Cybercrime Prevention, Reporting, & Recovery: Difference between revisions
From GCA ACT
Jump to navigationJump to search
No edit summary |
No edit summary |
||
| Line 24: | Line 24: | ||
[[#CybercrimeReporting|Cybercrime Reporting Resources]] | [[#CybercrimeReporting|Cybercrime Reporting Resources]] | ||
</div> | </div> | ||
| style="vertical-align: top; border: none; background-color: #FFFFFF; text-align: left; width: 25%;" | <span>[[File:recover-bed.svg|frameless|70px|link=|thumb|left]]</span><span style="font-weight: bold; font-size: 25px;">Recover</span><div>Once you have reported a cybercrime, there are steps you can take to recover from it. A lot of the time these steps occur before the crime happens, like keeping a backup of your data or having a disaster recovery plan. Otherwise it may include things like changing your passwords, monitoring your credit report, and filing insurance claims. | | style="vertical-align: top; border: none; background-color: #FFFFFF; text-align: left; width: 25%;" | <span>[[File:recover-bed.svg|frameless|70px|link=|thumb|left]]</span><span style="font-weight: bold; font-size: 25px;">Recover</span><div>Once you have reported a cybercrime, there are steps you can take to recover from it. A lot of the time these steps occur before the crime happens, like keeping a backup of your data or having a disaster recovery plan. Otherwise, it may include things like changing your passwords, monitoring your credit report, and filing insurance claims. | ||
<strong>Cybersecurity Tools</strong> | |||
{{#categorytree:Passwords|mode=collapsed}} | |||
{{#categorytree:Backup & Restoration of Data|mode=collapsed}} | |||
{{#categorytree:Cybersecurity Insurance|mode=collapsed}} | |||
{{#categorytree:Sensitive Data|mode=collapsed}} | |||
</div> | </div> | ||
|} | |} | ||
| Line 105: | Line 109: | ||
{| class="wikitable" | {| class="wikitable" | ||
|+ | |+ | ||
! Type of Cybercrime | ! Type of Cybercrime !! Signals of Attack !! Methods of Containment | ||
|- | |- | ||
| Data breach | | width="20%" | '''Data breach''' - The unauthorized access and theft of sensitive data. | ||
| | | width="40%" | | ||
* Unusual system activity, such as spikes in traffic or login attempts from unusual locations | * Unusual system activity, such as spikes in traffic or login attempts from unusual locations | ||
* Missing files or data | * Missing files or data | ||
* Unauthorized changes to system configurations or permissions | * Unauthorized changes to system configurations or permissions | ||
| | | width="40%" | | ||
* Isolate affected systems from the network | * Isolate affected systems from the network | ||
* Change all passwords and security credentials | * Change all passwords and security credentials | ||
| Line 118: | Line 122: | ||
* Restore data from backups | * Restore data from backups | ||
|- | |- | ||
| Malware attack | | '''Malware attack''' - The unauthorized installation of malicious software on a computer system. | ||
| | | | ||
* Slow computer performance | * Slow computer performance | ||
| Line 129: | Line 133: | ||
* Restore data from backups | * Restore data from backups | ||
|- | |- | ||
| Phishing attack | | '''Phishing attack''' - A fraudulent attempt to obtain sensitive information, such as passwords or credit card numbers, by disguising oneself as a trustworthy entity in an electronic communication. | ||
| | | | ||
* Emails or text messages that appear to be from a legitimate source, such as a bank or credit card company, but contain suspicious links or attachments | * Emails or text messages that appear to be from a legitimate source, such as a bank or credit card company, but contain suspicious links or attachments | ||
| Line 137: | Line 141: | ||
* Verify the legitimacy of any email or text message before providing any personal or sensitive information | * Verify the legitimacy of any email or text message before providing any personal or sensitive information | ||
|- | |- | ||
| Denial-of-service (DoS) attack | | '''Denial-of-service (DoS) attack''' - An attempt to make a computer system or network unavailable to its intended users by flooding it with traffic or exploiting vulnerabilities in software or hardware. | ||
| | | | ||
* Slow website or application performance | * Slow website or application performance | ||
| Line 146: | Line 150: | ||
* Implement DDoS mitigation strategies, such as firewalls and load balancers | * Implement DDoS mitigation strategies, such as firewalls and load balancers | ||
|- | |- | ||
| Man-in-the-middle (MitM) attack | | '''Man-in-the-middle (MitM) attack''' - An attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are communicating directly to each other. | ||
| | | | ||
* Unexpected redirects to unfamiliar websites | * Unexpected redirects to unfamiliar websites | ||
