Examine types of cyber threats.

Examination should include, but not be limited to

• attacks on authentication (e.g., password, biometrics, subscriber identification module [SIM] hacking)
• phishing attacks (e.g., spear phishing, whaling, business email compromise [BEC])
• malicious email attachments
• hacking, spamming, malvertising
• cross-site scripting attacks (XSS)
• malware (e.g., viruses, worms, ransomware)
• competitor-sponsored hacking
• nation-state-sponsored hacking.

Process/Skill Questions:

Thinking

• What could be done to minimize cyber threats?
• What are clues to a cyber threat?

Communication

• How can professionals communicate the importance of identifying cyber threats?
• Who should be contacted when a cyber threat has been identified?

Leadership

• What can a leader do to educate others about the dangers of cyber threats?
• How can a leader educate others on appropriate actions to take when faced with a cyber threat?

Management

• What management strategies can be used to identify cyber threats?
• What management strategies can be used to decrease the chance of a cyberattack?