Lesson video

In progress...


Hello, and welcome to lesson five of our cyber security unit.

I'm Ben, and in this lesson, we're going to look at how organisations plan to manage the cyber threat risks that there are out there.

We're also going to look at how we can protect ourselves and how organisations can protect themselves against all the cyber threats that we've learned about so far in this unit.

So all you'll need for this lesson is your computer and a web browser, and other than that, if you can clear away all distractions that you might have.

If you can find a really nice quiet place to work and when you're ready, let's get started.

Okay, so in this lesson you will compare security threats against their probability and their potential impact to organisations.

You're also going to explain how networks can be protected from common security threats.

But before we get going, I thought we'd ask three questions so we've got an opportunity to recap and refresh our knowledge from the previous lessons in this unit.

So the first question.

So Trojans, spyware, adware and worms are all examples of what? Are they viruses, ransomware, social engineering or malware.

Okay, so just give yourself a moment to think about that.

Do you have an answer? Okay, so see if you can shout out the answer on the screen when I do with my countdown.

So three, two, one.

It is, malware.

Okay, so remember, it's not specifically a virus because viruses attach themselves to files and self-replicate and while malware is more of a umbrella term for all software that has malicious intent.

Okay, so not all of the examples that you saw on screen there were viruses.

Okay? So the next question then, what is the term for when human users of a system are tricked into providing confidential information? Okay, so is that malware, is that phishing, is that social engineering or is that botnet? Okay, again give me an answer in three seconds.

Three, two, one.

It is, excellent, social engineering.


Now remember all the different types of social engineering that are out there, is not just one thing.

It could be phishing, blagging, shouldering and name generator attacks were some of the examples that we looked at in a previous lesson.


So last question now.

Which of the following would be the correct term for a large collection of malware infected devices, another term for that, zombies, used to perform an attack or to exploit known weaknesses in a system? Okay, a bit of a mouthful that but which one do you think is the correct answer? Is it botnet, malware, social engineering or phishing? So what do you think? Have you got an answer yet? Okay, so let's see if we can shout out again.

The last time, I promise is the last time I'll ask you to shout to the screen in this lesson.

So give me in three, two, one.

It is, botnet.


So botnet can be to perform things like a DDoS attack, but it might also be used to send spam or to exploit computers that have not updated that software with the latest security patch.


So remember it's those malicious bots that we talked about in lesson four.

Okay, so I've got some statistics for us to look at that I found when I was doing some search on the internet.

Now Gardner said that worldwide spending on cybersecurity is forecasted to reach a whopping $133.

7 billion by 2022.

That's a huge amount, that was globally all over the world.

That's how much money will be spent on trying to protect networks from cyber threats.

Okay? Accenture says 68% of business leaders feel that cybersecurity risks are increasing.

Think about what that tells us.

It part tells us that businesses feel that cybersecurity threats aren't going away.

In fact, worse than that, they've increasing.

Now, Verizon also gave us these set of statistics, that 2% of breaches featured hacking, 28% involved malware, and 32 to 33%, included social engineering.

Now, I suppose in some respects that's a little bit misleading in terms of hacking because social engineering can lead to them hacking afterwards.

But I suppose it gives us a representation of how much the significance of some of the threats related to cybersecurity.

So perhaps hacking isn't a primary concern whereas more malware and social engineering are the bigger concerns because those are the methods primarily used by cyber criminals.


So what I'd like us to do is go back to a website that we looked at right at the beginning of this unit in lesson one.

Okay, now this show does a live real time instances of the cyber attacks taking place across the world right now.


So when you look at this website you're going to see the attacks taking place at the moment that you're looking at it.

So what I'd like to do is I would like you to go to the website and have a look at it.


I'd like to work out what the top three targeted industries are, what are the top three malware types, and in the UK which malware trend makes up the largest percentage of attacks.

Okay? Now to do that third one you need to actually click on the UK on the map.

So you need to draw upon your geography knowledge to work out where the UK is.

