- Online Security
- Methods to Secure systems
Cybercrime is a reality that has hit the information networks in a world driven by computer and internet technology. Countries are suffering more economic losses from cyber-attack with the rapid growth of technology in the world. Without media coverage of another computer device being “hackled” for financial gain, causing disruption or simply proving it is possible, not a week seems to go by. Consequently, network security has become a major concern for many organizations in the world today. Networks are the organization’s center and contain critical resources that must be shielded from unauthorized access. High intensity of network attacks has pushed organizations to invest in more secure systems that can resist external attacks and limit access of organization resources. Cyber criminals, however, use a broad variety of tactics to target networks that involve the use of Trojan codes, fishing mails, and indirect attacks. Although various approaches to guarantee online security are available, there is evidence that cybercrime is still a challenge that information systems have to address.
A close analysis of the problem of cybercrime shows that the problem has become severe and needs immediate remedy. For instance, in the UK, the banking sector loses approximately £1 billion to cybercrime and customer trust is at stake in this sector (Barclays, 2013). The banking sector is a major contributor to the economy of the country contributing about 8% of the UK Gross Domestic Product, but now falls under great threat from cybercriminals. According to United States Department of Crime and Justice, (2013) about 5 million Americans are hacked every year and their identity information is used and at least $50 million dollars is lost to cyber-criminals. In China, Anderson reports that in China, over 700,000 web users fall victim of cybercrime every without their knowledge and over $874 million is lost to fraudsters. Despite the imperative efforts that have been engaged to tackle the problem, cybercrime continues to be a big problem in many countries. The 2013 cybercrime report presented by Sophos new cyber threats have brought new trends in online business. This report indicates that Blackhole is a new malware that has heightened the problem of cybercrime. Surprisingly, US host over 30% of the Blackhole sites while China hosts over 5% of these sites. These trends indicate that there is a need for stricter policies to curb cybercrime in the business market.
Hackers are people who exploit weaknesses within computer systems to acess the system. Research shows that hackers are experts who have knowledge and deep understanding of computer systems and networks and act on personal behalf or on behalf of others. One of the major motivation of hackers is access to information that may be confidential for an organization. In some cases, they target credit card information that can be used to withdraw money from the victims accounts. However, there is evidence that some hackers are in the process of testing their skills and their actions aim at posing challenge for their target companies. The classification of hackers places them under different categories depending on their skills and intentions of hacking. The white hat hacker breaks system security for non-malicious reasons, as part of their process to test their security expertise. On the other hand, the black hat is hacker who targets information for personal gain (Finklea, 2014). Another category of hackers are the elites who have high level of intelligence and may hack for self gain or for other non-malicious reasons.
Skills of Hackers
How Hackers Conduct Cybercrime
The cases of identity thefts show the extent to which hackers have threatened the network security. Finklea (2014) defined identity theft as the unauthorized use of personal credentials with the aim of stealing from them. Identity thieves get access to the personal details of banking customers and use this information to have access to their financial accounts. Most customers who use the online banking services are unaware of the risk of identity theft and most of them realize after they have already suffered financial loss. The perpetrators of cyber-theft have a wide knowledge and experience in the internet technology and often apply this technology to capture customer’s details such as names, account numbers, age, and other small details that may assist in executing their functions (Krebs, 2009). With the current development of internet technology, hackers are finding it easier to access information from insecure bank systems.
Technological development has pushed the level of cybercrime to higher levels giving attackers more advantage to capture personal information from bank customers. Attackers have advanced internet culture skills that enable them to develop fake online websites to capture personal information from the public. Shinder (2002, p. 102) points out that hackers have more than a hundred tools for password cracking to help them decrypt passwords that are encoded through the use of simple algorithms. Customers who use WEP security in their wireless internet access point and MD7 encryption algorithms while transmitting data are at the risk of supplying fraudsters with their bank credentials. Moreover, attackers introduce viruses and Trojans in online websites to make the process of acquiring personal information easier and undetectable. Considering the sophisticated technology used in hacking and cybernetics to acquire information from bank customers, it is important for customers to be aware of the need for effective security measures while conduct online bank transactions.
There are a number of strategies that are available for hackers to conduct cybercrime within a network. Phishing is one of common strategies that hacker use to penetrate organizational networks. To achieve Phishing, hacker sends unsolicited e-mails to the random people requesting them to enter their details. For instance, they may ask a person to enter their credit card details to purchase a product, which allows the hacker to acquire such details. Therefore, the hacker uses these details later to penetrate the network (McClure, Shah & Shah, 2002). Close to Phishing is Vishing, which refers to a process through which hackers use Voice over internet Protocol to acquire information from their target person. Often, Vishing and Phishing targets credit card information that may help in identity theft.
