Beruflich Dokumente
Kultur Dokumente
1. Introduction
The Information technology (IT) revolution has made it easier to communicate and
disseminate information over long distances and in real time. IT has entered into major
realms of a persons life like education, occupation, commerce and entertainment. The
speed, convenience and efficiency associated with IT have made it the lifeline of most
organizations, government agencies, professionals and individuals. Whether you take a look
at banking and finance, energy, health care, utility services and communication, IT has
revolutionized every sphere of business activity and service delivery. The services sector, in
particular has been one of the major beneficiaries of the IT revolution. Banks now offer
multiple channels for interacting with their clients such as branch, Internet, mobile, phone and
teller machines which make financial products more attractive, and banking more convenient
for customers. In this case, banking industry customers are networked to their bank in one
way or another.
Information Technology and its significance in the business world have become
ubiquitous. Todays business environment is comprised of service industries that are
completely dependent on their IT infrastructure. For example, the air traffic control
industry is critical to the normal functioning of airlines so any disruption in their traffic
control systems can cause errors that could result in accidents and could even lead to
loss of life. Conversely, a power breakdown resulting from a disruption in a companys IT
infrastructure could bring all operational activities to a standstill.
The explosive growth and dependence on Information Technology has also provided a
veritable breeding ground for cyber crime. Information Technology has made it easier for
unscrupulous entities to deceive, steal and harm others through cyberspace. The ease
with which these cybercrimes can be committed has raised concerns regarding
information confidentiality, integrity and availability. Therefore, the importance of cyber
security cannot be overstated. Cyber security involves protection of the data on all
computers and systems that interact with the Internet. It is possible to achieve this level
of protection by ensuring proper authentication and maintaining confidentiality, integrity
and access controls. In addition, non-repudiation of data is a crucial element of cyber
security.
2. Vulnerabilities
The evolution of Cybercrime is evident when one examines how technologically advanced
the scope and nature of common attacks have become. Cybercriminals have a more
sophisticated modus operandi and purpose. Information can be stolen through social
engineering techniques like phishing, or via direct attacks, installing malware through
browser tools, ad-links, and key loggers among others. Cybercrime is steadily evolving into a
well-organized but still very illegal business activity. In spite of these advances, adherence to
a standard of IT Security fundamentals can facilitate appropriate handling of cyber threats.
i. Weak passwords
The most fundamental, but often overlooked premise of cyber security is strong
passwords. Many users still use insecure passwords.
Some of the insecure password practices include
a) Using all letters of same case,
b) Sequential numbers or letters,
c) Only numerals,
d) Less than eight-characters,
e) Predictable characters (such as name, date of birth, phone number)
f) Common passwords for different online accounts.
Now, the question is, What makes users use predictable passwords irrespective
of perceived threats? Consider the number of accounts that require a user to
login, throughout a users daily routine. Social networking sites, bank websites,
official web applications, databases and email ids.
Some of the reasons for using predictable and insecure passwords include:
a) Easy to remember
b) Lack of uniformity in password policy across websites.
A strong password must be a combination of letters, numerals and special
characters and must not be less than eight characters long. A password should
not be predictable. Users must employ different passwords for each of their
individual online accounts.
ii. Phished
Do you respond to e-mails asking for account information? If your answer is,
Yes. then you are more likely [than not], to be a victim of a phishing scam.
Phishing is a common method of identity theft that utilizes fake e-mails which are
sent to customers to acquire sensitive user information.
Example:
Mr. XYZ has a savings account with Target bank. Last weekend, Mr. XYZ
received an e-mail from customersecurity@targetbank.co.uk with a subject line,
Update your Target bank online access.
The e-mail stated that the bank had recently upgraded its services and requested
that the recipient fill out a Customer Update Form on the link
http://www.targetbank.com.
Since Mr. XYZ assumed that the email came from his own bank, he clicked on the
provided link. The link took him to a website which appeared to be identical to
Target banks website. Mr. XYZ filled out the web form containing personal
information as well as authentication details, which the Customer Update Form
required.
A day later, when he logged on to his online account at
https://www.targetbank.com, he was shocked to find that all the funds in his
account had been drained.
