Home Global-ICTGlobal-ICT 2012 The digital threats in cyber life
Global-ICT 2012

The digital threats in cyber life

by david.nunes
Mohd Noor Amin Philip VictorIssue:Global 2012
Article no.:3
Topic:The digital threats in cyber life
Author:Mohd Noor Amin & Philip Victor
Title:Chairman & Director of Policy and International Cooperation respectively
Organisation:IMPACT
PDF size:1100KB

About author

Mohd Noor Amin is Chairman of the International Multilateral Partnership Against Cyber Threats (IMPACT). Mr. Amin is also Chairman of Ascendsys and is a founding member of the Malaysia-U.S. Friendship Council.

Mr. Amin is an English trained barrister and has been admitted to the English Bar at Gray’s Inn and to the Malaysian Bar.

Philip Victor is Director, Policy and International Cooperation Centre for Policy & International Cooperation at IMPACT. Prior to joining IMPACT, Mr. Victor led training and outreach for a national cyber security agency.

Mr. Victor has a bachelor’s degree in computer science and is a certified Sensecurity Institute Security Practitioner.

Article abstract

More sophisticated cyber threats and attacks are on the horizon. International efforts and significant resources are needed to fight such malicious cyber activities. The solution is not to decouple from the cyber community but rather to develop a holistic strategy that will mitigate these threats. Simple but effective measures can be implemented in order to safeguard governments and business.

Full Article

The world is undergoing enormous change with the advent of the information age that facilitates communication – effectively making the cyber world more inter-connected. Due to the evolution of technology there are increasing risks within the cyber world that all of us need to acknowledge. In the near future we will face more sophisticated cyber threats and attacks, ranging from manipulation and exploitation of user data to battles over the control of online information which will threaten to compromise content and erode public trust and privacy.

Another threat on the rise is search poisoning, a method used by cyber attackers that optimises malicious links among search results through mobile web-based attacks. It is aimed specifically against mobile web browsers and steals user data for marketing. The market for stolen user data is enormous and will continue to evolve as botnets capturing user information by social media platforms become increasingly employed in order to sell user data directly to legitimate business channels for lead generations and marketing.

During an economic recession cyber criminals will take advantage of the unpredictable economic circumstances connected to consumer fear and market anxiety. Cyber criminals cash in on consumer anxiety to profit from old-fashioned ‘get rich quick’ scams and desperate job seekers are recruited as ‘money mules’ to launder the gains of cyber criminals. Thus attacks on the economy divert political attention worldwide and leaves behind the security aspects of a global cyber world.

International efforts and significant resources are needed to fight malicious cyber activities which have the potential to impact consumer confidence, slowing down the growth of businesses worldwide, disrupting economic growth as well as hindering the speed of global recovery. Law enforcement agencies on the front line often lack the specialised skills required to effectively fight cyber crime. The absence of dedicated officers and ongoing training create an inefficient workforce in order to successfully combat cyber crime. Government, industry players and the general public must be more aware of cyber adversaries in order to take steps to improve the cyber technology for attack mitigation and enhanced cooperation and awareness.

Last year, we witnessed cyber attacks with unprecedented sophistication on government infrastructures as well as the private sector. Governments must take further actions to implement secure computing infrastructure and follow practices that adhere to international best practices to decrease the risks of harmful attacks. We will continue to witness sophisticated cyber attacks of unprecedented reach where attackers will have the ability to compromise and control millions of computers that belong to governments, private enterprises and ordinary citizens. And as cyber culture grows, governments, firms and individuals will be faced by digital terror, digital fraud, and intellectual property thefts.

However, the solution is not to decouple from the cyber community but rather to develop a holistic strategy that will mitigate these threats. Government, industry and the general public must be more mindful of knowing the adversaries, improve technology to mitigate attacks and enhance cooperation and awareness. Similarly, there are simple but effective measures that can be implemented in order to safeguard governments and business from the evolving cyber threats;

Establish IT security policy

Many organisations do not have IT security policies, which creates vulnerabilities for them. Irrespective of your size, you must have policies that ensure that your firm’s digital assets are well secured and protected with clear steps defined on how this will be achieved. You need to understand that cyber threats are not just from computers; any devices connected to the Internet, such as smartphones, are Internet nodes and could destroy your firm’s competitiveness. As staff accesses more office data via mobile devices, you must have policies to ensure that you have your data secured. There are many Wi-Fi enabled devices today and they are all potential threats that can compromise your data. Even a GPS location system could harm your strategy if it can reveal where your marketing directors are travelling. You must have clear policies on how mobile devices can be used and for what purposes.

