Professional Documents
Culture Documents
Defining Cybersecurity
Cybersecurity refers to a set of techniques used to protect the integrity of networks, programs
and data from attack, damage or unauthorized access.
According to Forbes, the global cybersecurity market is expected to reach 170 billion by 2020.
This rapid market growth is being fueled by an array of technology trends, including the
onslaught of initiatives with ever-evolving security requirements, like “bring your own device”
(BYOD) and the internet of things (IoT), the rapid adoption of cloud-based applications and
workloads, extending security needs beyond the traditional data center and stringent data
protection mandates.
Organizations transmit sensitive data across networks and to other devices in the course of
doing businesses, and cyber security describes the discipline dedicated to protecting that
information and the systems used to process or store it. As the volume and sophistication of
cyber-attacks grow, companies and organizations, especially those that are tasked with
safeguarding information relating to national security, health, or financial records, need to take
steps to protect their sensitive business and personnel information.
As early as March 2013, the nation’s top intelligence officials cautioned that cyber-attacks and
digital spying are the top threat to national security, eclipsing even terrorism. Year over year,
the worldwide spend for cyber security continues to grow: 71.1 billion in 2014 (7.9% over
2013), and 75 billion in 2015 (4.7% from 2014) and expected to reach 101 billion by 2018.
Organizations are starting to understand that malware is a publicly available commodity that
makes it easy for anyone to become a cyber attacker, and even more companies offer security
solutions that do little to defend against attacks.
a. Areas of Interest
Network security
Application security
Endpoint security
Data security
Identity management
Database and infrastructure security
Cloud security
Mobile security
Disaster recovery/business continuity planning
End-user education
The most difficult challenge in cyber security is the ever-evolving nature of security risks
themselves. Traditionally, organizations and the government have focused most of their cyber
security resources on perimeter security to protect only their most crucial system components
and defend against known treats. Today, this approach is insufficient, as the threats advance
and change more quickly than organizations can keep up with.
As a result, advisory organizations promote more proactive and adaptive approaches to cyber
security. Similarly, the National Institute of Standards and Technology (NIST) issued
guidelines in its risk assessment framework that recommend a shift toward continuous
monitoring and real-time assessments, a data-focused approach to security as opposed to the
traditional perimeter-based model.
Some reports suggest that Sony may be forced to write off over $80 million in film assets after
five films including Brad Pitt’s WWII ‘Fury’ were stolen and made available by hackers ahead
of release. Fury was illegally downloaded over 1 million times in just one week.
Of all the editorial covering the Sony Pictures hack, one of the most compelling was written by
a Sony employee. Entitled ‘I work at Sony Pictures. This is what it was like after we got
hacked’ it paints a grim picture of the real human cost of an attack on a business.
“Seeing the faces of colleagues with families – they’re worried about their life savings, their
retirement funds, their kids. It’s taken a toll, mentally… you always have to look over your
shoulder. This is forever.” Sony employee.
Some Sony employees found that details of their bank and credit cards, pension plans and life
savings, home addresses and even some medical records were hacked and available online.
Having to change 30-40 personal passwords while dealing with the stress involved doesn’t
have the best outcome on productivity or engagement.
The last taboo in the workplace was always salary. You could work alongside a colleague and
not know how much they were being paid even if they did the same job as you.
Deloitte’s salary information also got tangled up in the hack. It was reportedly sitting on the
computer of an HR person employed by Sony Pictures who used to work at Deloitte. This
person apparently had some of Deloitte’s files saved on that computer.
The rapid expansion of workers using their own laptops, smart phones and tablets for work
purposes is here to stay and needs careful management.
As the case of the Deloitte worker who moved on to Sony demonstrates organisations
embracing BYOD (Bring Your Own Device) must do so with their eyes open and not take
undue risk with their own data or that of their employees and customers.
Ultimately, it’s yet another example that people (of all ages) are an organisation’s ‘weakest
link’ and can pose the biggest risk to information security – accidentally or not.
But what happens when data lost through an employee (or ex-employee) isn’t accidental?
