Cybersecurity Issues - the Silent Attack on Organizations and Consumers - Essay Example

Cybersecurity Issues: The Silent Attack on Organizations and Consumers Cybersecurity Issues: The Silent Attack on Organizations and Consumers Cybersecurity relates to the collection of tools, concepts and safeguards of security, policies and guidelines approaches essential in managing risks, best practices and the right actions together with technologies among others for use in protecting the cyber environment as well as the assets of organizations and users. The assets of organizations and users comprise of connected computer devices, service, and systems of telecommunications as well total information that is either transmitted or stored in the cyber environment. As a result of a variety of security risks, cybersecurity tries to ensure the attainment as well as maintenance of overall security properties for both the organization and the users. The objectives of cybersecurity comprise of availability, integrity and confidentiality. The increased technological development and usage across various institutes, major businesses and small-businesses calls for the need of enhancing cybersecurity (Trim and Upton, 2013). The higher the intake of technological developments, the higher the risks of cybersecurity that impact not only the economic sector, but also the security sector among others. Although major organizations and government institutes serve as the major target for cyber crimes, small organizations may also fall victim for such risks. The effect is even larger for the small organizations and individuals that they may fail to recover from the loss incurred. With the trend indicating the direction of organizations towards the internet world, the current concern is whether organizations need to pay for cybersecurity now or in the future. Whether the payment is made now r later, it is apparent that there exists a variety of long-term challenges associated with the future of cybersecurity. Governments and organizations therefore need to ensure that the right test and continuous trials on any possible leakage that may expose the systems to cyber attacks are upheld throughout. After the September 11 terrorist attack in the U.S, the federal government through all the law enforcement agents ensured a review of security measures across the nation. The measures mostly focused on possible threats in areas considered high risk targets for terrorists. Other than the physical locations, significant attention has of late been accorded to computer as well as telecommunication systems as a result of possible network security vulnerability (The National Academies, 2015). The need to focus on cybersecurity is attributed to the fact that much of modern life relies significantly on the use of computers as well as computer networks. The computers and networks prove critical in important functions that include management and operation of nuclear power plants, financial infrastructure, controlling the air traffic systems and power grid among others. Computers also prove essential in the management of day-to-day operations of governments and organizations. Management of payrolls, tracking of sales and investment and conducting of research and development serve as the major uses of computers across both large and small organizations. It is therefore indicative that majority of individuals and the life of organizations and governments largely depend on the effectiveness of computers and networks. Although the most reported cases of cyber attacks relates only to thefts of money and information, it is not indicative that other threats may not result. That serves as an indication that malicious individuals may focus on means of compromising the systems and cause great harm if accurate security measures are not enhanced. The goal of cybersecurity therefore should solely focus on an attempt to build computer systems that remain secure and trustworthy. Cybersecurity therefore encompasses protection of computer systems against unwanted disclosure, data modification or destruction as well as safeguarding of the systems themselves. System trustworthy will result where systems possess security, safety as well as reliability that as a result will inspire confidence among users and organizations that a system will meet the required expectations. Al users of computers both individuals and governments may describe their requirements for security as well as trust in systems in three primary requirements. The first consideration is confidentiality that ensures control of individuals that access information. Integrity on the other hand aims at ensuring that the changing of both information and programs occurs at specified and a manner that is authorized. The last requirement relates to availability that ensures that authorized users continuously access information and resources. Various applications may emphasize the three requirements differently depending on the form and nature of activities within an organization. Applications connected to external systems will call for different requirements while compared to those applications without external connections (The National Academies, 2015). To ensure that the need for information security is enhanced, a security policy is maintained in every organization detailing the respective security measures. a useful security policy ensures not only the security needed, but also include the range of circumstances of meeting that need together with operating associated standards of meeting that need. For a threat to materialize the attacker requires to establish one or multiple vulnerabilities that leads to success of the attacker, the security specialist is tasked with ensuring that countermeasures for all vulnerabilities are developed. Waiting for a successful attack to materialize may lead to significant damage that indicates the need for countermeasure based on speculation. It is however important to note that the constant evolvement of the nature of security risks serves as the most problematic element in cybersecurity. To counter that challenge, organizations need to prepare for the worst and allocate adequate resources to enhance dealing in cybersecurity risks that possess significant impacts (Vacca, 2013). In assessing the impacts of cybersecurity risks, it is important to evaluate a variety of factors that result from cybercrime that relies significantly on four major components. The first category is nuisance hacking where an organization undergoes little material impact when it occurs. For example, hackers may deface an organization’s website. Such a risk disrupts company operations despite the effect remaining