Cyber Security for our Generation
Some of the biggest threats to our national security often go unnoticed. These threats are generally not publicized, and no emphasis is placed on them. They represent some of the most significant challenges our generation faces. It's shocking is that these threats are often covered up or are attempted to be. For instance, one of the key issues that arose in 2018 was the Facebook data scandal.
This scandal was not a cyber-attack per se, yet it highlighted that most people are clueless about how much these companies and applications know about them.
NBC News reports that the Facebook data of 87 million people was improperly shared with a political consulting firm. Facebook CEO, Mark Zuckerberg, was aware of this issue for two years and didn't acknowledge it until it was publicly revealed in March of 2018. Now, Facebook is striving to rectify the situation; this includes allowing its users to download a zip file of "all" the data that Facebook has compiled about them.
However, the truth is, Facebook will never reveal the full extent of data they possess about its users. Upon hearing this news, I promptly downloaded my personalized zip file from Facebook, only to realize that most people are indifferent or unaware of such a personal data file. The same users are not likely to update their privacy settings or limit the data collection by Facebook. The scarier part? Google offers a similar service where you can download "all" your data. In my case, it was a whopping 10 GB. If you're feeling adventurous, visit google.com/takeout to download your own personalized zip file, compliments of Google.
People should understand that their online activity matters; it extends beyond casual web surfing and social media use. Many don't realize that the internet has heightened the potency of modern terrorism and consider human factors as critical parts of hacks and daily security. Simply knowing basic security information can not only decrease the chances of falling victim to a cyber-attack but also provide an edge in the job market. The bottom line is that people need to be more informed about cyber security and the threats of the internet.
Quite often, people remain oblivious to cyber-attacks primarily because they don't have a grasp on what they should fear. If you ask the average person, chances are they couldn't identify even half of the potential online threats listed in this essay. Another overlooked point is that terrorism has been significantly escalated by ICTs (Information Communication Technologies). Moreover, most hacks occur due to human error. Cases of information theft often arise simply because an individual clicked on a "too good to be true" deal. An article by the University of San Diego listed some significant security threats of 2018, including connected cars and semi-auto trucks, smart medical devices and EMRs, and state-sponsored attacks.
Connected cars and semi-auto trucks are extremely susceptible to being hacked due to their weak security systems. The dangerous thing about using a connected car is that it knows so much about you. For example, your car knows your address, common destinations, how long you are driving, your in-car music tendencies, recent destinations, etc. Your car creates a detailed record of your life, and because this information is so easily accessible, it means that the security on the cars should be heavily increased. Smart medical devices are just the same as a connected car; they are detailed records of you that have little to no security attached to them. In a poll conducted by IT News and HIMSS, it was reported that 75% of hospitals have been hit by ransomware over the past year.
This literally means that 3 out of every 4 hospitals have been attacked. State-sponsored attacks are becoming even more prevalent in today's tech-savvy world. A state-sponsored attack is when governments attempt to hack into other countries' governments. It is like attacking another country on the battlefield, except the battlefield is in the cloud. Your data is at risk in many more ways than most people can even comprehend. There are different types of people who do malicious things online. They are often referred to as actors. In an article written by Cesar Cerrudo for Forbes Magazine, he identifies the different threat actors as cybercriminals, hackers, hacktivists, cyber terrorists, and nation states.
These actors target anyone and everyone. One of the biggest threats that people and entire nations face is terrorism. Terrorism is only enhanced by the internet, and in recent years, it has facilitated the communication for terrorists. In a scholarly article written by Brianna Heidenreich and David H. Gray, they discuss the important facts about terrorism and the internet and the ways terrorism and the internet intersect. The article emphasises that the internet is used to spread terrorist propaganda and to create an online following. This is done by posting propaganda videos and videos of the groups committing acts of terror. A recent example of this is the terrorist group ISIS, which has gained publicity for posting videos online of the group members executing people and destroying landmarks/holy places. This, along with the different attacks that ISIS has claimed responsibility for, has helped them to amass a significant following across the world.
The article states, "Without proper cybersecurity protection, the society we have constructed is in danger and is extremely unstable. All the systems that our society is composed of are made up of interconnected systems, and the failure of one will affect the rest" (Heidenreich and Gray 6). This means that once a terrorist group or hacker infiltrates one system, it will cause a ripple effect that has the potential to devastate people and governments. This is possible because we, as a society, have made everything so dependent on everything else -- everything is interconnected. This is also a huge issue because human error occurs all too often. Consider the attack that occurred on HBGary in early 2011.