What damage can they do? Past research by Ascentor showed that over half of the UK
workforce would be willing to sabotage their own employer through tampering with, stealing,
leaking or providing misinformation. Further proof that information security is as much a
people issue as it is IT.
CRM systems usually include customer data, such as email addresses, phone numbers and
company decision makers. Therefore, rogue access can cause chaos among customers as well
as the reputational damage of having to inform them that their data has been compromised.
Even worse, you could see your data end up in the hands of a competitor.
Examples of Cybersecurity
Viruses, Phishing and Identity Theft
A Primer on Identity Theft
Identity theft is considered the fastest-growing financial crime. It occurs when a thief assumes
the victim’s identity in order to apply for credit cards, loans or other benefits, in the victim’s
name, or uses this information to access your existing accounts. The thief will accumulate
massive debt or deplete your current assets and then move on to another stolen identity.
The victim, meanwhile, may end up thousands of dollars in debt, with a ruined credit history
or with an empty bank account. Until cleared up, this can make it difficult to find a job, buy a
car or home, obtain a student loan, or engage in other activities that depend on the use of your
own good name.
Your identity might be stolen through phishing, in which criminals trick victims into handing
over their personal information such as online passwords, Social Security or credit card
numbers. It might be done by invading your computer with spyware that reads your personal
information, or it may be as easy as stealing your wallet.
You may get fraudulent email that appears to come from your bank, a shopping website, a
friend, or even the State government. The message may even contain links to a counterfeit
version of the company’s website, complete with genuine-looking graphics and corporate
logos.
In a phishing attack, you may be asked to click on a link or fraudulent website which asks you
to submit your personal data or account information – and end up giving it to an identity thief.
Or you might receive a suspicious email with an attachment containing a virus. By opening the
attachment, you may download a Trojan horse that gives complete access to your computer.
The New Internet, a cybersecurity news site, has noted that hackers launch phishing scams
through instant messaging, Facebook, Twitter, and other social networking sites. In one attack,
Facebook users found fake video links that bore the title “distracting beach babes” and a
thumbnail image of a woman in a bikini. The posts appeared to come from the users’ friends.
A similar attack used posts with the title “try not to laugh,” and a link to what looked like a
humor website. In both cases, the links attempted to install malware on users’ computers.
Mobile Phones
Few devices know as much about you as your smartphone or tablet computer. Devices like the
iPhone, iPad, and Android phone are capable of tracking your online activities and more. They
may include a GPS that knows the device’s current location, or a unique device ID (UDID)
number that can never be turned off. A large number of entertainment and educational apps are
marketed specifically for children. More than a quarter of all parents have downloaded apps
for their children to use.
However, many apps have been found to transmit data about their users. Parents should be
aware that some apps have a built-in purchase mechanism which allows users to make
purchases while interacting with an app (for example, enabling the user to purchase additional
stories while using a storybook app). Some apps may also be integrated with social networks
such as Facebook or Twitter. These apps may be marketed without information that would
make parents fully aware of these capabilities.
However, you use these sites at your own risk and at the risk of exposing your personal
information to the world. Nothing online is private. Even the most ironclad privacy setting
doesn’t change the fact that whatever you post online or send through a “secure” chat message
can be copied and shared with others.
This section, however, covers the limited control you can exert over your own privacy while
using social networking sites responsibly.
Before posting that information online, consider that too much information in your public
profile can also expose your political and religious views, relationships, or other sensitive
information to third parties such as current or prospective employers, schools, friends and
acquaintances, or business competitors. Indiscriminate public posts could harm your
professional reputation, career and educational prospects, or personal relationships.
Many social networking sites also allow other people to share information about you – or “tag”
you in photos or videos – that you would prefer to keep private. The websites generally
include privacy settings that give you some control over who can see your profile information,
who can read your posts, who can “tag” you, and who can see items in which you have been
tagged.
However, even the best and most clearly understood privacy settings do not change the
possibility that anything and everything you post on a social networking site can become
public – just as any email you send can be saved and forwarded to the world by a single person
who receives it.
