Professional Documents
Culture Documents
To quote Steve Durbin, MD, Information Security Forum, There's not a huge amount that's
spectacularly new, what is new is the increase in complexity and sophistication. He is of
course referring to the threats to security and privacy of information that is stored on our
computers. He is talking about the people behind the threats and their skill in retrieving data
that in the first place does not belong in their hand but more important the damage they can
do with extremely sensitive data. Yes, that includes data that is meant only for the very top in
a Governments hierarchy or data that can do one personal harm i.e. bank account details,
social security number and the like. In this day and age it is of the utmost importance that
both an individual and an organization are abreast of the various threats to their data on
various database. It is of even greater importance that they are aware of the different means to
protect themselves! This article will look to touch upon what one needs to look out for, how
one can prevent data being stolen and the maintenance of privacy. Several instance of the
same will also be touched upon.
Types of Threats
1) Virus Threats: Threat, a computer virus is a program written to alter the way a
computer operates, without the permission or knowledge of the user. A virus
replicates and executes itself, usually doing damage to your computer in the
process.
2) Spyware Threats: A serious computer security threat, spyware is any program that
monitors your online activities or installs programs without your consent for profit
or to capture personal information. Weve amassed a wealth of knowledge that will
help you combat spyware threats and stay safe online.
3) Hackers: Hackers not computers, create computer security threats and malware.
Hackers are programmers who victimize others for their own gain by breaking into
computer systems to steal, change or destroy information as a form of cyberterrorism. What scams are they using lately? Learn how to combat dangerous
malware and stay safe online.
4) Phishing Threats: Masquerading as a trustworthy person or business, phishers
attempt to steal sensitive financial or personal information through fraudulent email
or instant messages. Internet Based Attacks While your computer is connected to
the Internet it can be subject to attack through your network communications.
5) Viral Web Sites: Users can be enticed, often by email messages, to visit web sites
that contain viruses or Trojans. These sites are known as viral web sites and are
often made to look like well-known web sites and can have similar web addresses
to the sites they are imitating. Users who visit these sites often inadvertently
download and run a virus or Trojan and can then become infected or the subject of
hacker attacks.
I.
II.
III.
IV.
Privacy and security issues can affect user confidence: Users can trust a product if
it functions right and doesnt fail. The efficiency and effectiveness of a product can
decide the fate of a company. Internet usage is directly proportionate to the level of
security and privacy provided.
Privacy and security issues often elicit emotional reactions: People feel betrayed if
the product doesnt respect the security and privacy needs of the user. A banks
customers are loyal only if the payment gateway provided by the bank is secure. Also,
E-banking safety is top priority for the customers.
Dilemma of tradeoffs between home versus business use : Increase in security
and privacy by a product can also hamper the convenience of usage. For example
allowing Christuniversity.in, use cookies via browser can decrease security.
Effects social system of sharing : If a network or a product is breached , the user will
start minimizing information sharing.
SOCIAL INFORMATION SHARING
Based on an interview with Steve Durbins interview with CIO.com, an essential outlook on
the important trends in security and privacy of information has been narrowed down to five
major points.
1) Cybercrime: Durbin has outlined that there will be a significant increase in
cybercrime as we improve technology. His most startling input is his belief that the
various groups around the world particularly those operating out of east European
nations are using what he calls 21st century tools to take on 20th century systems. He
attributes the struggle to main security of information to hactivism, a constant increase
in the cost to manage and control cyber threats and the nominal budgets allocated to
the effort of protecting ones data.
2) Privacy and regulation: The threat to security and privacy of information available
online and on computer systems is so severe that even government across the world
are legislating to protect the use of PII (Personally Identifiable Information). This has
led to members at various levels in various departments of an organization working
on the ways that confidential data be kept safe. This includes HR, lawyers of an
organization and even the boards of organization. It is essential that organization are
able to maintain their image and that of their clients and stakeholders.
3) Threats for Third-party providers: The article points out that a weak link in a security
system may not even be in the organization. The fact is a flaw in the manner in which
data is shared through a supply chain can also prove a major weakness. The article
cites the example of information being accessed from Target without their knowledge.
The leak was a web app used by Targets vendors to submit invoices for transactions!
It is therefore essential that one be aware of the risks that third parties related to an
organization be handled with care and careful scrutiny.
4) BYOx trends in the workplace: BYO or Bring-Your-Own refers to various member of
an organization bringing their own technology devices to the workplace. These
devices include mobile phones, laptops, storage devices etc. The problem with this
trend is the fact that it leaves many an opening for a hacker to access an organizations
data. This is especially true when a user loses track of the divide between the device
being personal and the device being the property and storage/access point to an
organizations data!
5) Engagement with your people: Durbin points out the fact that an organizations
greatest assets may also be its greatest liability in terms of protecting data. He point
out that it is very difficult to regulate employee behaviour such that they are conscious
of the threats that are around them and the information they either handle or have
access to. He says it is essential that security awareness is of the utmost importance
so that people are not a liability to the efforts an organization makes to keep its
information secure.
Real Life Instances of Cyber Crimes
1) Making millions: 100 euros at a time: Eleven members of a criminal gang arrested in
Spain this February had been earning about 1 million euros a year by spreading the
Police Virus. This is a cyber-extortion tool, accusing the victim of committing some
offense and blocking his computer until a fine of 100 euros is handed over. The
malware also steals the victims personal data. A final sentence has not yet been
handed down in this case, but in recent years Spain has jailed a number of hi-tech
offenders.
2) Ali-Baba and the 4 thieves: Just a week ago, four cybercriminals were arrested in
Dubai after allegedly stealing $2 million from companies in the Emirates. Using a few
scams and hacker techniques, the attackers were siphoning funds into their bank
accounts as well as overseas. Some members of the gang, which includes people of
Asian and African origin, have fled the country a warrant for their arrest has been
issued by Interpol.
3) Student Loan Phishing scam: Six people have been arrested over a 1m online
phishing scam in which money was stolen from the hacked bank accounts of hundreds
of students. Scotland Yard said a criminal network targeted students on government
loan schemes, conning them into revealing their bank account details, which were
then used to withdraw amounts of between 1,000 and 5,000 at a time. The victims
received emails asking them to update details on their student bank account via a link
to a bogus website.
4) The Fabulous Five: Five hackers have been charged in whats being called the biggest
data breach in U.S. history.
Federal prosecutors announced that theyve indicted five cyber criminals responsible
for a hack that cost targeted companies more than $300 million. Prosecutors say the
five men, who are from Russia and Ukraine, stole and sold at least 160 credit card
numbers. Two of the suspects are in custody. The hacked companies include Nasdaq,
Visa Inc., J.C. Penney Co., JetBlue Airways Corp. and Carrefour SA. According to
authorities, each of the men had specialized taskstwo hacked into networks, another
mined them for data, another provided anonymous web-hosting services to hide the
groups activities, and another sold the stolen data and distributed the profits.
Bibliography
Benson, & Christopher. (n.d.). Retrieved from https://msdn.microsoft.com/enus/library/cc723507.aspx
Olavsrud, T. (2014, December 10). Security: CIO. Retrieved from CIO Web site:
http://www.cio.com/article/2857673/security0/5-information-securitytrends-that-will-dominate-2015.html