Welcome Guest | |
Follow Us:
    
Newsletter Signup:
How vulnerable are you in the virtual place?
As the Internet and new technologies grow, so do their vulnerabilities By Kamlesh Bajaj, DSCI, August 09, 2011
IT, including the Internet, occupies a central role in fulfilling organizational mission in the globalized information economy. Buying goods or services, transferring funds through banks, making credit card payments, sending an email, interfacing with people through social networking sites, exchanging pictures, videos or music are some of the activities, which are routinely carried through cyberspace.

It is not only businesses that are critically dependent on the Internet, but also governments that are using e-governance applications to reach out to citizens for delivering services to them. Unfortunately, systems, networks and applications have vulnerabilities, which can be exploited by anyone connected to the Internet to launch attacks against various targets such as corporate or government systems. Criminals can carry out identity theft and financial fraud, steal corporate information such as intellectual property, conduct espionage to steal state and military secrets, and recruit criminals and terrorists. Cyber attackers can disrupt critical infrastructures such as financial, power and air traffic control systems, which can result in outcomes, similar to those that maybe achieved by physical attacks by enemies or terrorists.

As the Internet and new technologies grow, so do their vulnerabilities. Knowledge about these vulnerabilities and how to exploit them are widely available on the Internet. During the development of the global digital Internet and Communications Technology (ICT) infrastructure, the key considerations were interoperability and efficiency, and not security. The explosion of mobile devices continues to be based on these insecure systems of Internet protocols. It is the mobile devices connected over wireless networks that are the new endpoints being used by businesses to reach out to customers and citizens as part of business models that are spawning more and more cyber crimes.

Organized criminals, terrorists, and even nation-states are engaging in cyber crimes. Growing dependence of national infrastructures, governance and defence on the Internet has made them vulnerable to such attacks. The growing threat of cyber crimes clearly poses a challenge to organizations, businesses and nations alike. It is instructive to take a look at some of the recent cyber attacks which are as follows:

Citigroup: It was reported on June 16, 2011 that Citigroup had told its clients about 360,000 credit cards having been affected by a computer hacking attack.

Epsilon, the world’s largest permission-based email marketing services company issued a statement on April 4, 2011 that a security breach had affected about two percent of its email clients. Epsilon sends over 40 billion emails annually and counts over 2,500 clients including Fortune 7, to build and host their customer data basis.

NIC Websites were hacked by the notorious hacker group Anonymous, as a part of its campaign called Operation India to protest against corruption in the country.

IMF systems reported on June 11, 2011 that they were attacked more in the form of cyber espionage with spy software — that was collecting data on social and economic indicators of all countries in the system; also spying on emails in what is known as a spear phishing attack.

Lockheed Martin, America’s largest military contractor suffered major disruption in its computer networks in the last week of May, 2011 as a result of a hacking attack. It is feared that it might have been a victim of theft of military secrets and plans, although the company has denied in loss of data.

Phishing attacks on IDBI bank, ICICI bank and others were reported during the last few months.

Sony PlayStation was attacked repeatedly during May-June, 2011 wherein personal identities of over 100 million customers including account details, credit card information were lost to hackers.

Sega, a Japanese online games developer admitted to having been hacked through its Sega Europe office resulting in compromise of over 1.29 million records, on June 20, 2011.

Google admitted in the middle of June, 2011 that hundreds of gmail accounts of senior US government officers, social activists in China, researchers had been hacked.

US Government: Websites of the U.S. Federal Trade Commission (FTC), the U.S. Department of Transportation (DOT). U.S. Bancorp, the U.S. Secret Service, the U.S. Department of Homeland Security, the U.S. Department of State, the White House, the U.S. Department of Defense, the New York Stock Exchange, the Nasdaq and the Washington Post were hacked in 2009-10.

South Korean Government: Hackers attacked about 40 websites belonging to the President, foreign office, military and others.

Indian Government: Prime Minister’s Office, Embassies, CBI, Armed Forces have come under hacker attacks during the last two years. This list shows that all organizations, whether in the private sector, or in the government are equally vulnerable to cyber attacks. It is increasingly cheap to launch cyber attacks, but security systems are getting more and more expensive. This growing asymmetry is a game changer. It has another dimension too — individuals, terrorists, criminal gangs, or smaller nations can take on much bigger powers in cyberspace, and through it, in the physical world, as well. This is clearly borne out by recent attacks by ‘Lulz’- a small group of hackers — on Sega, CIA and others.

How should organizations and nations respond to this challenge? The answer in one word — through preparedness. The criminals or terrorists can actually launch such an offensive from an unsuspecting network device belonging to someone else, but that is under their control through installation of botnets or trapdoors. This complicates the scenario. Suddenly every citizen using the Net becomes an actor. They have to be educated about cyber security, and the use of good practices to protect their systems against vulnerabilities that are exploited by criminals. Same is true for all organizations — big and small; both in the government and public sector.

That’s what makes security difficult. Enterprises have to implement appropriate technical and process safeguards along with physical, legal, and personnel security measures for securing their businesses — best practices for data protection of DSCI fall in this category. Consumers and employees need to be continuously made aware of threats, and advised to use secure ways for conducting online transactions.

The author is CEO, DSCI



blog comments powered by Disqus
Digital Issues
View More
Sponsored White Papers

  • Multiple ways to build a Multi-tenant SaaS Apps

  • Global Study on Mobility Risks - India Study

  • Global Study on Mobility Risks

  • Security Pros & Cons : Infographic Summary Report

  • Security Pros & Cons : Research Report

  • Identity and Information Security Integration

  • How to Get Started with Enterprise Risk Management

  • Benefits of a Partnering with a Security Service Provider

  • Enabling Cost-Cutting Initiatives with eGRC

  • Best Practices in Log Management

    
Featured Videos
MasterCard's PayPass turns your phone into a smarter wallet
At CTIA conference in New Orleans, we got demo of MasterCard's PayPass Wallet. It can be used to book airplane tickets, pay for cabs or buy a coke with your phone
More Videos
Latest Internet News
All Articles By Kamlesh Bajaj
Top Stories
CIO Life
‘My inspirations from life’ - N Nataraj, Global CIO, Hexaware
Winner of several prestigious awards, there are several important lessons from N Nataraj's career and life, which are inspirational for emerging CIOs. He shares his key inspirations from life, and the lessons learnt from every individual
BankTech India - IT News for BFSI Segment
We're on Google+
InformationWeek India on Facebook