Research on Internet Security - Report Example

?Research Report on Internet Security Table of Contents Introduction 3 History of Internet Security Threats 3 General Internet Security Threats 5 Phishing 5 Identity Theft 6 Malware (Viruses, Worms, Trojan Horses, Spyware) 6 Denial of Service Attack 7 National Internet Security Threats 8 International Internet Security Threats 9 The Future of Internet Security Threats 11 Antivirus Software 13 Firewalls 13 Avoiding Unsecured Wi-Fi 14 Other Measures 14 Conclusion 15 References 16 Introduction In the present day context, internet has become an important component of the regular life of people. Through internet, people can access the bank accounts, e-mails and other information. Essentially, internet acts as a limitless source of information. However, with all good aspects which are offered by internet, it also opens the door for possibly dangerous threats. This denotes whenever a person is online, he/she can become a possible target for security threats (BigPlanet, n.d.). Due to this reason, internet security has become more important for internet users including individual persons, organisations and the government. The structure of internet allows for the existence of several security threats (Daya, 2008). Focusing on this aspect, the report encompasses brief history of internet security threats. Furthermore, the report also describes about the method of protection from security threats. The objective of the report is to acquire a brief idea about different security threats that exist in internet and how these threats can be dealt with. History of Internet Security Threats The idea of internet has started as a project sponsored by Advanced Research Projects Agency (ARPA) of US Department of Defence in the year 1969. The key intention of the project was to develop a network which can operate even if main segments of communication network crash. Thus, ARPANET was designed in order to redirect the network traffic spontaneously around the problems in linking systems. The protocols of ARPANET were mainly intended for openness and flexibility of information, rather than for information security. Thus, every person needed to be an unrestricted insider of the network so that information can be shared easily. As more computer systems (which are also known as sites in present day’s phraseology) linked in the ARPANET, the worth of this network has increased (Dekker, 1997). At that time, researchers played practical fun on each other by using ARPANET which involved joke mails, annoying posts and other minor security breaches. During that period, connection from any remote system was not considered as a security threat, because ARPANET users comprised a small group of people who were generally familiar to each other and also had faith on each other. Since the popularity of ARPANET increased, its users also augmented. In the year 1986, the first exposed security threat in ARPANET occurred in Lawrence Berkeley National Laboratory of California where an unidentified system had attempted to copy information from the computer system. This incidence raised concerns about the damaging characteristics of ARPANET (Dekker, 1997). In the year 1988, ARPANET had first faced mechanical security incident namely ‘Morris Worm’, where a student of Cornell University developed a program which can connect with another system and can copy itself in the system. This self copying mechanical attack caused symmetrical eruption of copies at computers that were connected with ARPANET. At that time, ARPANET had almost 88,000 users who reflected it as the prime way of communication. In reaction to the worm, several users had detached themselves from the ARPANET, further hindering the communication procedure. Several organisations have emerged after these security occurrences in order to deal with the online attacks and instruct the ARPANET users regarding potential security threats and also certain preventive activities (Dekker, 1997). In the year 1989, ARPANET was officially termed as Internet and shifted from a government research project to a functional communication network. At that time, users of internet had increased to above 100,000. However, the security issues continued to sustain as the technology became more advanced. Although internet was initially considered for research and education purposes, the usage form of internet changed drastically. Nowadays, internet has become a medium for private as well as commercial communication tool. With the increased dependence of internet, its security threats have also increased by a considerable extent (Dekker, 1997). General Internet Security Threats Since the arrival of internet, the users have observed several changes which have redefined the method of using international network. Today, internet is the most prevalent and valuable communication tool for people and organisations. However, internet has also become a stage for executing several criminal activities. The issue of cybercrime has become a critical aspect which causes huge amount of loss. Today, the general security threats in internet are phishing, identity theft, malware and denial of service attack among others. Phishing One of the most common internet security threats is