Another common form of cyber terrorism is the Denial of Service Attack that is used to deny a person or a company access to services that they are entitled to. This is accomplished by sending flooding the bandwidth of the victims to prevent them from accessing the services intend to. Another strategy involves filling an E-mail box with spam mails so that they cannot access other important services (McClure, Shah & Shah, 2002). Denial of service attacks are used to limit company’s performance by interrupting their normal service attack. A different attack is initiated by sending virus, worms, Trojan horse among other software to interrupt the networks. For instance, a Trojan horse will attack itself to software but will send information to the criminal. Therefore, the criminal will use this information to launch an attack at a later date. The increase in software design technologies has made this problem hard to solve. Since majority of cybercriminals are skilled people, they are able to make programs that go beyond the antivirus strength. Therefore, Antivirus programs are rendered useless in protecting the networks from such attacks.
Methods to Secure Systems
A wide range of network security technology has been adopted within the organization in an effort to protect organizational resources. Baca and Kisasondi (2006) points out to the use of passwords to secure physical networks and to limit access of information. For instance, within organizations, each individual is allocated with a unique password to help them login on computers that contain organization resources. However, this kind of security has been criticized for numerous weaknesses that it possesses. First, friends within the networks will share the password information even with their strangers who visit the organization. Consequently, it is impossible to control resource use within the network. In addition, technology development has provided hackers with the ability to crack these passwords easily, making it almost a useless technology. In instances where organizations use the internet, or wireless access points, it is possible for hackers to acquire passwords on transit and access the system network without physically appearing within the organization. In this regard, passwords have failed to guarantee network security and safety of organizational resources.
Other system security options have been applied over time to enhance the safety of resources within an organization. With the proliferation of the LAN/WAN technology and embrace of the OSI and TCP/IP network models in the 21st century more security has been demanded in organizations. Several security measures have been deployed to ensure that system resources are only available to the authorized users. For instance, the use of virtual LAN technology ensures that only authorized people access the network and that even authorized people access only those resources that concern their position in the organization. The virtual private network technology allows safe remote access resources through VPN client logins from remote locations (Mansell, 2008). Access control lists have also been applied to control information access within organizations. This intranet work security measures have their weaknesses as people share login credential and expose networks to malicious attack.
Previous research indicates that there is much more to worry in the world today after the cyber space has extended network access to the global scope. Mansell (2008) points out that the society today depends on the contingency plans to secure networks more effectively as the risk of network attack poses more disaster to the world than any other time in history. Online business services has grown in the 21st century as more organization employs push strategies to reach more customers. At the same time, the crime rate has increased as more people continue to lose information and cash from malicious attacks. Each day, as people key in their password or provide their network details online, there more people attempting to access this information for malicious motivations. From this point of view, it is true that more secure networks are required to ensure that vital resources remain within the control of their owners.
The biometric technology is an invention that was developed to seal the security gaps left by password and other forms of network securities. The advantage of the biometric system is that they rely on unique personal information that cannot be shared by human beings. Personal characteristics from human palms, voice, fingers, iris, and face are unique to every person and thus form the most unique way of authenticating a system user. Today, the biometric technology has become more common as people adopt it in the authentication within system hardware such as computers, in buildings, in the automation of machines, in transport facilities (Bicz, 2006). For instance, in the US, international visitors are required to present a machine readable visa provide biometric information as a strategy to target visiting criminals. The biometric system seems to provide a unique security feature that can guarantee high level security of network resources in the future.
Types of Biometrics (MISBiometrics, n.d.)
Rajendra and Chun (2009) provided information on the acceptability of biometric technology in network security. In a validated research, the team reported that over 77% security professional regard biometric tools as more efficient in network security than passwords. Only 7% of these professionals felt that biometrics would be hurtful to the security of networks. Fingerprint recognition systems were more common, followed by iris recognition systems and finally the signature readers received the minimum vote for its capability in driving security within networks. These findings indicate that biometric system is a favorite network security technology in many organizations. However, there is little adoption of this technology due to a number of challenges that come along within its implementation. One of the reasons why this technology has experience limited adoption is because the prices of biometric systems has remained high. Apart from this, the skills to handle the technology are limited as the equipment requires a wide understanding of advancing programming and coding technologies.
In the cloud computing era, information service management adopted the virtual private network (VPN) as a security measure. This was the time when the cloud computing symbol was used by service providers to mark a separation between the core network and the client side of the network. After the proliferation of the internet technology, the internet formed a common network where information could be shared and distributed within virtual computer systems. In 2000, companies such as the Amazon modernized their data centers and provided high capacity networks where information could be accessed by many clients in their online presence. Today, this technology has been adopted within the business systems to synchronize global business operations and form high security networks that can provide data to all clients in the world (Furht, and Armando 15). Cloud distributors have become popular as they adopt hardware Virtualization and utility computing that have become the drivers of the cloud computing technology. Evidently, the VPN networks used in cloud computing are secure due to their high level of security programming. Authentication and password programs helps to prevent any form of network infiltration.
