Room Banner

Security Awareness

An introduction to security awareness; why its important, the impact of being attacked, different threat actors and basic account security.

info

30 min

Room progress ( 0% )

To access material, start machines and answer questions login.

Task 1Introduction to Security Awareness

What is security awareness?

You are at the heart of your organization and play a key role in keeping it safe against cyber attacks. Understand what it takes to be security conscious by walking through the most common attacks seen in the industry, and learn how to mitigate potential threats. Become more security-aware and improve your cyber hygiene in the security awareness module.

Based on a report from IBM, human errors were the main reason for 95% of successful cyber attacks. The study concluded that people are the main threat to the security of a business. Being more security-aware will significantly help mitigate potential threats and risks to your organization.

Who is security awareness for?

Everyone! It's everyone's responsibility to be security-aware. No matter your role at your company, you could be a potential target for cybercriminals; especially given your access and knowledge inside your organization.

Answer the questions below
Read why security awareness is so important for everyone.

Nowadays, remote working is common in many organizations, and many will spend most of their time working on their personal computers, which increases the risk of being a primary target for cyber security attacks.

Hackers use a variety of tools and methods to gain access to staff computers and corporate networks. Security breaches can cost a company millions of dollars; based on an online report, the average cost of a data breach was a massive $3.86 million. As well as the huge cost to handle a cyberattack, it also damages the reputation and trust of customers and partners.


Security awareness training is a must-have skill to counter efforts by attackers and reduce risks within the business. A few of the benefits are below:

  1. Help prevent data breaches
  2. Minimize and reduce risks and threats
  3. Improve IT defenses
  4. Improves customer confidence

Based on Proofpoint's studythe following diagrams show the effectiveness of security awareness training:



  • 95% reduction in malware and viruses and a greater awareness of cybersecurity threats in a financial institution.
  • 90% reduction in attempted phishing attacks in an educational institution.
  • 80% reduction in fraud attacks on government employees.
Answer the questions below
Read the above.

Everyone holds sensitive data, whether it be personal information, customer data, financial reports, or company details, obtaining data (or holding it to ransom) is a cybercriminal's main objective.

Sensitive data can be in many different forms. For example, the HR department has all details and information of employees while the finance department will have the credit card and bank account details of customers. Protecting this data is important not only to the organization but also to its clients and customers.

Now that we know why data protection is so important we now need to understand the type of data we have, why it must be protected and the methods we can take to secure it.

The following diagram illustrates the top 10 data breaches by some of the large companies in history, the number of people who were affected and the type of data that was leaked.


Answer the questions below

How many people were affected by eBay being hacked?

What data was leaked from Playstation being hacked?

The impact of cyber threats increased significantly during the pandemic, primarily due to the increase in home working. The following points are potential consequences of a successful cyberattack:

  • Legal penalties (lawsuits and GDPR)
  • Reputational damage
  • Disruption to trading
  • Financial loss
  • Loss of Sensitive Data


Criminals can use the information found in data breaches of companies to perform targeted social engineer attacks or phishing campaigns (more on this in future security awareness rooms). Have I Been Pwned is a service that keeps track of data breaches leaked information, giving you the ability to find out if you've been a victim of a previous data breach. Search your email or phone number, and it will reveal if your personal information has ever been leaked.

Answer the questions below
Go to haveibeenpwned.com and see if your information has ever been part of a breach. If you have, don't panic - ensure you change the breached accounts password. The next room in this module will talk about how you can use a password manager to create unique passwords for all your accounts.


A cyber threat is the possibility of a malicious attempt to damage or disrupt a computer network or system. Cyber threat actors are individuals or groups of people who maliciously aim to take advantage of system security weaknesses to compromise and gain unauthorized access to victim data, computers, or networks.

The motivation of threat actors may vary and can be categorized into different groups:

  • Nation-state cyber threat actors are geopolitically motivated.
  • Cybercriminals are financially motivated.
  • Hacktivists are ideologically motivated.
  • Terrorist groups are motivated by ideological violence.
  • Thrill-seekers are motivated by satisfaction.
  • Insider threat actors are motivated by discontent.


Answer the questions below
Who would most likely be interested in exploiting a business? 

Who would most likely be interested in exploiting a personal computer for fun? 

Who would most likely be interested in exploiting a website to deliver a message? 

This room introduced you to the basics of security awareness concepts and knowledge that can help you stay safe online. We discussed the importance of security awareness and why it's essential that you play your part in helping to prevent cyber attacks.

In the next room, we will be reviewing some of the common attacks that cyber threat actors can use to gain access to sensitive data, computers, or networks using practical scenarios and exercises.

Answer the questions below

Complete this task and join the common attacks room.

Created by

User avatar
tryhackme

Room Type

Free Room. Anyone can deploy virtual machines in the room (without being subscribed)!

Users in Room

46,086

Created

1302 days ago

Ready to learn Cyber Security? Create your free account today!

TryHackMe provides free online cyber security training to secure jobs & upskill through a fun, interactive learning environment.

Already have an account? Log in

We use cookies to ensure you get the best user experience. For more information contact us.

Read more