Cyber Security Abstract

Cyber Security has become a major priority across the globe this is attributed to the fact that it helps both private and public companies to reduce the number of cyber crimes by practicing safe security techniques. The amount of sensitive information stored on a given systems and having Internet connection has necessitated the need to create cyber security standards. Commercial organisations get cyber security, in order to protect their proprietary information, trade secrets, medical and personal information regulated by HIPAA and personally identifiable information (PII) of employees and customers. The government agencies have a more pressing urgency to implement cyber security practices, in order to employ its information to the highest classified levels. Within government Information Systems, there is a higher need for cyber security especially since many current terrorist and espionage acts are carried out using the internet anywhere in the world. This paper looks at cyber security, its problems and causes.
Table of Contents
Abstract 1
Introduction 3
Problems of Cyber Security 4
Cyber-security Challenges for 2013 6
Increase in Exploit Kits 6
Increase in Mobile Cyber-security Vulnerability 7
Increase in Sophistication of Cyber-attacks 7
Causes of Cyber Security Problems 7
Conclusion 10
Works Cited 11
As a country, our daily life, economy and national security depend on a safe and secure cyberspace. Many businesses and private organisations across the world depend on these networks to communicate and commute, run our economy as well as to provide government services. However, cyber intrusions and attacks have increased dramatically over the last few years, disrupting critical operations, exposing sensitive personal and business information, and incurring high costs on the economy. According to Bhattacharjee, cyber security is a continuing problem for everyone around the world, including individuals, the private sector and even governments (1). The recent speech by the U.S. President, Barack Obama, highlighted that, “cyber security is one of the most serious economic and national security challenges faced by the U.S“ (Voice of America News 1). Furthermore, news of large and often significant cyber attacks have become common in the media. While some victims get annoyed with these attacks, others incur huge costs in form of reputational damage, compromised secrets or stolen proprietary designs. For instance, the large-scale cyber attacks on Estonia`s government, banks, telecommunications infrastructure, and online media in 2007, changed the global perception of cyber threats. (Eneken Tikk)
Sophistication of cyber crime has continuously increased as noted in the recent cases such as Conficker (a computer worm targeting Microsoft Windows, detected in 2008), Aurora (the 2010 attacks against Google and other corporations in China), and Stuxnet (a worm targeting the Iranian nuclear programme) (Eneken Tikk). In addition, 171 million dollars was lost due to damage and lost revenue in the May 2011 attacks against Sony`s online play station gaming networks (Bhattacharjee 1).
According to Strohm, cyber security can be regarded as the body of technologies, practices and processes, which is designed to protecting computers, networks, data and programs from vices such as unauthorized access, attack or damage. In a computing context, security signifies cyber security (1). Cyber security- also regarded as the protection of systems, data and networks through detecting, preventing as well as responding to any attacks in cyber space – is a critical issue for businesses of all sizes. Rapid technological advancements have provided huge areas of new opportunities and possible sources of efficiency for organisations, however, they have also brought with them unprecedented threats (Techni Core 1).
Problems of Cyber Security
One challenging element of cyber security is the rapid and continuous changing nature of security risks. The previous approach has been to spend more resources on the most important system components and guard against the biggest threats, which required leaving other less important system components unprotected. Such an approach is not enough in the prevailing environment (World Bank Group 2). Consistent with this view is Bhattacharjee, who opines that, broadly three negative Cs to cyber security include cyber crimes, cyber terrorism, and cyber warfare (3). These elements can disturb and destroy the cyberspace.
One of the common forms of attacks being undertaken is the planting of malwares, which commonly refers to all forms of software codes like malicious viruses, worms, and Trojan horses, whose main function is to diffuse faster and wider and to disrupt systems. However, Trojan horses are damaging and are actually able to pass on sensitive information to rogue networks as part of the botnet structure. Then, there exists the Distributed Denial of Service (DDOS) attacks, whereby a large number of computers are used to launch attacks on pre-determined computers or networks for a pre-determined period. Computers which participate in DDOS attacks could be from across the world and can infected computers through the botnet network. The attacks on Estonian networks from Russia-based networks in May 2007 are to date the biggest DDOS attacks (Bodmer, Kilger, Carpenter and Jones 15).
