CYBER
SYSTEMS IN THE DIGITAL AGE
The bad news is that the
cyber systems that have become the underpinning of virtually all of aspects of
life in the digital age are becoming increasing less secure. There are multiple
reasons for this distressing trend. First, the system is getting
technologically weaker. Virtually no one writes code or develops “apps” from
scratch. We are still relying on many of the core protocols designed in the
1970s and 80s. These protocols were designed to be “open,” not secure. Now the
attacking community is going back through these core elements of the Internet
and discovering still new vulnerabilities.
So as new functionalities
come online, their own vulnerabilities are simply added to the existing and
expanding vulnerabilities they are built upon. The reality is that the fabric
of the Internet is riddled with holes, and as we continue to stretch that
fabric, it is becoming increasingly less secure. Additionally, vulnerabilities
in many open source codes, widely in use for years, are becoming increasingly
apparent and being exploited by modern “zero-day”
The bad guys are getting
better. Just after the turn of the century, the NSA coined a new term, the
“APT,” which stood for the advanced persistent threat. The APT referred to
ultra-sophisticated cyberattack methods being practiced by advanced
nation-state actors. These attacks were characterized by their targeted nature,
often focused on specific people instead of networks, their continued and
evolving nature, and their clever social engineering tactics. These were not
“hackers” and “script kiddies.” These were pros for whom cyberattacks were
their day job. They were also characterized by their ability to compromise
virtually any target they selected. APTs routinely compromised all anti-virus
intrusion detection and best practices. They made perimeter defense obsolete.
Now these same attack methods, once practiced only by sophisticated
nation-states, are widely in use by common criminals. The increasing
professionalism and sophistication of the attack community is fueled by the
enormous profits cyberattacks attacks, and the patching system we have relied
on to remediate the system can’t keep pace. In 2015 Symantec estimates there
are now more than a million malicious apps in existence. In fast-moving, early
stage industry, developers have a strong incentive to offer new functionality
and features, but data protection and privacy policies tend to be a lesser
priority. The risks created by the core of the system becoming intrinsically
weaker is being further magnified by the explosion of access points to the
system, many with little or no security built into their development.
Conclusively:
Some
analysts are already asserting that there are more mobile devices than there
are people on the earth. If that is not yet literally true, it will shortly be.
It is now common for individuals to have multiple mobile devices and use them interchangeably
for work and leisure often without substantial security settings. Although this
certainly poses a risk of data being stolen directly from smartphones, the
greater concern is that mobile devices are increasingly conduits to the cloud,
which holds increasing amounts of valuable data.
By: KIYABO NELLY
BAPRM 42587
No comments:
Post a Comment