MODULE C2
Cybersecurity and AI
Project Number: 2024-1-IT01-KA220-VET-000255590
Funded by the European Union. Views and opinions expressed are however those of the authors only and do not necessarily reflect those of the European Union or INAPP. Neither the European Union nor the paying authority can be held responsible for them.
Index
1. Basics of Cybersecurity
2. The 10 Rules to Protect Your Data
3. Recognising and preventing online scams
4. Cybersecurity and AI: risks and potential in remote work
5. RESOURCES
6. GLOSSARY
7. QUIZ
Cybersecurity Basics
Welcome to the introductory course on computer security. We will explore digital threats and essential protection strategies.
Cybersecurity has become crucial. In 2024, the American continent recorded 1,235 serious cyber attacks, including 1,031 in the US alone. In Europe, the number of attacks was 1,075, a figure almost equivalent to that of the United States, but with one key difference: the GDP of the United States is 50 per cent higher than that of the European Union.
Course Goals
Understanding basic concepts
Theoretical foundations of cybersecurity
Identifying threats
Recognition of key digital risks
Protect Data
Techniques for safeguarding personal information
Preventing attacks
Methods to avoid security compromises
Cybersecurity Definition
Integrity
Maintaining the accuracy and reliability of information
Confidentiality
Protection against unauthorised access to sensitive data
Availability
Guaranteed continuous access to authorised resources
Main Threats Online
Malware
Phishing
Malicious software such as viruses, Trojans and ransomware.
Online scam in which criminals pretend to be trustworthy entities
Theft of identity
Illegal use of your personal information
Protection of Personal Data
Educare gli utenti
95% of violations are due to human error
Encryption
Sensitive Data Protection
2FA Authentication
Two-step verification
Strong passwords
Unique and complex for each service
Examples of common attacks
Phishing
Fraudulent emails imitating legitimate entities to steal users' credentials.
Ransomware
Malware that encrypts the victim's data and demands payment to restore it.
Man-in-the-Middle
Interception of communications between two parties without their knowledge.
Example of Phishing
Receiving emails
Message apparently from your bank with urgent request
Fraudulent Links
Link to clone site very similar to the official one
Credentials Entry
User enters personal data on fake site
Identity theft
Criminals use credentials for unauthorised access
Exemple of Ransomware
Encryption attack
Ransomware blocks access to data or systems by encrypting them
Redemption request
The criminals demand a payment (ransom) to provide the decryption key.
Potential damage
Can cause loss of data, operational disruptions and financial and reputational damage
Example of Man in the Middle
Interception
The attacker intercepts data traffic between the two parties,This can be done in various ways, for instance through unsecured public Wi-Fi networks
Interception and manipulation
Once the data has been intercepted, the attacker can simply spy on it to steal sensitive information (such as passwords or credit card numbers) or he can manipulate it, modifying messages or redirecting victims to fake websites.
Transmission
The attacker transmits the data back to the two parties, who continue to communicate with each other without suspecting anything
Conclusion
Collective responsibility
Digital security is everyone's job.
Layered defence
Implement multi-layered protections.
Constant updating
Keeping systems and knowledge up to date.
Self-protection
Defending one's data means protecting oneself.
10 Rules for protecting your data
Data security is crucial in the digital age. Every day, we face increasingly sophisticated cyber threats.
Don't be fooled!
Recognize phishing
Verify identity
Learn to identify suspicious emails with grammatical errors and urgent requests for personal data.
Always check email addresses and phone numbers before responding.
Protect your information
Never share sensitive data via email or unverified calls.
Think before you click!
Check out
Check the URL by hovering your mouse over it before clicking.
Avoid
Do not download attachments from unknown or suspicious senders.
Protect
Keep your antivirus software up to date to block malware.
Do not connect unknown devices!
Serious risks
Malware that activates automatically as soon as it is connected
Reliable sources
Only use devices from known and secure sources.
Preventive scanning
Always scan every external device before use.
Protect your device
Download carefully
Only install apps from Google Play or official app stores.
Always update
Keep your operating system and apps up to date.
Enable protections
Use encryption and remote lock or wipe features.
Keep your data safe!
Regular backup
Make copies of your important data at least once a week.
Secure services
Use encrypted clouds or secure external drives.
3-2-1 Strategy
3 copies, 2 different media, 1 off-site copy.
Create strong passwords!
Complexity
Privacy
Use at least 12 characters with uppercase letters, lowercase letters, numbers, and symbols.
Avoid including names, dates of birth, or other personal information that is easy to guess.
Management
Consider using a password manager to securely store all your different credentials.
Keep it safe!
Updates
Always install the latest security updates available for each piece of software.
Active protection
Use firewalls and antivirus software that are always active and updated to the latest version..
Double verification
Enable two-factor authentication on all services that support it.
Stay alert and report suspicious activity!
Recognize the signs
A slow computer, unusual pop-ups, or abnormal behavior are warning signs.
Report it immediately
Contact your IT department or the relevant authorities immediately.
Continuous training
Regularly update your knowledge of new cyber threats.
Prevent Ransomware attacks
Do not open suspicious attachments or links
Make regular backups of your files
Keep your system and antivirus software up to date
Do not download software from unknown sources.
Recognizing and preventing online scams
Navigating the digital world safely requires awareness and the right tools. Online threats are constantly evolving.
Course objectives
Understanding
Recognition
Identify the main types of digital scams prevalent today.
Develop the ability to identify warning signs in communications.
Protection
Learn effective methods to defend yourself against online fraud.
Types of online scams
Phishing
Over 300,000 reports recorded by the FBI in 2023. Attempts to steal sensitive data through deceptive emails.
Catfishing
Creating fake romantic profiles to establish fictitious relationships. They often aim to extort money or information.
Workplace fraud
Deceptive job offers that require advance payments or personal information.
Purchase scams
Fake e-commerce sites or advertisements that do not deliver products after payment.
How to identify fake job offers
Unrealistic compensation
Excessively high wages for simple tasks are often a lure.
Vague details
General descriptions of responsibilities and minimum requirements to attract more victims.
Payment requests
No legitimate job requires advance payments for hiring.
Invisible company
IInability to verify the existence of the company through online searches.
Protection against Phishing Scams
Sender verification
Always check the full email address, looking for small differences or errors.
