Attacks and Vulnerabilities
Discuss about the Lack of Employee Security Training Plagues.
The term cyber security refers to Information Technology security or computer security and represents the protection of the entire computer system against damage to the electronic data, software, hardware, from theft and from misdirection or disruption of the provided services.
The protection of the IT and computer can be enabled by protecting it against possible harm and by controlling physical access to the software and hardware, against possible threats from malicious data, network access and code injection (Singer & Friedman, 2014). The cyber security has major threat from the malpractice by the operators, either accidental or intentional.
Cyber security has gained attention by almost all the fields in the world, because of increasing reliance on the internet and computer system and recently on wireless networks, like Wi-Fi, Bluetooth and because of smart devices’ growth, such as television, smartphones and the recent development of the Internet of Things’ tiny devices (Collins & McCombie, 2012).
Cyber threat or cyber attack is an offensive maneuver targeting personal computer devices, computer information systems, computer networks or infrastructures. Cyber threat may be initiated from an organization, society, groups, individuals or nation-states, as an anonymous source (Droogan & Waldek, 2016). Technically, a cyber attack and threat is done intentionally, to alter, steal or destroy any target specifically, by hacking to a susceptible system.
An asset, which can be logical or physical has vulnerabilities of one or more that have the possibilities of exploiting by an agent of threat in an action of threat. It is through the compromise of resource availability, integrity or confidentiality (Guitton & Korzak, 2013). The damage can be potentially extended in addition, as further organization’s resources and the other involved parties’ resources, like suppliers, customers, etc.
The cyber threat can be severe from both the active or passive attack. An active attack can alter the operation or resources of the system, eventually, compromising the availability or integrity. The passive attack is possible that attempts to make use of information or learn from the system, however, system’s resources are not affected and here compromise is the confidentiality (O-Connell, 2012). Active attack or threat is more dangerous and passive attack can be danger of losing confidentiality.
Cyber threat is a clear security violation and exists with capability, event, action, circumstance, breaching the security and result to harm. The severity can be anticipated as it is not only accidental, but intentional(Waters & Ball, 2008).
Cyber attack and threat is used synonymously, based on the degree of its severity and context, as cyberterrorism, cyberwarfare and cyber campaign. The affect of the attack or threat can be simply an installation of personal computer with spyware to destroying a nation’s infrastructure. In terms of degree, it is more than hacking and data breaching activities. The threat has become more severe and dangerous, because of the recently demonstrated Stuxnet worm, which is used to attack, in 2010, the nuclear facilities in Iran, attacking the products of sandbox and anti-bot. The severity of the fifth generation cyber threats NotPetya ransomware and WannaCry in 2017, which impacted global communities and businesses, all over the world by taking advantage of leakage of tools, of National Security Agency, clearly indicate the severity and intensity of the cyber threats in the future.
The severity of the cyber threats can change the fates of the countries, as these are intended with political agendas or even change the political structures target. Cyber threats ranging to the cyber terrorists are motive politically and their attacks have the potential destruction and corruption impacting the political structures (Prichard et al, 2004). The threats can easily target civilians, civilian installations and civilian interests or at least can generate the fear among them.
Attacks are made against computer security. Vulnerability, in simple terms is a weakness in internal control, operation, and implementation or even in the design. Vulnerabilities are very easy to get exploited, either manually by using customized scripts or directly with the automated tools.
Cyber threats have been becoming severe and severe as they can change the status from positive to negative and profit to loss. The threat has become a concern, as the human life and society have been becoming reliant slowly and completely on the computer and information technology systems. The following real time data shows how serious the cyber security threats can be.
At several utilities, computers control function, such as coordination of nuclear power plants, power grid, valve open and close in gas and water networks, coordination of telecommunications are prone to cyber threats, when these are connected to the internet, which is a potential attack vector. The entire operation can be turned to be destructive from constructive.