According to Bhattacharjee, hacking, which refers to the unauthorized access to networks, is becoming more pronounced and one of the common forms of hacking is website vandalism. In addition to website vandalism, is the rising fear of compromised hardware or even bugged hardware being planted in sensitive networks, which could be listening into networks and passing information. The major concern for cyber security however is the plans and programmes undertaken by the various interest groups.
Currently, there is an increased growth in cyber espionage which is the practice of obtaining sensitive, proprietary, or classified information from individuals, business competitors, governments, and enemies for economic advantage, political or military, using illegal methods on the internet, networks and software. Many nations have expressed global fears about the Chinese cyber espionage programmes. Similarly, instances of corporate cyber espionage are growing by the day. There are syndicates today with major forays into cyber crimes targeting financial and strategic institutions such as pharmaceutical companies.
The usage of cyberspace by terrorists and cyber terrorism that could cause catastrophic damages is also of global concern. The latter refers to the destruction of critical infrastructures using cyber attacks. Terrorists have found cyberspace being safe mode for communicating with each other via false emails, chat rooms and spreading their propaganda, collecting funds from sympathisers as well as recruiting cadres. All these activities have grown over the years and there are open references to this effect by various terrorist groups, including Al Qaida. Further, emails are sent to inform of their specific incident execution in the physical world. But this is not all. Many of the terrorist groups and even states are also involving various hacking groups to launch attacks to cause damages and also disrupt networks. The other disturbing trend is the coordinated actions of various groups and tools for targeting unsuspecting citizens. For instance spam emails surrounding major global events like the held Olympics in Beijing and the tsunami incident propagated worms and Trojans (Bodmer, Kilger, Carpenter and Jones 32).
Another current emerging fear is that of cyber warfare. This refers to the usage of cyberspace to launch attacks against adversaries` networks and could seriously be seen as a war tool of the future. While such warfare tools would remain the same, it would have a major impact on the functioning of important infrastructures and could bring serious disruptions in the networks of the attacked. Today, cyber espionage and probing attempts and exercises have increased rapidly and these exercises could be considered as part of a low-scale cyber warfare activity. However, the bigger fears are of the digital battlefield space where major conflicts could actually be fought in cyberspace, and the sheer ease with which more disruptions and destructions can be attained with less physical harm to the players and the absence of geographical barriers (Techni Core).
Cyber-security Challenges for 2013
According to Ayrapetov, the major cyber-security challenges to businesses through 2013 will come from increase in exploit kits, increase in mobile device cyber-security threats and increase in sophistication of threats (Techni Core).
Increase in Exploit Kits
Exploit Kits consist of malicious programs, that are created, sold and rented, on the black market. These programs usually identify and subsequently attack cyber vulnerabilities and spread malware. As a result of their ease of deployment (rental model), and ease and speed of infection they deliver, these kits will continue to be increasingly used this year, resulting in loss of data, financial fraud, IP and identify theft, as well as decreased business productivity and continuity. Mobile devices especially Android based, Windows 8 and MAC OS X are expected to be the main targets of the exploit kits, as they are the fastest growing segments used by consumers and corporate to conduct communications, commerce and business. Increased growth of malware is expected, this could be attributed to the fact that every day around 44,000 new malware samples are discovered. (Techni Core 1).
Increase in Mobile Cyber-security Vulnerability