Be careful with links
Move your mouse over the links without clicking to see the actual destination.
IImplement 2FA
Two-factor authentication adds an extra layer of security to logins.
Regular updates
Keep your systems and software up to date to protect yourself from known vulnerabilities.
Example of an online scam
Email reception
Suspicious elements
Email purporting to be from your bank with an urgent security alert.
Grammatical errors, strange email addresses, suspicious links.
Correct action
Reporting
Do not click. Contact the bank directly through official channels.
Forward the email to the relevant authorities and the actual bank.
Example of a suspicious email
Subject: Immediate job offer – [Fictitious company name] Dear candidate, We have received your resume and are impressed by your profile. We are a large international company and are looking for a motivated person for the position of [Position name]. The salary is €3,000 per month, with flexible hours and the possibility of working from home. To proceed with your application, please send us the following documents as soon as possible: Copy of your ID Tax ID number Bank details for salary payments In addition, you will need to pay a €100 fee for initial training. We look forward to hearing from you urgently. Kind regards, [Fictitious name] Human Resources Manager [Strange email address].
Fraud prevention tools
Technological tools offer essential protection against online threats. Training remains crucial for recognizing dangers.
Red flags in online communication
Linguistic errors
Official communications rarely contain obvious spelling mistakes.
Unjustified urgency
Pressure to act quickly without allowing time for verification.
Irresistible offers
Offers that seem too good to be true often hide deception.
Personal requests
Questions about sensitive data that legitimate institutions would not ask for via email.
What to do if you suspect fraud
Protect Your Data
Never disclose personal or banking information when you suspect fraud.
Report the Accident
Contact the Postal Police or the relevant authorities to report the scam..
Change Password
Immediately change all potentially compromised credentials.
Monitor Your Accounts
Check regularly for suspicious bank transactions in the following weeks.
Conclusion
Constant vigilance
Update
Always remain vigilant when browsing online.
Keep yourself informed about new types of scams that are emerging.
Sharing
Healthy skepticism
Share safety tips with friends and family members who are at risk.
If something seems too good to be true, it probably is.
Cybersecurity and AI: risks and potential in remote working
The job landscape has undergone a radical transformation. The increase in remote working is evident.
With a 175% increase in 2023, new security challenges are emerging. We will analyze risks and opportunities in this evolving digital landscape.
Remote working: a new digital landscape
3,6M
175%
Remote workers
Growth
Italians working remotely in 2024
Increase in remote working since 2019
300%
Attack surfaces
Increase in cyber vulnerabilities
The digital landscape has changed dramatically. The traditional boundaries of corporate networks have dissolved.
Managing corporate data requires new strategies. The distributed work environment creates new vulnerabilities that need to be managed.
Cybersecurity: risks amplified by remote working
Security responses
Advanced defence strategies
Unsecure networks
Vulnerable domestic connections
Personal devices
Uncontrolled endpoints
Phishing attacks
+220% dal 2022
Phishing attacks have increased exponentially. Cybercriminals are exploiting new vulnerabilities.
Violations are more difficult to detect. The use of personal devices complicates security monitoring.
Artificial Intelligence in remote working
Automation
Optimized repetitive processes
Monitoring
24/7 automated surveillance
Predictive analytics
Forecasting future threats
Productivity
AIntelligent virtual assistants
AI is transforming remote productivity tools. Algorithms analyze suspicious behavior patterns.
Continuous monitoring detects anomalies in real time. Predictive analytics anticipates threats before they materialize.
Risks of AI in Cybersecurity
Deepfake
Algorithmic biases
Video/audio impersonation
Incorrect automated decisions
Intelligent malware
Targeted attacks
+35% in 2024
Customized with AI
AI is also used for malicious purposes. Deepfakes create new social engineering threats.
I Self-learning malware evolves autonomously. Security algorithms may contain exploitable vulnerabilities.
The potential of AI in protecting remote environments
Anomaly detection
Real-time identification of suspicious behavior
Adaptive authentication
Identity verification based on behavioral patterns
Automatic updates
Intelligent coordination of security updates
Automated SOCs
AI-enhanced security operations centers
AI offers powerful protection tools. Anomaly detection systems identify suspicious behavior.
Adaptive authentication goes beyond traditional passwords. Security updates are distributed intelligently and promptly.
Best practices for protecting remote work and AI
Continuing education
ISecure infrastructure
- Multi-factor authentication
- Centralized device management
AI control
Training is essential against threats
Conclusions and future scenarios
Safety culture
Widespread dissemination of digital awareness at all levels of the company
Balance between innovation and risk
Balancing technological adoption and sensitive data protectioni
Explainable AI and Zero Trust
Transparent algorithms and continuous verification of each access as industry standard
The future requires a delicate balance. Innovation and security must go hand in hand.
Digital security culture will be essential. Explainable AI and Zero Trust will define the new standards of protection.
Resources
🔐 General IT security and best practices
- Agenzia per l'Italia Digitale (AgID) - ICT Security Guidelines👉 https://www.agid.gov.it→ It offers official documents and resources for digital security in public administration, also applicable to remote working.
- National Cybercrime Centre for Critical Infrastructure Protection (CNAIPIC)👉 Part of the Italian Postal Police: https://www.commissariatodips.it→ Information, reporting and awareness campaigns on scams, phishing, cyberbullying and identity theft.
- Cybersecurity Framework – NIST (National Institute of Standards and Technology, USA)👉 https://www.nist.gov/cyberframework→ International standards for data protection, also useful in non-business contexts.
🔒
- UK National Cyber Security Centre (NCSC)👉 https://www.ncsc.gov.uk→ Excellent guidelines on secure passwords, two-factor authentication, phishing, mobile devices and security for less experienced users.
- Have I Been Pwned👉 https://haveibeenpwned.com→ Verifica se un indirizzo email è stato coinvolto in violazioni
CISA – Cybersecurity & Infrastructure Security Agency (USA) Guidelines for secure remote working URL: https://www.cisa.gov
👉 https://www.garanteprivacy.it → The Italian Data Protection Authority website offers practical explanations on personal data protection.
🧠 Cybersecurity education Cybersecurity & Infrastructure Security Agency (CISA - USA)👉 https://www.cisa.gov→ It contains practical sections with “tip of the day,” videos, and easy guides on how to protect yourself online.
