Digital security in the 21st century is now more important than ever before, there are many different types of security threats to the average person, business or even government. This is because everything we do on a daily basis can have a security risk, whether it be from online shopping or checking your email. If a user's computer has been hacked or has some spyware or malware and is being used for online shopping, then the attacker may be able to gain access to the user's sensitive data which can then be used for fraud or theft or sold on to a third party.
Shopping in a store with your debit or credit card can also be a risk as cards can be cloned by staff and pin numbers stolen using a device that looks the same as the card machine but has been designed or modified to remember pin codes and clone debit or credit card information. Stolen laptops and mobile phones can have sensitive personal information on them, even losing your universal serial bus storage device or USB pen drive as they are know as for short, which can contain all sorts of information because people, businesses and governments all use these devises to move or store data. And if the data is not encrypted then there is always the chance that someone can gain access to it.
Security is the main issue when it comes to a person's personal information whether it be from browsing the Internet to online banking there will always be people who want to steal information for an entire range of reasons (eg: phishing and fraud) !
Another thing to be wary of is the topic of Liberty; are security laws infringing on our basic human rights to privacy and our security by allowing corporations and even governments to spy on our Internet communications for what they call �anti-piracy� or "National Security" such as the PATRIOT Act in the United Sates of America, and this brings me to conclude, why should the rights of the many suffer because of the actions of a few.
And this is being debated everyday of every week by civil rights activists to our own government deciding what they can do and cannot do. Too much information available about anyone to anyone can be dangerous and this topic should be taken very seriously.
One major impact on privacy is the development of social networking sites and search engine providers that sell the user's information to third parties. The quote "Privacy is a fundamental human right. It underpins human dignity and other values such as freedom of association and freedom of speech. It has become one of the most important human rights of the modern age." by Marc Rotenberg, Protecting Human Dignity in the Digital Age (UNESCO 2000) 1. And I think that we are heading into a society that does not care about the fundamental human rights we have and how we attained them.
For example anti-utopian, dystopian novels of the 20th century, depicted societies where privacy was non existent and an intrusive, oppressive regime denied this fundamental human right as a matter of course. In Yevgeny Zamyatin's novel �We� 2 the population lived in buildings constructed of glass, which allowed everyone and anyone to snoop on anyone whom they wished. Opposition is impossible in a society where privacy is non-existent. George Orwell's 1984, �Big Brother� and tele-screens are frighteningly similar to todays move towards a 21st century society where the Government and corporations have full access to every bit of any citizen's digital life. 3
The 19th century black champion of civil rights, Frederick Douglass protested that any rights and liberties won by any people were awarded after contesting the power structures of society. He said in 1857 that �Power concedes nothing without a demand, it never did and it never will. Find out just what any people will quietly submit to, and you have found out the exact measure of injustice and wrong that will be imposed upon them.� 4
Frederick Douglass, speaking on the emancipation of the West Indies, 1857
�Men may not get all they pay for in this world, but they must certainly pay for all they get.� 4 also has meaning to that you can use a search engine for free and also a social networking site, but be careful of your information as it may be sold on to third parties.
In the book; The Art of Deception: Controlling the Human Element of Security 5, the authors Kevin D. Mitnick & William L. Simon na�vely blame the Human individual as the weakest link, the individual is relegated to a position below the security system in question. Page 3, titled in big black letters �Security's Weakest Link� states �...the human factor is truly security's weakest link.�
In the Computer Security Handbook, John Wiley & Sons (2002) 6 which some of the top security specialists in the world have contributed to. Donn B. Parker, a retired (1997) senior management consultant at RedSiren Technologies in Menlo Park, Ca, who has specialised in information security for 35 of his 50 years in the computer field and who Information Security Magazine has identified as one of the five top Infosecurity Pioneers (1998) writes in �5.1.3 Functions of Information Security Computer Security Handbook� that the complete opposite to the previous paragraph is true, that the three function security model; (prevention, detection, and recovery) are completely insufficient and that an 11 function model is needed to eliminate or mitigate the security risks in question, which include avoidance, deterrence, detection, prevention, mitigation, transference, investigation, sanctions & rewards, recovery, correction, & finally; education 6.
It is easy to jump to conclusions and intuitively blame the people whom personify �hackers� or adversaries to computer security professionals, but history shows us that nothing should be taken for granted concerning security. No system will be inherently perfect, and new technologies are continually being created and updated, and most will likely become more secure as time goes on. Human nature on the other hand is a constant and no man or woman should ever denigrate humanity to a role below that of a firewall, for any reason. If a computer security system is vulnerable, patch the system or come up with innovative methods to secure it from outside access, improve on the imperfect and take comfort knowing that you have executed your job successfully, thus without sacrificing your morality.
Types of attack
Once a malicious program has been installed on a person, business or governments body's computer, it can cause harm in many different ways. And the most typical mechanisms for attacks by hackers is:
Gaining user access and pretending to be a legitimate user. This can be very bad if a hacker gains access to any information as the user might not realise in time for it to be stopped being used eg. bank account or credit card information being stolen.
