Cyber Security

0 / 5. 0

Cyber Security

Category: Critical Thinking

Subcategory: Accounting

Level: College

Pages: 12

Words: 3300

Cyber Security
Name of Student:
Course:
Course Instructor:
Date:
Cyber Security
Introduction
Cyber security has become an issue in the current digital world following the developments in technology that occur from day to day. This has led to several attempts by various experts to try and secure the cyber fields that have increasingly become the criminal’s workshops. IBM’s “Staying Ahead in Cyber Security Game” is one of the books that tackle cyber security issues. This paper is a critical analysis of chapters 8, 9, 10 and eleven of the said book.
Chapter 8
Executive summary
This chapter is entitled “Be your own worst enemy” with a further inscription that states that if anyone wants to discover their weakness they should really possess the urge to discover them. The chapter in its bid to inform on how to manage to secure cyber security starts by pointing out the major difference between an attacker and a defender. The difference is said to be determination and communication. It is provided that the attacker must not at any point be allowed to become party to the mission of ensuring that cyber security is secured. A warning is issued to the effect that increased dynamism in cyber crime has caused the process of securing cyber security to be more complex and, therefore, requiring very high standards on creativity to achieve the goal. As a result, determination of attackers has significantly increased basing on the fact that there have been developed strict measures to deal with the cyber criminals hence leaving the field with lion-hearted criminals as the fearful ones keep off to save themselves from the developed punishments. It is essential therefore that notice is taken that ignorance and determination are the main elements that are a threat to security in that where the attackers have too much determination to attack while the people to secure security remain ignorant as far as security issues are concerned then maintaining security becomes a white elephant. The chapter is concluded by provision of the strategies that should be taken into account in ensuring that there is relative security regarding the cyber field.
The three most critical issues
The major difference between an attacker and a defender
Effect of digital globalization on cyber crime
Need for knowledge and zeal as a weapon to curb cyber crime.
The chapter presents communication and determination as the elements that determine and/or permit cyber crime to be committed. For instance, when security issues within an organization are communicated to every Tom, Dick and Harry in the company, the hackers would be in a position to know everything that would aid their hacking activity. It is said that hackers generally are more determined to attack and, therefore, the defense must possess determination of a higher degree to obtain cyber security as compared to the determination that the hackers have. Digital globalization is also a critical issue that has increased dynamism in the process of curbing cyber crime. This has been illustrated by the way attackers have remained determined to commit their acts even after having developed more strict laws with extremely harsh punishments to those convicted with cyber crime offenses. As regards need for knowledge and zeal, it is found that this is the only most applicable requirement that would manage existence of relative security in the cyber field. As such, organizations and individuals are called upon to be a step ahead by working hard to be aware of the ways that the attackers use. Being determined to work towards the realization of cyber security is key because it urgencies the concerned persons to work extra miles in the same hence leaving no stone unturned for the attackers.
The three relevant lessons learned
The development in technology is directly proportional to cyber crime development.
Ignorance and determination are a threat to cyber security.
Have a hacker’s mindset and discover own weaknesses before other do.
It is observed there is increased complexity in curbing cyber crime that is caused by the constant changes that are induced by the innovations in technology. Following this, a realization is made that the state of technology directly affects commission of cyber crimes in that it has increased the chances for the vice to be committed. The effect has been also seen to effect on the measures to be put in place in curbing the vice including the stringent laws hence making determined hackers develop smarter methods of continuing with their acts. It has also been learnt that ignorance and determination are a threat to cyber security. This is possible in cases where the defense to treats has no knowledge of the impending threats nor forms that they come in. In such a case, the attackers would easily invade the cyber and destroy or do away with what they want. As regards determination, practice indicates that attackers always have high determination to accomplish their mission of attacking and unless the defense has the same degree of determination to curb the vice, then the security of cyber shall continue being at stake. Having a hacker’s mind keep the defense alert and ahead of the attacker which will in turn make is impossible for the defense to be invaded unawares.
Three most important best practices
Create or use whitehat penetration test team regularly
Initiating security things in all aspects of life
Understanding attackers
Whitehat attackers are re-known for their ability to break into systems and data that they have no permission to access. Using them or coming up with new form of penetration test team that would be tasked to majorly deal with modern hackers so helpful. As far as initiation of security things in all aspects of life is concerned, it is advisable that nothing is left to chance regarding organization’s security. The author says that security should be made a game. This infers that it should be so usual that the responsible persons take on it daily. It would be a best practice if the defense would be in position to understand the attackers such that they can easily detect the moves of the attackers and apply necessary defense hence lowering chances of succumbing to the enemy’s threats.
Chapter 9
Executive summary
