A Quick Look at Cyber Security: It’s Everyone’s Problem
Andy Doering, at Man Security explains why protecting your assets online is important, and explores security vulnerabilities we (probably) encounter every day.
Why is cyber security so important? Even the simplest applications:
Over the past two decades the advancements in the technological capabilities of humans has grown at an exponential rate. The rate at which we have developed and networked has grown so fast in fact that somewhere along the way we have faltered in our duties of educating the general computing populace. This trend is by and large what has contributed to our current posture in cyber security and cyber crime today.
2016 was really the year that brought the question of security in the digital realm to the forefront. Last year we saw Yahoo announce the largest attack in history with over 1 billion user accounts compromised. Other sites compromised include MySpace, Tumblr, and LinkedIn, in which account information of users is being monetized through spamming campaigns. Ransomware (malware that encrypts your files and demands you pay a sum (usually in bitcoin) in a specified time frame to have them unencrypted) came to full maturity in 2016, the most notable of these attacks were directed at U.S. Law Enforcement offices and healthcare organizations. The IoT Mirai botnet attacks against DNS provider Dyn knocked out access to the web for an entire region of the country, twice in one day. Finally, who could forget about the DNC hacks that shifted the tone of an entire election?
To paint a more illustrative, detailed picture, let’s take a look at some statistics from 2016 reports via IBM’s 2016 Cyber Security Intelligence Index, Symantec’s Internet Security Threat Report Index, and Ponemon Institute for Hewlett Packard Enterprise 2016 Cyber Security Trend Report:
- The 5 most targeted industries were manufacturing, Transportation, Financial Services, Healthcare, and Government.
- 420 Million pieces of new malware were discovered in one year
- On average one new zero day exploit was discovered per week, a 125% increase from the previous year. (Vulnerability that is unknown by the product vendor, and is exploited before it can be patched)
- Spear phishing campaigns targeting specific employees of companies increased 55%
- 100 Million fake technical support scams were identified
- 98: the average number of days it tool for a company to detect a breach
All this suffices to say that not only is the possibility for compromise more prevalent than ever before, it’s also happening in ways and on scales not ever seen before. We’re seeing the full on development of cyber attacks as a means for organized crime, as a large scale network infrastructure disruption, and as a macro scale political influence. This inevitability means that the most impactful, effective means of protecting form compromise begins with promoting a culture of awareness and best practices and imparting the ‘user’ with the techniques and habits that help maintain a safer computing environment.
How would a lack of cyber security negatively impact someone, is it possible to cite an example you’re familiar with?
A lack of security could impact someone in a myriad of ways, including data corruption or loss, extortion, identity theft, etc. Extrapolating this idea, taking an individual and putting them in a large scale network environment, poor security habits and practices could be catastrophic for a company and potentially as a more recent case, the entire country.
The very nature of cyber exploitation is based on trying to establish some initial type of access in a network and then from this initial avenue, establishing undetected persisted access and expanding throughout the network. This means that actors are looking for the weakest link in the chain to slip through. It would potentially only take one email containing a very legitimate looking link to result in unbeknownst initial downloading and infecting of a system which then facilitates a mass infection.
The advantage over an individual that a company would bring to the table ideally would be a host of professionals who would be involved in the clean-up and mitigation process should this occur. This fact only underscores the need for the individual to be their own best first defense in a proactive attempt to mitigate opportunities in the present day. This concept only becomes more instrumental as the size and sensitivity of a company’s network increases and complicates.
All information referenced where applicable from the following sources:
- Heidmal Security
- Bureau of Justice Statistics
- Symantec’s Internet Security Threat Report for 2016
- FBI Internet Crime Complaint Center Internet Crime Report
- IBM Cyber Security Intelligence Index 2016
- Ponemon Institute for Hewlett Packard Enterprise 2016 Cyber Security Trend Report
Browser Extension Links Mentioned