🤖 AI applied to cybersecurity MIT Technology Review – Sezione AI & Security Expert analysis and articles on the role of AI in cybersecurity URL: https://www.technologyreview.com
Women4Cyber (European Cyber Security Organisation) 👉 https://women4cyber.eu→Promotes the inclusion of women in the field of cybersecurity.
IBM Security – AI and cyber defense Practical examples: Watson for Cybersecurity URL: https://www.ibm.com/security NIST – National Institute of Standards and Technology (USA) AI Risk Management Framework + documenti sulla sicurezza AI URL: https://www.nist.gov
🔐 Cybersecurity and remote working ENISA – Agenzia dell’Unione Europea per la Cybersecurity Report: Threat Landscape Reports URL: https://www.enisa.europa.eu
Clusit – Associazione Italiana per la Sicurezza Informatica Report annuale: Clusit Report sulla Sicurezza ICT in Italia URL: https://www.clusit.it
Glossary
- Security Update: A patch or new version of software released to fix security vulnerabilities that could be exploited by attackers. Installing updates regularly is essential to protecting systems.
- Regular Algorithm Audits: Periodic checks of AI algorithms used in security systems to identify potential biases, vulnerabilities, or inefficiencies.
- Targeted Attacks: Highly customized and specific cyber attacks, often enhanced by AI to gather information about the victim and increase the chances of success.
- Phishing Attacks: Fraudulent attempts to obtain sensitive information, such as usernames, passwords, and credit card details, by masquerading as trusted entities via email, messages, or websites.
- Encryption Attack: Blocking access to data or systems by encrypting them, typically performed by ransomware. Two-Factor
- Authentication (2FA): A security process that requires two different forms of identification to verify a user's identity before granting access to an account or system. This adds an extra layer of protection beyond the password.
- Adaptive authentication: A method of identity verification that continuously assesses the context of the access request and the user's behavioral patterns to determine the level of trust and request additional authentication factors if necessary.
- Multi-Factor Authentication (MFA): A method of identity verification that requires the user to provide two or more pieces of evidence (factors) of identity from independent categories to gain access, significantly reducing the risk of unauthorized access.
- Backup: The process of creating copies of important data that can be used to restore information in the event of loss, damage, or inaccessibility of the original data.
- Algorithmic Bias: Systematic errors or injustices in the results of an AI algorithm, often due to unrepresentative training data, which can lead to incorrect or discriminatory automated decisions.
- Catfishing: The deceptive practice of creating a fake online profile, often with romantic intentions, to scam or manipulate another person.
- Confidentiality: Protection of sensitive data from unauthorized access.
- Encryption: Method of protecting sensitive data.
- Cybercrime: Criminal activity conducted through the use of computers and computer networks, including online fraud, identity theft, malware distribution, and other computer crimes. (A broader term that includes online scams).
- Cybersecurity: The set of processes, practices, technologies, and techniques for protecting networks, devices, programs, and data from attacks, damage, or unauthorized access.
- Sensitive data: Personal or confidential information that, if compromised, could cause harm to the individual, such as passwords, credit card numbers, social security numbers, etc.
Glossary
Deepfake: An AI-based human image synthesis technique that allows an existing face or voice to be superimposed onto images or videos of another person, creating fake but highly realistic content. Centralized Device Management: Centralized management and control of all endpoint devices used by employees, ensuring compliance with security policies, installation of updates, and monitoring. Layered Defense: Implementation of multi-level security protections. Availability: Guarantee of continuous access to authorized resources. Endpoint: Any device connected to a computer network, such as laptops, smartphones, tablets, and IoT devices, which represents a potential entry point for attacks. Firewall: A network security system that monitors and controls incoming and outgoing network traffic based on predefined security rules, with the aim of blocking unauthorized access. Job fraud: A fictitious job offer used to steal money or personal data from victims, often through requests for advance payments or the sharing of confidential information. Identity theft: The unlawful use of personal information. Artificial Intelligence (AI): Simulating human intelligence through machines, particularly computer systems. It includes learning (acquiring information and rules for using it), reasoning (using rules to reach approximate or definitive conclusions), and self-correction. Integrity: Maintaining the accuracy and reliability of information. Interception: Action in which an attacker intercepts data traffic between two parties. Remote Working (Smart Working): A way of working characterised by the absence of predefined time or space constraints and organised by phases, cycles and objectives, which contributes to the well-being of the worker and social innovation. Fraudulent link: A link in a phishing email that directs you to a clone website, very similar to the official one, in order to steal credentials. Malware: Malicious software designed to infiltrate, damage, or disable computers, computer systems, networks, or mobile devices, often with the aim of stealing data, spying on user activities, or taking control of the device. Intelligent Malware: Malicious software that uses AI or machine learning techniques to evolve autonomously, adapt to defense systems, and launch more sophisticated and difficult-to-detect attacks.
Glossary
- Man-in-the-Middle: A type of attack in which communications between two parties are intercepted without their knowledge.
- Manipulation: An action by an attacker who, after intercepting data, can spy on or modify it, for example by changing messages or redirecting victims to fake websites.
- Digital threats: Risks present in the digital environment.
- Strong passwords: Unique and complex passwords recommended for each online service.
- Phishing: A fraudulent attempt to obtain sensitive information (such as usernames, passwords, and credit card details) by pretending to be a trusted entity, usually via email, messages, or fake websites.
- Ransomware: A type of malware that blocks access to files on a computer system (often through encryption) and demands payment of a ransom to restore access.
- Ransom demand: A demand for payment by criminals in exchange for the key to decrypt data locked by ransomware.
- Anomaly detection: The technique of identifying events, observations, or behaviors that deviate significantly from the norm, used in AI-based cybersecurity to detect suspicious activity.
- Automated SOC (Security Operations Center): Security operations centers that use artificial intelligence and automation to improve efficiency and effectiveness in monitoring, detecting, analyzing, and responding to security incidents.
- Trojan: Malicious software (classified as malware).
- Purchase scams: Situations in which dishonest online sellers do not deliver paid-for products or sell counterfeit or defective goods.
- Virus: Malicious software (classified as malware).