phishing. Usually, phishing is recognised as the use of electronic messages which are developed is such a way so that the victims believe that the message has arrived from a trusted source such as bank or other commercial websites. These messages are usually intended for persuading the user to conduct certain activities such as to confirm the account information and user name among others. These messages are frequently used in order to create a sense of urgency so that the user can take certain actions. For instance, in phishing, the victims can be offered with certain monetary rewards and therefore, asked to provide information about credit card for registration purposes. This kind of message includes a Uniform Resource Locator (URL) which directs the user to a certain website where he/she can deliver the private information. Website for the purpose of phishing is usually designed is such a way so that it appears as a legitimate website (Milletary, n.d.). In recent times, the definition of phishing has developed to cover a broader variety of financial misconducts. Apart from extensive use of fake messages and websites in order to trap people into revealing the private information, it can be observed that increasing level of programs is used which are particularly targeted for revealing the bank account information. Once entered into the victim’s computer system, these programs employ several methods in order to spy on the communication of victims and collect information (GFI Software, 2011). Identity Theft Identity theft is the other form of internet security threat which involves the utilisation of false identification. Identity theft is a particular form of identity fraud which includes using individually recognisable information which belongs to other person. Identity theft can include an additional component of harassment because this method of fraud directly influences the life of a victim. Besides, identity theft also leads to deceive the third parties such as government, organisations, customers and banks among others (Finklea, 2012). Malware (Viruses, Worms, Trojan Horses, Spyware) The term ‘malware’ is denoted as malicious software. It covers a range of programs which are specifically developed in order to interrupt the computer system. The most common forms of malware are viruses, worms, Trojan horses and spyware. Viruses: Virus is a program which is designed to enter in the computer system in order to damage files and programs or cause disturbances. Once entered in the computer system, virus can duplicate itself or initiate the replication of other programs and spread to certain other computer systems which use the similar network. Virus can enter in a system through e-mail, websites and other numerous devices (Sungard Higher Education, 2006). Worms: Similar to virus, worm is also a program which can copy itself, but unlike virus it cannot modify other programs. However, once it enters in the computer system, it stays in the memory and constantly copies itself. It can also spread the copies to the other computer systems of the similar network (Kilpatrick, n.d.). Trojan Horses: Trojan horses are a program which pretends to be a benign program for entering into the computer system. Unlike virus and worm, Trojan horses can select the type of damage in the computer system such as destroying the files and running with other programs among others. Trojan horses comprise certain type of sneaky programming codes in order to hide their presence in the victims’ computer system. The Trojan horses can spread in several methods such as through downloading and file sharing. In most of the cases, victims are unaware about the installation of Trojan horses in the computer system (Chen & Davis, 2005). Denial of Service Attack Denial of service (DoS) is considered as an internet attack which is intended to restrict the users to access the information or services they require. In most of the circumstances, DoS denotes certain occurrences where online services are made unavailable for the users. In other words, the users have lost control on accessing their requisite information. Thus, in comparison to other internet security threats mentioned above, DoS is quite insignificant because this type of attack is rather considered as a trouble than a threat. DoS attack only leads to inconvenience for users, but it does not lead to any harm in the system (IBM Corporation, 2007). National Internet Security Threats In the 21st century, internet security threats have become commonly accepted as a matter of national internet security. In the United Kingdom, internet security is considered as one of the most important priorities for the government since several organisations in the UK have suffered from the increasing internet threats. In the UK, numerous cases of data theft from big organisations have been reported in the period of 2010 to 2011. On the basis of a study conducted by Ponemon Institute on 38 organisations that are victims of internet threats, it can be observed that average expense on internet attack was about ?2.1 million. The study revealed that organisations in the UK face about 41 successful internet attacks in a week. Among several internet threats, the harmful threats are malicious intruders, DoS