minimal (Infosec, 2013). The impact to the company of government institute may lead to destruction of reputation through hackers’ activities once they get access to the website of an organization. In the current society where customers and the civilians are very sensitive of any actions from organization, it is crucial to protect the reputation of a business through controlling the possibility of such occurrences. The second risk however is more serious and consequently wide spread with the hackers focusing on financial gains as an organization or individuals lose their finances to criminals. With migration of businesses to the digital world, criminals equally have ensured adhering to the same migration. Criminals currently fall in sophisticate ecosystems with maturity of their activities functioning more like a business. The sophistication is evidenced through management structure, off-shoring as well as quality control among others. The form of hacking is currently beyond accessing customer information on credit cards or passwords. For example, criminals may target getting access to an organization’s financial function with an aim of obtaining the earnings report before it gets to the public. Such a prior knowledge may benefit the hackers through dumping or even acquiring stock. The other type of risk is new relating to advanced persistent threat that focuses on stealing intellectual property that is mostly associated with state-sponsored espionage. The impact is serious and a growing with its motive going beyond the financial gain. Although the threat on intellectual property may sound as a loss to individuals, there is more to it that touches significantly on the security of a nation. In a situation where the cybersecurity risks impacts the security of a nation, it is an indication that everyone and everything within a nation is affected (In Felici et al., 2013). The trend of such treats occurs in areas such as defense contractors upon announcing plans f acquiring another company with criminals go after the potential company of acquisition. The aim of the perpetrators is to install malicious software on the targets of the acquisitions to ensure that they will access the systems of the parent company once acquisition is complete. The process may take a long duration of time that may take even one to two years and thus proving difficult to establish. Other than the defense industries, other industries among them the financial services as well as technology industries also fall at the risk for advanced persistent threats. The criminals may infuriate a financial institution or service provider to ensure they access the company’s customer’s system. Once the customer’s system is at the disposal of criminals, the customers stand to lose their financial resources and any intellectual property available in the systems (PWC, 2012). The last form of risk is on the rise and relates to ‘hacktivism’ where hackers aim at changing or creating a public perception regarding a brand. For example, the perpetrators may obtain sensitive organization regarding an organization and disclose it to members of the public. With the business environment characterized by cut-throat competition with competitors focusing on any possible means to throw their competitors out of market, the threat is growing. The same is evidenced among governments with ‘Wiki-Leaks’ serving as a significant example. The impact mostly is felt through destruction of the image of the organization in the eyes of the public. Considering the four major cybersecurity risks, it is therefore evident that the impacts of the risks possess significant impacts for governments, organizations and individuals. To counter the threats, organizations and governments need to ensure that put in place effective cybersecurity measures and teams that work on forecasting the possible threats and counter measures as opposed to providing solutions to problems once they strike (PWC, 2012). As the technological changes and dynamics keep affecting the manner of operation in every sector including the criminal field, implementation and payment of cybersecurity in a later date or currently proves a crucial concept. It is important to note that payment comprises of a variety of aspects that an organization needs to consider with every aspect under consideration costing organizations resources. To fully understand the necessity of paying now for cybersecurity as opposed to a later date, it is important to examine the cost incurred during the fall of South Carolina Revenue database. Despite media reports on cyber attacks focusing on corporations as well as high-profile federal agencies, it is evident that hackers prey on small institutions as well as state governments with the hacking in South Carolina serving as a specific example. The scandal resulted to stealing of almost 3.6 million social security numbers as well as almost a total of four hundred thousand customer credit card numbers with the effects touching on more than three quarters of the 4.6 million residents found in South Carolina. Currently, the state has incurred $20 million to ensure effective monitoring of credit, consultants as well as security upgrades (Kirsch, C. (2013). The experience of South Carolina proves as significant reminder of the criticality of ensuring cyber security. Investigations suggests that from all the state chief officers within the state of Carolina, almost a quarter believed that their networks possessed full protection from external cyber threats during a survey conducted in 2012. Following the incident, the following year in 2013 saw South Carolina and other sixteen states introduce legislation essential in beefing up computer security within their states. In South Carolina, the measure aimed at overhauling the system that existed and providing a new division of information security while also ensuring that a Division of Information Security is put in place to oversee the standards of the state. The bills in other states equally focus on essential measures of ensuring evaluation of cyber security systems as well as vulnerabilities. The proposals ensure adequate address on the best practices to report as well as handle security breaches resulting from cyber crimes. Other than implementation of laws and procedures to effectively govern the concept of cybersecurity and establishment of possible vulnerabilities, various states are equally considering staff training as a critical area. The consideration results from the fact that the breaching of South Carolina database in the revenue department resulted through the action of a single state employee that was unaware of the potential risk of his