- VPN (Virtual Private Network): A virtual private network that extends a private network over a public network (such as the Internet), allowing users to send and receive data securely as if their devices were directly connected to the private network.
- Vulnerability: A weakness or flaw in a computer system or software that can be exploited by malicious actors for harmful purposes.
- Zero Trust: A cybersecurity model that assumes that no access request is trusted by default, regardless of where it comes from, requiring continuous verification of each user and device before granting access to resources.
QUIZ 1/13
QUIZ 2/13
QUIZ 3/13
QUIZ 4/13
QUIZ 5/13
QUIZ 6/13
QUIZ 7/13
QUIZ 8/13
QUIZ 9/13
QUIZ 10/13
QUIZ 11/13
QUIZ 12/13
QUIZ 13/13
End of Module C2
Congratulations on completing Module C2! You now know:
The fundamentals of cybersecurity:
The basic concepts: Confidentiality, Integrity, Availability (CIA Triad).
The importance of digital security in today's world.
The different types of threats
And you are aware:
- Of the risks amplified by remote work
- Of the risks associated with AI in cybersecurity
Continue with the other modules!
Despite the risks, artificial intelligence also offers powerful solutions to protect remote environments. Artificial intelligence can be used for anomaly detection, adaptive authentication, automatic updates and SOC AUTOMATION.
Adaptive authentication, for instance, uses artificial intelligence to verify the identity of users based on their behaviour, adding a higher level of security than simple passwords. In addition, artificial intelligence can intelligently coordinate security updates, ensuring that all systems are protected in a timely manner.
Remote working amplifies some cybersecurity risks. The pyramid illustrates the levels of vulnerability, from phishing attacks to the need for advanced defence strategies. Phishing attacks have increased by 220% since 2022, an alarming figure. Added to this is the difficulty of protecting home networks and personal devices, which often do not have the same level of security as corporate ones.
Protecting personal data is important
Knowledge of the problem:
Understanding cyber threats (phishing, malware, ransomware) is the first step to defending oneself.
Being aware of the tactics used by cybercriminals helps to recognise and prevent attacks.
Training and keeping abreast of the latest trends in computer security are crucial.
Encryption:
Encryption is the process of encoding information so that only authorised people can read it.
It protects sensitive data (such as passwords, financial information and communications) from unauthorised access.
Use encryption to protect data in transit (e.g. while surfing the web)
Two-factor authentication adds an extra layer of security to the login process.
In addition to the password, it requires a second authentication factor, such as a code sent to the mobile phone or a fingerprint.
It makes it much more difficult for cybercriminals to gain access to accounts, even if they manage to obtain the password.
Strong passwords:
Strong passwords are long, complex and unique for each account.
They should include a combination of upper and lower case letters, numbers and symbols.
Avoid using easily guessed personal information (such as birth dates or names of family members).
Use a password manager to create and store complex passwords securely.
Do not answer e-mails: never give personal information or money to people you do not know.
Check the company: search for the company online and check if the job offer is real. Check the official website and job advertisements.
Report the email: report the email as spam or phishing to your email provider.
Inform the authorities: if you have provided personal information or money, report the incident to the postal police.
Beware of overly tempting offers: remember that overly tempting job offers are often scams.
Additional tips- Use reputable job search websites. - Do not share sensitive information online.- Be cautious with job offers from home.
- Research the company before applying.
Availability
Availability refers to ensuring that systems, networks and data are accessible and usable when needed.
It ensures that authorised users can access the information and resources they need in a timely and reliable manner.
Techniques to ensure availability include system redundancy, data backup, disaster recovery plans and protection from Denial of Service (DoS) attacks.
Examples of availability breaches include a DoS attack that renders a website inaccessible, a hardware failure that interrupts a service, or ransomware that encrypts data rendering it unusable.
Example
Imagine you are using a public Wi-Fi network in a café to access your online bank account. A cybercriminal on the same network can use software to intercept the data traffic between your computer and the bank's website.
In this way, the attacker can:
View your login credentials (username and password) as you enter them.
Intercept the two-factor authentication codes that the bank sends you via SMS.
Change the information displayed on the bank's website, for example by replacing the account number of the recipient of a transfer with your own.
As a result, the attacker can steal your money or use your personal information to commit fraud.
Example
Imagine a company, “ABC Corporation”, which uses a computer network to run its operations. One day, an employee receives a seemingly harmless e-mail that contains an attachment. The employee opens the attachment, unaware that it contains ransomware called “Locky”.
Once the ransomware infiltrates the system, it starts encrypting all files on the company's computers, including important documents, databases and backup files. Within minutes, the entire company network is locked down and employees can no longer access their files.
Soon after, a message appears on the computers' screens informing the company that their files have been encrypted and that they must pay a ransom in Bitcoin to obtain the decryption key and restore their data. The message includes a countdown, warning that the price of the ransom will increase if it is not paid within a certain period of time.
The ABC Corporation is now in a critical situation. If they pay the ransom, there is no guarantee that cybercriminals will provide the decryption key or that they will not attack again in the future. If they do not pay, they risk losing all their data and suffering severe operational disruptions.
In this scenario, the Locky ransomware caused serious damage to the company ABC Corporation, halting their operations and putting their sensitive data at risk.
Artificial intelligence offers powerful tools for automation, monitoring, predictive analysis and increased productivity.
Imagine a system that constantly monitors the network, identifying suspicious behaviour in real time or predicting potential threats before they materialise. Artificial intelligence makes this possible, improving our ability to protect ourselves.
In the digital world, it is crucial to be aware of the risks. Phishing is a fraudulent attempt to obtain personal information, such as passwords or bank details, through misleading e-mails or messages. Catfishing involves the creation of false online identities to deceive and manipulate victims, often for sentimental or financial purposes. Job fraud promises easy earnings or work from home, but often conceals demands for money or data theft. Finally, shopping scams exploit fake ads or counterfeit websites to sell non-existent products or steal credit card data. Remember, caution is the best defence against these threats
Confidentiality
Confidentiality, or privacy, concerns the protection of sensitive information from unauthorised access.
It ensures that only authorised persons can view or access certain information.
Techniques to ensure confidentiality include encryption, authentication, authorisation and access control.
Examples of breaches of confidentiality include theft of personal data, unauthorised access to confidential files or interception of communications.
