INTRODUCTION: Challenges of Cyber Security
Today due to increase in connectivity & demand for the exchange of data/ information’s between individuals, society & organisation in a rapid and time efficient manner has made us dependent on the continuous use of the cyber space, which in one hand has made us to use our resources in an efficient manner but on the same hand has made our resources/data more prone to the cyber attack & thus where the requirement of the cyber security creeps into the present era.
The aim of this paper is to throw light on the importance of cyber security in our digitized and interconnected world, to lay emphasis on our requirement of security & to induce awareness against emerging threats and risks, which if overlooked would have a worse impact not only on the individuals, society, organisations but also on the national security, economic and social well-being of a state.
Section 1: THE HYPER CONNECTED WORLD
Challenges in cyber security to Over 2 billion people are connected to internet for their needs like education, medical, communication, transportation, finance which is growing fast with evolving growth in information and communication technologies. This hyper connectivity has lead the way for the easement of the various transaction either financial or non-financial at the one click of the users and now days, with due to e-commerce and other banking facilities, we have also linked our inherit resources like our financial, confidential information to the cyber world. But on the same side we should also take in account the risks/threats coming with this connectivity in the form of Cyber attacks this type of Challenges of Cyber Security.
A statistical analysis of the last few years survey has shown that there has been an increase in the cyber attacks & there increasing the cost of saving our data/resources from these attacks:
Various computer damage related Reports, 1997-2003
TYPES OF CYBER CRIME
What Do Cyber Criminals Target?
- Bulk business data.
- Sensitive and private cooperate information.
IMPACT OF CYBER CRIME
There are five types of threats (as depicted in figure) which may depend on each other with targeted action to harm system. These threats adding up with cyber vulnerabilities, occurred due to accidentally or poor practices such as insecure data transmission due to which employees may lose their stored data causes damages to assets and reputation. On the same hand there are three approaches in response to these threats in which traditional approach use rules and regulations, community approach is based on information sharing and third category follows a systemic approach which includes a new model for insuring organizations against breaches of their resources and assets. .
Section 2: CYBER SECURITY
Thus, it is clear from the above section that today’s world of hyper connectivity includes communication not only between people to people but also between people & machines, making everything from business to human infrastructure highly dependent on cyber network. The data on these networks is highly sophisticated/confidential and need to be secured to maintain social and economic gains of an individual as well as of the society as a whole, for example cyber attack on a system controlling electricity or water supply has serious impact on country’s national security, public health and other living problems thus here comes the requirement of individuals and organizations to deeply think about their cyber security & best 10 top products for security in I.T.
Cyber Security is mainly related to protection of computer system, software program, and data against unauthorized access, modification, or destruction, whether accidental or intentional which can come from any private, public or internal network.
Cyber security demands following challenges of cyber security to be resolved to make a threat and risk free environment –
- To make cyber space resilient-It requires to build a system that can withstand cyber threats and can cope up with its failure by employing recovery measures.
- To make cyber space more innovative- by seeing the internet growth in present era we can say in coming years the interoperability of internet is going to increase manifold requiring more robust and highly efficient system.
- Ensuring public health and safety- today our system greatly contribute towards human infrastructure building systems like water, transport, medical, chemicals .Thus we need a secure network to ensure safety and calls emergency services as when required.
Building cyber security framework mainly demands to have secure information sharing between various sectors (as briefed here in below) & it’s challenge also to ensure data security of individuals, organisations as well as of nation.
- Private sectors – Sharing information can be helpful for companies attempting to gauge whether they are accepting similar or generally acceptable levels of risk compared with their peers
- Public – Private Partnership- Public-private partnerships in information sharing enable organizations to avoid the duplication of effort and fill potential gaps in information security capabilities.
- Public sectors – Government can serve as a convener to bring different parties together as well as facilitate and coordinate actions among stakeholders to share information that is as sensitive and actionable as what it expects to receive from private sector participants.
Approaches to achieve cyber security
- Preventive approach allows organization to know about its risks, threats and formulate measures to prevent them.
- Real-time information sharing refers to ongoing threats and requires an emergency alert plan to gain access over them.
- Post Event approach relates to sharing cyber incident information’s which are no longer active. It enables an organization to take advantage of lessons learned from other organizations and integrate these in its cyber risk management programme.