So click on the UK and a box will appear and it will show you specifically about the UK and what the top three, well, what types of malware make up the largest percentage of attacks.

Okay? So I'd like to head over to your worksheet and I'd like to complete tasks on your worksheet to help you identify the threats.

And there you'll find a link to this threat map website.

Okay? Now it's important that you ask your parents or care for permission before attempting this task, because Oak Academy are not responsible for any third party content.

Okay? But if you do have permission please go ahead and go to your task one worksheet, complete the questions and once you've done that, we'll discuss some of the results when you're finished.

Okay? So good luck with that.

Okay, so how did you get on with that? Now hopefully that's given you a sense of not only the scale of the attacks, but also what industries are being attacked and also what kind of attacks are taking place.

And again, hopefully we looked at that back in lesson one.

Now, hopefully you've looked at that again now.

And it starts to all make a little bit more sense because now we've learned about what those different types of attacks are.

So interestingly, when I was looking at that website and it might've been different to you because it is real time and things change.

But when I was looking at it, education was the second top targeted industry.

So why do you think that is? Is it because there's lots of data to be stolen from the education? Or do you think maybe it's because maybe educational establishments such as schools or university are most likely to have the most lax security maybe? I'm not so sure about that but either way we should start thinking about these things.

So that brings us onto the next task.

So when we're looking at the different types of threats we've got to work out how are we going to protect ourselves? What budget should we spend on it? And is it worth spending a huge amount of money on something when the risk is actually quite low? So it says network security provision is based on risk.

So often companies will compare the impact of an attack against the probability of it happening.

So that helps the organisations plan how to best spend their budgets.

So I'd like you to put yourselves in the shoes of a network manager for your school.

Okay? And I'd like you to complete task two on your worksheet to put the risks on the graph.

So I'm just going to head over to the worksheet now and we can have a look about what you need to do.

Okay? Okay, so I'm looking at task two on the worksheet now, now the task is if I go to a previous slide, sorry, your school is planning its budget for the following year and wants your guidance on the risks of data loss and cyber attacks.

So use the template on the next slide to plot the following threats on the graph.

So viruses, ransomware, DDoS, brute force, botnets, so remember botnets is looking for vulnerabilities, social engineering, internal threats, and internal threats would be the learners, so you guys at school or staff deliberately doing damage.

Okay? So let's go across to the graph.

So I'm just going to take one for example, and look at how I might place it, but this is quite subjective, so it's based on your opinion.

So let's have a look at viruses, for example.

Now, remember if we recall what we learned about viruses, viruses aren't just things that just happen randomly on the network, they need to be activated by a user.

So that would require a student or a member of staff to download something from an email, for example, or maybe brings something on a memory stick that's infected with a virus from home.

So what's the chance of a virus actually impacting the net or like happening on the network? What's the probability of that happening? Well, I would say that the chance of somebody bringing a memory stick from home if it's not blocked in your school, it might be blocked in your schools, that will reduce the risk.

Or downloading something from an email by mistake or being conned by some kind of attachment thinking it looks real, but actually it's fake.

I would say probability it is fairly high with that.

I mean, not really, really high but I'm going to put it quite high about there.

Now what's the impact of that happening? So if there was a virus on the network and it's kind of started causing problems on the network and infecting lots of computers, then I would say the impact could be fairly high.

But hopefully we've got some antivirus on our computer.

Some anti-malware that will reduce the chance of having an impact, but let's pretend for a second we don't have that.

So I would say the impact would be reasonably high.

So that's where I'm going to put it.

So probability is fairly high and the impact is fairly high as well.

It's not really, really high, but somewhere around there.

Okay? So that's viruses, so what I need you to do is go through the rest of them and then decide where would you put them on the map? On the graph, sorry.


What would be really great if you have the opportunity to is maybe have a discussion with this with somebody else in your household and see if they kind of agree or you could talk through what you think the risks are.

Okay, and that might help you gather your thoughts and work out where to put it on the graph.