Pay attention!
Computer scams exploit people's naivety or haste. Beware of messages that seem urgent or too good to be true. The first line of defence is you.Example:You receive an email with the subject line: "You have won an iPhone! Click here to claim it." - This is a scam designed to steal your personal information or install a virus.
Always verify the identity of the sender or caller before replying to requests for personal or business information. Scammers can pass themselves off as colleagues, customers or technical support.Example: You receive a call from an “IT technician” asking for your password to perform updates. Always check with your official IT department first: this could be an attack.
Personal data such as social security numbers, credit card numbers, passwords or business documents should never be shared through insecure channels. Example: Don't send your IBAN via WhatsApp to an unknown number claiming to be your accountant.
Integrity
Integrity refers to ensuring that information is accurate and complete, and has not been altered in an unauthorised manner.
It ensures that data remains reliable and uncorrupted throughout its lifecycle, whether in transit or at rest.
Techniques to maintain integrity include the use of checksums, digital signatures, version control and access control procedures.
Examples of integrity violations include unauthorised modification of a document, tampering with a database or altering a software programme.
Here's an example of a misleading e-mail
What to do- Don't reply to the email
- Check the company
- Report the email
- Inform the authorities
Be careful: - Remember that job offers that are too tempting are often scams.
- Additional tips
- Use reliable job search websites.
- Do not share sensitive information online.
- Be cautious with job offers from home.
- Research the company before applying.
Target audience
This module is designed for those who want to start or improve their role in remote work environments, including:
Aspiring remote workers who want to understand basic rules and expectations;
Mothers or caregivers looking for flexible work opportunities;
Trainers and educators preparing to deliver content in virtual environments;
Remote work providers and managers responsible for ensuring team compliance and productivity;
Educational organisations developing remote work preparation programmes for students or staff.
Example
Imagine you receive an e-mail that appears to be from your bank. The e-mail informs you that your account has been suspended due to suspicious activity and asks you to verify your login information by clicking on a link. The link takes you to a webpage that looks identical to your bank's website, but is actually a fake copy created by fraudsters.
If you enter your login credentials (username and password) on the fake page, the scammers steal them and can use them to access your real bank account and steal your money.
6. ENG - MODULE C2 Cybersecurity and AI
Linking Foundation
Created on October 23, 2025
Start designing with a free template
Discover more than 1500 professional designs like these:
View
Essential Business Proposal
View
Project Roadmap Timeline
View
Step-by-Step Timeline: How to Develop an Idea
View
Artificial Intelligence History Timeline
View
Mobile Phone Call
View
Momentum: Onboarding Escape Game
View
Momentum: Manager Guide
Explore all templates
Transcript
MODULE C2
Cybersecurity and AI
Project Number: 2024-1-IT01-KA220-VET-000255590
Funded by the European Union. Views and opinions expressed are however those of the authors only and do not necessarily reflect those of the European Union or INAPP. Neither the European Union nor the paying authority can be held responsible for them.
Index
1. Basics of Cybersecurity
2. The 10 Rules to Protect Your Data
3. Recognising and preventing online scams
4. Cybersecurity and AI: risks and potential in remote work
5. RESOURCES
6. GLOSSARY
7. QUIZ
Cybersecurity Basics
Welcome to the introductory course on computer security. We will explore digital threats and essential protection strategies.
Cybersecurity has become crucial. In 2024, the American continent recorded 1,235 serious cyber attacks, including 1,031 in the US alone. In Europe, the number of attacks was 1,075, a figure almost equivalent to that of the United States, but with one key difference: the GDP of the United States is 50 per cent higher than that of the European Union.
Course Goals
Understanding basic concepts
Theoretical foundations of cybersecurity
Identifying threats
Recognition of key digital risks
Protect Data
Techniques for safeguarding personal information
Preventing attacks
Methods to avoid security compromises
Cybersecurity Definition
Integrity
Maintaining the accuracy and reliability of information
Confidentiality
Protection against unauthorised access to sensitive data
Availability
Guaranteed continuous access to authorised resources
Main Threats Online
Malware
Phishing
Malicious software such as viruses, Trojans and ransomware.
Online scam in which criminals pretend to be trustworthy entities
Theft of identity
Illegal use of your personal information
Protection of Personal Data
Educare gli utenti
95% of violations are due to human error
Encryption
Sensitive Data Protection
2FA Authentication
Two-step verification
Strong passwords
Unique and complex for each service
Examples of common attacks
Phishing
Fraudulent emails imitating legitimate entities to steal users' credentials.
Ransomware
Malware that encrypts the victim's data and demands payment to restore it.
Man-in-the-Middle
Interception of communications between two parties without their knowledge.
Example of Phishing
Receiving emails
Message apparently from your bank with urgent request
Fraudulent Links
Link to clone site very similar to the official one
Credentials Entry
User enters personal data on fake site
Identity theft
Criminals use credentials for unauthorised access
Exemple of Ransomware
Encryption attack
Ransomware blocks access to data or systems by encrypting them
Redemption request
The criminals demand a payment (ransom) to provide the decryption key.
Potential damage
Can cause loss of data, operational disruptions and financial and reputational damage
Example of Man in the Middle
Interception
The attacker intercepts data traffic between the two parties,This can be done in various ways, for instance through unsecured public Wi-Fi networks
Interception and manipulation
Once the data has been intercepted, the attacker can simply spy on it to steal sensitive information (such as passwords or credit card numbers) or he can manipulate it, modifying messages or redirecting victims to fake websites.
Transmission
The attacker transmits the data back to the two parties, who continue to communicate with each other without suspecting anything
Conclusion
Collective responsibility
Digital security is everyone's job.
Layered defence
Implement multi-layered protections.
Constant updating
Keeping systems and knowledge up to date.
Self-protection
Defending one's data means protecting oneself.
10 Rules for protecting your data
Data security is crucial in the digital age. Every day, we face increasingly sophisticated cyber threats.
Don't be fooled!
Recognize phishing
Verify identity
Learn to identify suspicious emails with grammatical errors and urgent requests for personal data.
Always check email addresses and phone numbers before responding.
Protect your information
Never share sensitive data via email or unverified calls.
Think before you click!
Check out
Check the URL by hovering your mouse over it before clicking.
