The Importance of Cyber Security In An Age of Relentless Attacks
Most people in modern society encounter computing and communications technologies all day, every day. Offices and stores and factories and street vendors and taxis are filled with computers, even if the computers are not openly visible. People type at the keyboard of computers or tablets and use their smart phones daily. People’s personal lives involve computing through social networking, home management, communication with family and friends, and management of personal affairs.
Today and increasingly in the future, computing and communications technologies (collectively, information technologies) are found and will be more likely to be found in places where they are essentially invisible to everyday view: in cars, wallets, clothing, refrigerators, keys, cabinets, watches, doorbells, and medicine bottles. In this emerging era of truly pervasive computing, the ubiquitous integration of computing and communications technologies into common everyday objects enhances their usefulness and makes life easier and more convenient. Understanding context, personal information appliances will make appropriate information available on demand, enabling users to be more productive in both their personal and their professional lives. And, as has been true with previous generations of IT, interconnections among all of these now-smart objects and appliances will multiply their usefulness many times over. Cyber security issues arise because of three factors taken together. First, we live in a world in which there are parties that will act in deliberately hostile or antisocial ways—parties that would do us harm or separate us from our money or violate our privacy or steal our ideas. Second, we rely on IT for a large and growing number of societal functions. Third, IT systems, no matter how well constructed (and many are not as well constructed as the state of the art would allow), inevitably have vulnerabilities that the bad guys can take advantage of.
Cyber crime costs the global economy over US$400 billion per year. Apart from corporate giants and SME’s trying to gain a foothold in the global market, civil society organizations and human rights defenders are becoming victims of surveillance software. Some of this software is sold to law enforcement and intelligence agencies in repressive regimes. “Remote Access Trojans” can be bought both legally and on the black market, as well as downloaded for free, and are used to control mobile devices, laptops and computers remotely. It’s not surprising that governments and businesses around the world are searching for better cyber defense strategies. There is clearly still much work to be done, and the people behind the attacks have a significant head start. For those playing catch-up, cyber security has become a matter of urgency.
In addition to commercial losses and public relations problems, disruption of operations and the possibility of extortion, cyber attacks may also expose an organization to regulatory action, negligence claims, the inability to meet contractual obligations and a damaging loss of trust among customers and suppliers. Most cyber crime incidents go unreported, and few companies come forward with information on their losses. That is not surprising given the risk to an organization’s reputation and the prospect of legal action against those that own up to cyber crime. Few of the biggest cyber criminals have been caught—many have yet to be identified. The development of an Internet of Things, which enables communication between machines, raises the possibility of appliances being manipulated by hackers. The widespread use of machine-to-machine (M2M) communication is only likely to boost the possibility of information misuse.
There is no shortage of advice available to organizations to help them assess risks and develop suitable plans to counter them. Governments around the world are developing cyber security guidelines. Malware protection is an important security consideration. Businesses should not only have policies that cover email, web browsing and the use of personal devices, but also install antivirus software and regularly scan for malware. Networks are often a weak point in cyber defenses, so it’s crucial for businesses to follow recognized network design principles and ensure all devices are configured to the security standards they have adopted. Removable media policies that control the use of media for the import and export of information are vital. Not only should removable media be scanned for malware, but the type of media and the sort of information that can be transferred should be limited.
Computer networks have always been the target of criminals, and it is likely that the danger of cyber security breaches will only increase in the future as these networks expand. But sensible precautions like investing in a future-proof cyber security strategy will enable organizations to minimize losses from those who seek to do harm.