The chapter begins with a catchy heading, “you will be hacked, but it is ok” This alone sounds ridiculous given that the writer’s objective is to help the reader in curbing cyber crime. Before reading further, it is found that the writer says that it is ok to be hacked on condition that the attacked knows that they have been hacked and have the capacity to recover. The writer states that the thought that there are determined hackers targeting someone or their company breeds a lot of fear and, therefore, informs that achieving cyber security calls for suspecting everything and everyone including emails, attachments, documents, phone-calls, visitors and WIFI networks. An example of determined hackers (whitehat) is given and the reader is encouraged to maintain the fight in spite of the challenge as positive energy is the only requirement to succeed in this scenario. The authors state that the current trend is characterized by targeted attacks moreover, in the defense industry as well as the financial field. This has been facilitated by the increased professionalism in criminal activities coupled with digital globalization. It is found that hacker communities could in some circumstances employ same strategies in their work with reasons to have political or social influence. In developing new strategies in this instance, a review of what took place earlier if given and then a resolution at the end of the chapter is made that an organization should focus majorly on recovery being aware that there exist persistent threats.
The three most critical issues
There are increased targeted attacks in the defense industry and financial world.
There is developed Advanced persistent threat (attacks by state or business players)
Hacker communities carry out their acts for political or social reasons.
The fact that targeted attacks are so many in the defense industry is critical in fighting cyber crime. This should inform the defense on the strategies to be developed in the bid to succeed in the fight. Prevalence of advanced Persistent Threat to the extent of having attacks from the state and business partakers is a wake-up call to the defense industry to up their game in order to be on par with their opponents. It is important to note that when hackers incorporate political and social elements as a drive for hacking, then the problem of cyber insecurity becomes even more spiral thereby requiring the defense industry to be on their toes.
The three relevant lessons learned
Threats are real and are lived with daily.
An organization’s staff is vulnerable to influence from attackers to participate in hacking into the organization’s data.
It is important for one to detect when they have been hacked so they can work on recovery.
From this chapter, it is learnt that threats are real and need to be dealt with in the day to day operations within organizations. It is saddening to the defense industry to realize that the attackers are so determined to use all means including bribing and hiring staff members of the defense industry to assist the access data so they can hack it. Owing to the fact that threats are eminent in today’s world, being able to know that one’s information has been hacked is essential as it will direct on how to recover the same.
Three most important best practices
Put up countermeasures across the whole system of the attacker.
Monitoring own network and systems with great concern
Mitigate the effects that are caused or may be caused by the attacks proactively and reactively.
The defense industry must create countermeasures across the whole system of the attacker and this would help to detect emerging threats and deal with those that might have already been released. Careful monitoring of own network and systems is important as it will contribute to ensuring prevalence of cyber security by detecting any abnormal changes in the industry. Employing all available means to reduce the effects of the attacks on the systems as well as mitigating the effects that could be caused if the attack took place brings about relative security in the increased cyber crime era.
Chapter 10
Executive summary
This chapter has a title, “The data scientists will be your next superhero”. The title is followed by a statement that pattern recognition is not a common information technology security skill. The chapter begins by asking the reader if they can foretell bad and good actions, segment users on the basis of their behaviors as risky and regular, detect when installation of malicious software is done by a disgruntled system administrator before they leave the company. It is provided that the stated questions are used in the application of advanced analytics to big data. They comprise of models for presenting g threats, attacks and/or heuristics of observations. The analyses require data that would be used for purposes of training and teasing out patterns or provision of visualizations for human knowledge to be used in developing insights. Applicability of this process involves connecting data from system log files, historic data on IP addresses, honey pots, system behavior and user patterns and as such be used to create a complete picture of normal behavior for a user or scenario. The development is handy in the detection of external and internal attacks. It has however been noted that big data part might require a data scientist to establish the patterns or be able to infer security information from the found data. Basing on this finding, it is necessary that big data is broken down to aid advanced analytics. More efforts should be applied on the verge to determine normality in the patterns so that to easily identify the abnormal trends in an organization. Advanced analytics with the help of scientific experts in data analysis should always be applied on big data for success in curbing cyber crimes.
The three most critical issues
Ability to analyze complex data.
Successful analysis of data is essential in detecting attacks.
Relevance of big data to the defense and attackers
Critical issues presented in this chapter include the ability of analyzing complex data, importance of success in analyzing data and the relevance of data to the defense industry and hacker communities. It is provided that not everybody has the ability to analyze data and especially data that is termed as big. However, managing to analyze data has been proved in the chapter to important in terms of securing cyber security as it helps in detecting threats. The chapter also demonstrated that big data has been illustrated as useful to the defense industry that the attack community has surprisingly embarked on using in its endeavors making things to be difficult for the defense industry.
The three relevant lessons learned
Big data requires advanced knowledge in its analysis.