Okay? So I'd like to go across to your worksheet then place.

So pause this video now, go across your worksheet, complete task two.

And when you've done that, I'll be here when you get back.

Okay, so how did you get on with that? So hopefully now you have a graph with all your threats on, you've worked out what you think the likelihood is of those happening and also the impact they would have should they take place.

Now, our next steps are look at the protection methods that can be put in place to stop these threats from happening in the first place.

Now, you could say that you could never make yourself 100% secure against attackers, but what we can do is put measures in place to make it so difficult for attackers that eventually they just give up.

So let's look at some of those protection methods.

Now, the first one you may have heard of this before which is a firewall.

Now, a firewall checks incoming and outgoing network traffic.

And that's really important.

So it doesn't just check dangerous traffic coming to the network, but it also checks things going out to the network as well.

Now it scans the data going in and out of the network and make sure it doesn't contain anything malicious and that it follows the rules set by the network.

Okay? So here's an example of that.

So imagine a learner who wanted to use a website full of free games.

I know it's hard to imagine, right? I know that you would never do that, but imagine somebody in your class wanted to use the school computers not to do work and to play games.

So the rules of the network are set up to disallow this and the firewall will stop the learner from accessing the website.

Because there are rules in place that say anything with keyword games or it might be a website the firewall says don't allow traffic to that website.

So as the traffic goes out of the network, it hits the firewall and the firewall will reject that and perhaps send a message back that you might have seen before saying this website has been blocked or not allowed.

So that would be network traffic going out but also it checks network traffic coming in as well.

So if there's any malicious attempt to access a network or packets of data that looked suspicious then the firewall would also look at those and go they don't look quite right and reject them from coming into the network.

So the firewall is designed to protect any kind of malicious traffic coming in and out of the network.

Now, anti-malware.

So anti-malware is software that scans any file that's able to execute code.

So anti-malware will have a list of definitions.

So things that it knows already that are out there, they will be counted as malware.

So there might be sequences of code that they know are malicious.

So, you may have heard of the term antivirus before but is antivirus the same as anti-malware? Well, in theory, no, because antivirus should just be checking for viruses.

Whereas malwares, we've talked about earlier is the umbrella term for lots of malicious software.

So in theory, anti-malware will search for many more different types of malicious code than just antivirus.

because antivirus would just search for viruses.

Now, in reality, if you've got antivirus on your computer, the chances are, it is also anti-malware.

It's just that antivirus is such a well-known term that people tend to buy and download antivirus even though it's also acting as anti-malware.

Now, if a anti-malware or antivirus finds any malicious code that it knows, and it's in its list of definitions of malicious code, then if they're matched, what the anti-malware will do is it'll find those files and it will quarantine them.

Now, so I've got a quick question for you.

So what is meant by the term quarantined and why is it important that it happens? Okay? So if you pause the video now, see if you can come up with an answer for that.

And when you've got one you can unpause and we'll go through the answers.

Okay, so what is meant by quarantined? Well, if that file is found to have malicious code then what anti-malware will do, is it'll take that file or any infected files and quarantine them, which means stop them from having access to the rest of your system.

And that way the virus can't continue self-replicating and infect other files on the network, or on your computer, sorry.

Now, why is it important that happens? Well, because it's self-replicating, it's stopping it from happening.

So it kind of stops it in its tracks from doing any more damage than it already has done.

And at that point, the user will give it given choices.

So if you've got antivirus or anti-malware software and it's quarantined some files, you would then have choices.

Now it may well be that your anti-malware software has got a solution for it, and will be able to get rid of the virus and restore the file, that might be one thing you can do or it might give you the option to delete the file permanently.

Now auto-updates.

So auto-updating software refers to software that automatically checks for available updates for the software you have on your computer.

I say computer, but I'm also counting things you might be more familiar with such as maybe a mobile device.

So I'm sure you've seen it before.