actions. The employee clicked on an embedded link contained in an email and as a result allowed malware to access his username as well as password (Kirsch, 2013). Upon receiving the crucial information, the perpetrator went ahead to steal data in the whole database. The lack of knowledge relating to spotting as well as avoiding suspicious cyber activities among employees therefore prove an area of target that hackers may utilize to get access to organizations crucial data. States embarking on training programs for their employees consider it necessary to equip employees with the right knowledge that will help them detect as well as avoid any suspicious cyber activity that they encounter. The trends indicate that cybersecurity proves expensive among states and organizations as to effectively ensure that it is fully achieved, significant costs are incurred. Consequently, cooperation of the highest level as well as sharing of information among different organization departments as well as states will prove essential. Hiring of information technology experts may prove additional costs for organizations but basing on the lesson from South Carolina, failure to posses enough cyber security proves more expensive than maintaining. Although South Carolina incurred significant costs in ensuring full implementation of cyber security, the loss incurred as a result of failure to implement adequate security proves much higher. Therefore, the issue of payment for cybersecurity among companies is a current issue as opposed to making later payments (Marciano, 2014). As evidenced, reaction once the attackers strike is costly as it calls for implementation with the loss already sustained. With the changing dynamics and increased technological developments, it is important to focus on long-term challenges as well as future of cybersecurity. A long-term cyber attack proves more like war of attrition considering that cyber space comprises of significant fields that interrelates with each other with their level of interrelationship tending to improve with time as a result of the internet of things. The composition of cyber space includes national defense, infrastructure that is very critical, communication and transportation, business and personal live as well as industries among others. Considering that there will exist inter-connection between different fields and industries across the world, making cybersecurity absolute is unrealistic (Kimberly, 2015). The long-term challenges and future of cybersecurity is evidenced in a variety of issues that experts dealing with cybersecurity will focus on addressing in the future. The first concept relates to internet of things that will continue to expand cyber attack surface in the long-run. Current threats mostly occur in two dimensions of behind the firewall as well as beyond, however, the internet of things makes the risk spread to a third dimension. With the inclusion of employees as potential risks through exposing organization operations, cybersecurity measures in the future will therefore aim at broadening defenses that will include possibility of embedded devices that will become part of the ecosystem (Probst, 2010). The next aspect that serves as a long-term challenge relates to failure to possess proactive defense mechanisms. Cyber threats that hit organizations currently occur despite organizations thinking that they are adequately prepared. As organizations will focus on measures to ensure that they head a step further and above the criminals, criminals will equally up their games to ensure that they still get culprits. It therefore serves as an indication that the future holds a battle between organizations and criminals as each tries to get better of the other. Cybersecurity measures will result to preventive mechanisms as well as engaging in real-time intelligence as well as threat assessments to capture pre-emerging threats (Probst, 2010). The last possible long-term challenge relates to compliance where organizations will fall victims of cyber attacks due to failure of adequate investment to handle the threats. The challenge will mostly hit small organizations and private institutes that possess inadequate resources to fully invest on the required measures to protect cyber attacks. To fully deal with the challenge of cyber attacks, preparedness is essential with the right systems needed to ensure the achievement of that goal. Huge organizations and government institutes will take advantage of the resources at their disposal and ensure that the right team and systems are put in place to curtail cyber attacks. Once the criminals fail to hit on these large organizations, the interest will shift to small organizations and individuals relying on the internet for transactions. Since small organizations will fail to employ adequate cybersecurity measures, they remain the major victims of cyber crimes in the future. References In Felici, M., & Trust in the Digital World and Cyber Security and Privacy EU Form. (2013). Cyber security and privacy: Trust in the digital world and cyber security and privacy EU Forum 2013, Brussels, Belgium, April 2013, Revised selected papers. Infosec. (2013, September 4). 2013 - The Impact of Cybercrime - InfoSec Institute. Retrieved from http://resources.infosecinstitute.com/2013-impact-cybercrime/ Kimberly, W. (2015, April 20). The Future of Cyber Security: IoT Creates Entirely New Set of Risks and Organizations Embrace “Active Defense” | Booz Allen Hamilton. Retrieved from http://www.boozallen.com/media-center/press-releases/2015/04/the-future-of-cyber-security--iot-creates-entirely-new-set-of-ri Kirsch, C. (2013, July). Cyber Security: Pay Now or Pay Later | Cassandra Kirsch - Academia.edu. Retrieved from http://www.academia.edu/4722035/Cyber_Security_Pay_Now_or_Pay_Later Marciano, C. (2014, September 23). Pay Now or Pay Later? Cyber Risk Tips for Company Boards of Directors. Retrieved from http://databreachinsurancequote.com/cyber-insurance/pay-now-or-pay-later-cyber-risk-tips-for-company-boards-of-directors/ Probst, C. W. (2010). Insider threats in cyber security. New York: Springer. PWC. (2012). View: issue 15: Cybersecurity: The new business priority. Retrieved from http://www.pwc.com/us/en/view/issue-15/cybersecurity-business-priority.jhtml The National Academies. (2015). Cybersecurity Today and Tomorrow: Pay Now or Pay Later. Retrieved from http://www.nap.edu/openbook.php?record_id=10274&page=21 Trim, P. R., & Upton, D. (2013). Cyber security culture: Counteracting cyber threats through organizational learning and training. Farnham: Gower. Vacca, J. R. (2013). Cyber security and IT infrastructure protection. Amsterdam: Syngress. Read More