Section 1: The Hyper connected world
- Types and impact of cyber crime
- Cyber Risk Framework
Section 2: Cyber security
- Information Sharing
- Approaches to achieve cyber security
Section 3: Economic Impact
Section 4: Network Security
Section 5: Steps and recent examples related to cyber security
Section 6: Conclusion
INTRODUCTION: Challenges of Cyber Security
Today due to increase in connectivity & demand for the exchange of data/ information’s between individuals, society & organisation in a rapid and time efficient manner has made us dependent on the continuous use of the cyber space, which in one hand has made us to use our resources in an efficient manner but on the same hand has made our resources/data more prone to the cyber attack & thus where the requirement of the cyber security creeps into the present era.
The aim of this paper is to throw light on the importance of cyber security in our digitized and interconnected world, to lay emphasis on our requirement of security & to induce awareness against emerging threats and risks, which if overlooked would have a worse impact not only on the individuals, society, organisations but also on the national security, economic and social well-being of a state.
Section 1: THE HYPER CONNECTED WORLD
Challenges in cyber security to Over 2 billion people are connected to internet for their needs like education, medical, communication, transportation, finance which is growing fast with evolving growth in information and communication technologies.
This hyper connectivity has lead the way for the easement of the various transaction either financial or non-financial at the one click of the users and now days, with due to e-commerce and other banking facilities, we have also linked our inherit resources like our financial, confidential information to the cyber world. But on the same side we should also take in account the risks/threats coming with this connectivity in the form of Cyber attacks this type of Challenges of Cyber Security.
A statistical analysis of the last few years survey has shown that there has been an increase in the cyber attacks & there increasing the cost of saving our data/resources from these attacks:
Various computer damage related Reports, 1997-2003
Cost (computer crime) in Millions of Dollars by FBI surveys
Cost (virus attack) in Millions of Dollars in California
Worldwide Economic damage estimates for all forms of Digital attacks
TYPES OF CYBER CRIME
- Identity Theft –In this, cyber criminals obtain personal data from individuals and exploit this private data through online channels by opening bogus accounts.
- Online scams – cyber criminals obtain financial or other valuable information by fraudulent means i.e. by tricking individuals through scam.
- Scareware – cyber criminals mislead individuals into downloading software onto their computers by using fear tactics or other unethical marketing practices.
- Fiscal Fraud – cyber criminals can withhold taxes due or make fraudulent claims for benefits by attacking official online channels.
- Theft from Business – cyber criminals steal revenue online directly from businesses, which usually involves fraudulently obtaining access and looting company accounts and monetary reserves.
What Do Cyber Criminals Target?
- Bulk business data.
- Sensitive and private cooperate information.
IMPACT OF CYBER CRIME
- Citizens– Cyber criminals can use online scams to find their credit card details and can purchase goods, can take loans under their names, thus raising question on online banking services.
- Business– Hacking/stealing of sensitive business information’s by cyber criminals hinders reputation of organizations, create insecurity in the stock market thus affecting its R&D, productivity, customer service, reputational damage, reduction in share price and loss of competitive advantage.
- Government-cyber crime tends to affect taxation revenue and limit scale of efficiency savings by creating fiscal frauds thus pressurising government and public organizations to spend lot of money on cyber security, which could be used for social welfare.
There are five types of threats (as depicted in figure) which may depend on each other with targeted action to harm system. These threats adding up with cyber vulnerabilities, occurred due to accidentally or poor practices such as insecure data transmission due to which employees may lose their stored data causes damages to assets and reputation.
On the same hand there are three approaches in response to these threats in which traditional approach use rules and regulations, community approach is based on information sharing and third category follows a systemic approach which includes a new model for insuring organizations against breaches of their resources and assets. .
Section 2: CYBER SECURITY
Thus, it is clear from the above section that today’s world of hyper connectivity includes communication not only between people to people but also between people & machines, making everything from business to human infrastructure highly dependent on cyber network.
The data on these networks is highly sophisticated/confidential and need to be secured to maintain social and economic gains of an individual as well as of the society as a whole, for example cyber attack on a system controlling electricity or water supply has serious impact on country’s national security, public health and other living problems thus here comes the requirement of individuals and organizations to deeply think about their cyber security & best 10 top products for security in I.T.
Cyber Security is mainly related to protection of computer system, software program, and data against unauthorized access, modification, or destruction, whether accidental or intentional which can come from any private, public or internal network.
Cyber security demands following challenges of cyber security to be resolved to make a threat and risk free environment –
- To make cyber space resilient-It requires to build a system that can withstand cyber threats and can cope up with its failure by employing recovery measures.
- To make cyber space more innovative- by seeing the internet growth in present era we can say in coming years the interoperability of internet is going to increase manifold requiring more robust and highly efficient system.
- Ensuring public health and safety- today our system greatly contribute towards human infrastructure building systems like water, transport, medical, chemicals .Thus we need a secure network to ensure safety and calls emergency services as when required.
Building cyber security framework mainly demands to have secure information sharing between various sectors (as briefed here in below) & it’s challenge also to ensure data security of individuals, organisations as well as of nation.
- Private sectors – Sharing information can be helpful for companies attempting to gauge whether they are accepting similar or generally acceptable levels of risk compared with their peers
- Public – Private Partnership- Public-private partnerships in information sharing enable organizations to avoid the duplication of effort and fill potential gaps in information security capabilities.