If you've got a smartphone and you've got apps on that smartphone then every now and again, if you went to the app store you'll notice that there are updates available.

Maybe with new features or maybe some more security patches.

So once it finds an update, the software can be set to either alert the user to instal it automatically, yeah so alert the user or instal it automatically, sorry.

So then giving you the choice.

So this software is often automatically included in the operating system.

So the question is, in this case what is meant by automatically, and can you think of one way in which auto updates can reduce the risk of a cyber attack? Okay? So pause the video, see if you can answer those two questions, and when you've got the answers in your mind then unpause the video and we'll go through the answers.

Okay, so in this case automatically means without human intervention.

So if it automatically means that if you've got all the different apps on your smartphone or different software on your computer, you don't need to constantly go to each one of those manufacturers and see whether or not there's an update and download it automatically.

Now we said on the previous slide you can also set it to just instal it automatically.

So without you having to verify it, but you might've set it so you do want to verify it.

Because often you can't go back to previous versions.

So if you update a software it may well be it's a permanent update and have new features that you don't like or something like that.

So you may want to set it so that part doesn't happen automatically.

Now, did you think of one way in which auto updates can reduce the risk of a cyber attack? Well, think back to our previous lesson where we looked at the WannaCry virus, which is a ransomware attack.

How that worked is it exploited software that hadn't been updated and didn't have the latest security patch.

So that was one way in which the ransomware got in because people hadn't updated their software or had software that didn't have new updates to protect itself.


So auto update software is really important to not only just get the latest features but also protect you from the latest.

Sorry, it also protects you with the latest security patches that are available.

Okay, so user authentication.

Now user authentication is authenticating you as a user on the system.

So imagine your school, when you walk into a computer lab you can't just turn on a computer and start using it, you need to authenticate.

So I'd like to pause the video again, and think how do you log into the school system? What measures are already in place to make that process secure? And what could we put in place to make it even more secure, do you think? Okay? So pause the video, see if you can answer those three questions.

Okay, now I can't answer this question for you because it very much depends on your school but I'm going to guess at the fact that you need a username and password to authenticate on your school network.

So that means you got a username and you got passwords that goes with that username that would authenticate and verify that you are a valid user on the system and you can log in.

So what measures are already in place to make those secure? Do you have any password rules? Does it need to be a certain length? Do you need to use numbers, symbols, characters, even? So those might be things that might be in place on your network.

So my question was what other things could be put in place to make it even more secure to access a computer on your network? Well, let's have a look at some of the methods that are out there.

Okay? So what could be put in place to make it even more secure? Well, we could have secure passwords.

So for example, we just talked about that.

You could make sure that passwords follow a certain rule.

There might be three member words with a minimum length for example, or it might have to include that number symbol or character.

You might also include password managers.

Now, password manager is a tool where you log into that software with a single password and then that allows you to create passwords to any new accounts.

So anything new on the internet or anything that you need to use the password for those password managers will automatically generate a completely random password that's very, very difficult for anybody to guess or hack into with a brute force attack, for example, but you don't need to remember that because you would only need to remember the username and password for your password manager, and then that would automatically populate the website with the correct username and password.

You may have also thought about the fact that you might allow a maximum number of attempts to log in before an account is locked.

For example if you attempted to log into account five times, then it blocks the account and you have to go to the network administrator to get it unblocked.

Now I'm sure you've heard of CAPTCHA before.

So CAPTCHA is the way which it's meant to verify you as a human being.

So you can see the picture on the screen at the bottom there, says please select all the cats.

Now this has meant to stop anybody, so bots basically to be able to log into your account.

There may be bots out there that automatically fill in forms and try and create usernames and passwords or create fake Twitter accounts, for example.

One way in which you can defend against that is put CAPTCHA in place.

And this requires the user to make kind of human-like decisions.

So it will be kind of difficult for bots to be able to look all those pictures and determine which ones are cats and which ones aren't cats for example.

So the theory is that CAPTCHA is in place to stop those bots filling in those forms for you.