and malware (Ponemon Institute, 2012). According to the report of PricewaterhouseCoopers LLP (PWC), internet security threats is all time high in the UK. Apart from big organisations, small and medium sized organisations are also not protected from the internet security threats. Their study depicted the UK financial services and public segments are highly impacted by internet security threats. For example, in 2011, a big government organisation of the UK had faced problems due to database failure, requiring above one month’s time for recovery of the computer system. Threats from malware had found to be three times higher in 2012 in comparison to 2008 in the UK. The study of PWC in 2012 stated that different types of threats from malicious applications have increased in the UK. For example, in 2012, a medium sized financial organisation in the UK had been found to be affected by ‘qakbot’ Trojan horse which had disrupted the business of the organisation for several days, causing loss of money (PricewaterhouseCoopers LLP, 2012). International Internet Security Threats Nowadays, internet security threats have grown significantly than past times. Considerable amount of high profile internet security violations have been observed internationally. The major threats arrive in the form of loss of information, leak of organisational secrets and stolen data. According to the information of KMPG, above three quarters of Forbes 200 organisations had faced leakage of vital information due to internet security breaches. The most vulnerable organisations of internet security threats are banks, financial organisations and telecommunication organisations (KPMG LLP, 2012). According to the report of Symantec in 2011, the amount of malicious threats in internet has increased by 81% and the amount of malware variants has also enhanced by 41%. In present days, the smartphones also provide new opportunities for increasing internet threat related incidents. The report of Symantec stated that in the year 2011, the amount of mobile internet threats has augmented by 93.3% than 2010. The incidents of identity thefts have also increased in recent days. Above 232.4 million ‘identity theft’ incidents were found globally in the year 2011 (Wood & et. al., 2012). Among all the nations, the United States is considered as one of the top countries, which is threatened by internet security attacks. In the US, internet security threats have become a common occurrence. On the basis of a research of Ponemon Institute on 58 organisations, in the year 2011, the average expense of internet threats is almost USD8.4 million in a year. The study stated that US organisations face about 102 successful internet attacks in a week (Ponemon Institute, 2012). On the basis of study of Symantec about internet malicious activity, in the year 2009, the US was ranked at the top position with 19% increase in internet security threats than 2008 (Fossi & et. al., 2010). The following figure will show the ranking of different nations with respect to malicious activity: Source: (Fossi & et. al., 2010) In the year 2008, the US accounted for almost 23% of global malicious internet activities. The nation also accounted for most frequent target of DoS attacks representing 56% of international DoS threats. About 36% of international phishing URLs had been identified in the US. The following figure will show the ranking of nations with respect to the source of internet oriented threats: Source: (Fossi & et. al., 2010) Apart from the US, Asian organisations also faced internet security threats in recent times. In the year 2010, about 75% of Asian organisations had experienced internet security threat incidents which resulted in the incurrence of expenses of US$763,000. Reports stated that internet interference, viruses and Trojan Horses infection and DoS events have increased considerably, resulting in losses in terms of identity theft and loss of vital information (Marsh & McLennan, 2012). For example, in the year 2011, a Japanese gaming organisation had been hacked which resulted in the theft of private information of about 77 million users. In the same year, a Chinese organisation was alleged of gathering private information of above 150 million residents by breaching the internet security (Marsh & McLennan, 2012). These activities generate internet security challenges for people and organisations to obtain measures in order to enhance the data protection. The Future of Internet Security Threats Internet security has become a significant matter of concern in present days due to increased use internet applications. The dependence of internet is expanding rapidly. Every country depends on internet infrastructure which allows better operations of finance, transportation, taxation and accounting among others. From international organisations to small local organisations, every business enterprise uses the internet medium in order to facilitate financial and technological innovation (Vrana, 2012). With this growth of the use of internet, the security risks will also increase. Due to several factors such as social engineering, new applications and relational trust, the internet security threats are developing. Nowadays, new types of electronic devices and