Avoid
Do not download attachments from unknown or suspicious senders.
Protect
Keep your antivirus software up to date to block malware.
Do not connect unknown devices!
Serious risks
Malware that activates automatically as soon as it is connected
Reliable sources
Only use devices from known and secure sources.
Preventive scanning
Always scan every external device before use.
Protect your device
Download carefully
Only install apps from Google Play or official app stores.
Always update
Keep your operating system and apps up to date.
Enable protections
Use encryption and remote lock or wipe features.
Keep your data safe!
Regular backup
Make copies of your important data at least once a week.
Secure services
Use encrypted clouds or secure external drives.
3-2-1 Strategy
3 copies, 2 different media, 1 off-site copy.
Create strong passwords!
Complexity
Privacy
Use at least 12 characters with uppercase letters, lowercase letters, numbers, and symbols.
Avoid including names, dates of birth, or other personal information that is easy to guess.
Management
Consider using a password manager to securely store all your different credentials.
Keep it safe!
Updates
Always install the latest security updates available for each piece of software.
Active protection
Use firewalls and antivirus software that are always active and updated to the latest version..
Double verification
Enable two-factor authentication on all services that support it.
Stay alert and report suspicious activity!
Recognize the signs
A slow computer, unusual pop-ups, or abnormal behavior are warning signs.
Report it immediately
Contact your IT department or the relevant authorities immediately.
Continuous training
Regularly update your knowledge of new cyber threats.
Prevent Ransomware attacks
Do not open suspicious attachments or links
Make regular backups of your files
Keep your system and antivirus software up to date
Do not download software from unknown sources.
Recognizing and preventing online scams
Navigating the digital world safely requires awareness and the right tools. Online threats are constantly evolving.
Course objectives
Understanding
Recognition
Identify the main types of digital scams prevalent today.
Develop the ability to identify warning signs in communications.
Protection
Learn effective methods to defend yourself against online fraud.
Types of online scams
Phishing
Over 300,000 reports recorded by the FBI in 2023. Attempts to steal sensitive data through deceptive emails.
Catfishing
Creating fake romantic profiles to establish fictitious relationships. They often aim to extort money or information.
Workplace fraud
Deceptive job offers that require advance payments or personal information.
Purchase scams
Fake e-commerce sites or advertisements that do not deliver products after payment.
How to identify fake job offers
Unrealistic compensation
Excessively high wages for simple tasks are often a lure.
Vague details
General descriptions of responsibilities and minimum requirements to attract more victims.
Payment requests
No legitimate job requires advance payments for hiring.
Invisible company
IInability to verify the existence of the company through online searches.
Protection against Phishing Scams
Sender verification
Always check the full email address, looking for small differences or errors.
Be careful with links
Move your mouse over the links without clicking to see the actual destination.
IImplement 2FA
Two-factor authentication adds an extra layer of security to logins.
Regular updates
Keep your systems and software up to date to protect yourself from known vulnerabilities.
Example of an online scam
Email reception
Suspicious elements
Email purporting to be from your bank with an urgent security alert.
Grammatical errors, strange email addresses, suspicious links.
Correct action
Reporting
Do not click. Contact the bank directly through official channels.
Forward the email to the relevant authorities and the actual bank.
Example of a suspicious email
Subject: Immediate job offer – [Fictitious company name] Dear candidate, We have received your resume and are impressed by your profile. We are a large international company and are looking for a motivated person for the position of [Position name]. The salary is €3,000 per month, with flexible hours and the possibility of working from home. To proceed with your application, please send us the following documents as soon as possible: Copy of your ID Tax ID number Bank details for salary payments In addition, you will need to pay a €100 fee for initial training. We look forward to hearing from you urgently. Kind regards, [Fictitious name] Human Resources Manager [Strange email address].
Fraud prevention tools
Technological tools offer essential protection against online threats. Training remains crucial for recognizing dangers.
Red flags in online communication
Linguistic errors
Official communications rarely contain obvious spelling mistakes.
Unjustified urgency
Pressure to act quickly without allowing time for verification.
Irresistible offers
Offers that seem too good to be true often hide deception.
Personal requests
Questions about sensitive data that legitimate institutions would not ask for via email.
What to do if you suspect fraud
Protect Your Data
Never disclose personal or banking information when you suspect fraud.
Report the Accident
Contact the Postal Police or the relevant authorities to report the scam..
Change Password
Immediately change all potentially compromised credentials.
Monitor Your Accounts
Check regularly for suspicious bank transactions in the following weeks.
Conclusion
Constant vigilance
Update
Always remain vigilant when browsing online.
Keep yourself informed about new types of scams that are emerging.
Sharing
Healthy skepticism
Share safety tips with friends and family members who are at risk.
If something seems too good to be true, it probably is.
Cybersecurity and AI: risks and potential in remote working
The job landscape has undergone a radical transformation. The increase in remote working is evident.
With a 175% increase in 2023, new security challenges are emerging. We will analyze risks and opportunities in this evolving digital landscape.
Remote working: a new digital landscape
3,6M
175%
Remote workers
Growth
Italians working remotely in 2024
Increase in remote working since 2019
300%
Attack surfaces
Increase in cyber vulnerabilities
The digital landscape has changed dramatically. The traditional boundaries of corporate networks have dissolved.
Managing corporate data requires new strategies. The distributed work environment creates new vulnerabilities that need to be managed.
Cybersecurity: risks amplified by remote working
Security responses
Advanced defence strategies
Unsecure networks
Vulnerable domestic connections
Personal devices
Uncontrolled endpoints
Phishing attacks
+220% dal 2022
Phishing attacks have increased exponentially. Cybercriminals are exploiting new vulnerabilities.
Violations are more difficult to detect. The use of personal devices complicates security monitoring.
Artificial Intelligence in remote working
Automation
Optimized repetitive processes
Monitoring
24/7 automated surveillance
Predictive analytics
Forecasting future threats
Productivity
AIntelligent virtual assistants
AI is transforming remote productivity tools. Algorithms analyze suspicious behavior patterns.
Continuous monitoring detects anomalies in real time. Predictive analytics anticipates threats before they materialize.
