Personal Research Narrative Essay- Cyber security
It was until that time I embarked on researching about cyber issues that I discovered how cyber security is an amazingly thrilling field. Factually speaking, I came to discover that it is a very diverse field that goes on to intersect with virtually every area of technology as well as behavioral sciences (Awan, 2011). I was particularly blown away with the fact that hackers today can send doses of fatal drugs to hospital drug pumps that can end people’s life. Cyber-attacks and crime are likely to increase over time, a consequence of the increasing and widespread availability of computers, smartphones ad many other high-tech mobile devices. The fact that these are easily accessible and available in the consumer markets, it becomes difficult to guarantee security of these gadgets.
The field of cyber security is increasingly growing due to increased reliance on computer systems by the society (Henry, 2012). The computer system has a wide range of smart devices. These devices not only include internet networks but also other wireless networks such as Bluetooth, Wi-Fi, and Television. I shall testify to this, that there is an increased usage of these gadgets. This is most reasonably because they enhance user responsiveness to events, minimize travel costs and hustle not forgetting maintaining operator interface hardware at a lower cost. (Gori, 2009).
But I must say that these come with a bigger risk as I mentioned earlier, cyber-attacks. I believe that the aggressors have gone scot free for reasons such as lack of adequate regulation and the blurred formulations that have given them the advantage to doing so. There is still more to this that I have tried to unravel. They are clearly stated in the following illustrations. Having looked at that let us now define what cyber security entails.
What I understand by the term cyber security
Through my intense research, I came up with a more comprehensive definition for Cyber security, which can otherwise be referred to as Computer security or IT security- in other words meaning protecting and safeguarding information system from intrusive activities from unauthorized persons with intent of theft or damage to either the software or hardware or both, the information stored in them, and distraction or misdirection in services they offer (Henry, 2012).
Furthermore, through this research, I was convinced that cyber security entails every mechanism & processes in which information, digital tools, and service are secured from unauthorized or unintended access, changes or damage and the process of providing security actions to safeguard veracity, privacy, and accessibility of data both at rest and in transit (Awan, 2011). Apart from maintaining a top level of performance with the aim of inhibiting prowlers from pilfering information and data, cyber security also entails averting mobile devices from meddling with automation system operations.
Vulnerabilities and attacks
A vulnerable system is one exposed to the threat of attack. A system with flaw and susceptibility management is the systematic way of detecting, categorizing, remediating, and extenuating vulnerabilities as soon as they are exposed in a system (Ciborra, 2002). To fully secure computer system you need first to understand the following exposes to a system.
This is a scenario whereby unapproved users can physically access a computer for which they might be able to unwaveringly transfer data or information from it (Henry, 2012). Alternatively, it can as well involve a compromise in security through making OS alterations such as installation of software key loggers, covert-listening device or viruses.
This is intended to make a system inaccessible to its users for some time before the system is straightened back to normal. By that time it comes back to normal a lot would have been lost or linked or corrupted as well (Bayuk, 2012).
This is an act of discreetly listening to a private conversation. It is possible through tapping a weak electro-magnetic transmission produced by the hardware. Machines that function as a closed system can be eavesdropped, for instance, software such as NarusInsight and Carnivore have on several instances been used by the FBI to spy on the system of ISPs such as Facebook and Google;
This occurs when one masquerades another by fabricating data with the aim of obtaining unauthorized access to a system.
Jammers utilize software routine to tie-up a website hosting computer so that authentic users can’t access the site (Henry, 2012). They primarily aim at organizations linked to the Internet.
Eavesdroppers tap information without authorization into communication line e.g. a network cable over which computer data and messages are transmitted.
Sniffing is a form of eavesdropping. Sniffers are placed on a section of software to interrupt info that passes from users to the computers hosting a website. This info can comprise confidential data like credit card numbers.
Systems at risk
I found it useful that basically all systems that use computer are under threat of attack. This system includes Financial systems such as websites that store or accept bank accounts and credit card numbers, utilities and industrial equipment, Aviation, Large corporations this entails data breach, for instance, the losing of lots of clienteles’ credit cards particular by Home Depot (Ciborra, 2002). Moreover, I also discovered that it involve Consumer devices that entail both laptop and desktop computers that are frequently attacked with malware either to gather password or financial accounts info or passwords. Automobiles and government are commonly attacked.
Impact of security breaches
The security breaches have caused serious financial damage. However, it is very hard to get details on the same. This is for the reason that we lack a regular model for cost estimation. Lucky enough the only accessible data is that which is revealed or made open by the victim organization (Lewis, 2003). Rational investment decisions can be made through the use of rational estimations of the fiscal cost of breaches in security. Conferring to the classic Model that was put forward by Gordon-Loeb, in evaluating the ideal outlay degree in info security, I would still be in order if I resolve that the amount firms spend in protecting information should basically be only a minor portion of the predictable loss suffered (i.e., the anticipated cost of the loss that comes as a result of info security breach) (Lewis, 2003).
Legal issues and global regulation
To computer security community, conflicting laws in infobahn have emerged as a major cause of alarm. This is true because the foremost complaints and challenges facing the antivirus industry such as an international base of joint guidelines to evaluate, and finally punish cyber-crimes and deficiency of international web protocols are still perturbing issues that ought to be addressed. Invoking a universal cyber law and security agreement is a bone of contention (Bayuk, 2012).
It is worth noting that Global legal matters of cyber-attack are complex in one way or another. It is so saddening and at the same time interesting to note that no action would be taken by the local authorities even if an antivirus company goes out of its way to locate the cybercriminal that designed a malware program, certain virus or a type of cyber-attack (Mowbray, 2014). This is so because laws under which to prosecute these cases are lacking. Honestly, I found this rather worrying since these cyber criminals would still be at large in an event they are identified by antivirus firms.