applications such as iPhones, social networking sites and storage devices are shaping the future of internet security threats (Schaeffer-Filho & et. al., 2011). The hackers are becoming more sophisticated and the influence of internet based attacks is becoming larger than before. Hackers in present times are using social networks as a way of several internet attacks such as phishing and malware among others. With respect to virus related threats, cyber criminals in present days are using ordinary files rather than executable files in order to spread viruses or worms in the user’s computer system. Although several internet security methods are present in order to deal with internet threats but it is probable that the threats will still continue in next the ten years (Markatos, n.d.). Currently, malwares and phishing attacks have the potential to spread and infect considerable number of computer systems in short period of time. Although internet security professionals extensively react to these types of incidents but countermeasures require considerable amount of time and expense after identifying the problem. By the time internet security professionals discover certain solutions for identified internet security problems, the threats can do sufficient damages to the users. Therefore, irrespective of security measures, the internet users are quite vulnerable to the security threats (Dlamini & et. al., 2009). In relation to the internet security threats, users are becoming highly concerned about the security of information. The present internet users have shown considerable level of awareness about the internet security threats. According to the study conducted by InfoSurv, from 2007 to 2009, global user awareness about phishing attack had increased considerably. The survey also depicted that internet users in present times are less likely to share personal information because of security concerns. Increase in user awareness about internet security threats is also apparent from growing concerns about malwares and phishing attacks in the internet. However, it should be noted that although customers have become more aware about the internet security threats, new type of cyber-attack methods are also increasing (EMC Corporation, 2010). How to Protect from These Internet Threats In order to deal with the increasing internet security threats, a variety of technologies have been developed. These technologies assist in safeguarding the computer system, identifying the unfamiliar or distrustful acts and react to the occurrences that can cause harm to the computer system (BigPlanet, n.d.). Antivirus Software One potential solution to the internet security threat is installation of antivirus software. This technology can effectively detect the internet security threats caused by several malware such as viruses, worms, and Trojan horses (BigPlanet, n.d.). Firewalls Cyber criminals often try to acquire access to a computer system by pretending to initiate connections from reliable networks. In order to address this type of attack and enforce restrictions on connections in the computer system, it is essential to filter the internet traffic. The firewall technology is designed to analyse the internet traffic and connection requests and therefore is able to reject those connections which fail to fulfil the security standards established by the user. Thus, it acts as a defensive measure against internet security threats (BigPlanet, n.d.). Avoiding Unsecured Wi-Fi With quick acceptance of Wi-Fi internet, the security threats now entail c new dimensions to the computer system. Cyber criminals can use the vulnerabilities of unsecured Wi-Fi network in order to access the computer system of users. Hence, internet users require avoiding any kind of unsecure Wi-Fi connection in order to prevent internet security threats (BigPlanet, n.d.). Other Measures Apart from these measures, organisations require to develop better policies in order to enforce security practices in the workplaces for example better management of risk, better education of security, use of authentication software, data backup and data recovery planning along with the use of intrusion recognition applications among others (State of Victoria, 2004). Conclusion The modern society has completely become reliant on internet due to its numerous advantages. In line with the benefits, internet technology has allowed crimes to be conducted in new manners. The internet security threats described above can lead to loss of money as well as create harm in the personal life. Every internet user is exposed to different types of internet security threats such as phishing, malware and identity theft among others. Thus, internet users are required to protect themselves through the use of several technologies. However, technologies alone are not sufficient for internet users to protect the valuable information. Since, cyber criminals always try to exploit new ways of conducting illegal activities, the internet users must be well aware about the possible inter-related threats and the countermeasures to secure the information. Most of the internet users use basic protection such as antivirus and firewalls. However, it should be noted that there are certain best practices which