Risks of AI in Cybersecurity
Deepfake
Algorithmic biases
Video/audio impersonation
Incorrect automated decisions
Intelligent malware
Targeted attacks
+35% in 2024
Customized with AI
AI is also used for malicious purposes. Deepfakes create new social engineering threats.
I Self-learning malware evolves autonomously. Security algorithms may contain exploitable vulnerabilities.
The potential of AI in protecting remote environments
Anomaly detection
Real-time identification of suspicious behavior
Adaptive authentication
Identity verification based on behavioral patterns
Automatic updates
Intelligent coordination of security updates
Automated SOCs
AI-enhanced security operations centers
AI offers powerful protection tools. Anomaly detection systems identify suspicious behavior.
Adaptive authentication goes beyond traditional passwords. Security updates are distributed intelligently and promptly.
Best practices for protecting remote work and AI
Continuing education
ISecure infrastructure
AI control
Training is essential against threats
Conclusions and future scenarios
Safety culture
Widespread dissemination of digital awareness at all levels of the company
Balance between innovation and risk
Balancing technological adoption and sensitive data protectioni
Explainable AI and Zero Trust
Transparent algorithms and continuous verification of each access as industry standard
The future requires a delicate balance. Innovation and security must go hand in hand.
Digital security culture will be essential. Explainable AI and Zero Trust will define the new standards of protection.
Resources
🔐 General IT security and best practices
- Cybersecurity Framework – NIST (National Institute of Standards and Technology, USA)👉 https://www.nist.gov/cyberframework→ International standards for data protection, also useful in non-business contexts.
🔒CISA – Cybersecurity & Infrastructure Security Agency (USA) Guidelines for secure remote working URL: https://www.cisa.gov
👉 https://www.garanteprivacy.it → The Italian Data Protection Authority website offers practical explanations on personal data protection.
🧠 Cybersecurity education Cybersecurity & Infrastructure Security Agency (CISA - USA)👉 https://www.cisa.gov→ It contains practical sections with “tip of the day,” videos, and easy guides on how to protect yourself online.
🤖 AI applied to cybersecurity MIT Technology Review – Sezione AI & Security Expert analysis and articles on the role of AI in cybersecurity URL: https://www.technologyreview.com
Women4Cyber (European Cyber Security Organisation) 👉 https://women4cyber.eu→Promotes the inclusion of women in the field of cybersecurity.
IBM Security – AI and cyber defense Practical examples: Watson for Cybersecurity URL: https://www.ibm.com/security NIST – National Institute of Standards and Technology (USA) AI Risk Management Framework + documenti sulla sicurezza AI URL: https://www.nist.gov
🔐 Cybersecurity and remote working ENISA – Agenzia dell’Unione Europea per la Cybersecurity Report: Threat Landscape Reports URL: https://www.enisa.europa.eu
Clusit – Associazione Italiana per la Sicurezza Informatica Report annuale: Clusit Report sulla Sicurezza ICT in Italia URL: https://www.clusit.it
Glossary
Glossary
Deepfake: An AI-based human image synthesis technique that allows an existing face or voice to be superimposed onto images or videos of another person, creating fake but highly realistic content. Centralized Device Management: Centralized management and control of all endpoint devices used by employees, ensuring compliance with security policies, installation of updates, and monitoring. Layered Defense: Implementation of multi-level security protections. Availability: Guarantee of continuous access to authorized resources. Endpoint: Any device connected to a computer network, such as laptops, smartphones, tablets, and IoT devices, which represents a potential entry point for attacks. Firewall: A network security system that monitors and controls incoming and outgoing network traffic based on predefined security rules, with the aim of blocking unauthorized access. Job fraud: A fictitious job offer used to steal money or personal data from victims, often through requests for advance payments or the sharing of confidential information. Identity theft: The unlawful use of personal information. Artificial Intelligence (AI): Simulating human intelligence through machines, particularly computer systems. It includes learning (acquiring information and rules for using it), reasoning (using rules to reach approximate or definitive conclusions), and self-correction. Integrity: Maintaining the accuracy and reliability of information. Interception: Action in which an attacker intercepts data traffic between two parties. Remote Working (Smart Working): A way of working characterised by the absence of predefined time or space constraints and organised by phases, cycles and objectives, which contributes to the well-being of the worker and social innovation. Fraudulent link: A link in a phishing email that directs you to a clone website, very similar to the official one, in order to steal credentials. Malware: Malicious software designed to infiltrate, damage, or disable computers, computer systems, networks, or mobile devices, often with the aim of stealing data, spying on user activities, or taking control of the device. Intelligent Malware: Malicious software that uses AI or machine learning techniques to evolve autonomously, adapt to defense systems, and launch more sophisticated and difficult-to-detect attacks.
Glossary
QUIZ 1/13
QUIZ 2/13
QUIZ 3/13
QUIZ 4/13
QUIZ 5/13
QUIZ 6/13
QUIZ 7/13
QUIZ 8/13
QUIZ 9/13
QUIZ 10/13
QUIZ 11/13
QUIZ 12/13
QUIZ 13/13
End of Module C2
Congratulations on completing Module C2! You now know: The fundamentals of cybersecurity: The basic concepts: Confidentiality, Integrity, Availability (CIA Triad). The importance of digital security in today's world. The different types of threats And you are aware: - Of the risks amplified by remote work - Of the risks associated with AI in cybersecurity
Continue with the other modules!
Despite the risks, artificial intelligence also offers powerful solutions to protect remote environments. Artificial intelligence can be used for anomaly detection, adaptive authentication, automatic updates and SOC AUTOMATION. Adaptive authentication, for instance, uses artificial intelligence to verify the identity of users based on their behaviour, adding a higher level of security than simple passwords. In addition, artificial intelligence can intelligently coordinate security updates, ensuring that all systems are protected in a timely manner.
Remote working amplifies some cybersecurity risks. The pyramid illustrates the levels of vulnerability, from phishing attacks to the need for advanced defence strategies. Phishing attacks have increased by 220% since 2022, an alarming figure. Added to this is the difficulty of protecting home networks and personal devices, which often do not have the same level of security as corporate ones.