However, the severity of the cyber security threat can be understood from the fact, how Stuxnet worm proved that the any equipment that is controlled only by the computer, without even connecting to the internet can also be vulnerable to the cyber threats. There are more than 79 hacking incidents identified by the Department of Homeland Security, at energy companies that shows the severity of the cyber threats. Smart meters are even prone to the cyber threats in a large scale, affecting millions of people’s financial transactions, as they can cause the problems, such as frauds in billing. The smart meters are not even connected to the internet, but to the cellular communications or local radio.
The primary hacking targets against cyber security are the financial institutions like SWIFT, Securities and Exchange Commission, commercial banks and investment banks, for making illicit gains and manipulating markets. The cyber security can be easily threatened and immediate financial transactions and diversions can be incurred through the apps and websites that store or accept the bank account information, brokerage accounts and credit card numbers. It allows the hackers, immediate financial gains, from making purchases, transferring money or transferring the market over the black market. Immediate financial gain is what the intention of the threat is and ATMs and in-store payment systems are tampered for accessing the PINs and customer account data.
Cyber threats attack not only direct computer and internet connected systems, but also other than them. Usually, laptops and desktop computers are the most commonly targeted systems for unethical access of financial account information, password or even to construct a botnet to target on other systems to exploit. Various mobile devices, like smart watches, tablet computers, smartphones and other quantified self devices, such as activity trackers are built with some other consumer devices, like accelerometers, microphones, GPS receivers, cameras and compasses can also be exploited (NPR, 2014). Exploitation is done in different ways, like collection of personal information. A breach can activate Bluetooth, Wifi, networks of cell phone on any of these attack vectors, remotely.
Cyber threat can be increasingly severe and serious, with the increasing home automation devices and system, like Nest thermostats to list one.
Aviation is one of the serious and severely attacked by the cyber threats. It is because the aviation system is reliant on bunch of complex systems that are prone to get attacked, though it is not easy. When the threat attacks and if power outage is resulted simply at one airport, repercussions can be caused throughout the world (Zellan, 2003). The aviation system is relying on the radio communication system and if it gets disrupted, aircraft control over oceans will become very easily dangerous, as the surveillance of radar does not extend more than 225 miles offshore (Finkle, 2014). The cyber threats can attack the aviation system and the consequences can be loss of system integrity, confidentiality, loss of aircraft, air traffic control outages and may also result in loss of several lives.
The common and potential targets of the breaches and cyber threats are larger corporations, for instant and huge financial gains. The loss can be in millions, as it is possible through identity theft and data breaches, by theft of details of credit cards, through Target Corporation, Staples, Home Depot and the recent Equifax breach (Cook, 2014).
Cyber attacks and threats can even change the fate of the countries, as some of these threats and breaches are initiated even by foreign governments and cyberwarfare are engaged by the governments, with the intention of spying, sabotage and spreading propaganda against the targets (CNNMoney. 2013). One of the examples of such influence is the major role of Russian government in the 2016 presidential election in the US, though no evidence is found, but spread through the social network, Facebook and Twitter.
General identity theft, impersonating patients and health insurance fraud are possible cyber threats by theft of medical records, to obtain for resale or recreational purposes, for obtaining prescription drugs. The severity of the threats is much more as the 62% of the organizations have not even tried to increase the training for security, for the respective business, although cyber threats keep on increasing (Cowley & Stacy, 2017). Though most of the cyber threats are intended for financial benefits, there are also other intentions (Wakabayashi & Shane, 2017).
Infrastructure of transportation mirrors the facilities of telecommunication. Any possible cyber attacks and threats can have impact on the accessibility and scheduling in disruption creation in the chain of economy(Lyons, 2005). It may impact carrying methods that can hinder the cargo system to send from in between the places. For instance, Continental Airlines gets forced resulting in shutting down the flights, because of the problem of computer, during the virus called ‘slammer’, in January, 2003.