Big data can be used by both the defense and the attack community and each would achieve their goals as much as the goals are directly opposite.
The paramount reason for data analysis is to identify what is normal and what is not normal.
From the chapter, it is learned that big data requires the skills of an expert in data analysis. That successful interpretation of the big data provides a plus in the defense industry. Another lesson is that the big data can be advantageous to both the defense and attacking community in that the defense uses it to detect a lot of threats while the attackers use the same to develop more complicated threats. It is now known that data analysis has the main purpose of detecting threats in this context.
Three most important best practices
Be conversant with the knowledge regarding what advanced security analytics on big data can show on the detection system.
Always employ experts in data analysis to work for the organization.
Be collecting and correlating data across different systems, levels and channels
Being equipped with the knowledge on advanced security analytics on big data would be handy in helping an organization identify threats very fast. As such a practice of having data analysis expert personnel in an organization would ensure that no threat slips through the fingers of the organization without notice. Constant collection correlation of data across different systems within an organization will ensure lead to the relative existence of security in the cyber field.
Chapter 11
Executive summary
“Hackers learn quicker than the organizations they are attacking” is the title of this chapter. There immediately after the title is a statement that sternly warns against continuing doing the same mistakes over and over. For example, it is provided that initially phone systems were hacked by application of ‘control’ codes in the ‘content’ of the call and when there was introduction of databases the same method of hacking was successfully used. Control codes were mixed in the same ‘channel’ hence facilitating the attack. This illustration indicates that same lessons are learned with every new technology that the hackers know and, therefore, they start their attacking mission by applying all the techniques that worked on past devices. These include overflows, disruption control, injecting and overwhelming. Another interesting thing to note is that the hacker communities share information regarding their knowledge very fast and build the capacity of young apprentices to become even better. Expression of fear is eminent in the digitalized era that is characterized by increased introduction of new devices, new API’s, Cloud and collaborative business process to the extent that there is threat of even attacking the human computer in the near future. There is it important that knowledge that is gained every year is applied and always remembering lessons that are learned from the past to complement the recently learnt lessons. To succeed, it is necessary that apart from being on the watch out for newest threat and countermeasures, focus should also be directed to best practices that have been developed as before which have substantially grown to provide rich information relevant in fighting cyber crime.
The three most critical issues
There is widespread growth in evolution of cybercrime.
Hacker communities are determined to spread their knowledge and even train more people to the business.
With the increased technology, the platform for cyber crime has been widened.
It is critical note that there is increased dynamism in cybercrime as provided for in this chapter. The quest for the hacker communities being so much determined to inform their fellows and recruit more actors in the attacking side poses a threat that is great to the defense in the information security field. This is promoted by the increased technological advancements being experienced. These issues are critical because they have widened the platform of cybercrime and as stated in earlier chapters, the high degree of determination by the hacker community makes things to become even worse.
The three relevant lessons learned
Past technology is relevant in today’s defense to attacks
Sharing information and experience in the defense industry are necessary as the attackers use the same strategy to succeed.
Making same mistakes over and over in the defense industry hinders realization of the industry’s objective.
A realization is made that past technology is very important in today’s defense to attacks. This is because, it has been established that the attacks send to previous devices have in most cases worked on the new ones that are introduced. To curb this problem, it would be good to share information and experiences among the defense actors so that they can be in position to identify a threat that they experienced some time back. This would bring to an end repetition of mistakes hence achieving information security.
Three most important best practices
Having enough knowledge that relates to information security and applying the industry standard frameworks.
Be equipped with information on the attackers’ techniques.
Be an advocate for cyber security from grassroots.
Staying informed on the information security coupled with the application of the industry’s standard frameworks is a best practice for the defense. The defense must also be in possession of the attacker’s mind so that they are able to detect the moves of the hacker community as well as develop efficient defense to it. All actors in the defense industry must strive to advocate for cyber security and champion the same at all levels of their existence starting from the communities that they come from.
Conclusion
The above analysis reveals that the contemporary digital world of today is characterized by dynamism in technology. It is observed that changes that come with digitalization have contributed to developing of organized crime, state-sponsored attacks and social activism that makes security risks as one of the challenges emanating from information technology. The other greatly affected sector is seen to be the corporate world where target is focused on things like a brand of an organization, intellectual property, sensitive business data and financial resources. The paper has been very educative since every chapter has highlighted critical issues, lessons learned and provided for the best practices to be applied in curbing cyber crime. Diligent application of elements raised in this paper would definitely contribute to bringing about sanity in the cyber field.