The continuous universal adoption of social media for business and personal purposes, makes it a prime target for increased malware attacks across Facebook, Twitter, and Skype in 2013 (Voice of America 1). The attacks will be particularly precarious and become more sophisticated and ubiquitous, targeting mobile devices through their access to social media channels, at the point of commerce and through their access to commercial networks.
Increase in Sophistication of Cyber-attacks
Transition from old scare ware methods such as Fake AV scams, to newer Ransomware scams by cyber criminals is expected globally. Ransomware attacks lock down a computer or device and detains the entire data until when payments are made by the user. Their sophistication and capacity to attack and paralyze websites will continue to develop at striking pace (Lewis and Katrina 35).
Causes of Cyber Security Problems
One major cause of cyber security problems is that the cost of committing a cyber attack is shockingly low. According to a report published in 2012 by Fortinet, one only needs 350 dollars to create an effective Botnet, which is a network of private computers infected with malicious software and controlled without the owners` knowledge, or rent for just 535 dollars per week. According to Internet Security Alliance President, Larry Clinton, online ventures face massive threats since in the world of computer security, all the incentives favour the cyber attackers (The World Bank Group 4). According to Clinton, even though the amount one can steal through cyber attacks is enormous, the cost of the attack is currently cheap, they are easy to launch and the chances of getting caught are fairly small (Bodmer, Kilger, Carpenter and Jones 30). He adds that, with attackers enjoying a virtually limitless range of targets, the annual financial losses from cyber crimes are large (Voice of America 1).
According to Billo and Chang, the cyber crime world never stops innovating itself, as the list of known threats, viruses and bugs Microsoft publishes keeps increasing every day (29). Cyber criminals can also easily buy `off-the-shelf` hacking software, complete with support services, consequently, it has became difficult to ensure cyber security as the crimes are increasingly simple to carry out (Billo and Chang 6). U.S. Randy Vickers, acting director of the HMDCERT (Homeland Security Department`s Computer Emergency Readiness Team opines that, one of the enormous challenges with cyber attacks is that, there does not exists a single muzzle flash which indicates where the attack originated (Billo and Chang 7).
Despite the growth in sophistication of cyber threats and attacks, the lack of information sharing on cyber threats within the government and between private sector and the private sector, that could help to combat cyber crime and espionage, is another cause of cyber security problems. Valuable cyber threat information collected in both these sectors can effectively be used to secure the cyber space as long as privacy issues are dealt with (Wenger and Mauer 25).
According to Lewis, James, and Katrina Timlin (31), one major cause of cyber security problem is finding qualified security personnel who can combat the ever increasing sophisticated attacks. The state and local governments have limited options when finding qualified security workers especially at mid to senior levels in government cyber-security programs. This is as a result of the private-sector cyber-security industry also beefing up its personnel. Based on this view, to ensure that the government has the needed talent to manage the protection of its own networks, it should change the recruitment, hiring and training of cyber security personnel. Another fundamental problem that`s faced by states when dealing with cyber-security is the lack of resources. As stipulated by the NASCIO-Deloitte survey, 88 percent of the state CISOs were of the opinion that lack of sufficient funding is the greatest obstacle to computer security. They argue that, in addition to spending more on better qualified staff salaries, the cost of maintaining computer systems and networks with the latest software continues to increase. To ensure good security requires constantly updating technology and software, thus preventing hackers, thieves and foreign entities. However, many state governments cannot afford to do that on an optimal basis (Lewis and Katrina 40).
In addition, many federal agencies have not yet fully addressed the risks of emerging cyber security threats as part of their required agency wide information security programs. These include performing regular assessments of risk and implementing the required security controls, ensuring cyber security training for their personnel and putting in place measures that will help in detecting, reporting, and responding to security attacks. An effective security program can assist in agency efforts to mitigate and respond to the emerging cyber security threats, while failure leaves it vulnerable to attacks (Lewis and Katrina 41).