The security firm, HBGary, was hacked by Anonymous in 2011. This hack destroyed the entire company and over 60,000 emails were exposed online. The hack was made possible because of human error; Anonymous hacked someone who worked for the firm. This person used the same password for other accounts and also used a social engineering hack (tricking someone into an action they wouldn't typically undertake) on a high-level employee. Due to human error, the hack was a success, and the company was destroyed. This incident proves how the simple act of using different passwords can enhance one's security against hacks. It brought to light the importance of being more careful and conscientious of online activities and tendencies.
Cybersecurity awareness needs to be publicized, discussed, and treated more seriously by both the public and the government. "Knowledge is power" is a clichéd but true statement. The more you understand about online safety, the better protected you will be against attacks. Had the CEO of HBGary been more knowledgeable about the risks associated with reusing the same passwords, the hack might not have occurred and HBGary might still be operational. Information communication technologies are so deeply integrated into our everyday life that we often forget their existence - and how easily they can cause problems. People often enhance their connectivity by using the same or similar passwords, or by using Facebook to log into every different app they download. As convenient as this may be, it also makes it easier for data to be attacked and stolen.
Given the increasing reliance of individuals and government structures on Information and Communications Technologies (ICTs), there should be a greater incentive for cybersecurity awareness. People often underestimate the danger of having everything so interconnected. It only takes one unscrupulous person snooping around to steal your credit card details, social security number, and all your passwords. Recovering from such a hack is incredibly difficult, and it can be nearly impossible to track down the stolen information and culprit. Cesar Cerrudo identified three main issues contributing to the state of cybersecurity: "Firstly, there's a lack of knowledge and awareness about the importance of cybersecurity. Some companies don't care about cybersecurity, while others care but don't know what to do or how to do it. Secondly, there are complex scenarios where old, new, and different technologies are used together."
This happens frequently as businesses update, and just one insecure component could make a whole system insecure. Finally, there's a lack of time and money for security. Products need to be built and released quickly. There is a 'Fail fast, fail often' mantra, which is only fine as long as you also 'fail safe'" (Cerrudo 11). These points provide great examples of why people behave the way they do, and why there is a lack of knowledge. To touch on Google again, I would like to enlighten people about how much Google publicly admits to knowing about its users. Remember the zip file I mentioned earlier? The one that Google lets you download? Well, I'll let you know how much they "know" about you. Google tracks your location, providing a map of everywhere you have ever been while logged into a Google account, right down to the exact date and time.
Google also creates different advertising profiles based on your search tendencies, location history, gender, age, hobbies, interests, and relationship statuses. Google stores information from every single app you have logged into with Google (Facebook does the same thing), including how often you use the apps and where and how you use them. Google retains all of your YouTube history, from the very beginning until your latest search. Google knows every event registered in your calendar, whether you attended or not, along with the RSVP list and more. Google knows every search and image search you have ever made, even if you have cleared your history. Google keeps track of every email you have ever sent or received, every ad you have clicked, and every file that has ever been in your Google drive, even if it has been deleted.
Google has every photo taken with a Google app, or uploaded to Google photos, even if they have been deleted, and includes the location and time each was taken. Even if you don't have a Google account, Google creates a profile for you and collects the same kind of data. The 10GB file that Google let me download is equivalent to roughly 25,000 word documents. For example, the document with all my searches dating back to my first Google account in 2011 was literally 1,100 pages long. Of course, Google allows you to delete the data it has saved on you, but do you really believe that once you "delete it", it's actually gone? The hard fact is that people need to become more aware of cybersecurity tactics and simple steps they can take to help prevent being attacked. Now, what can you do?
In 2015, IBM stated that human factors were responsible for 95% of all security incidents. That's a dauntingly high number, and the sad part is that it should be zero. Human error exists largely because people don't know what to do, or they neglect concepts that could help them be safer. As everything becomes more interconnected, we need a greater number of people knowledgeable about cybersecurity. As stated in the article about HBGary, "It's worth spending resources on keeping the security and risks management knowledge of workers updated all the time as this can reduce an organization's cybersecurity breaches by 70%" (Gyunk & Christina 17).
Imagine being able to decrease security breaches by 70%, just by investing more funds into cyber security professionals. This would not only decrease the number of attacks and the susceptibility to such attacks, but it would also increase the number of cyber security professionals in the workplace. With an increased demand for cyber security professionals, more people would pursue degrees in this field, filling the open jobs. This situation can be compared to the recent surge of engineers. For as long as I can remember, I've heard that there is always a need for engineers in the workforce and that they possess valuable degrees.