Now, of course, bots can be made to be very intelligent and work out which ones are cats or kind of beat CAPTCHA.

But again, it's on that methodology of CAPTCHA just makes it really difficult for bots to work.

So those bots have to be really sophisticated.

So it doesn't guarantee that a bot won't create an account but actually it really reduces the chance of that happening.

Okay, so next one is biometrics.

So biometrics is using something that uniquely yours about your body.

So often that would be fingerprint recognition, and you might have that on your mobile phone.

It might be retina.

So it actually looks at your eyes or it might actually just be the shape of your face.


Okay? So biometric logins makes sure it's something that's uniquely yours when you're logging in.

And then finally two factor authentication, often known as 2FA.

Now this is where you log into an account and it requires a second authentication.

So that would be the first authentication having a username and password, but it may also be that you set up two factor authentication so that maybe it sends a message to your mobile phone where you've got to type in a code.

So a text message would arrive on your mobile phone with a unique code, and then you log in with that as well.

So if somebody ever was to guess your username and password, or find out somehow, then they would also need that second form of authentication to be able to log into your account.

So again, it doesn't rule out that ever happening but it does significantly reduce the chance of any kind of brute force attack being successful.

Okay, so the final one we're going to look at in this lesson is user permissions.

So users on a network can be put into groups with each individual group having a unique set of privileges, such as which network drives they have access to, their read-write permissions, as in what files are they able to read and just open but not be able to save to and overwrite.

Or they have write permissions that enables them to save and write over a document or write or save a document to a particular area on the network.

Which printers they're able to use.

What software they can use and which websites they're allowed to access.

Okay? So my final question for you is how does setting user permissions increase the security of a system? So pause the video and once you've got an answer, we'll continue.

Okay, so it definitely protects the security of the system.

For example, if someone was able to access your username and password, they would only get access to a subsection of the network.

So only the areas of the network that you have access to.

So maybe the student area where all the student files are, but again, that might be set to just read only.

So although they'll be able to see the files they won't be able to delete them.

They'll be able to see your area of your network, so they might be able to do damage to your particular account.

But beyond that, they won't be able to do much damage.

They won't be able to access the teacher's accounts, maybe the student mark books or maybe some confidential student information.

Okay, so here's some answers if your individual accounts are compromised, the potential damage is limited.

Users are less chance of introducing malwares to the network if they can't instal software and there's less chance users will accidentally or deliberately tamper with data they shouldn't be able to see.

Okay, so the final activity for this lesson is to complete a cyber threat report.

So what I'd like you to do is write a short report to the head teacher that's going to outline what you think is the most significant danger to the network, and one thing that could be done to reduce the probability of the school being affected.

And what I'd like you to do is use the risk graph that you did in task two of this lesson, and I'd like to look at that and pick out the one that you think have the highest risk and the highest, well, the highest impact, sorry and the highest likelihood of it happening.

So pick that one and then use what we've just learned over the previous few slides to work out which form of defence you think would reduce the chance most significantly.

Okay? So remember, you can't completely rule it out but there might be one thing that you think you would recommend putting in place that will reduce the chance of it happening.

Okay? So I'd like to pause this video now, head over to task three on your worksheet, complete the report, and once you're done, we're ready to unpause the video and we'll continue.

Okay, so that's all for lesson five.

And I want you to just take a moment to reflect on all the learning that you've done so far in this unit, because you've done a great job.

We've learned about a whole range of cyber threats but we've also now learned about how we can protect ourselves and our networks can protect themselves against all the dangers that are out there.

So I would really love to see the work that you've done in this lesson, I'd love to see the head teacher's report that you've made.

I'd also love to see the graph so I can compare what I thought to what you thought as well.

Okay? And if you'd like to do that please ask your parents or care to share your work on Instagram, Facebook, or Twitter, tagging @OakNational and using the hashtag #LearnwithOak.

So there's only one more lesson for this unit.

So I'm looking forward to seeing you then.