Water is also one of the important infrastructures that can be critical attacking infrastructure. And it stands as one of the biggest security hazards in all the computer controlled systems. Huge and massive water amounts got unleashed into unprotected area resulting in the property damage and loss of life.
Threats can be initiated either from inside or outside. Inside attack is usually initiated by an inner entity internal to the perimeter of security, i.e. an entity, which is authorized for access of resources, however the resources are used for inappropriate or unapproved way, by the granting organization. Initiation of the outer attack is from outside the perimeter, by system’s illegitimate or unauthorized user. The range of outside and severity of cyber threat is more from the outsider, as it ranges from amateur pranksters reaching to the hostile governments, international terrorists and organized criminals (Backman, 2014). However, insider attack is also more severe, since only hacking ethics only can stop them, as they are authorized for the resource access.
The cyber threats can be either syntactic threats or symantic threats. Comparatively syntactic threats, symantic attacks are more severe. Syntactic attacks are straightforward and so are easier to identify them and so their intentions too. The best examples of the syntactic attacks are malicious software such as Trojan horses, worms and viruses ( Palilery, 2014). However, symantic attacks are more dangerous and so severe, as these are dissemination or modification of incorrect information and correct information. So far information modification is possible with no use of computer and even new ways will also be possible in the future. Incorrect or dissemination of information is possible to be utilized for covering the tracks, by misguide or divert anyone to other or wrong direction. There can be severe and potentially severe threats that spoil the relations between the countries, sacrificing the global piece with the semantic attacks(Staff, 2010). Statistics shown are conflict happened in between Authorities of Palestinian and Israel, India and Pakistan conflict raised because of Kashmir and continued as hundreds of cyberspace attacks. Pakistani hackers attack with ‘True Cyber Army’ name and Indian attack with ‘Indian Cyber Army’ name.
China and the US play predominant roles cyber attacking one against another. Both of the cyber capabilities are equally talented to fight against each other, in the cyber world. Other important non-state and state actors included are Iraq, Russian, Al Qaeda and Iran (Abbasi, 2013). East and West nations, on both the spectrum ends show a contrast of ‘sword and shield’ in ideals. More offensive minded idea is from China, for cyberwarfare initiating the pre-emptive strike during initial conflict stages to stand and continue in the upper hand. On the other side, the US responds with more reactionary measures to defend and creating systems having impenetrable barriers, to ensure protection of the nation and protection of the civilians from the possible cyber threats and attacks.
There is no doubt the rivalry in terms of showing aggression and superiority between the East and West legends will continue and with the advancement of technology in cyber attacking and so the threats will be more severe and so the results will sure be unpleasant and may lead to the wars in between the countries ( Finkle, 2014).
The cyber threats cannot be prevented completely, however, can defend through SIEM and User behaviour analytics. Cyber threats can be in control by defining and implementing a set of policies for ISMS (Information Security Management Systems) for better information security management(Wright & Harmening, 2009). The policies are developed to follow the principles of risk management as countermeasures to ensure set up of security strategy, following the applicable rules and regulations, in the respective country.
The information technology industry has been working and trying to minimize the consequences and likelihood of cyber attacks (Neumann, 1997). Eventually, the companies of computer security software develop various services and products, aiming at fixing of vulnerabilities, discovering vulnerabilities, study the category of possible attacks, discovering vulnerabilities, invent, deploy and design countermeasures, evaluating the risks, publish articles and books regarding the cyber threats and measures, setting up the necessary contingency plans to get ready, when needed to respond (Seals & Tara, 2015).
