> For the complete documentation index, see [llms.txt](https://cybersecurity-cloud-and-it-notes.gitbook.io/kyles-cybersecurity-cloud-and-it-gitbook/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://cybersecurity-cloud-and-it-notes.gitbook.io/kyles-cybersecurity-cloud-and-it-gitbook/wgu-network-engineering-and-security/ethics-in-technology/ethics-in-information-technology-textbook/chapter-3.-cyberattacks-and-cybersecurity/the-threat-landscape.md).

# The Threat Landscape

#### **The Threat Landscape in Cybersecurity: ADHD-Friendly, Fun, and Focused on the Main Points**

In today’s digital world, **data security is crucial** for protecting business information, customers, and employees. But there’s a **key balancing act**: security vs. usability. Let’s dive into the **20% of concepts** that cover **80% of the challenges** in cybersecurity.

**Complex Trade-Offs in Security**

* **How Much Security is Enough?** Balancing spending on IT security with the need to minimize costs and improve usability.
* **Business vs. Security:** When security measures impact usability, businesses face lost sales and frustrated users.
* **Cybercrime Response:** Should companies **prosecute attackers** or maintain a **low profile** to avoid bad publicity?

**Cybersecurity Takeaway:** Striking a balance between adequate security and business efficiency is tough but crucial for minimizing risks while ensuring business operations.

***

**Why Are Cybersecurity Incidents So Common?**

* **Complex Environments = More Vulnerabilities**: With interconnected networks, devices, and cloud systems, there are **more entry points** for attackers.
* **BYOD (Bring Your Own Device) Policies**: Employees using their own devices create **uncontrolled environments** vulnerable to malware and misuse.
* **Software with Vulnerabilities**: Companies often use **commercial software** with known issues, and delays in patching create opportunities for attackers.

**Cybersecurity Takeaway:** Complexity and convenience bring **trade-offs** in security. Every new device or software can open doors for attackers.

***

**Types of Attacks to Know**

1. **Ransomware**: Locks data until a ransom is paid.
   * **Example**: Hollywood Presbyterian paid $12,000 to regain access to patient data.
2. **Viruses & Worms**: Spread through infected files (virus) or self-replicate without user action (worm).
   * **Impact**: Major productivity loss and repair costs in billions.
3. **Trojan Horses**: Appear legitimate but contain hidden malware.
   * **Example**: Malware embedded in a software update, used for spying.
4. **DDoS Attacks**: Flood servers with traffic to make them unavailable.
   * **Example**: 2016 Dyn attack, which disrupted services like Amazon and Twitter.
5. **Phishing & Spear Phishing**: Fraudulent emails to extract sensitive info or install malware.
   * **Example**: Fake emails appearing from CEOs to trick employees.

**Cybersecurity Takeaway**: These **20% most common attacks** cover **80% of incidents** you’ll face, so focusing on understanding and preventing these types will yield the most significant results.

***

**Growing Sophistication of Attackers**

* Attackers are no longer just hobbyists; they’re **organized groups** like Anonymous or nation-state actors with clear agendas and financial backing.
* Different kinds of perpetrators:
  * **Hacktivists**: Attack for political ideology.
  * **Cybercriminals**: Attack for financial gain.
  * **Malicious Insiders**: Employees exploiting access for personal benefit.

**Cybersecurity Takeaway**: Attackers today are **better funded and organized**—understanding their motivations helps in planning effective defenses.

***

**Federal Laws for Cybersecurity**

* **Computer Fraud and Abuse Act**: Covers unauthorized access and damages to computers.
* **USA Patriot Act**: Defines **cyberterrorism** and establishes penalties.

**Cybersecurity Takeaway**: Knowing these laws helps in understanding **legal boundaries** and repercussions for cybersecurity threats.

***

#### **References**

* Reynolds, G. W. (2023). *Ethics in Information Technology*. Cengage Learning
* U.S. Department of Justice. (n.d.). *Computer Crime & Intellectual Property Section (CCIPS)*.