* Unexpected changes to website content | * Unexpected changes to website content | ||
| Line 156: | Line 160: | ||
* Use strong passwords and two-factor authentication | * Use strong passwords and two-factor authentication | ||
|- | |- | ||
| Social engineering attack | | '''Social engineering attack''' - An attack that manipulates people into performing actions or divulging confidential information. | ||
| | |||
* Phone calls, emails, or text messages that ask for personal or sensitive information | * Phone calls, emails, or text messages that ask for personal or sensitive information | ||
* Requests for help with technical problems | * Requests for help with technical problems | ||
| Line 165: | Line 170: | ||
* Verify the legitimacy of any request before taking any action | * Verify the legitimacy of any request before taking any action | ||
|- | |- | ||
| Ransomware attack | | '''Ransomware attack''' - A type of malware that encrypts the victim's data and demands a ransom payment in exchange for the decryption key) | ||
| | | | ||
* Files that are encrypted and cannot be accessed | * Files that are encrypted and cannot be accessed | ||
| Line 174: | Line 179: | ||
* Restore data from backups | * Restore data from backups | ||
|- | |- | ||
| Cryptojacking | | '''Cryptojacking''' - The unauthorized use of a computer's processing power to mine cryptocurrency. | ||
| | | | ||
* Slow computer performance | * Slow computer performance | ||
| Line 184: | Line 189: | ||
* Use strong passwords and two-factor authentication | * Use strong passwords and two-factor authentication | ||
|- | |- | ||
| Insider threat | | '''Insider threat''' - A cyberattack carried out by an individual who has authorized access to an organization's computer systems or data. | ||
| | |||
* Unusual system activity, such as spikes in traffic or login attempts from unusual locations | * Unusual system activity, such as spikes in traffic or login attempts from unusual locations | ||
* Unauthorized changes to system configurations or permissions | * Unauthorized changes to system configurations or permissions | ||
| Line 193: | Line 199: | ||
* Conduct regular security audits | * Conduct regular security audits | ||
|- | |- | ||
| Supply chain attack | | '''Supply chain attack''' - A cyberattack that targets an organization's suppliers or third-party vendors. | ||
| | | | ||
* Vulnerabilities in software or hardware used by suppliers or third-party vendors | * Vulnerabilities in software or hardware used by suppliers or third-party vendors | ||
Revision as of 20:23, 30 October 2023
This page is your go-to resource for tackling the multifaceted challenges of cybercrime. With the digital world becoming increasingly integrated to everyday lives and business operations, understanding how to prevent, recognize, report, and recover from cyber threats is critical. This comprehensive page is structured into four essential sections encompassing the continuum of cybercrime remediation. Each section includes a curated list of cybersecurity tools tailored for everyday users, individuals requiring enhanced security, and organizations.
 Whether you are an everyday user or in charge of an organization's IT apparatus, implementing cybercrime prevention tools is a no-brainer. For Everyday Cybersecurity this includes using strong passwords, being careful about what information you share online, and being aware of common cybercrime scams. However sometimes a more structured approach, or Enhanced Protection, is needed for small businesses or individuals requiring heightened security. For large organizations Advanced Security is required, including sophisticated Intrusion Prevention Systems (IPS), security simulations, and strict access control.
|
 Cybercrimes can often go undetected but it is important to catch them before they cause further damage. Luckily, along with a number of resources for learning to spot cybercrimes, there are a multitude of automated software tools that intelligently detect anomalies.
|
 If you are the victim of a cybercrime, it is important to report it to the authorities. This will help them to investigate the crime and track down the perpetrators. Cybercrimes are dramatically underreported, people are sometimes embarrassed, or they don’t think anyone will do anything. The truth is that authorities are investing more money in cybersecurity every year.
|
 Once you have reported a cybercrime, there are steps you can take to recover from it. A lot of the time these steps occur before the crime happens, like keeping a backup of your data or having a disaster recovery plan. Otherwise, it may include things like changing your passwords, monitoring your credit report, and filing insurance claims.
