Regarding Cyber-Attacks

Rapid technology advancement and the escalating cyberthreats

Rapid technology advancement has created both new business prospects and potential to increase established businesses’ efficiencies. The number of dangers to companies has reached an unprecedented level as a result of technology’s interconnectedness. The malicious cyber attacks are committed by unidentified parties with the goal of stealing, changing, or erasing data or activities from a system that is vulnerable to them (Center for Development of Security Excellence, 2016). Organizations must take precautions against cyberthreats, especially governments, national infrastructure, and commercial organizations (The Department of Homeland Security, 2016). It is not like in the past when financial institutions were considered to be affected. Either the attacks are planned or opportunistic. Deliberate are because of the high profile and valuable data held while opportunistic arises due to the existence of opportunities to be exploited.

The vulnerability of interconnected gadgets to cyber threats

The level of cyber threats is unimagined as the interconnectedness of gadgets we use in our daily life is vast. Computers control electricity grids, vehicles, and military operations. The interconnectedness increases the vulnerability of attacks. All these are in the form of binary code for which one has to identify where to attack. The huge data involved brings complication into cyber threats as it is easy to lose focus.

The need for an integrated security solution

Cyber threats are diverse, dynamic and complex today due to the rapid pace of innovation. They are harder to detect and thus call for a need of an integrated security solution. The fact that most of these attacks go unreported in fear of backlash from clients, hinder the fight against cyber attacks.

The failure of classic defense methods against cyber assaults

The classic defense methods have failed in the war against cyber assaults. It is because attacks impersonate reliable and legal information in systems. The volume of data and many end points of use increase the probability of attacks as there are users with little knowledge of security awareness despite the systems being well-secured. Using new technological advances like big data analysis aid in identifying anomalous behavior and thus prevent attacks before damage is done (Averbuch & Siboni, 2013).

Turning proactive in the fight against cyber threats

Measures to protect against cyber threats were reactive in the past. Attacks are persistent with the intention of causing ongoing damage to systems, entities, and nations. Cyber defenders have turned proactive due to the high cost involved in dealing with the aftermath of an attack. It entails putting oneself in the shoes of the cyber attacker. The cyber threat intelligence teams are faced with a problem of no particular organization being self-sufficient to have situational awareness. Information sharing comes in to break this barrier in the fight against cyber threats. Automation to aid the analysis is crucial as the speed of change is high.

Enhancing collaboration in cyber threat management

With automation, there has been a need to structure information in a way that can be understood by all parties as well as machines. It is meant to enhance the usefulness of the information. Community initiated solutions like Structured Threat Information eXpression have acted to strengthen collaboration in cyber threat management (Barnum, 2014).

Fighting off conventional cyber attacks with behavioral models

Understanding the nature of cyber threats has been a challenge due to the compound ways used in attacks. A conventional method of attack using malware has been fought off using Petri nets. It entails analyzing behavioral models of malware that detect and thus aid in applying countermeasures to prevent them (Jasiul, Szpyrka, & liwa, 2014). Problems faced with the approach include rapid changes to malware which calls for a need of constantly evolving the protection mechanisms created.

The double-edged nature of the internet and the rise of awareness

The nature of the internet which has led to its widespread adoption, openness, has turned out to be its undoing. The internet was meant to allow the free flow of information. The absence of policing then led to the welcoming nature of cyber attackers as one is not answerable for their actions online. The level of awareness in individuals of the threat of cyber attacks has risen compared to the past. It helps in forming the first line of defense (Timberg, 2015). Burgess emphasized that “The cybersecurity education and awareness of individual employees, decision-makers, and boards can be counted among the most positive outcomes of 2015. Nowhere is this more positively evidenced than within public-private partnerships.”

The Yahoo hack and the lessons learned

The Yahoo hack announced on 22 September 2016 was one of the greatest Cyber Threats. It was reported that about half a billion accounts had been affected. The fact that it was not the first attack on Yahoo caused a severe backlash on the company. The vulnerability based on investigations was established in 2014. It highlighted to the public the massive nature of the problem as the accounts could have been vulnerable for over two years. The incident has led to the devaluation of Yahoo in the intended sale to Verizon by approximately $ 350 million after earlier anticipations of the hit being around $ 1 billion (McGoogan, 2016).

The importance of strong passwords and open communication

The Yahoo attack had awakening lessons to consumers of the need to have strong, unique passwords that are changed regularly. To the organization, it highlighted the need to be open in releasing information about security breaches for protective measures to be taken. It further underlined the need to have robust detection systems against cyber threats to avoid the risk of being penetrated without noticing over long durations. Risk mitigation actions should be timely as the duration from vulnerability to the release by Yahoo pointed to a possibility of poor situational awareness thus bringing in liability issues (Pham, 2016). The interconnected nature of the web exposed that by hacking into people accounts, it was an easier way of getting corporate information.

References

Averbuch, A. & Siboni, G. (2013). The Classic Cyber Defense Methods Have Failed – What Comes Next?. Military and Strategic Affairs, 5(1), 45-58.

Barnum, S. (2014). Standardizing Cyber Threat Intelligence Information with the Structured Threat Information eXpression (STIX™) (pp. 4-18). Massachusetts: The MITRE Corporation. Retrieved from http://www.standardscoordination.org/sites/default/files/docs/STIX_Whitepaper_v1.1.pdf

Burgess, C. (2015). With 2015 Cybersecurity Challenges in the Rearview, 2016 Presents New Opportunities. Security Intelligence. Retrieved 17 March 2017, from https://securityintelligence.com/with-2015-cybersecurity-challenges-in-the-rearview-2016-presents-new-opportunities/

Center for Development of Security Excellence,. (2016). CDSE CI Awareness. Retrieved from https://www.youtube.com/watch?v=IBH4ddYxKyg&index=4&list=PLdRa5TxvtkA2yCf3n5a15I_Tpz2heyHml

Jasiul, B., Szpyrka, M., & liwa, J. (2014). Detection and Modeling of Cyber Attacks with Petri Nets. Entropy, 16(12), 6602-6623. http://dx.doi.org/10.3390/e16126602

McGoogan, C. (2016). Yahoo hack: What you need to know about the biggest data breach in history. The Telegraph. Retrieved 17 March 2017, from http://www.telegraph.co.uk/technology/2016/12/15/yahoo-hack-need-know-biggest-data-breach-history/

Pham, S. (2016). Yahoo hack: Here’s what you should do. CNNMoney. Retrieved 17 March 2017, from http://money.cnn.com/2016/12/15/technology/yahoo-security-breach-billion-users/

The Department of Homeland Security,. (2016). National Infrastructure Protection Plan | Homeland Security. Dhs.gov. Retrieved 17 March 2017, from https://www.dhs.gov/national-infrastructure-protection-plan

Timberg, C. (2015). Net of Insecurity: A flaw in the design. The Washington Post. Retrieved from http://www.washingtonpost.com/sf/business/2015/05/30/net-of-insecurity-part-1/