Section 3: ECONOMIC IMPACT
[Referred Fiscal Times] reported 2011 as most expensive cyber crime year
Today the cost of global cyber crime nearly approaches to approx $114 billion annually, which is significantly more than annual global market for cocaine, heroin, and marijuana combined. Some recent damages/losses due to cybercrime
- Sony has estimated a loss $170 Million after hackers attacked the company’s play station network.
- Hackers attacked on City Bank in May 2011, accessing the data of roughly 360,000 bankcard holders.
- Estimated economic cost of cybercrime to UK
Impact on the society as a whole
- Annual costs to business of customer data loss through cyber crime:
Estimated Cost (Per annum)
£3.9m – £4.3m
- The Commerce Department of America estimates that due cyber espionage, they have lost around 27.1 million American jobs in 2010 comprises of 18.8 percent of all employment.
- Over 98 percent of Chinese business websites had implemented standard protective measures against security threats in 2011, up from 92.25 percent in 2010 and 78.61 percent in 2009, thus thereby increasing the cost of the cyber security.
Section 4: NETWORK SECURITY
Adding security into the LAN requires considering and implementing three key attributes of secure networking:
- Access control – knowing who is on the network (authentication), what resources they are authorized to use, and applying these access controls to their traffic
- Integrity – guaranteeing that the network itself is available as a business-critical resource and those threats can be identified and mitigated.
- Privacy – ensuring that traffic on the network is not accessible to unauthorized users.
In order to have a secure network one should follow certain strategies–
- All network users must be authenticated and should use digital signature for reliable data fetching and individual interference / reliability.
- Use firewalls between internal network and rest of the internet to filter out unwanted packets.
- Use of cryptography-the art of transforming messages to make them secure and immune to attacks.
- Use virtual private network to share information between within (private) and outside (global) organization.
Section 5: RECENT EXAMPLES OF CYBER THREATS
[Referred from internet News]
- Stuxnet worm (July 2010) – The Stuxnet worm (a complex computer code) was used in the first cyber attack specifically targeting industrial control systems. This attack seemed to be directed at Iran, and its nuclear programmed.
- Operation Aurora – (December 2009) Google detected a highly sophisticated and targeted attack on its corporate infrastructure originating from China. The attack was found to have installed malware via email on computers in another 30 companies and Government Agencies.
- Large scale fraud (2009/10) – An Essex-based gang, linked to Eastern Europe, was prosecuted for an on-line fraud making £2 million a month by stealing log-in details from 600 UK bank accounts and tricking users into providing additional information.
- Conficker (2008)-A botnet6 on an unprecedented scale has been operating since November 2008 affecting millions of computers worldwide using the Windows operating system.
STEPS TOWARDS CYBER SECURITY
[Referred from various internet sources]
- DRDO in Hyderabad has multidisciplinary team committed to solving the information security challenges facing our nation
- October 2012 marks the ninth annual National Cyber Security Awareness Month.
- The International Multilateral Partnership against Cyber Threats (IMPACT) is the world’s largest United Nations – backed cyber security alliance.
- The Cyber Intelligence Sharing and Protection Act (CISPA) of 2011 is a proposed United States federal law that would allow for the sharing of Web data between the government and technology companies.
- The Cyber security Enhancement Act of 2009 is United States legislation intended to improve cyber security within the federal government and throughout the public and private sectors.
Section 6: CONCLUSION
Although, the internet offers many benefits and has expedite our day to day transactions but there are also certain security challenges associated with its use. Our more and more dependency on use of the internet and linkage of our sensitive data with it, has created new opportunities for cyber criminals to access to our personal and confidential information thus creating a threat to our economic, social and financial framework.
Thus, to keep our hyper connected world function threat free and risk free we need to implant a better and more secure cyber security systems to keep our data safe from those who wish to access them illegally. The few of the suggestions for better cyber secure system are as follows –
- Implementation of more advance risk management programmes to have secure information sharing between different cooperate sectors.
- Exploring the use of cyber risk insurance to limit liability and through pricing, encourage risk reduction.
- Use of firewalls to restrict users from opening proxy sites which can bring with them various viruses.
- Awareness between internet users about bogs emails and attractive sites whose clicking may infect your system.
- Introduction of network Intrusion Detection/prevention Systems throughout the cooperate network helps in detecting malicious activities.
- Testing and updating of the plans on a regular basis.
Author by : Sonam Singhal