Mr. XYZ was the victim of a simple phishing scam. Lets review some basic details
that Mr. XYZ missed in the email. First, the mail did not address him by his name;
instead, it used Dear Customer. Second, the email id ended with co.uk, while
ideally it should have ended with .com. Third, the link, http://targetbank.com
lead to a fake site www.malicious.ie/userdetails.asp. Finaly, banks usually do not
ask customers to reveal access details through email.
This is the type of example that can be shared with an employee while training
them not to respond to or click on links provided in a suspicious e-mail.
1
Adiskimageisacompletesectorbysectorcopyofthedeviceandreplicatesitsstructureandcontents
A Web browser is the gateway to the Internet and is one of the most widely
utilized applications. Web browsers are embedded with scripts, applets, plugins
and Active X controls. However, these features can be used by hackers to infect
unprotected computers with a virus or malicious code. For example, web browsers
allow plugins like a flash viewer to extend functionality. Hackers may create
malicious flash video clips and embed them in web pages. Vulnerabilities in a
web browser can compromise the security of a system and its information. To
control security threats, a user may:
c. Keep Web browser security level at medium for trusted sites and high for
restricted sites
e. Avoid downloading free games and applications as they may have in-built
spyware and malware
Cyber threats that originate as the result of web browser vulnerabilities, can be
controlled by using the latest versions of the web browser software, or by installing
updates and configuring settings to disable applets, scripts, plugins and Active X
controls.
If your answer is, Yes. then you are more likely [than not], to be vulnerable to
cyber-attacks.
The ease of availability and often low cost of pirated software can entice users to
install pirated software on their computers. However, pirated software may not
have the same configuration strength that is available with genuine software. The
threat to individuals and companies from the risk of privacy, identity or data
protection breaches and the exposure of financial implications in the cyber space
make the purchase of genuine software, a must.
Pirated software may be used to harvest Trojans and viruses in computer systems
and since the software is unsupported the user is deprived of technical support.
Another downside is that software updates are not available to those who have
installed pirated software. We purchase software for its functionality and pirated
software may lead to frequent interruptions and has even been documented to
cause damage to your hard disk. Users who purchase and install genuine software
products will benefit from technical support, product updates, un-interrupted
services and in the long run; cost savings.
the web. Some of the risks that one can expect from an unsecured network
include:
a. Unauthorized access to files and data
b. Attackers may capture website traffic, user id and passwords,
c. Attackers may inject a software to log user key strokes and steal
sensitive information
d. Unauthorized access to corporate network. (In the event that the
users network is connected to a corporate network.)
e. A users IP address could be compromised and unauthorized users
may use it for illegal transactions. (User network may be used to
launch spam and virus attacks on other users.)
Cyber threats are always on the horizon. New versions and updates of security
products are released on a regular basis with enhanced security features to guard
against latest threats. A user can make use of recommended practices to improve
defense against cyber-attacks. Users may also keep track of latest versions of
software to improve performance. Since some software developers only issue
updates for the latest versions of their software, a user that is using an older
version, may not benefit from the latest updates. One of the crucial ways to reduce
vulnerabilities is to regularly update the systems network security devices and
related software.
intercepted by other users sharing the same hot spot. (All users in the same
hot spot are sharing the same network.)
b. If a users wireless card is set to ad-hoc mode, other users can connect
directly.
c. If the access point does not use encryption technology like WEP, other users
with a Wi-Fi card could intercept and read the username, passwords, and any
other information transmitted by a user.
While using public access points it is safe to use secure websites protected by the
Secure Sockets Layer. Using infrastructure mode is safer than ad-hoc mode as it
uses access controls to connect to network. A Virtual Private Network (VPN) is a
secure way for a user to connect with their company network. (VPN creates secure
access to private network over public connections.)
3. Conclusion
The proliferation of information technology has also presented the criminals with more attack
vectors. Consequently, cybercriminals make use of every possible vulnerability and
opportunity to exploit and launch attack. For example, web feeds designed for productive use
of users in meeting information requirements may be used by cybercriminals as attack
vectors. Cybercrime can be countered by proactive cyber security initiatives. Creating
awareness among users is crucial to limit threats in cyber space. Convergence of laws
related to cyber security across international boundaries could also assist in the appropriate
handling of cybercrime.