Here in this article, we tell you everything needs to know about being safe online.
As we spend more and more time online, it is important to be just as careful about security online as we are in the real world.
What you Need to Know About Being Safe Online
We will answer the various questions regarding how to stay online safe and how to be sure you are safe online.
What are various kinds of cybercrimes prevalent today?
Hacking started as a simple art to gain access to an environment for high computing power to play games and have fun. Over the years, this turned into attacking an environment for fame and, more recently, it has turned into cybercrime. Individuals and organizations are both being attacked to steal identity and credit card data and get financial gain out of it.
In more recent months, a phrase – Advanced Persistent Threat, has been coined, where rouge nations are attacking other nations to gain access to specific information. Earlier this year, there was a targeted attack against the RSA product to try and compromise the method in which the encryption mechanism works. In the more recent weeks, McAfee released a report on operation Shady Rat, where at least 72 different governments, NGOs, and organizations such as the UN and International Olympic Committee were under cyber-attack for over five years. We will be fortunate to hear from the MD of McAfee.
If we look at the methods that are being used to gain access to this type of data, it is no longer targeted from a network perspective alone. Attackers are not only using traditional methods like computer viruses/worms, Trojans, and spyware to target an environment but are also using techniques like spear-phishing (targeted phishing attacks). The next big wave is going to be leveraging social media to attack an environment.
You can also check “Identity Theft Threat and Protection”
Who are easy victims of cybercrime?
Most end consumers are easy victims of cybercrime. Simple SMS messages and phishing emails are the common methods that are used to attack individuals, especially since the big challenge is mobile devices (both phone and laptops). Mobile devices have eliminated the borders between home and work. As one of those traveling workforce employees, people inadvertently download a free game or some other friendly shareware application without realizing that rogue code is built in to take advantage of this when connected to a corporate environment. So, in a gist, most people would be victims of cybercrime.
What extent of financial losses can occur due to such criminal activities?
A-One of the exercises that my company performed for a bank in North America was to be a rouge employee – a janitor, who has no computer access but comes on a nightly basis to clean the premises. My goal with my team was to steal as much money as we could and leave no traces of this. We were able to bypass the controls that were on the computer system and perform money transfers into an account of our choosing. The next day, we were able to produce a bank balance of over $13 million. Since then, the bank has fixed those flaws.
There is no real limitation to financial loss. An organization can very well be bankrupt. Taking the same scenario, if this was a targeted attack and the attacker revealed this to the media, what would the public that had money in that bank do? Withdraw all the money from that bank and there could be a run on the bank. Similar situations can happen to any organization where a financial institution can be bankrupt due to a bad situation. A question that I would ask is ‘what should we do? The fundamental concept that everyone needs to understand is that no computer is safe. All systems can be attacked and gained access to; it just depends on how much motivation an attacker has to perform that attack.
How has cloud computing been victimized as far as cyber security is concerned?
The growing popularity of cloud computing and virtualization gathers huge traffic at centralized locations (clouds) giving immense opportunities for cybercriminals to strike. It is much like the ASP environment, where, if you gain access to one of the systems by compromising them due to weak applications that might be installed by a mom-and-pop store, you could potentially have access to all the other systems that might otherwise be setup really strong but are easy to attack from the inside. This is simply because the cloud providers can’t separate the systems with the amount of management that goes into each of the systems.
To top it off, the biggest challenge from a corporate environment perspective is how forensics will be performed on a cloud-based system. The biggest challenge will be where there is Intellectual Property that would be on the system and a third party would have to perform forensics that shouldn’t have access to the system.
With tablets and mobile computing on the rise, what changes have cyber security measures undergone?
The demand for mobile phones, smartphones, tablets, and laptops has increased dramatically. The computing power in these devices has increased and these devices have replaced traditional desktops. The security measures are not proportionate to the growth of mobile computing, especially smartphones. Organizations that allow their employees to connect their mobile devices to their corporate infrastructure are opening themselves up to a whole new range of threats to their network.
Phones have pretty much become an extension of our arms. Phones are used for communication, either via social networking, SMS messaging, or email. The mobile devices run applications that connect to your bank to transfer funds, check balances and buy stocks. The sheer volume of these devices and the versions of operating systems that exist are in the tens of thousands. If a poll is taken to determine how many of us update the phone’s operating system, I would hazard to say that we would get less than 10%, and that is only done because they end up going to a store because of functionality issues. It makes it easy for an attacker to abuse old versions of operating systems. For example, a Trojan placed on these devices can steal your identity very easily.
From a protection mechanism, we have a lot to build. However, having learned some great lessons from desktops in security, we will be catching up on mobile devices soon.
You can also check “Top 10 Smartphone Security Tips”
How much damage does online gaming do?
Today’s generation is playing more games online than outdoors. Fierce online battles are taking place among unimaginable numbers of groups who do not even understand the cyber threats they are exposed to through these gaming applications. Due to the tremendous computing power, gaming applications are getting played heavily on networks and are susceptible to various attacks, from viruses/Trojans to phishing attacks leading to identity thefts.
What measures do you suggest to curb instances of cybercrime? What penalties/punishments are meted out?
Performing awareness campaigns focused on end-users as well as developers is extremely important. This would help build more secure applications right from the start. It is interesting to see that most organizations around the world have very few awareness programs around what to do if an incident has occurred. It would be of great value if all people in an organization knew what exactly to do and not do if they suspect their system has been compromised. This, of course, adds to the cost for organizations, but also adds a level of defense.
As a society, three things help keep a balanced ecosystem – the government to draft the policies, the law to ensure the policies are implemented, and the cops to ensure that the laws are being followed. Similarly, organizations must have policies that employees must follow, procedures to implement those policies using process and technology, and finally auditors to ensure that the implementation is taking place accurately.
Of course, it is next to impossible to protect a system from intruders. However, a security officer needs to disclose the compromised system and also what steps will be taken to protect it from such action again. Realistically, the only thing a security officer can do is hope for the best and plan for the worst.
You can also check “How to secure Data in Computer”
Final Touch for Readers Need to Know About Being Safe Online?
A Security awareness campaign must be performed at all levels, from company to individuals, from the government to the military, from consumers to the producers on how to protect themselves by visiting various educational sites.