Wireless Network
The security protocol used to protect the vast majority of Wi-Fi connections has been broken,
potentially exposing wireless internet traffic to malicious eavesdroppers and attacks, according
to the researcher who discovered the weakness, Mathy Vanhoef, a security expert at Belgian
university KU Leuven, discovered the weakness in the wireless security protocol WPA2
Attackers can use this novel attack technique to read information that was previously assumed
to be safely encrypted,” Vanhoef’s report said. “This can be abused to steal sensitive
information such as credit card numbers, passwords, chat messages, emails, photos and so on.
Depending on the network configuration, it is also possible to inject and manipulate data. For
example, an attacker might be able to inject ransomware or other malware into websites. The
vulnerability affects a number of operating systems and devices, including Android, Linux,
Apple, Windows, OpenBSD, MediaTek, Linksys and others.
If your device supports Wi-Fi, it is most likely affected. In general, any data or information
that the victim transmits can be decrypted, depending on the device being used and the
network setup, it is also possible to decrypt data sent towards the victim (e.g. the content of a
website).
Potential damages:
The consequences of an attack on a major telecom provider’s infrastructure have the potential
to span across the entire country. This can affect millions of businesses, consumers, and
government agencies. If a major network is unavailable, a telecom provider is unable to
operate, and brand reputation suffers. Further, the compromise of sensitive employee and
customer data can put valuable relationships at risk.
Mobile phones used for banking are on the rise, but mobile security is proving increasingly
challenging for banks and credit unions, as controls put in place to protect traditional online
banking do not translate well when applied to mobile, as mobile application robustness has
increased, so, too, have security risk
But RSA security researcher Rivner said "Mobile banking apps will not be a primary target for
fraudsters," he says. Instead, he believes mobile browsing will be more targeted in the coming
year, since most mobile users continue to use their online banking sites to conduct banking
functions.
2. Social Networks and Web 2.0
The connection between mobile phones and social media is growing, with Twitter and
Facebook apps offered for mobile users. Institutions embracing mobile also are embracing
social networking, says Rasmussen, Internet Identity's chief technology officer. "With more
banks on social networks, expect to see more fake sites using social networks, like Twitter and
Facebook, to try and trick people into giving up vital personal information," including banking
login credentials and Social Security numbers, he says.
But external threats aren't the only risks. Social networking sites are also a venue for an
institution's own employees to intentionally or inadvertently expose sensitive information. For
more on the topic,
4. Phishing
Sophistication in phishing, smishing and vishing attacks also is increasing, McNelley says.
"Fraudsters now create very polished messaging that targets everything from bank accounts to
Amazon accounts," she says.
In fact, respondents to the recent Faces of Fraud survey say phishing/vishing attacks rank No.
3 among fraud threats.
Organizations using IT are vulnerable to various security threats and attacks. The most
common threats include viruses, inside attackers for network access, laptop theft,
spoofing, unauthorized insider access, unauthorized outside attack, and denial of service
attacks. Computer crimes have always been there since the introduction of computers,
however, the nature of attacks varies as the technology evolves.
1. Identity theft leading to credit card fraud which has caused a lot of data breaches and
information stealing from hotel’s network systems,
2. Silent invasions and Cyber-crime attacks that are powerful tactics from next generation
criminals, During 2015, there are lots of cyber criminals who have targeted and attacked
the hotels’ Wi-Fi and get the guests’ personal information as well as their passwords.
3. Unfortunately there are no security audit cycles in majority of the hotels and this issue
will put the situation of the investors and the guests in a high risk.
4. Physical crimes like terrorism that put the hotels in challenge and it can be more seen
in South Asia and Middle East.
5. Loss of competitive advantage and image as well as lots of negative words of mouth is
other challenges that hotels have faced due to the cybersecurity attacks” (Hiller, 2015).
One of the unique features of hospitality industry is being a place for their customers’
comfort and confidence. Unfortunately the reality shows that this confidence and
reputation can’t be achieved easily due to the estimation of annual cost of cybercrime that
can affect the global economy as much as $375 billion to $575 billion and these numbers
are still growing according to Butler ((January 15, 2016), due to greater technology
available in the market for cyber attackers that makes the hotels’ system more and more
vulnerable.