Know and understand hacking, including the measures that must be taken in order to protect data.
1. What is Hacking?
Hacking is the unauthorised use or manipulation of computer systems, networks or data. It can be performed for a variety of reasons, ranging from curiosity to financial gain or political protest.
2. Types of Hackers
White‑hat (ethical) hacker – Uses skills to find vulnerabilities and help organisations improve security.
Black‑hat hacker – Exploits vulnerabilities for personal gain, damage or disruption.
Grey‑hat hacker – May breach security without permission but does not have malicious intent; often reports findings later.
Hacktivist – Uses hacking to promote a political, social or ideological cause.
Script kiddie – Uses existing tools or scripts without understanding the underlying techniques.
3. Common Hacking Techniques
Phishing – Deceptive emails or messages that trick users into revealing credentials.
Malware – Software such as viruses, worms, Trojans, ransomware that infects systems.
Password cracking – Brute‑force or dictionary attacks to guess passwords.
Social engineering – Manipulating people to disclose confidential information.
Denial‑of‑Service (DoS) / Distributed DoS (DDoS) – Overloading a service to make it unavailable.
Man‑in‑the‑Middle (MitM) – Intercepting communication between two parties.
SQL injection – Inserting malicious SQL commands into a database query.
Cross‑site scripting (XSS) – Injecting malicious scripts into web pages viewed by other users.
4. Impacts of Hacking
Loss or theft of confidential data.
Financial loss through fraud or ransomware payments.
Damage to reputation and loss of customer trust.
Legal consequences for non‑compliance with data protection laws.
Operational disruption and downtime.
5. Measures to Protect Data
5.1 Technical Controls
Control
Purpose
How it Helps Against
Firewalls
Filter incoming and outgoing network traffic.
Unauthorised access, DDoS, malware.
Antivirus / Antimalware
Detect and remove malicious software.
Viruses, worms, Trojans, ransomware.
Encryption (AES, RSA)
Convert data into unreadable form without a key.
Eavesdropping, data theft.
Strong Password Policies
Require complex, unique passwords and regular changes.
Password cracking, credential stuffing.
Multi‑Factor Authentication (MFA)
Require two or more verification methods.
Phishing, stolen passwords.
Intrusion Detection/Prevention Systems (IDS/IPS)
Monitor network for suspicious activity.
Malware, MitM attacks, unauthorized scans.
Regular Patch Management
Apply updates to operating systems and applications.
Exploits of known vulnerabilities.
Secure Back‑ups
Store copies of data offline or in a protected cloud.
User Education & Awareness – Regular training on phishing, safe browsing, and data handling.
Access Control – Implement the principle of least privilege; use role‑based access.
Physical Security – Secure server rooms, use CCTV, restrict visitor access.
Incident Response Plan – Steps to contain, eradicate, recover and review after a breach.
Audit and Monitoring – Log activities, conduct regular security audits.
6. Legal and Ethical Considerations
In many jurisdictions, unauthorised access to computer systems is a criminal offence (e.g., Computer Misuse Act 1990 in the UK). Ethical hacking must be performed with written permission and within defined scope.
7. Summary Checklist for Protecting Data
Implement a firewall and keep it configured.
Install and update antivirus/antimalware software.
Encrypt sensitive data at rest and in transit.
Enforce strong, unique passwords and enable MFA.
Apply security patches promptly.
Back up data regularly and test restoration.
Develop and communicate clear security policies.
Provide ongoing user awareness training.
Maintain logs and conduct periodic audits.
Prepare an incident response plan.
Suggested diagram: “Defence in Depth” – a layered model showing physical security, perimeter security (firewall), network security (IDS/IPS), host security (antivirus, patches), application security, and data security (encryption, backups).