Why is cybercrime expanding rapidly? Discuss some possible solutions, including acceptable-use policies, security procedures, and policies.
One of my favorite websites is the Norse Attack Map.
The Norse Attack Map does a good job graphically depicting the amount of suspicious activity occurring on the Internet. I am also an avid reader of Kerbs on Security and it’s clear that hackers are motivated by differing agendas and that attack surface and entry points are increasing at an exponential rate. IOT is creating an unprecedented attack surface and with the number of Internet-connected devices growing exponentially I think it’s fair to expect that cyber attacks will remain on the rise. Companies like Cisco are introducing what they call “The Network Intuitive” (if this is the only link you click, I suggest watching this video)which will leverage machine learning and AI to protect the network and its connected devices.
Our connected evolution from the ARPANET to the Internet we are all so familiar with and have come to rely on, to the Internet of Everything (IoE) is what provides the basis for the rapid expansion of cybercrime. A quick look at the growth of the Internet and the connected devices provides insight to an attack surface that is growing bigger and bigger with each passing day.
The Target breach was highlighted in the text (Turban, 2015, p. 149) and this was a violation that was a probably avoidable with simple layer one isolation. Why Fazio Mechanical Servies, Target’s HVAC contractor would have credentials on a network that had access to Target’s POS systems is a bit astounding. Hindsight is 20/20 and hackers have proven capable of penetrating facilities which are off the grid; this was the case with Stuxnet. In the case of Stuxnet, a worm purportedly developed under an unacknowledged government operation called Olympic Games which was a campaign to use cyberwarfare to disrupt Iran’s nuclear program. I highly recommend the movie Zero Days.
The Internet is the modern-day battlefield, the keyboard is the weapon of choice, the ideal soldier is adept at sleep deprivation and enjoys jolt cola and cold pizza. Whether you hack for the challenge (e.g. – Kevin Mitnick), hack for hacktivism (e.g. – Barrett Brown), hack for money (e.g. – black, white and gray hat hackers for hire) or you hack for a nation-state, you likely live inside a sub-culture which is which is experiencing exponential growth.
I think it’s important to note that amount of Open Source software being deployed has exploded; this is important because the source code is easily accessible, this makes it easier for hackers to find and exploit vulnerabilities. This software is everything from operating systems like Linux which powers the Internet in the form of servers, mobile devices, IoT devices, routers, switches, etc… to platforms like WordPress which is said to power 28% of the websites on the Internet. Linux and platforms like WordPress are honeypots because a vulnerability found in the Linux kernel, a GNU binary or in the WordPress code can be exploited and impact maximum damage. It’s also important to recognize how important simple things like password length and complexity are, tools like hashcat, cloud computing, and the accessibility to GPU computing have made cracking reasonably complex passwords a speedy task, what used to take years now takes minutes.
Cloud computing and rapid adoption have not made these problems any easier to deal with. As developers race to the cloud to become the next Unicornsecurity practices are weakening. One of my favorite stories is about a company called Code Spaces who was put out of business by a hacker who gained root access to their AWS account and essentially deleted all their instances, data, and backups. There are stories every day about developers placing keys on Github inadvertently and there are bots which are actively crawling code repositories looking for keys. In this connected world access to information awesome and so is the ability to expose information that should not be exposed, good policies, procedures, automation, etc… are required to mitigate risk.
Acceptable use policies and training can be an effective means of influencing how users interact with systems that can either pose a direct or tangential cybersecurity threat.
Security policies and procedures define how to prevent and respond to security incidents. These policies and procedures focus on enforcement, designated and empowered incident response personnel, notification procedures, communication plans and monitoring external sources of information.
Examples of computer security related incidents and items that might be addressed in an acceptable use policy might include items such as:
- A denial of service attack (DOS, DDOS).
- Malware infections.
- Policy violations, such as sharing offensive material, deliberate violation of information security policies, inappropriate use of systems and assets, and unauthorized escalation of privileges or subversion of access controls.
- A user who defaces another organization’s public website.
- Unauthorized access is gained to a critical information system.
- Internal hacking.
- External hacking, including defacement of websites and malicious intrusion attempts into the internal network.
- Unauthorized access using VPN or wireless remote access.
- Abuse of authorized internal and external services.
- Unauthorized changes to live systems.
- An event requiring forensic investigation to obtain evidence (e.g. point of entry, compromise of data, etc.).
- Information systems and assets being used to commit unlawful activity.
- The actions of third parties who use computer systems to harm the reputation of an organization.
- Theft of database content.
- Theft of mobile computing property.
- Misuse of an employee’s or customer’s personal information.
- User disclosure of confidential information to external parties.
A security policy might include items such as the following:
- An incident response plan that serves as a guideline for an overall approach to addressing information security incidents.
- An intrusion detection procedure that establishes an intrusion detection system and parameters related to maintaining this system.
- Processes that flow through all phases of a response to an information technology-related incident (preparation, identification, containment, eradication, recovery, and lessons learned).
- A procedure within the plan that includes classifying an event and assigning a severity rating or priority.
- Regular reporting requirements for summary reports to management.
- Provisions for documentation of critical information necessary in the event of an incident and guidelines for all personnel to report observed suspicious activity.
- Incident management procedures that include a severity rating assignment.
- Establishment of guidelines for communication of incidents to outside parties.
- Selection of an incident response team with designated roles and responsibilities.
- Ongoing and scheduled training for the incident response team.
Outlining what is acceptable use and how to respond to incidents, can reduce risk and improve the ability to contain potential damages should a security incident arise.
Bate, Ben, et al. “WordPress now powers 28% of all websites.” Envato, 5 Sept. 2017, envato.com/blog/wordpress-now-powers-28-websites/. Accessed 27 Sept. 2017.
Finley, Klint. “Linux Took Over the Web. Now, It’s Taking Over the World.” Wired, Conde Nast, 3 June 2017, www.wired.com/2016/08/linux-took-web-now-taking-world/. Accessed 27 Sept. 2017.
“Krebs on Security.” Brian Krebs, krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/. Accessed 27 Sept. 2017.
Tung, Liam. “ IoT devices will outnumber the world’s population this year for the first time.” ZDNet, ZDNet, 13 Feb. 2017, www.zdnet.com/article/iot-devices-will-outnumber-the-worlds-population-this-year-for-the-first-time/. Accessed 27 Sept. 2017.
Turban, Efraim, et al. Information technology for management digital strategies for insight, action, and sustainable performance. New Jersey (Estados Unidos), Wiley, 2015.