This is the transformation that needs to happen in cyber security. It needs to become as popular as engineering. With the current pace of technology's evolution, there will always be a need for cyber security professionals given the perpetual evolution of the job's subject matter. More immediately, there are simple things that employed individuals can do to maintain high-level security. In an article titled "What You Need to Know About Cybersecurity in 2018," Laurence Bradford outlines some efficient techniques. He suggests, "In sales, reassure customers of an organization's security posture. In corporate communications, assess in the context of business reputation and brand trust.
The legal team should ensure that the right security clauses are built into supplier and customer contracts. Regarding HR and/or security, know what's needed for better security awareness and training. Product managers should advise on good security features. In engineering development, make sure you develop secure code. Security professionals should perform reviews and quality assurance tests for functional and security verification. Corporate management should ensure that a good security incident response plan is in place to address any vulnerabilities" (Bradford 9).
These tips are designed to safeguard your security as well as that of your company's. Actions you can take to improve your personal security, if becoming a cyber security professional doesn't appeal to you, include using different and unique passwords, employing a VPN when on public networks, and avoiding "too good to be true" ads. Using different and unique passwords is one of the simplest but most effective ways to protect yourself online, as it makes it challenging for outsiders to hack your password. If one account is compromised, your other accounts will remain safe because each password is different. A VPN, short for Virtual Private Network, reroutes your browsing data and hides your IP address, rendering you invisible on a network. Also, always apply wisdom online. Avoid clicking on dubious ads, never give your credit information to untrusted websites, and don't open links of unknown origin. Deception is one of the ways that people get hacked, so it's best to stay cautious.
Hackers can trick people into believing they are getting the deal of a lifetime, or some other enticing offer that prompts a click. Once you click on it, or input information, that data is out in the ether forever, and your data may be stolen. The takeaway is that individuals should be more protective of their data and information, especially in an era where almost everything is stored online for ease of access. Having read this essay, how comfortable are you knowing the extent to which sites like Google and Facebook hold your information? And the ease with which that information can be attacked and stolen? It is, indeed, terrifying. There needs to be a heightened awareness of cyber security and the associated risks.
People need to be better informed and more prepared for the threats inherently involved with internet usage. Our society has extolled the virtues of the "ease of access" evolution of technology, insisting that everything must be rapid and user-friendly. This trend, however, renders people's data increasingly vulnerable to theft, and many are oblivious to the risks involved in simple actions like logging into Instagram via Facebook. A chilling thought? The Facebook scandal doesn't merely affect Facebook users—it extends far beyond that. Facebook owns other popular apps like Instagram and Whatsapp, not to mention Google’s hold on Youtube, Adsense, and DoubleClick.
The latter two, owned by Google, are ad services that track the sites you visit and the items you shop for. So, when you see an ad for the very shoes you were browsing yesterday, it’s because those sites have recorded your browsing history and relayed it to Google. This way, Google ends up knowing virtually everything about you. And the most unsettling part is, we may never truly comprehend the extent of what these tech giants know about us. In a world where online privacy is virtually nonexistent, your best chance at securing your data is a thorough understanding of online defense strategies, and a keen awareness of the risks associated with being an internet user.
Works Cited
- Gyunka, Benjamin Aruwa, and Abikoye, Oluwakemi Christiana. "Analysis of Human Factors in Cyber Security: A Case Study of Anonymous Attack on Hbgary." Computing & Information Systems, vol. 21, no. 2, May 2017, pp. 10-18.
- Heidenreich, Brianna, and Gray, David H. "Cyber-Security: The Threat of the Internet." Global Security Studies, vol. 5, no. 1, Winter 2014, pp. 17-26.
- "From Information Security to Cyber Security Cultures." 2014 Information Security for South Africa, Information Security for South Africa (ISSA), 2014, p. 1.
- Cerrudo, Cesar. "Why Cybersecurity Should Be The Biggest Concern Of 2017." Forbes, Forbes Magazine, 27 Nov. 2017.
- "Cyber Security Threats in 2018." University of San Diego, 24 Jan. 2018.
- Bradford, Laurence. "What You Need To Know About Cybersecurity In 2018." Forbes, Forbes Magazine, 11 Apr. 2018.
- Meredith, Sam. "Facebook-Cambridge Analytica: A Timeline of the Data Hijacking Scandal." CNBC, 10 Apr. 2018.
Cyber Security For Our Generation. (2019, Jun 12). Retrieved from https://papersowl.com/examples/cyber-security-for-our-generation/