Stealing or copying secret or confidential data for corporate espionage or to commit extortion or fraud.
Destroying files or company data to affect the running of a business or government body or to cover up fraud.
Attacking a company�s network through Denial of Service attack (DoS) or Distributed Denial of Service attack (DDoS) to stop the company from trading.
Risks to an Organisation:
Security vulnerabilites coming from within an organisation are on the increase in today's businesses and are increasingly the operational risks of any business in today's world, and in a time of recession this is not good because it brings the running costs of the business up and costs to the average person may go up also . There may be a loss of reputation in the regard to customers or partners and investors of a business. There may also be a risk to the business of interruption to the company due to the violation of local law and regulations requiring the protection of sensitive customer information if the attack works, some examples are:
Users i.e. hackers or persons who have gained access to the system by circumventing security.
Unauthorized access to any sensitive customer or company information.
How do people fail in the line of security?
Social Engineering & Manipulation: con-artists are being used to acquire confidential information by manipulating genuine users into telling them crucial information. �Social engineering uses influence and persuasion to deceive people by convincing them that the social engineer is someone he is not, or by manipulation. As a result, the social engineer is able to take advantage of people to obtain information with or without the use of technology.� 5
These con-artists rely and work on the fact that people are not aware the information they know is valuable and thus are careless about protecting it because they think it's irrelevant. These con-artists will search bins or skips or take advantage of people's tendency to choose passwords that are easy to remember and relevant to the user, such as date-of-birth or a pet's name. Such information may be found on social networking sites, online profiles, bills and letters from the trash. The name that is given to the method these con-artists employ is called �Social engineering� and it is a very real threat to any security system.
More internal threats may be: There could be a loss of data or data corruption, and backup failures which lead to business losses and this in turn may affect the clients and loss of money to a business.
There may also be misuse and theft of Call Records and information and also tele-communication center in which, internal users sometimes bypass the usage record from billing for some subscribers by deleting the call records from the database or by changing the program to overlook those subscribers.
Identity theft: There may be identity theft of a customer�s valuable information such as credit card information, address and date of birth or in a business�s sense, ID cards, Access codes .
Identity theft and fraud are terms used to refer to all types of crime in which a person or organisation wrongfully obtains and uses another person�s personal data in some way that involves fraud or deception, typically for economic gain eg. giving the business an upper-hand.
Information used in biometrics (face image, palm print, hand geometry,handwriting, fingerprint,voice recognition, iris/retina scan ) are each unique to every person and cannot be given to someone else for their use but can be faked, well some of them. However, personal data, especially a bank account or credit card number, telephone calling card number, and other valuable identity information can be used by the wrong people for malicious purposes and sold to third parties at the cost to the average user.
The not so innocent:
Browsing the Web and using e-mails can seem a normal exercise in layman terms but may seem na�ve to the advanced users whom understand the security risks. For the average user however, all their activities can upset normal business activity. There are viruses (e.g. Worms/trojans/malware/spyware or Choke viruses) that are design and aimed at Instant Messaging systems that people use such as a social networking site and windows live messenger (MSN), the users may use these softwares or websites to talk to their friends online or send information from and each pose their own unique security threats. Anti-virus softwares and other tools may not detect malicious code opening through the font-system 7 or Instant Messaging or other daemon or service, so infected files can seep into the desktop and then into the network. Also, listening to music leads to a threat from passive viruses.
Sometimes, when a company�s log book or notebook is lost, some important information may be at risk such as id names and Unique Identifier numbers.
Outside threats to an organisation:
External threats are mixed threats that combine many different ways such as worms, virus's, spam and distributed denial of service (DDOS). Every day, hundreds of new ways are discovered to attack software and security breaches by intruders, hackers and security professionals. There are more than 30,000 hacking-oriented Web sites on the web now so it no longer needs a �guru� to hack a site, just someone with time and patience.
How to keep your computer safe with Virus Counter Measures.
Regular Updating of a users Anti-Virus and Anti Spyware Software: This is to protect the user against viruses and malware/spyware and this is why antivirus software should be installed.
Strange icons appear on the task bar.
Attempts are made to access the Internet without any operation.
Emails are sent without the user�s consent.
Scan intuitively to make sure there is no virus or spyware on a users PC.
All a users data should be backed up in case of emergency:
Data corrupted by viruses cannot be restored by using anti-virus software. Make it a habit to back up data on a regular basis so you can restore the system from any damage caused by a virus infection or corruption. In addition, keep in a safe place the original CD-ROMs of application software or a portable hardrive (HDD) that is not connected to the main computer. This will reduce the risk of your backup becoming corrupt as well. Should the contents of the HDD be damaged, you can restore them using the CD-ROMs or your portable HDD and software such as Norton Ghost.
