuate them. For instance, in late 2020, hackers perpetrated a massive
computer breach that enabled them to spend approximately four months exploring the systems of several
U.S. government networks and private companies in numerous countries. Industry experts say a country
mounted the complex hack—and government officials allege that Russia is the country responsible for the
attack (Chappell et al., 2020). The hackers attached their malware to a software update from SolarWinds,
a company based in Austin, Texas. Many federal agencies and thousands of companies worldwide use
the SolarWinds Orion software to monitor their computer networks. SolarWinds says that nearly 18,000 of
its customers received the tainted software update in the government and the private sector (Chappell et
al., 2020).
The effects of this breach have been massively expensive and reveal the increasingly sophisticated attacks
that will, unfortunately, be a part of our everyday lives in our increasingly digital world. A quick Google search
will give you a fascinating glimpse into this series of attacks and its impact on IT security.
Today’s reality is that in the world in which we live, the threat environment is very real and can be very costly.
To an individual, an information breach can be devastating. Banks will usually reimburse stolen money, but
damage may also occur in the form of such things as bounced payments. In the case of identity theft, it may
take years to reverse the effects. A serious breach can cost an organization millions of dollars in fees and in
refunded money. The organization’s reputation may also be damaged in the process. In an increasingly
technological world, the implications must be met with a focus on security. Many of these concepts will be
addressed throughout this course.
Boyle, R. J., & Panko, R. R. (2021). Corporate computer security (5th ed.). Pearson.

Chappell, B., Myre, G., & Wamsley, L. (2020, December 21). What we know about Russia’s alleged hack of

the U.S. government and tech companies. NPR. www.npr.org/2020/12/15/946776718/u-s-scrambles-

SEC 3302, Advanced IS Security 5

Flynt. (n.d.). Computer hacker with mobile phone (ID 127216995) [Photograph]. Dreamstime.

Hackcapital. (2018, February 21). Hack capital [Photograph]. Unsplash.

Stevanovicigor. (n.d.). Ransomware computer virus concept, hacker with monitor (ID 132496548)

[Photograph]. Dreamstime. https://www.dreamstime.com/ransomware-computer-virus-concept-

Course Learning Outcomes for Unit I
Required Unit Resources
Unit Lesson

The Threat Environment

Threats to the Entity Are Threats to the Individual
Motivations for Attacks
Attacks for Financial Gain
Attacks Intended to Harm Infrastructure
Accessibility of Malicious Software
International Attacks