Cybersecurity Tools Category Cybersecurity Insurance not found
|
| Country | Organization | URL | Description |
|---|---|---|---|
| United States | Federal Bureau of Investigation (FBI) | https://www.fbi.gov | The FBI is the primary federal law enforcement agency responsible for investigating cybercrime in the United States. |
| United Kingdom | National Cyber Security Centre (NCSC) | https://www.ncsc.gov.uk | The NCSC is a part of the GCHQ, the UK's intelligence and security agency responsible for cyber security. It provides advice and support to businesses, organizations, and individuals on how to protect themselves from cybercrime. |
| Canada | Canadian Centre for Cyber Security (CCCS) | https://www.cyber.gc.ca | The CCCS is a part of the Communications Security Establishment (CSE), Canada's national intelligence and cyber security agency. It provides cyber security advice and support to government, industry, and Canadians at large. |
| Australia | Australian Cyber Security Centre (ACSC) | https://www.cyber.gov.au | The ACSC is a part of the Australian Signals Directorate (ASD), Australia's national intelligence agency responsible for cyber security. It provides advice and support to businesses, organizations, and individuals on how to protect themselves from cybercrime. |
| New Zealand | New Zealand Computer Emergency Response Team (CERT NZ) | https://www.cert.govt.nz | CERT NZ is a government agency responsible for responding to and managing cyber security incidents in New Zealand. It provides advice and support to businesses, organizations, and individuals on how to protect themselves from cybercrime. |
| India | Indian Computer Emergency Response Team (CERT-In) | https://www.cert-in.org.in | CERT-In is a government agency responsible for coordinating cyber security efforts in India. It provides advice and support to businesses, organizations, and individuals on how to protect themselves from cybercrime. |
| Singapore | Cyber Security Agency of Singapore (CSA) | https://www.csa.gov.sg | The CSA is a government agency responsible for overseeing and coordinating cyber security efforts in Singapore. It provides advice and support to businesses, organizations, and individuals on how to protect themselves from cybercrime. |
| Japan | National Institute of Information and Communications Technology (NICT) | https://www.nict.go.jp/en/ | NICT is a government agency responsible for research and development in information and communications technology. It also plays a role in cyber security, providing advice and support to businesses, organizations, and individuals on how to protect themselves from cybercrime. |
| South Korea | Korea Internet & Security Agency (KISA) | https://www.kisa.or.kr/eng/ | KISA is a government agency responsible for overseeing and coordinating cyber security efforts in South Korea. It provides advice and support to businesses, organizations, and individuals on how to protect themselves from cybercrime. |
| China | National Internet Emergency Response Center (CNCERT/CC) | https://www.nic.ad.jp/en/ | CNCERT/CC is a government agency responsible for responding to and managing cyber security incidents in China. It provides advice and support to businesses, organizations, and individuals on how to protect themselves from cybercrime. |
| International | Interpol | (https://www.interpol.int) | Interpol is an international organization that facilitates worldwide police cooperation. It has a cybercrime unit that provides support to member countries in investigating and prosecuting cybercrime. |
| International | Europol | (https://www.europol.europa.eu) | Europol is the European Union's law enforcement agency. It has a cybercrime center that provides support to EU member states in investigating and prosecuting cybercrime. |
| International | No More Ransom | (https://www.nomoreransom.org) | No More Ransom is a public-private partnership that provides free decryption tools to victims of ransomware attacks. It also provides information and advice on how to prevent ransomware attacks. |
| Type of Cybercrime | Signals of Attack | Methods of Containment |
|---|---|---|
| Data breach - The unauthorized access and theft of sensitive data. |
|
|
| Malware attack - The unauthorized installation of malicious software on a computer system. |
|
|
| Phishing attack - A fraudulent attempt to obtain sensitive information, such as passwords or credit card numbers, by disguising oneself as a trustworthy entity in an electronic communication. |
|
|
| Denial-of-service (DoS) attack - An attempt to make a computer system or network unavailable to its intended users by flooding it with traffic or exploiting vulnerabilities in software or hardware. |
|
|
| Man-in-the-middle (MitM) attack - An attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are communicating directly to each other. |
|
|
| Social engineering attack - An attack that manipulates people into performing actions or divulging confidential information. |
|
|
| Ransomware attack - A type of malware that encrypts the victim's data and demands a ransom payment in exchange for the decryption key) |
|
|
| Cryptojacking - The unauthorized use of a computer's processing power to mine cryptocurrency. |
|
|
| Insider threat - A cyberattack carried out by an individual who has authorized access to an organization's computer systems or data. |
|
|
| Supply chain attack - A cyberattack that targets an organization's suppliers or third-party vendors. |
|
|
