WIll Cybersecurity protect you?
"The Internet is the global communications and information infrastructure that provides the medium for communication and computation that facilitates the provisioning of numerous applications and infrastructure services, including e-mail, on-line banking, data storage, and quantum computing power. It brings with it promises of economic development and prosperity, scientific discovery, increased political participation, and ever changing social networks through which we are connected in ways once unimaginable. While many understand the opportunities created through this shared global infrastructure, known as cyberspace, few people understand the threats presented in cyberspace, which regularly arise at individual, organizational and state (or societal) levels."
When an organization has a strong sense of network security and an effective incident response plan, it is better able to prevent and mitigate these attacks. For example, end user protection defends information and guards against loss or theft while also scanning computers for malicious code.
One of the most problematic elements of cybersecurity is the constantly evolving nature of security risks. The traditional approach has been to focus resources on crucial system components and protect against the biggest known threats, which meant leaving components undefended and not protecting systems against less dangerous risks. As a result of security risks, investments in cybersecurity technologies and services are increasing. In 2017, It was predicted that worldwide spending on information security products and services would reach $83.4 billion (a 7% increase from 2016) and that it would continue to grow to $93 billion by 2018.
Myth 1: Consumer protection exists in cyberspace
False. On-line holiday shoppers beware, you are your own protection.Web browsers and anti-virus software are not necessarily going to protect us. Why? Because in any given day there can be tens of thousands newly introduced viruses or malware that have a shelf life of 24 hours. Today's software simply cannot keep up. And that is not all. Some botnets, such as the Storm botnet, are used to hide phishing and malicious web sites behind an ever-changing network of compromised hosts acting as proxies. And what happens? Well, the average person holds approximately 20 online accounts for banking, internet-based mail, and social networking like MySpace or LinkedIn. The perpetrators obtain credit card data, bank-accounts, passwords and identities with which they then steal and spend your hard earned cash to support their business activities.The on-line industry will find ways to pass the costs of cyber crime through to consumers, which means that it really is every man (or woman) for themselves.
Myth 2: Firewalls and virus scanners protect my computer and my enterprise
False. A recent report by the Ponemon Institute noted that 82% of C-level executives report that their organization has experienced a data breach and many are not confident that they can prevent future breaches. The bad guys are casing our networks to research and discover vulnerabilities in our software and hardware that they can then easily exploit.As we race to embrace, buy, and integrate the newest technology into our lives and businesses do we really understand the vulnerabilities, exposure points, and subsequent risk that is bundled in that purchase? Attackers are exploiting these seams and are becoming more subtle in their methods. For example, multi-media devices like a thumb drive or I-Pod are often used as a delivery mechanism for malware that embeds in our computer or network and later beacons or "phones home" for orders. Sometimes that homing device asks for a map of the computer or network topology and sometimes it sends specific files to its master-controller. Few software programs protect us from the insider threat or socially engineered attacks that are susceptible to human error (like opening an attachment).
Myth 3: My government has the solution and will protect me
Not really. Although the government has a role to play, this problem cannot be solved without active involvement and shared responsibility by both the private sector and other nations around the world. Details on vulnerabilities of and security threats to our infrastructures and information assets tend to be closely held secrets. We must find ways to create a private-public partnership to facilitate information sharing and recovery strategies that truly underpin the availability, confidentiality, integrity and resiliency of cyberspace.
Myth 4: Physical assets are more valuable than information
False. While it is true that physical assets have a quantifiable value that can be depreciated over time, information is where the real value lies. As firms continue to embrace information technology to enable efficiency, productivity, and global connectivity, the value of information increases concomitantly and the medium by which it transits or resides matters less and less. Many experts believe that the rate of corporate data breaches may be at or approaching an epidemic level, even though many of those breach are never reported. After all, there is a disincentive for reporting because by the very fact of reporting the breach, it can undermine customer confidence, brand reputation, price point - all of which can lead to cancelled contracts, fines, and law suits, not to mention downward pressure on stock prices. Attacks to corporate information systems (data and infrastructure) are increasing operational risk and revenue risk but few organizations understand the linkage between IT insecurity and enterprise risk management. Corporations need to prepare for technical glitches, outages and security breaches and be able to measure, monitor, control losses. An IT disruption can paralyze a company's ability to produce or deliver its services, connect with its customers, or in simple terms operate.
