Skip to content

More about IT security and Cyber security threats

IT security and Cybersecurity are included as a component of the total information security framework. Today's world is more connected than ever before. The global economy depends on people being able to communicate with each other across multiple time zones and access important information from anywhere..Cybersecurity aims to ensure that only trusted people and systems are allowed to access information, data and communications via the internet, internal systems and through telecommunications.

IT security is primarily about technical measures to protect an organization's (company, authority, etc.) valuable assets such as information, hardware ("hardware") and software ("software").

IT security work concentrates on threats and protection associated with the use of information technology. An important part of the work with IT security involves understanding different threat scenarios, managing the probabilities of being exposed to harm and balancing the costs of protection against the value of what is being protected.

Cyber Security Threats:

A cyber security threat is a deliberate attempt to gain access to a person's or organization's system. Malicious actors are continually evolving their attack methods to avoid detection and exploit new vulnerabilities, but they rely on a few common methods that you can prepare for.

Social manipulation
In social engineering attacks, attackers exploit victims' trust to trick them into handing over account information or downloading malicious code. In these attacks, attackers pretend to be a well-known brand, a colleague or a friend and use psychological techniques such as creating a sense of urgency to get people to do what they want.

Net fishing
Phishing is a type of social engineering that uses email, text or voicemail messages that appear to come from a reputable source to convince people to provide sensitive information or click on an unknown link. Some phishing campaigns are sent to a large number of people in the hope that one person will click. Other campaigns, called spearfishing, are more targeted and focus on a single person. For example, an attacker can pretend to be a job seeker to trick a recruiter into downloading an infected resume.

Harmful code
Malware is an umbrella term for all malicious software, such as worms, ransomware, spyware, and viruses. The goal of malware is to damage computers or networks by changing or deleting files, extracting sensitive data such as passwords and account numbers, or sending malicious email or traffic. Malicious code can be installed by an attacker who gains access to the network, but often individuals unknowingly distribute malicious code on their devices or on corporate networks after clicking on a malicious link or downloading an infected attachment.

Extortion Trojans
Ransomware Trojans are a form of extortion that uses malicious code to encrypt files and make them inaccessible. Attackers often extract data during ransomware attacks and may threaten to publish it if they are not paid. In exchange for a decryption key, victims must pay a ransom, usually in cryptocurrency. Not all decryption keys work, so payment does not guarantee the recovery of files.

Advanced persistent threat
In attacks with an advanced persistent threat, attackers gain access to systems and remain undetected for an extended period of time. Attackers probe the target company's systems and steal data without triggering any defensive countermeasures.

Internal threats
Insider threats are about people who already have access to certain systems, such as employees, contractors or customers, causing a security breach or financial loss. In some cases, the damage is caused unintentionally, such as when an employee accidentally posts sensitive information to a personal cloud account. But some insiders cause harm on purpose.

IT security - Protective measures:

Controlling access to information

There are many individuals, for example employees, students, contractors, consultants and to some extent suppliers, who have access to the university's information and information systems. Therefore, there must be methods and procedures in place to control all access to information, systems, networks and services. It is also important that everyone who has access to the University's information system considers the information security aspects and understands their personal obligations when using the system and handling information. Access to information within the university must be controlled through administrative and technical security measures. The "least rights" approach should be followed, especially for system administrative accounts and systems containing sensitive information.

Authorization and login

In order to gain access to the university's network, general IT systems and business systems, it is required that your manager, on your behalf, apply for access to the systems you need in your work. The application from your manager is what initiates the registration of you as a user in the various systems.In terms of authorization in the network and e-mail, it is the IT department or the equivalent that registers you as a user and then distributes the username and password to you. For authorization in the business-specific systems that you need access to, it is the administrative manager or equivalent for the respective system that registers you as a user. Before you are authorized to network, general IT and business systems, you need to read and sign regulations for employees' use of Luleå University of Technology's IT resources, see the link at the bottom of the page.

Password

The password associated with your username is to prevent unauthorized persons from gaining access to the university's information.
Passwords are personal and it is your responsibility to ensure that no one else knows your passwords.
You must not use the same password in the university system as the one you use at home

Avoid writing down the password (on paper, in a computer file or mobile phone). Many people use digital password managers today that encrypt the information on your digital device.

Privileged authority

Keep in mind that when you use a user account that has high authority not to always be logged in with this authority, as there is a risk that unauthorized or malicious code can also gain access to these. Only use these permissions when necessary to reduce exposure and the above risk. This applies specifically to accounts that are not personal and have high permissions in many or sensitive systems. It is especially important to apply the "minimum possible rights" for these accounts.

Authorization for external users

External users, for example consultants, sometimes need authorization to networks and systems. In such cases, the client must make an application for authorization for the consultant, who personally signs regulations for employees' use of Luleå University of Technology's computer, network and system resources. The consultant must not have access to more information than he/she needs for his/her assignment, so-called "minimum possible rights".

The user's privacy

As a user of Luleå University of Technology's information system, network and equipment, you need to know how information about you may be used by the IT department or corresponding function. To maintain traceability, logs are saved in all systems and applications. In the logs, for example, you can read out when the user was logged in, what changes he made and at what time. The logs are reviewed regularly to detect irregularities. The object owner or the equivalent decides how often and in what way the logs are to be reviewed.

In case of suspicion of abuse of the university's equipment, the manager can request to review the logs regarding the user or application the suspicion applies to. If a crime is suspected, the case is passed on to the criminal investigation authority, which may request content from the university's system, e-mail and home directory.

Mobile devices

Business information that is handled outside the university's premises must be protected with appropriate protective measures to counteract the risk of loss of, or unauthorized access to, information. This includes, among other things, laptops, mobile phones, USB sticks, paper documents, etc.

Storage media containing sensitive information or licensed programs must be physically destroyed or overwritten in a secure manner in connection with decommissioning or reuse. It is not enough to use standard functions to delete data.

Storage

There are many different places to store information. Where you should store your information depends on the type of information it is. Some storage areas are more secure than others. You should therefore classify the information in order to determine where it should be stored. In the first place, you as a user should use the university's supported services for storing information.
In general, extra care must be taken when using external storage services such as e.g. Dropbox, Google Drive or similar.

Management of data media

Data media with sensitive information to be disposed of is handed over to Servicepoint, which handles the disposal in a secure manner.Data media containing confidential/sensitive information should be encrypted/password protected.

Secure communication

Communicating between different parties and systems carries the risk that unauthorized persons may gain access to this communication and distort it.

When using a computer remotely to access resources on the university network, a secure communication channel such as VPN, SSH or HTTPS should be used.

You will find a link to more information about the central service Remote connection with VPN in the link collection at the bottom of the page.

Also, be sure to check when browsing to a university resource and service that it is indeed a university address, especially when logging in or when transferring personal or sensitive information, to ensure that the communication is secure. Examples of secure communication are that the address is preceded by HTTPS:// , A padlock should appear at the address bar and your browser should not display any warnings about errors.