Time
3 hours 35 minutes
Difficulty
Intermediate
CEU/CPE
4

Video Transcription

00:00
hello and welcome to P C Security Intermediate Course.
00:04
And in this lesson, I will be talking about specifics off PC security. So the whole idea is to explain to you what is different about security of PCs compared to every other component off I t infrastructure in the company.
00:21
So what are the main security issues regarding PC? First of all, we have the old saying that conveniences enemy of security. Today we have, ah, virtual flood off all kinds of solutions for collaboration for people working from home
00:38
from people being able to do things in a virtual teams instead of physical teams in the office.
00:45
So they exchange data on the exchange coming, Do they have constant communication online? And it is basically making their life more convenient, their business practices much easier.
01:00
But the downside is that none of these solutions have ever bean designed with
01:06
a security in mind.
01:07
So all these solutions came from some of these idea how to improve
01:12
the business in general thes solutions, maybe regarding collaboration. But they might be regarding other things that can improve certain business practices in companies, or somebody has noticed that small businesses, for example, have a common team that can be improved certain software.
01:33
So
01:33
everybody developing it is focusing just on making these things work
01:38
in the process. They forgot about security or they don't even think about security from the beginning.
01:45
So they are just focusing on solving the thing that they see as a problem. You know, we in I t b were mostly we have engineering the mind set up,
01:57
and we focus on a problem and forget everything else. And although there are software developing companies that have, ah, security portion but they're mostly concerned about security of the application itself, they are almost never concerned about the impact off.
02:16
But that application going to do
02:19
on security. So most of these applications
02:23
have some security flows which can be exploited by cybercriminals.
02:28
Onda. We have seen that in past 5 to 10 years. Thes things are happening all the time. Also, business practices how the business is done. Business flows are organized in companies with sole focus on increasing productivity or quality of the work,
02:47
and everybody thinks that I t security will also all the security problem. So basically they leave the security issues coming from all these decisions toe security toe remediate, which sometimes is simply not possible.
03:07
The other thing that is very important regarding security of a PC itself that today, unlike, for example, 10 or 15 years ago, PC is used by pretty much everybody you have, Ah, PC's informs of tablets yours used by forklift drivers
03:25
and, uh,
03:28
in some countries in the developed world, we have more than 50% more than 60% of workforce using PC on a regular basis in their workspace.
03:39
So we have a problem Now. We have people using PC's that have no idea about I t. In general or they have just basic knowledge how to use the device.
03:53
And of course, there are software solutions making it possible for them, even if they don't even have a basic knowledge of I. T.
04:02
And nobody has told these people how to use these things in a secure way. Let's make apparel when you leave a house. If you live in apartment in a big city, the first thing you do when you leave the apartment is to lock your door unless you have automatic locking
04:21
lock on your door. But it doesn't matter so you lock your door and you take your keys with you.
04:29
Now, for example, leaving your PC unlocked when in the conference room, outside your company or even in your company when their people from the outside their present
04:41
just to go, for example to toilet is equivalent to leaving your house or your apartment unlocked in the real world, not in I d sphere,
04:55
and people do that all the time.
04:58
And the percentage of people who are, you know, have a clear mind and do that, and they leave their apartment unlocked when they leave is negligible. But percentage of people who live there PC is unlocked when they go to tell it is
05:16
huge.
05:17
So we have this problem. There is not. There has not been enough time in usage of PCs
05:25
so that people have created the healthy security habits regarding usage of PCs,
05:30
and everybody is essentially thinking or being convinced that there are some people in the company that are dealing united security that are going toe handle everything, and they can behave whatever you in whatever manner they want, which is absolutely not the truth.
05:49
And the reason for that is because security trainings are essentially Ned equipped. So I have been working in very large I t company for 15 years, and only past couple of years we had I D. Security as a serious training as a part of annual workers training.
06:09
And even there my
06:13
my personal opinion about this training is they were simply inadequate. So simply training all the work force and informed them about the stupid things they do all day and they should never do
06:30
with literal examples is usually non existent in majority of companies
06:35
on and even when they have this training, this is only with big companies, small, medium businesses. They just assume people know how to behave, which they don't.
06:49
So my team management is usually not reacting adequately to pieces security threats.
06:59
Um,
07:00
and you can see that from a very simple statistics.
07:03
So 70% of breaches in successful bridges in cybercrime they originate in the one way or the other owner at the end point sometimes and point he just used as a point of countries. Sometimes everything is done from the endpoint meaning PC or printer.
07:24
Yet in total ideas for security spendings, we have only 12.6% in 2018 went toe software that is related toe endpoint security
07:38
and in total, less off 1/4 of totals 80 security spendings went toe endpoint security.
07:46
So, um
07:48
uh, this is huge issue and this is why this what I'm going to talk later in this course is going is going to be very important, and I suggest you listen to it carefully.
08:01
Also, there is one more thing, and I'm going to mention that in a separate lesson is that many security risks that exist on the PC are there by design. They were not there placed intentionally, but they are, ah,
08:16
part off what the PC is today, including the operating system and the software we're using on a regular basis.
08:24
So we have come to an end off this lesson, and at the end, I'm just going toe, give you a short learning check with one simple question. Why is PC security different or so specific?
08:39
So the first possible answers pieces they're taking out of company buildings. The second piece is air used by employees that have little lighting knowledge or the third possible answers. Species can be attacked even before all the operating system has booted,
08:54
and the correct answer is that PC security is different and specific because PC's air used by employees that have little lighting knowledge.
09:05
So in the video, you have learned about specifics, off pieces, security, and then next lesson, I'm going to talk about attack surface off a PC.

Up Next

Intermediate PC Security

The Intermediate PC Security course will teach students about endpoint protection. Students will learn fundamental information about PC Security and common attack vectors.

Instructed By

Instructor Profile Image
Milan Cetic
IT Security Consultant
Instructor