Myth 5: Laws are keeping pace with technological innovation
False. Cyberspace is evolving faster than our understanding of its opportunities and risks. Laws around the globe are not keeping pace with the cross sector, multi-jurisdictional, multi-geographic nature of the infrastructure and services delivered through cyberspace. Laws overlap and create conflict as opposed to cooperation, even when our interests are aligned. Data ownership, data handling, data protection and privacy, evidence gathering, incident handling, monitoring and traceability, and the rights and obligations related to data breach, data transfers, access to data by law enforcement or intelligence services all need to be addressed by new laws written for the 21st digital century. The stringent requirements under current law for search warrants in cyberspace slow down law enforcement's ability to pursue on-line malicious activities and protect our citizens. Laws have not kept pace, but if we tap into the strong talent of our law schools to analyze and publish ideas on how best to modernize these out-of-date laws, we just might begin to catch up with the speed of technological innovation.
(The above excerpt was taken or modified from author Melissa Hathaway .)
We can't do much in this present condition, but we can take precautions in order to safeguard our privacy. Routine check-ups of your systems are highly suggested. Lets hope the future holds much promise to look forward to.
Adios
Avanish K A
Cybersecurity
Cybersecurity is the protection of internet-connected systems, including hardware, software and data, from cyber-attacks.In a computing context, security comprises cybersecurity and physical security -- both are used by
enterprises to protect against unauthorized access to data centers and
other computerized systems. Information security, which is designed to
maintain the confidentiality, integrity and availability of data, is a
subset of cybersecurity.
The use of cybersecurity can help prevent cyber attacks, data breaches and identity theft and can aid in risk management.When an organization has a strong sense of network security and an effective incident response plan, it is better able to prevent and mitigate these attacks. For example, end user protection defends information and guards against loss or theft while also scanning computers for malicious code.
One of the most problematic elements of cybersecurity is the constantly evolving nature of security risks. The traditional approach has been to focus resources on crucial system components and protect against the biggest known threats, which meant leaving components undefended and not protecting systems against less dangerous risks. As a result of security risks, investments in cybersecurity technologies and services are increasing. In 2017, It was predicted that worldwide spending on information security products and services would reach $83.4 billion (a 7% increase from 2016) and that it would continue to grow to $93 billion by 2018.
Types of Cybersecurity threats
The process of keeping up with new technologies, security trends and threat intelligence is a challenging task. However, it's necessary in order to protect information and other assets from cyber threats, which take many forms.- Ransomware is a type of malware that involves an attacker locking the victim's computer system files -- typically through encryption -- and demanding a payment to decrypt and unlock them.
- Malware is any file or program used to harm a computer user, such as worms, computer viruses, Trojan horses and spyware.
- Social engineering is an attack that relies on human interaction to trick users into breaking security procedures in order to gain sensitive information that is typically protected.
- Phishing is a form of fraud where fraudulent emails are sent that resemble emails from reputable sources; however, the intention of these emails is to steal sensitive data, such as credit card or login information.
Lets see some beliefs that people have shall we ?
Myth 1: Consumer protection exists in cyberspace
False. On-line holiday shoppers beware, you are your own protection.Web browsers and anti-virus software are not necessarily going to protect us. Why? Because in any given day there can be tens of thousands newly introduced viruses or malware that have a shelf life of 24 hours. Today's software simply cannot keep up. And that is not all. Some botnets, such as the Storm botnet, are used to hide phishing and malicious web sites behind an ever-changing network of compromised hosts acting as proxies. And what happens? Well, the average person holds approximately 20 online accounts for banking, internet-based mail, and social networking like MySpace or LinkedIn. The perpetrators obtain credit card data, bank-accounts, passwords and identities with which they then steal and spend your hard earned cash to support their business activities.The on-line industry will find ways to pass the costs of cyber crime through to consumers, which means that it really is every man (or woman) for themselves.