Passwords are the commonest form of verification and are often the only barrier between users and their personal information. Yet a number of programs are accessible online for free or at a small fee that cyber crime attackers can use to help “crack” or guess passwords, but by choosing strong passwords and keeping them private, one can make it more difficult for an unauthorized person to access their information. However many people use very weak passwords that can be easily guessed such as their date of birth, their names, names of their children or the common 12345,thus leaving them vulnerable to attackers (Bodmer, Kilger, Carpenter and Jones 32). Coding defects is another cause of cyber security problem. High levels of computer security are only possible if the operating environment is based on a secure operating system that is capable of protecting application code from malicious subversion and also secure the system from subverted code (Bodmer, Kilger, Carpenter and Jones 33).
It is notable that, key to building more cyber security is to motivate businesses to protect themselves from cyber crimes by using small business administration assistance, offer tax incentives and government contracts. More institutions should also offer training on cyber security to raise the number of qualified personnel available. Cyber security awareness training should also be offered to all employees at the workplace. The bipartisan Cyber security Act of 2012 was made in order to tackle the ever-increasing cases of cyber attacks taking place on both private firms and as well as the United States Government. To make sure that, the private sector as well asthe federal government take the needed steps to secure our nation, the Cyber security Act of 2012 would help do the following: determine the greatest cyber vulnerabilities, protect our most critical infrastructure, protect and promote innovation, improve information sharing while protecting privacy and civil liberties, improve the security of the federal government`s networks, clarify the roles of federal agencies, strengthen the cyber security workforce and coordinate cyber security research and development (Bodmer, Kilger, Carpenter and Jones 41).
Conclusion
Various definitions are given on cyber security, but it is basically about managing future risk and responding to existing and past incidents and attacks. While increased connectivity has huge benefits, it has also increased the significance and complexity of the shared computer crimes risk. Most of our lives depend on technology from telecommunication to transportation, thus making cyber security a number one national security priority. The economy and infrastructure depend on the Internet, and nearly all sectors both private and public conduct business and store important data on Internet connected networks thus any attack would result in huge financial losses and other damages. It is our goal therefore to ensure our cyber space is protected by using antivirus software that is constantly updated, being cautious on the websites we visit and not opening suspicious emails or attachments hence greatly improving our collective safety online.
Works Cited
Bhattacharjee, Subimal. The Strategic Dimensions of Cyber Security. Indian Context. Volume 33, Issue 2, pages 196-201, 2009. Print.
Bhattacharjee, Subimal. Cyber Security as a Top Level Imperative. The Financial Express, February 3, 2007.
Bhattacharjee, Subimal. We Can Ignore Cyber Security Only at Our Own Peril. Mail Today
Billo, Charles and Chang, Welton. Cyber Warfare: An Analysis of the Means and Motivations of Selected Nation States. Institute for Security Technology Studies, Dartmouth College, December 2004. Print. Accessed on 18 April 2013 from,
< http://www.ists.dartmouth.edu/directors-office/cyberwarfare.pdf >
Bodmer, Kilger, Carpenter and Jones. Reverse Deception: Organized Cyber Threat Counter-Exploitation. New York: McGraw-Hill Osborne Media. 2012. Print. ten-rules-for-cyber-security
“ISS Ten Rules for Cyber Security. “ The international Institute for Strategic Studies. Web. 22 April 2013
http://www.iiss.org/publications/survival/survival-2011/year-2011-issue-3/ten-rules-for-cyber-security/
Lewis, James, and Katrina Timlin. United States. Center for Strategic and International Studies. Cyber security and Cyberwarfare: Preliminary Assessment of National Doctrine and Organization. Washington, D.C. 2011. Print.
Sophos. Belgium accuses Chinese government of cyber-espionage. Web. Available at

Strohm, Chris. Cybersecurity Bill Passes House After Obama Veto Threat. Web. 2013. Accessed on

Techni Core. What is Cyber Security? Web. 2013. Accessed on

The World Bank Group. Cyber Security: A New Model for Protecting the Network. Web. 2013. Accessed on

Voice of America. Google Attacks Highlight Growing Problem of Cyber Security Threats. 2013. Web. Available at

Wenger, Andreas and Mauer, Victor. International Handbook on CIIP, vol. 1, Institute of Security Studies, Zurich, 2006. Print.

BACK TO TOP