Cyber Security for our Generation
Some of the biggest threats to ordinary people’s security often go unnoticed. Some of the biggest threats to our national security often go unnoticed. These threats often are not publicized, and no emphasis is given to them. These are some of the biggest threats that people face in our generation. The shocking part about these statistics is that they are often covered up, or at least they are attempted to be. One of the biggest storylines that has happened in 2018 so far has been the Facebook data scandal. Now while this is not a cyber-attack, it still brought to light the fact that most people are oblivious as to how much these companies and applications know about them. According to NBC News, there are now 87 million people that have had their Facebook data improperly shared with a political consulting firm. Facebook CEO Mark Zuckerberg knew about it for two years and didn’t acknowledge it until it was publicly ousted in March of 2018. Facebook is now trying to cover their tracks and find a way to make things right, this includes allowing its users to download a zip file of “all” the data that they have saved on them. The only thing is that, Facebook will never give away how much it knows about you. I know that when I heard about this, I instantly downloaded my own personalized zip file that Facebook made for me and opened it up. The sad part is that most people didn’t even care enough to look at their own zip file, many of these same people will not be updating their privacy settings or editing the amount of data that Facebook is able to collect on you. And the even scarier part? Google has the same option where you can download “all” the data they have saved on you, mine was 10 GB. So, if you really want to scare yourself, type in google.com/takeout to download your own personalized zip file, courtesy of Google. People need to realize that what happens on the internet is important, and that its more than just surfing the web and using social media. Many people don’t know that modern terrorism has only been enhanced by the internet, or that human factors are often a critical part of hacks and everyday security. Or even that even simple knowledge of basic security information can help you to have a lesser chance of being attacked, but it also gives you a serious advantage over other people when it comes to jobs. The simple fact is that people need to be more knowledgeable about cyber security and the threats of the internet. People are usually oblivious to cyber-attacks. This is mostly because they just don’t know what it is that they are supposed to afraid of. If you talk to almost any person, I bet you that they couldn’t name half of the different types of threats that I am going to list during this essay. Something else that people don’t realize is that terrorism has only been enhanced by ICTs’ (Information communication technologies). Not to mention that most of the hacks that happen are all made available by human error. There are often cases where a person will get their information stolen solely because they clicked on one of those “too good to be true” deals. In an article written by the University of San Diego, some of the main security threats of 2018 were listed. Just to list a few of them, connected cars and semi-auto trucks, smart medical devices and EMRs, and state sponsored attacks. Connected cars and semi-auto trucks are extremely susceptible to being hacked due to their weak security systems. The dangerous thing about using a connected car is that it knows so much about you, for example, your car knows your address, common destinations, how long you are driving/in your car, music tendencies, recent destinations ect. Your car creates a detailed record of your life, and the fact that that much information so easily accessible, means that the security on the cars should be heavily increased. Smart medical devices are just the same as a connected car, it is a detailed record of you that has little to no security attached to it. In a poll done by IT News and HIMSS, it reported that 75% of hospitals report being hit by ransomware over the past year. This literally means that 3 out of every 4 hospitals have been attacked. State sponsored attacks are becoming even more prevalent in today’s tech savvy world. A state sponsored attack is when governments attempt to hack into other countries governments. It is like attacking another country on the battlefield, except the battlefield is all in the cloud. Your data is at risk in so many more ways then most people can even comprehend. There are different types of people who do malicious things online, they are often called actors. In an article written by Cesar Cerrudo for Forbes Magazine, he states the different threat actors as; cyber criminals, hackers, hacktivists, cyber terrorists, and nation states. These actors target anyone and everyone. One of the biggest threats that people and whole nations face is terrorism. Terrorism is only enhanced by the internet, and in recent years it has increased the ease of communication for the terrorists themselves. In a scholarly article written by Brianna Heidenreich and David H. Gray, they bring up the important facts about terrorism and the internet, as well as the different ways that terrorism and the internet go hand in hand. The article brings up the important fact that the internet is used to spread terrorist propaganda, as well as to create a following online. This is done by posting propaganda videos and videos of the groups committing acts of terror. A recent example of this is the terrorist group ISIS, which had gained publicity for posting videos online of the group members executing people and destroying landmarks/holy places. This, along with the different attacks that ISIS has claimed to be responsible for, had helped them to form a huge following, across the world. The article states “Without proper cyber security protection, the society we have constructed is in danger and is extremely unstable. All the systems that our society is composed of are made up of interconnected systems and the failure of one will affect the rest” (Heidenreich and Gray 6). This means that once one a terrorist group or hacker gets into one