> For the complete documentation index, see [llms.txt](https://cybersecurity-cloud-and-it-notes.gitbook.io/kyles-cybersecurity-cloud-and-it-gitbook/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://cybersecurity-cloud-and-it-notes.gitbook.io/kyles-cybersecurity-cloud-and-it-gitbook/wgu-network-engineering-and-security/ethics-in-technology/ethics-in-information-technology-textbook/chapter-3.-cyberattacks-and-cybersecurity/overview.md).

# Overview

#### **Breaches are Inevitable: A Cybersecurity Overview - ADHD-Friendly, Fun, and Focused on the Essentials**

In the world of cybersecurity, it’s simple: **every company has either been breached and knows it or been breached and doesn’t know it yet**. With that in mind, **prevention alone isn’t enough**—you need to prioritize **detection** to find breaches fast and act on them.

**Zero-Day Exploits: What Are They?**

* A **zero-day exploit** targets software flaws **before the security community knows about them** or before a patch exists.
* Imagine it’s like a surprise attack—hackers find the hole in your defenses before you even knew there was a problem.
* These exploits are dangerous until patched, and have been found in **big-name software** like Adobe Flash, Google Chrome, Microsoft Windows, and iOS.

**The Market for Zero-Day Vulnerabilities**

* The ethical hope? When a zero-day is discovered, researchers **report it** to the original software makers.
* The harsh reality? Some sell it on the **black market**—to hackers, cyberterrorists, or even governments.
* Example: A vulnerability in Apple iOS sold for **$500,000**.

**Government Agencies and Zero-Days**

* Agencies like the **FBI** and **NSA** often buy zero-day information—sometimes for millions.
* Why? To use as a tool for **espionage** or **cyberattacks**. Instead of fixing the flaw, they use it to their advantage.

**Vulnerability Equities Process (VEP)**

* The **VEP** is a policy to decide whether vulnerabilities should be kept secret or disclosed to the public.
* It’s supposed to prioritize public safety, but critics say the **process isn’t transparent**—decisions are made behind closed doors.
* For example, the **FBI** kept an iPhone vulnerability secret after the San Bernardino incident to aid its investigation.

**Ethical Dilemma for Agencies**

* **Trade-offs:** Should the government keep exploits secret for espionage, or reveal them for the greater good of user security?
* The **Pareto punchline**: Governments use 20% of the vulnerabilities for 80% of their intelligence work, but keeping them secret risks the safety of all users.

***

#### **References**

* Angwin, J., Larson, J., Mattu, S., & Kirchner, L. (2016). Machine bias. *ProPublica*.
* Eubanks, V. (2018). *Automating Inequality: How High-Tech Tools Profile, Police, and Punish the Poor*. St. Martin's Press.
* Reynolds, G. W. (2023). *Ethics in Information Technology*. Cengage Learning