Protecting personal data is important Knowledge of the problem: Understanding cyber threats (phishing, malware, ransomware) is the first step to defending oneself. Being aware of the tactics used by cybercriminals helps to recognise and prevent attacks. Training and keeping abreast of the latest trends in computer security are crucial. Encryption: Encryption is the process of encoding information so that only authorised people can read it. It protects sensitive data (such as passwords, financial information and communications) from unauthorised access. Use encryption to protect data in transit (e.g. while surfing the web) Two-factor authentication adds an extra layer of security to the login process. In addition to the password, it requires a second authentication factor, such as a code sent to the mobile phone or a fingerprint. It makes it much more difficult for cybercriminals to gain access to accounts, even if they manage to obtain the password. Strong passwords: Strong passwords are long, complex and unique for each account. They should include a combination of upper and lower case letters, numbers and symbols. Avoid using easily guessed personal information (such as birth dates or names of family members). Use a password manager to create and store complex passwords securely.
Do not answer e-mails: never give personal information or money to people you do not know. Check the company: search for the company online and check if the job offer is real. Check the official website and job advertisements. Report the email: report the email as spam or phishing to your email provider. Inform the authorities: if you have provided personal information or money, report the incident to the postal police. Beware of overly tempting offers: remember that overly tempting job offers are often scams. Additional tips- Use reputable job search websites. - Do not share sensitive information online.- Be cautious with job offers from home. - Research the company before applying.
Availability
Availability refers to ensuring that systems, networks and data are accessible and usable when needed. It ensures that authorised users can access the information and resources they need in a timely and reliable manner. Techniques to ensure availability include system redundancy, data backup, disaster recovery plans and protection from Denial of Service (DoS) attacks. Examples of availability breaches include a DoS attack that renders a website inaccessible, a hardware failure that interrupts a service, or ransomware that encrypts data rendering it unusable.
Example
Imagine you are using a public Wi-Fi network in a café to access your online bank account. A cybercriminal on the same network can use software to intercept the data traffic between your computer and the bank's website. In this way, the attacker can: View your login credentials (username and password) as you enter them. Intercept the two-factor authentication codes that the bank sends you via SMS. Change the information displayed on the bank's website, for example by replacing the account number of the recipient of a transfer with your own. As a result, the attacker can steal your money or use your personal information to commit fraud.
Example
Imagine a company, “ABC Corporation”, which uses a computer network to run its operations. One day, an employee receives a seemingly harmless e-mail that contains an attachment. The employee opens the attachment, unaware that it contains ransomware called “Locky”. Once the ransomware infiltrates the system, it starts encrypting all files on the company's computers, including important documents, databases and backup files. Within minutes, the entire company network is locked down and employees can no longer access their files. Soon after, a message appears on the computers' screens informing the company that their files have been encrypted and that they must pay a ransom in Bitcoin to obtain the decryption key and restore their data. The message includes a countdown, warning that the price of the ransom will increase if it is not paid within a certain period of time. The ABC Corporation is now in a critical situation. If they pay the ransom, there is no guarantee that cybercriminals will provide the decryption key or that they will not attack again in the future. If they do not pay, they risk losing all their data and suffering severe operational disruptions. In this scenario, the Locky ransomware caused serious damage to the company ABC Corporation, halting their operations and putting their sensitive data at risk.
Artificial intelligence offers powerful tools for automation, monitoring, predictive analysis and increased productivity. Imagine a system that constantly monitors the network, identifying suspicious behaviour in real time or predicting potential threats before they materialise. Artificial intelligence makes this possible, improving our ability to protect ourselves.
In the digital world, it is crucial to be aware of the risks. Phishing is a fraudulent attempt to obtain personal information, such as passwords or bank details, through misleading e-mails or messages. Catfishing involves the creation of false online identities to deceive and manipulate victims, often for sentimental or financial purposes. Job fraud promises easy earnings or work from home, but often conceals demands for money or data theft. Finally, shopping scams exploit fake ads or counterfeit websites to sell non-existent products or steal credit card data. Remember, caution is the best defence against these threats
Confidentiality
Confidentiality, or privacy, concerns the protection of sensitive information from unauthorised access. It ensures that only authorised persons can view or access certain information. Techniques to ensure confidentiality include encryption, authentication, authorisation and access control. Examples of breaches of confidentiality include theft of personal data, unauthorised access to confidential files or interception of communications.
Pay attention!
Computer scams exploit people's naivety or haste. Beware of messages that seem urgent or too good to be true. The first line of defence is you.Example:You receive an email with the subject line: "You have won an iPhone! Click here to claim it." - This is a scam designed to steal your personal information or install a virus. Always verify the identity of the sender or caller before replying to requests for personal or business information. Scammers can pass themselves off as colleagues, customers or technical support.Example: You receive a call from an “IT technician” asking for your password to perform updates. Always check with your official IT department first: this could be an attack. Personal data such as social security numbers, credit card numbers, passwords or business documents should never be shared through insecure channels. Example: Don't send your IBAN via WhatsApp to an unknown number claiming to be your accountant.
Integrity
Integrity refers to ensuring that information is accurate and complete, and has not been altered in an unauthorised manner. It ensures that data remains reliable and uncorrupted throughout its lifecycle, whether in transit or at rest. Techniques to maintain integrity include the use of checksums, digital signatures, version control and access control procedures. Examples of integrity violations include unauthorised modification of a document, tampering with a database or altering a software programme.
Here's an example of a misleading e-mail
What to do- Don't reply to the email - Check the company - Report the email - Inform the authorities Be careful: - Remember that job offers that are too tempting are often scams. - Additional tips - Use reliable job search websites. - Do not share sensitive information online. - Be cautious with job offers from home. - Research the company before applying.
Target audience
This module is designed for those who want to start or improve their role in remote work environments, including: Aspiring remote workers who want to understand basic rules and expectations; Mothers or caregivers looking for flexible work opportunities; Trainers and educators preparing to deliver content in virtual environments; Remote work providers and managers responsible for ensuring team compliance and productivity; Educational organisations developing remote work preparation programmes for students or staff.
Example
Imagine you receive an e-mail that appears to be from your bank. The e-mail informs you that your account has been suspended due to suspicious activity and asks you to verify your login information by clicking on a link. The link takes you to a webpage that looks identical to your bank's website, but is actually a fake copy created by fraudsters. If you enter your login credentials (username and password) on the fake page, the scammers steal them and can use them to access your real bank account and steal your money.