need to be maintained in order to avoid any kind of security threats to the computer system. Currently, the use of internet is not optional rather it has become compulsory for every organisation and user. Thus, irrespective of several countermeasures, there are risks for every internet user who uses internet applications for financial and commercial purposes. Hence, it will be beneficial for internet users to become more aware about internet security threats and engage in secure internet activities. References BigPlanet, No Date. What You Need To Protect Yourself Online? Understanding Internet Security. [Online] Available at: http://www.bigplanetusa.com/library/bp/pdf/bpis_understanding_security.pdf [Accessed April 16, 2013]. Chen, T. M. & Davis, C., 2005. An Overview of Electronic Attacks. Southern Methodist University, pp. 1-21. Daya, B., 2008. Network Security: History, Importance, and Future. University of Florida. [Online] Available at: http://web.mit.edu/~bdaya/www/Network%20Security.pdf [Accessed April 16, 2013]. Dekker, M., 1997. Security of the Internet. The Froehlich/Kent Encyclopaedia of Telecommunications, Vol. 15, pp. 231-255. Dlamini, M. T. & et. al., 2009. Internet of Things: Emerging and Future Scenarios from an Information Security Perspective. University of Pretoria. EMC Corporation, 2010. RSA Global Survey Reveals Confidence in Social Networking Security Shaken as Online Crime Rises. Press Releases. [Online] Available at: http://www.rsa.com/press_release.aspx?id=10671 [Accessed April 16, 2013]. Fossi, M. & et. al., 2010. Symantec Global Internet Security Threat Report. Symantec Enterprise Security, Vol. 15, pp. 4-95. Finklea, K. M., 2012. Identity Theft: Trends and Issues. Congressional Research Service. [Online] Available at: http://www.fas.org/sgp/crs/misc/R40599.pdfhttps://www.ncjrs.gov/pdffiles1/nij/grants/210459.pdf [Accessed April 16, 2013]. GFI Software, 2011. Web-based Security Threats: How Attacks Have Shifted and What to Do about It. GFI White Paper. [Online] Available at: http://www.gfi.com/whitepapers/GFI-Web_Based_Threats_v2_Whitepaper.pdf [Accessed April 16, 2013]. IBM Corporation, 2007. IBM Internet Security Systems X-Force Threat Insight Monthly. Services. [Online] Available at: http://www-935.ibm.com/services/us/iss/pdf/x-force/xftim_0708.pdf [Accessed April 16, 2013]. Kilpatrick, I., No Date. Dealing with Internet Security Threats. Wick Hill. [Online] Available at: http://www.wickhill.com/uploads/company/press/pdfs/featurefinalinternetthreatsDealing%20with%20Internet%20Security%20Threats.pdf [Accessed April 16, 2013]. KPMG LLP, 2012. Cyber Vulnerability Index. An Ethical Investigation into Cyber Security across the Forbes 2000. [Online] Available at: http://www.kpmg.com/UK/en/IssuesAndInsights/ArticlesPublications/Documents/PDF/Advisory/Forbes-Survey-publish-and-be-damned.pdf [Accessed April 16, 2013]. Milletary, J., No Date. Technical Trends in Phishing Attacks. CERT Coordination Center. [Online] Available at: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CDMQFjAA&url=http%3A%2F%2Fwww.cert.org%2Farchive%2Fpdf%2FPhishing_trends.pdf&ei=GpxqUdPKLo3xrQfyzoFI&usg=AFQjCNEAcFcHcw8M7XzCCmJf09GywR9HuA&sig2=COINFjAdLvLFV8ClF88pmQ&bvm=bv.45175338,d.bmk [Accessed April 16, 2013]. Markatos, E., No Date. Security Challenges for the Future Internet. Computing Systems Laboratory. [Online] Available at: http://security.future-internet.eu/images/b/ba/FIA_Val_TI_2.pdf [Accessed April 16, 2013]. Marsh & McLennan, 2012. Cyber Risk in Asia: Is Your Data Safe? Leadership, Knowledge, Solutions…Worldwide. [Online] Available at: http://www.marsh-asia.com/pdf/2012/Marsh_Report_Cyber_Risk_May2012.pdf [Accessed April 16, 2013]. Ponemon Institute, 2012. Cost of Cyber Crime Study: United Kingdom. HP Enterprise Security. [Online] Available at: http://www.hpenterprisesecurity.com/collateral/report/HPESP_WP_PonemonCostofCyberCrimeStudy2012_UK.pdf [Accessed April 16, 2013]. Ponemon Institute, 2012. Cost of Cyber Crime Study: United States. HP Enterprise Security. [Online] Available at: http://www.ponemon.org/local/upload/file/2012_US_Cost_of_Cyber_Crime_Study_FINAL6%20.pdf [Accessed April 16, 2013]. PricewaterhouseCoopers LLP, 2012. Information Security Breaches Survey. Technical Report. [Online] Available at: http://www.pwc.co.uk/en_UK/uk/assets/pdf/olpapp/uk-information-security-breaches-survey-technical-report.pdf [Accessed April 16, 2013]. State of Victoria, 2004. Good Practice Guide. Managing Internet Security. [Online] Available at: http://download.audit.vic.gov.au/files/20040630-Internet-Security.pdf [Accessed April 16, 2013]. Sungard Higher Education, 2006. Viruses, Trojans and Worms…Oh My. Technology Leadership Presentation Series. [Online] Available at: http://www.delta.edu/PDFFiles/OIT/Viruses,%20Trojans%20and%20Worms.PDF [Accessed April 16, 2013]. Schaeffer-Filho, A. & et. al., 2011. Future and Emerging Threats to Network Operation: A Quantitative Research Analysis. Interim Report. Vrana, R., 2012. Making the Internet a Safer Place: Students' Perceptions about Internet Security Threats. Central European Conference on Information and Intelligent Systems, pp. 19-21. Wood, P. & et. al., 2012. Internet Security Threat Report. Symantec Corporation, Vol. 17, pp. 1-50. Read More