Myth 2: Firewalls and virus scanners protect my computer and my enterprise
False. A recent report by the Ponemon Institute noted that 82% of C-level executives report that their organization has experienced a data breach and many are not confident that they can prevent future breaches. The bad guys are casing our networks to research and discover vulnerabilities in our software and hardware that they can then easily exploit.As we race to embrace, buy, and integrate the newest technology into our lives and businesses do we really understand the vulnerabilities, exposure points, and subsequent risk that is bundled in that purchase? Attackers are exploiting these seams and are becoming more subtle in their methods. For example, multi-media devices like a thumb drive or I-Pod are often used as a delivery mechanism for malware that embeds in our computer or network and later beacons or "phones home" for orders. Sometimes that homing device asks for a map of the computer or network topology and sometimes it sends specific files to its master-controller. Few software programs protect us from the insider threat or socially engineered attacks that are susceptible to human error (like opening an attachment).
Myth 3: My government has the solution and will protect me
Not really. Although the government has a role to play, this problem cannot be solved without active involvement and shared responsibility by both the private sector and other nations around the world. Details on vulnerabilities of and security threats to our infrastructures and information assets tend to be closely held secrets. We must find ways to create a private-public partnership to facilitate information sharing and recovery strategies that truly underpin the availability, confidentiality, integrity and resiliency of cyberspace.
Myth 4: Physical assets are more valuable than information
False. While it is true that physical assets have a quantifiable value that can be depreciated over time, information is where the real value lies. As firms continue to embrace information technology to enable efficiency, productivity, and global connectivity, the value of information increases concomitantly and the medium by which it transits or resides matters less and less. Many experts believe that the rate of corporate data breaches may be at or approaching an epidemic level, even though many of those breach are never reported. After all, there is a disincentive for reporting because by the very fact of reporting the breach, it can undermine customer confidence, brand reputation, price point - all of which can lead to cancelled contracts, fines, and law suits, not to mention downward pressure on stock prices. Attacks to corporate information systems (data and infrastructure) are increasing operational risk and revenue risk but few organizations understand the linkage between IT insecurity and enterprise risk management. Corporations need to prepare for technical glitches, outages and security breaches and be able to measure, monitor, control losses. An IT disruption can paralyze a company's ability to produce or deliver its services, connect with its customers, or in simple terms operate.
Myth 5: Laws are keeping pace with technological innovation
False. Cyberspace is evolving faster than our understanding of its opportunities and risks. Laws around the globe are not keeping pace with the cross sector, multi-jurisdictional, multi-geographic nature of the infrastructure and services delivered through cyberspace. Laws overlap and create conflict as opposed to cooperation, even when our interests are aligned. Data ownership, data handling, data protection and privacy, evidence gathering, incident handling, monitoring and traceability, and the rights and obligations related to data breach, data transfers, access to data by law enforcement or intelligence services all need to be addressed by new laws written for the 21st digital century. The stringent requirements under current law for search warrants in cyberspace slow down law enforcement's ability to pursue on-line malicious activities and protect our citizens. Laws have not kept pace, but if we tap into the strong talent of our law schools to analyze and publish ideas on how best to modernize these out-of-date laws, we just might begin to catch up with the speed of technological innovation.
(The above excerpt was taken or modified from author Melissa Hathaway .)
We can't do much in this present condition, but we can take precautions in order to safeguard our privacy. Routine check-ups of your systems are highly suggested. Lets hope the future holds much promise to look forward to.
Adios
Avanish K A
Comments
Post a Comment