The use cyber security policies within different countries has become an important aspect of reducing cybercrime within a country. China is one of the countries have develop cyber security policies as a response to increase in network attacks. National Network and Information Security Coordination Small Group (NNISCG) was started as mandated with the responsibility of constructing an effective cyber-security framework. One provision of the policy was that all organization be certified and use standard info-Sec standard software to ensure that the risk is minimized. At the same time, the e-government security system was established to monitor the security networks, generate reports, and identify potential threats. The ministry of Public security plays a key role in combating cybercrime by developing research labs to detect malicious software and security threats within the online networks. The department also has a branch to take care of data encryption systems for government and civilian networks. In addition, China has a civilian cyber-security program with most representatives being from the Chinese Academy of Engineering and the Chinese Academy of Science. In the US, The National Strategy to Secure Cyber Space (NSSC) was funded with $4.7 billion to conduct more research and develop long term cyber security solutions in America. Recently, the Obama government has launched the comprehensive national Cyber Security Initiative to ensure that the economic threats that have underpinned the economic crisis in America have been neutralized (Whitehouse, 2013). Under this policy, the government intends to create awareness programs that update threats and solutions and ensures that every computer user has access to this information. This shows the need for the government in countries to intervene in the war against cybercrime.
In conclusion, cyber terrorism is an issue that has become costly for the world within the modern times. The frequency and the economic impacts of the attacks are severe and demands immediate attention to the problem. The proliferation of the internet and software development technologies has seen innocent persons and companies suffer under the hand of expert cyber criminals. These malicious attackers have a wide range of strategies to hack networks and acquire information from personal computers. Fishing, vishing, use of malware are all available options that help them penetrate the networks. The public constantly report of losses, either of information or money. Available strategies to counter cybercrime have proven either ineffective or too expensive for companies. Successful methods such as VPN and use biometric systems require high level of skills and are expensive. The use of antivirus programs and passwords encryption have proven less ineffective as hackers know how to maneuver around them. The government in various countries engaged policies to counter cybercrime but this has yet to solve the problem. On this ground, the problem of cyber terrorism remains urgent and information service managers have to invest more skills in developing network security.
- Baca, M. and Kisasondi, T, 2006, Improving Computer Authentication system With
- Biometric Technologies. Retrieved from :< http://www.researchgate.net/publication /228975037_.pdf>
- Barclays, 2013, Preventing ID Theft: Protecting Your Identity. Available through: < http://www.barclays.co.uk/Helpsupport/PreventingIDtheft/P1242560035872>
- Bicz, W, 2006, Future of Biometrics. Retrieved from : <http://www.optel.pl /article/future%20of%20biometrics.pdf>
- European Commission, 2012, New Legal Framework: Identity Theft. Available through: < http://ec.europa.eu/dgs/home-affairs/e-library/documents/policies/organized-crime-and- human-trafficking/cybercrime/docs/final_report_identity_theft_11_december_2012_en.pdf>
- Finklea, K. 2014. Identity Theft: Trends and Issues. Congressional Research Service. Available from: < http://www.fas.org/sgp/crs/misc/R40599.pdf >
- Furht, Borivoje, and Armando Escalante. Handbook of Cloud Computing. New York: Springer, 2010. Internet resource.
- Jain, S., 2013, Types of Hackers. Available from:< http://www.crazylearner.org/types-of-hacker/>
- Krebs, B., 2009. “European Cyber-Gangs Target Small U.S. Firms, Group Says,” Washington Post.
- MisBiometrics, n.d., MIS Biometrics. Available from:< http://misbiometrics.wikidot.com/>
- Mansell, R. 2008, Network Insecuity in an Insecure World. Available from: <http://www.lse.ac.uk/researchAndExpertise/units/innovationResearch/pdf/edsConferenceMansell.pdf>
- McClure, S., Shah, S., & Shah, S. 2002, Web hacking: Attacks and defense. Boston, [Mass.: Addison-Wesley.
- Rajendran, G., and Chu, V., 2009, Use of Biometrics. Available at: <http://www.techcast.org/Upload/PDFs/634122830612738824_Biometrics-VivianandGayathrilo-res.pdf>
- Shinder, D. L. 2002, Scene of the Cybercrime: Computer Forensics Handbook. London, UK: Syngress Publishing
- Social Media Marketing, n.d., Fake FBI E-Mails. Retrieved from:< http://social mediamarketingangel.co.uk/phishing-emails/>
- Whitehouse, 2013, The Comprehensive National Cyber Security Initiative. Retrieved from: < http://www.whitehouse.gov/issues/foreign-policy/cybersecurity /national-initiative