For us to say that there is computer “security” I believe is an intangible deal that is accomplished by fulfilling three steps namely: threat prevention, recognition, and response. The system security is a set of techniques and mechanisms that defend a computer system against harm or loss comprising illegal access, illegal disclosure and information interference i.e. ability of a program to guarantee the security of the data it handles (Lewis, 2003). Data security means defending data and info from harmful forces and the undesirable activities of illegal users;
While reading about international actions, it surprised me a bit that there were international bodies in place that were entrusted with cybercrime issues. Initially, I thought each state or country had its body that operated within their boundary jurisdictions. I came across the following examples of many organizations and teams formed to counter cyber-crimes:
FIRST is the worldwide association of CSIRTs
ENISA is an European Union agency
The chief reason of the MAAWG is to unite the messaging industry in order to capacitate and make them work collaboratively and to fruitfully address various forms of cyber security concerns (Awan, 2011).
For instance, most outlawed groups in the world are rampantly using cyber-crimes to perpetuate various atrocious acts; the most recent Paris attack is a good example. Many countries in the world have taken the initiative of controlling cyber-crimes that have been prevalent (Gori, 2009). Following cyber-attacks in the first half of 2013 the South Korean government set up institutions to train 5000 experts on cyber security. It blames all these attacks on North Korea though President Pyongyang denies the accusations (Mowbray, 2014). In India, some laws for cyber-security have been amalgamated into policies designed under the IT Act. In Canada, in order to strengthen their cyber space and perilous infrastructure areas, Canada’s public safety came up with the country’s Cyber Security Strategy (Lewis, 2003).
German NCAZ Nationales Cyber-Abwehrzentrum, which is headquartered in Bonn, was opened on June 16, 2011 (Bayuk, 2012). The organization detects and prevents attacks against the state infrastructure and stated instances like Stuxnet.
Cyber security is becoming more important as a lot of information is being accessed easily (Bayuk, 2012). There is a rising worry among governments that infobahn is becoming the next platform of conflict. Mark-Clayton from the Christian-Science-Monitor describes this conflict as, “The New Cyber Arms Race” (Loewengart, 2012). No wonder there is an emergence of words such as cyber war and cyber terrorism.
The cyber security job market
Sure enough, cyber security has created one of most paying professions in the world. For instance Security Engineer, Security Administrator, Security Architect, Security Administrator, Chief Information Security Officer (CISO), Chief Security Officer (CSO) as well as Security Consultant/Specialist/Intelligence (Awan, 2011).
Most Recent Cyber Crimes that Shocked the World
Most of these cyber-crimes I am going to discuss perturbed me, they are unbelievable and should act as an indication that a lot has to be done to curb these crimes; otherwise it will be a disaster in waiting (Lewis, 2003). In order to appreciate this topic, I found it important to discuss some of the most recent cybercrimes we have witnessed in the world in the recent times:
Heart bleed- I considered it to be among the greatest security bugs that have happened recently because it completely exposed a massive flaw in security that in turn seriously hampered the majority of the web (Loewengart, 2012). It was discovered in the OpenSSL encryption Library whose main task is protecting passwords and usernames. It surprised me that this bug went on unnoticed for two years; of course it is possible that hackers made away with several passwords and usernames.
Snap chat- Hacking of this app happened in early 2014 exposing phone numbers as well as usernames of four million users. Furthermore, I was surprised to learn that users of snap chat faced the possibility of greater damaging exposure during compromising of their snap shaved website where users saved their videos and photos.
Shellshock Bash- This breach had the possibilities of being the creepiest and greatest security breach ever, when it popped out in September 2014, it emerged as a vulnerability in Unix systems, Linux, and Mac OS X; typically, it gave hackers the likelihood of remotely executing commands to websites, devices, and computers (Loewengart, 2012). A form of interpreter called bash mostly carried out commands in anything from websites to routers, to laptops. I am simply saying that Shellshock bug had the ability to put a countless number of devices at risk (Bayuk, 2012). Be that as it may, I was contented to learn that the users would be safe from the bug due to the reason that nearly all major companies of software have already patched the bug.
Hynson, C. (2012). Cyber crime. Mankato, Minn.: Smart Apple Media.
Gori, U. (2009). Modelling cyber security approaches, methodology, strategies. Amsterdam: Ios
Felici, M. (n.d.). Cyber security and privacy: Trust in the digital world and cyber security and
privacy EU Forum 2013, Brussels, Belgium, April 2013, Revised selected papers.
Henry, K. (2012). Penetration testing protecting networks and systems. Ely, Cambridgeshire,
U.K.: IT Governance Pub.
Loewengart, V. (2012). An introduction to hacking and crimeware a pocket guide. Ely,
Cambridgeshire: IT Governance Pub.
Dacey, R. (2003). Information security progress made, but challenges remain to protect federal
systems and the nation’s critical infrastructures. Washington, D.C.: U.S. General
Ciborra, C. (2002). The labyrinths of Information: Challenging the wisdom of systems. Oxford:
Oxford University Press.
Mowbray, T., & Shimonski, R. (2014). Cybersecurity managing systems, conducting testing, and
investigating intrusions. Indianapolis, Ind.: John Wiley & Sons.
Halder, D., & Jaishankar, K. (2012). Cyber crime and the victimization of women laws, rights
and regulations. Hershey, PA: Information Science Reference.
Awan, I. (2011). Policing cyber hate, cyber threats and cyber terrorism. Farnham: Ashgate.