Conclusion
Cyber security is one of the toughest solutions for the information technology industry, when the cyber attacks and cyber threats are concerned. Cyber threats to the world are multi-dimensional and multi-folded to the humankind and to the entire world. There is no doubt the cyber attack is experienced by most of the computing devices, no matter connected to the internet or not connected to the internet. The cyber threats affect the operation of a simple smartphones to a large scale and high speed super computer system. A simple smart meter to a large infrastructure can be affected in unpleasant ways by the cyber threats. And the most severe and toughest part is that the relations and political connections of countries can be greatly influenced and impacted by the negative intentional cyber threats, increasing the impact of the cold wars resulting in weapon wars between the countries. significant affected areas from the cyber threats, in terms of industry are, infrastructure that includes transport, telecommunications, water, parking system. Finance is the first and most affected area, for immediate financial gains, in much less time possible. Defense system of each and every country, which is prestigious, technically, can also be attacked and threatened by the cyber threats and very confidential information can cross the borders in just seconds of time.
Achieving complete cyber security is almost an impossible fruit for the IT industry. However, there are certain measures that can be enabled at policy levels governed by the governments and technically, the threats can be controlled through potential anti cyber attacking software.
References
Abbasi, W. 2013. Pakistani hackers defaced over 1,000 Indian websites. The News International 2013
Backman, M. 2014. Home Depot: 56 million cards exposed in breach. CNNMoney
Collins, S., McCombie, S. 2012. “Stuxnet: the emergence of a new cyber weapon and its implications,” Journal of Policing, Intelligence and Counter Terrorism 7, no. 1. 80-91.
Cook, J. 2014. Sony Hackers Have Over 100 Terabytes Of Documents. Only Released 200 Gigabytes So Far. Business Insider.
Cowley, Stacy. 2017. 2.5 Million More People Potentially Exposed in Equifax Breach. The New York Times
Droogan,J., Waldek, L. 2016. Where are All the Cyber Terrorists? From Waiting for Cyber Attack to Understanding,” in IEEE. Cybersecurity and Cyberforensics Conference (CCC), pp. 100-106.
Finkle, J. 2014. Exclusive: FBI warns healthcare sector vulnerable to cyber attacks. Reuters
Finkle, J. 2014. Hacker says to show passenger jets at risk of cyber attack. Reuters
Guitton, C., Korzak, E. 2013.“The Sophistication Criterion for Attribution: Identifying the Perpetrators of Cyber-Attacks,” The RUSI Journal 158, no. 4. 62-68.
James P. Farwell and Rafal Rohozinski, “The New Reality of Cyber War,” Survival 54, no. 4 (2012): 107-120
Lyons, M. 2005. United States. Homeland Security. Threat Assessment of Cyber Warfare. Washington, D.C.)
Neumann, P. G. 1997. Computer Security in Aviation. presented at International Conference on Aviation Safety and Security in the 21st Century, White House Commission on Safety and Security
NPR, 2014. Is Your Watch Or Thermostat A Spy? Cybersecurity Firms Are On It. NPR.org.
O’Connell, M. E. 2012. “Cyber security without Cyber war,” Journal of Conflict and Security Law 17, no. 2. 187-209.
Palilery, J. 2014. What caused Sony hack: What we know now. CNN Money
Prichard, Janet, and Laurie, D. 2004. “Cyber Terrorism: A Study of the Extent of Coverage in Computer Security Textbooks.” Journal of Information Technology Education. 3.
Seals, Tara. 2015. Lack of Employee Security Training Plagues US Businesses. Infosecurity Magazine
Singer, P.W. and Friedman, A. 2014. Cybersecurity and Cyberwar: What everyone needs to know. Oxford University Press, Oxford . pp. 12-66
Staff. 2010. Cyber Indian Army. Express Tirbune
Wakabayashi, D., Shane, S. 2017. Twitter, With Accounts Linked to Russia, to Face Congress Over Role in Election. The New York Times
Waters, G., Ball, G. 2008. Australia and Cyber War-fare.ANU Press, Canberra.
Wright, J. Harmening, J. 2009. 15. In Vacca, John. Computer and Information Security Handbook. Morgan Kaufmann Publications. Elsevier Inc. p. 257
Zellan, J. 2003. Aviation Security. Hauppauge, Nova Science, NY. pp. 65–70
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
