Data at Risk 2013: Second in a Series
Make no mistake: cybercrime happens everywhere, all of the time. I’ve seen it in action — with my computer at home and my system at work — and I’m confident you have, too, which speaks to the ubiquity of the problem. The U.S. government calls cybersecurity its #1 priority and the Department of Homeland Security calls it a bigger threat than terrorism. From foreign governments to crime organizations to the guy in the cube next door, the motivation behind these cybercrimes is as varied and broad as the risks themselves.
Risk #1: Malware
Anyone who uses a computer potentially opens the door to malware, which is why so many of us have fallen victim. For a while, at my house, we were running system cleanups weekly to purge our PC of the bad stuff. One recent report estimates that 30 percent of computers in the US are infected by malware, including viruses, Trojan horses, worms and other malicious software — without us even knowing it’s there. In the early days, malware hackers were considered thrill-seekers who wrote software that exposed security flaws. Today the incentive for making such software is generally more sinister. Take, for instance, last summer’s thwarted Internet Doomsday threat.
Risk #2: Social Engineering
Social engineering turns the old-fashioned con game digital. These scams require human interaction and play on our emotions. We’re all familiar with getting phishing scams in our inbox – but threats are getting more and more sophisticated. For instance, phishing is much more prevalent on the corporate and government level now. In fact, a 2012 report noted that over half of hacking on government networks came in the form of phishing. I teach at a community college where a recent rash of “spear phishing” took place — emails that appear to be from colleagues, not outsiders. (In this case, fake IT personnel asked me to “click here” to make required system updates.) What’s more, criminals are increasingly using social media to obtain personal information that leads to cybercrimes.
Risk #3: Hacktivism
Hacktivists break into systems to further a political or social cause, and on very a large scale, it’s launched a modern wave political activism. While efforts by the group Anonymous regularly make global headlines, it’s happening on a smaller, more local scale, too — enough so that hactivists are now considered one of the top three groups making online attacks. Hacktivists typically leave a message on a website homepage or launch a denial-of-service attack to disrupt traffic to a site. Either way, it’s a sophisticated form of protest that’s growing quickly — according to USA Today, attacks were up 70 percent in the first six months of 2012, when compared to 2011.
Risk #4: Web Application Attacks
For companies large or small, securing Web applications is proving problematic, because hacking into them is relatively easy. Cybercriminals can use automation tools like over-the-counter attack toolkits and botnets that allow them to probe a site for vulnerabilities non-stop, making web applications one of security’s top targets. For IT professionals, keeping on top of security patches is just the tip of the iceberg in a world where malicious code is generally easy to develop and execute; theses targeted, scalable attacks eventually affect people like you and me.
Risk #5: Corporate and Government Espionage
Cyber espionage involves stealing information from people, governments or competitors in order to gain an economic or military advantage. Specifically, these criminals employ hacking and malicious software, including Trojan horses and spyware. We’ve all read the headlines regarding attacks on the U.S. from China and Russia (and from other countries all over the world) – attacks spearheaded by everything from elite military units to organized criminal rings. These are largely perpetrators of the APT (advanced persistent threat) or DHA (determined human adversary), and the risk is daunting. Dell’s chief security officer John McClurg was recently quoted: “They outspend us and they outman us in almost every way…I don’t recall, in my adult life, a more challenging time.” Dell meets the challenge with Connected Security solutions that enable deep protection and control without compromising network performance.
This is part two of an eight-part Data at Risk 2013 blog series. Check out the other blogs as well, including Part One: 30 IT Security Risks Across the Enterprise.Tags: IT Security,Technology