- Public sectors – Government can serve as a convener to bring different parties together as well as facilitate and coordinate actions among stakeholders to share information that is as sensitive and actionable as what it expects to receive from private sector participants.
Approaches to achieve cyber security
- Preventive approach allows organization to know about its risks, threats and formulate measures to prevent them.
- Real-time information sharing refers to ongoing threats and requires an emergency alert plan to gain access over them.
- Post Event approach relates to sharing cyber incident information’s which are no longer active. It enables an organization to take advantage of lessons learned from other organizations and integrate these in its cyber risk management programme.
Section 3: ECONOMIC IMPACT
[Referred Fiscal Times] reported 2011 as most expensive cyber crime year
Today the cost of global cyber crime nearly approaches to approx $114 billion annually, which is significantly more than annual global market for cocaine, heroin, and marijuana combined. Some recent damages/losses due to cybercrime
- Sony has estimated a loss $170 Million after hackers attacked the company’s play station network.
- Hackers attacked on City Bank in May 2011, accessing the data of roughly 360,000 bankcard holders.
- Estimated economic cost of cybercrime to UK
Estimated Cost Impact (per annum)
Mode of Cyber Crime
-£1.7bn for identity theft
– £1.4bn for online scams
– £30m for Scareware and fake anti-virus
– £9.2bn from IP theft
-£7.6bn from industrial espionage -£2.2bn from extortion – £1.3bn from direct online theft
Impact on the society as a whole
- Annual costs to business of customer data loss through cyber crime:
Estimated Cost (Per annum)
£3.9m – £4.3m
- The Commerce Department of America estimates that due cyber espionage, they have lost around 27.1 million American jobs in 2010 comprises of 18.8 percent of all employment.
- Over 98 percent of Chinese business websites had implemented standard protective measures against security threats in 2011, up from 92.25 percent in 2010 and 78.61 percent in 2009, thus thereby increasing the cost of the cyber security.
Section 4: NETWORK SECURITY
Adding security into the LAN requires considering and implementing three key attributes of secure networking:
- Access control – knowing who is on the network (authentication), what resources they are authorized to use, and applying these access controls to their traffic
- Integrity – guaranteeing that the network itself is available as a business-critical resource and those threats can be identified and mitigated.
- Privacy – ensuring that traffic on the network is not accessible to unauthorized users.
In order to have a secure network one should follow certain strategies–
- All network users must be authenticated and should use digital signature for reliable data fetching and individual interference / reliability.
- Use firewalls between internal network and rest of the internet to filter out unwanted packets.
- Use of cryptography-the art of transforming messages to make them secure and immune to attacks.
- Use virtual private network to share information between within (private) and outside (global) organization.
Section 5: RECENT EXAMPLES OF CYBER THREATS
[Referred from internet News]
- Stuxnet worm (July 2010) – The Stuxnet worm (a complex computer code) was used in the first cyber attack specifically targeting industrial control systems. This attack seemed to be directed at Iran, and its nuclear programmed.
- Operation Aurora – (December 2009) Google detected a highly sophisticated and targeted attack on its corporate infrastructure originating from China. The attack was found to have installed malware via email on computers in another 30 companies and Government Agencies.
- Large scale fraud (2009/10) – An Essex-based gang, linked to Eastern Europe, was prosecuted for an on-line fraud making £2 million a month by stealing log-in details from 600 UK bank accounts and tricking users into providing additional information.
- Conficker (2008)-A botnet6 on an unprecedented scale has been operating since November 2008 affecting millions of computers worldwide using the Windows operating system.
STEPS TOWARDS CYBER SECURITY
[Referred from various internet sources]
- DRDO in Hyderabad has multidisciplinary team committed to solving the information security challenges facing our nation
- October 2012 marks the ninth annual National Cyber Security Awareness Month.
- The International Multilateral Partnership against Cyber Threats (IMPACT) is the world’s largest United Nations – backed cyber security alliance.
- The Cyber Intelligence Sharing and Protection Act (CISPA) of 2011 is a proposed United States federal law that would allow for the sharing of Web data between the government and technology companies.
- The Cyber security Enhancement Act of 2009 is United States legislation intended to improve cyber security within the federal government and throughout the public and private sectors.
Section 6: CONCLUSION
Although, the internet offers many benefits and has expedite our day to day transactions but there are also certain security challenges associated with its use. Our more and more dependency on use of the internet and linkage of our sensitive data with it, has created new opportunities for cyber criminals to access to our personal and confidential information thus creating a threat to our economic, social and financial framework.
Thus, to keep our hyper connected world function threat free and risk free we need to implant a better and more secure cyber security systems to keep our data safe from those who wish to access them illegally. The few of the suggestions for better cyber secure system are as follows –
- Implementation of more advance risk management programmers to have secure information sharing between different cooperate sectors.
- Exploring the use of cyber risk insurance to limit liability and through pricing, encourage risk reduction.
- Use of firewalls to restrict users from opening proxy sites which can bring with them various viruses.
- Awareness between internet users about bogs emails and attractive sites whose clicking may infect your system.
- Introduction of network Intrusion Detection/prevention Systems throughout the cooperate network helps in detecting malicious activities.
- Testing and updating of the plans on a regular basis.
Author by : Sonam Singhal