thing, it will cause a ripple effect that has the possibility to devastate people and governments. This is capable of happening because we as a society have made everything so depended on everything else, everything is interconnected with each other. This is also a huge issue because human error happens way too often. Take into consideration the attack that happened on Hbgary in early 2011. The security firm Hbgary was hacked by anonymous in 2011, a hack that destroyed the entire company and over 60,000 emails were exposed online. This hack was made possible because of human error. Anonymous hacked someone who worked for the firm, a person who used the same password for other accounts, it also used a civil hack (making someone do something they usually wouldn’t do) on a very high up employee, and due to human error, the hack was a success, and they company was destroyed. This easily shows how something as easy as using different passwords can help you stay safer from hacks. The hack on Hbgary brought to light that people should be more careful and conscientious of their online activities and tendencies. Cyber security awareness needs to be more publicized, talked about, and cared about more by the public and the government. Knowledge is power, and I know that statement is redundant and overused, but it is true. The more you know about online safety, the more powerful and protected you will be against attacks. If the CEO of Hbgary was more knowledgeable of the risks that he set himself up for when he reused the same passwords, then that hack would not have happened, and Hbgary’s doors would still be open. Information communication technologies are so intertwined with our everyday life, it is easy to forget that they are there, and how easily they can cause issues. People often times help enhance the connectivity of everything by using same/similar passwords or using Facebook to log in to every different app they download. All this may make life easier, and faster, but it also makes it easier and faster for it to be attacked and stolen. Due to the fact that people and whole government structures are becoming more and more reliant on ICTs, there needs to be a bigger incentive for awareness. People do not understand how dangerous it is to have everything so connected, all it takes is for the wrong person to go snooping, and for that same person to steal your credit card, social security, and all of your passwords. It is incredibly hard to recover from such a hack, and often times it is extremely hard to track down the stolen information and culprit. Cesar Cerrudo stated the three things that he thought were the main issues as to why cyber security is the way it is, these are “First, a lack of knowledge and awareness about the importance of cybersecurity. Some companies don’t care about cybersecurity, while others care but don’t know what to do or how to do it. Second, complex scenarios where old, new and different technologies are used together. This happens frequently as businesses update, and just one insecure component could make a whole system insecure. Finally, a lack of time and money for security. Products need to be built and released quickly. There is a ‘Fail fast, fail often’ mantra, which is only fine as long as you all ‘fail safe'” (Cerrudo 11). These points are a great example as to why people behave the way they do, and why there is a lack of knowledge. To touch on Google again, I would just like to enlighten people on how much Google will publicly admit to knowing about you. Remember that zip file I told you about earlier? The one that Google lets you download? Well I’ll let you know much they “know” about you. Google tracks your location, so there is literally a map of everywhere you have ever been while logged into a Google account, down to the exact date and time. Google also creates different advertising profiles based on your search tendencies, location history, gender, age, hobbies, interests and relationship statuses. Google also stores information from every single app that you have logged into with Google (Facebook does the same thing), how often you use the apps, where you use them, and how you use them. Google stores all of your Youtube history, from literally the beginning of time until your latest search. Google knows every event that has ever been in your calendar, whether you attended or not, who was RSVP’d ect. Google knows every search and images search you have ever searched, even if you have cleared your history. Google knows every email you have ever sent or received, every ad you have every clicked on, every file that has ever been in your Google drive, even if it has been deleted. Google has every photo that has ever been taken with a Google app, or uploaded to Google photos, even they have been deleted, along with the location and time of every picture. Even if you don’t have a Google account, Google creates a profile for you, and tracks all the data on you just the same. The 10gb file that Google let me download is equivalent to roughly 25,000 word documents, the Google search word document with all my searches dating back to my first Google account in 2011 was literally 1,100 pages long. Of course Google allows you to delete the data that they have saved on you, but do you really believe that once you “delete it” it is actually gone? The hard fact behind this is that people need to become more aware of cyber security tactics and simple things that they can do to help prevent being attacked. Now the question that is being raised is what can you do? In 2015, IBM stated that human factors are responsible for 95% of all security incidences. That is an insanely large number, and the sad part is that the number should be zero. Human error is only around because people don’t know what to do, or simply they are ignorant to concepts that can help them be safer. Since everything is so interconnected, there needs to be a greater amount of people that are knowledgeable about the subject. It is stated in the article about Hbgary that “It is worth spending resources on keeping the security and risks management knowledge of workers updated all the time as this can reduce an organization’s cyber security breaches by 70% ” (Gyunk & Christina 17). Imagine being able to decrease security breaches by 70%, just by putting more funds into cyber security professionals. This would not only decrease the amount of attacks, and the susceptibility of such attacks, but it would also increase the amount of cyber security professionals in the work place. If there was an increased need for cyber security professionals, then more people would get degrees in it and fill all the open jobs. It is like the recent surge of engineers. For as long as I can remember, I’ve heard that there is always a need for engineers in the workforce, and that it is such a good degree to have. This is what needs to happen to cyber security. It needs to become as popular as engineering is now. At the current rate that technology is evolving, there will never not be a need for cyber security professionals because the subject of the job will forever be evolving. On a more smaller scale, there are some simple things that you can do if you are employed, these would help keep that security up to par too. In an article titled “What you need to know about cybersecurity in 2018,” written by Laurence Bradford, he describes some techniques that he believes will be useful, these are, “In sales,reassure customers of an organization’s security posture. In corporate communications, you should assess in the context of business reputation and brand trust. The legal teamshould ensure that the right security clauses are built into supplier and customer contracts. Regarding HR and/or security, know what’s needed for better security awareness and training. Product managers should advise on good security features. In engineering development,make sure you develop secure code. Security professionals should perform reviews and quality assurance tests for functional and security verification. Corporate managementshould ensure that a good security incident response plan is in place to address any vulnerabilities” (Bradford 9). These tips are designed to help secure your security as well as the companies. Somethings that you can do to help improve your own personal security, if you aren’t into the idea of becoming a cyber security professional, are; use different and unique passwords for everything, use a VPN when on public networks, and not fall for the “too good to be true” ads. Using different and unique passwords is one of the easiest and simplest ways that you can help better protect yourself online, as it makes it harder for outsiders to hack your password, and if one account gets compromised, it will not affect anything else because all of your passwords are different. A VPN is one of the best things that you can use to help protect your devices from malware. A VPN is a verified personal network. This basically reroutes your browsing data and hides your ip address, which means that you are hidden from a network. And lastly, one big thing that you can do is to be smart online. Don’t click on ads that are too good to be true, don’t give random websites your credit info, and don’t open links that you don’t know where they lead. One of the ways that people get hacked is because of deception. Hackers make people think that they are getting the deal of a lifetime, or some other random thing that gets people to click on it, and once you click on it, or put in information, that data is out there forever, and your data gets stolen. The point is that people should care enough about their data and information, especially in an age where almost all of it is saved online somewhere, all just for ease of access. Having read this essay, how comfortable now are you, knowing how much information sites like Google and Facebook have on you? And how easy that information can be attacked and stolen? It’s terrifying. There needs to be a greater overall awareness of cyber security and all of the issues that are associated with it. People need to know more and be more prepared to face all of the threats that they face being an internet user. Today’s society has almost gloried the “ease of access” evolution of technology. Everything now must be fast and easy to use. Because of this trend, people’s data is becoming more and more susceptible to being stolen, and people don’t even realize how much of a risk they are in just by doing something as simple as logging into Instagram with Facebook. Another scary fact? That Facebook scandal doesn’t just effect Facebook users, but many more. Facebook owns other popular apps like Instagram and Whatsapp. Same goes with Google. Google owns Youtube, Adsense and double click. The latter two that Google owns are ad services that record the sites that you click on, and all the different shoes you shop for. So when you see an ad for the same shoes that you were looking at yesterday, its because those sites record your browsing history and send it to Google. So, Google literally knows everything about you. Literally everything. And the scariest part about it is, we may never truly know how much these tech giants actually know about us. Google knows us better than we even know ourselves. In a world where there is no such thing as online privacy, the best chance you can give yourself of achieving that is to be more aware and knowledgeable of online defense tactics, and all of the threats that you face by being an internet user.
- Gyunka, Benjamin Aruwa and Abikoye Oluwakemi
Christiana. “Analysis of Human Factors in Cyber Security: A Case Study of
Anonymous Attack on Hbgary.”Computing & Information Systems,
vol. 21, no. 2, May 2017, pp. 10-18.
- Heidenreich, Brianna and David H. Gray.
“Cyber-Security: The Threat of the Internet.”Global Security
Studies, vol. 5, no. 1, Winter2014, pp. 17-26.
- “From Information Security to Cyber Security
Cultures.”2014 Information Security for South Africa, Information
Security for South Africa (ISSA), 2014, 2014, p. 1.
- Cerrudo, Cesar. “Why Cybersecurity Should Be The
Biggest Concern Of 2017.”Forbes, Forbes Magazine, 27 Nov. 2017
Security Threats in 2018.”University of San Diego, 24 Jan. 2018
- Bradford, Laurence. “What You Need To Know About
Cybersecurity In 2018.”Forbes, Forbes Magazine, 11 Apr. 2018
- Meredith, Sam.
“Facebook-Cambridge Analytica: A Timeline of the Data Hijacking Scandal.”CNBC,
CNBC, 10 Apr. 2018