Train your employees – A job not to be forgotten

While you can have an IT security policy, that is not enough. Every firm must make sure that their staff understands these policies and what they need to do in order to keep information assets safe and secured. Do not assume anything. And this training must be constant; as the digital threats evolve, you must update the knowledge of your staff.

Treat your employees as your business partners

This is perhaps the most important point for financial institutions. Most threats come from the staff or what they call internal customers. While you can have policies and tell your staff what they should do, you must ensure that you have ethical and honest work teams that you can depend on. It turns out that many IT security issues within organisations happen due to mistakes or involvement of their staff.

Understand industrial espionage

Assume that in this ultra-competitive world that your firm may very well be under attack; an understanding of this means that you have to develop ways to curtail these threats. You must protect your trade secrets; otherwise your survivability can be compromised. Think through the ways you package your technology and how you relate with your customers if there are potential threats to your trade secrets. Also assume that some other firms in other nations may want to steal from you – a firm understanding of possible threats is the first step to successful threat mitigation.

Increase public awareness

Broad public awareness of the risks of online activities and how to manage them will require an effective communications strategy. The national government, in partnership with educators and industry, should conduct a national cyber security public awareness and education campaign. The president’s or prime minister’s cyber security policy official should lead the development and direct the implementation of this public awareness strategy and should seek endorsement by Congress; State, local, and tribal governments; the private sector; and the civil liberties and privacy communities. The strategy should involve public education about cyber threats and how to enhance digital safety, ethics, and security. Malicious actors often take advantage of people’s willingness to accept information from or provide personal information to fraudulent actors over the Internet. The campaign should therefore focus on public messages to promote responsible use of the Internet and awareness of fraud, identity theft, cyber predators, and cyber ethics. These public service campaigns should focus on making cyber security popular for children as well as older students in the process of choosing their careers. Celebrities, the generation that has grown up with the technology, new media and social media can all play critical roles in delivering the message effectively.

Increase cyber security education

The cyber security vulnerabilities in government and critical infrastructure are risks to national security, public safety, and economic prosperity. It is essential to coordinate national initiatives focused on cyber security awareness, education, training, and professional development. Countries should be encouraged to spread and share cyber security competence across the nation and build an agile and highly skilled workforce capable of responding to a dynamic and rapidly developing array of threats.

Many cyber security experts and tech vendors have long called for an increased government focus on cyber security education and training which should focus on public awareness as well as school and college-based education. Education initiatives like this need to make more people aware that malicious actors exist and are ready to take advantage and exploit individuals over the Internet.

Expand the national IT workforce

The governments should attempt to attract more cyber security expertise and to increase retention of employees with such expertise within the national service. Departments and agencies have had success attracting new employees from industry but the time required to obtain, transfer, or renew security clearances leads to lost opportunities. National employees need to be able to build portfolios and advance careers in ways they might not be able to do within a single agency. Shared training and rotational assignments across agencies and potentially cooperating with the private sector would not only be efficient but would also promote beneficial cross-fertilization and the building of professional networks.

Promote cyber security as an enterprise leadership responsibility

Governments should continue to facilitate programs and information sharing on threats, vulnerabilities, and effective practices across all levels of government and industry. It is not enough for the information technology sector to understand the importance of cyber security; leaders at all levels of government and industry need to be able to make business and investment decisions based on knowledge of risks and potential impacts. State, regional and local governments face similar issues. State governments often serve as incubators for innovation and thus may be able to provide lessons learned in managing information and communications infrastructure. The governments should thus continue to work with industry to identify and disseminate effective practices in secure design and operation of information technology products.

Related Articles

Is it possible to be secure in the...

The rise of the APT: the average persistent...

Protecting you and your business from cyber threat

Growing threats to businesses

Cyber crime: current and future threats

Digital threats in cyber life

Why security is still an issue

Attacks that leave no trace

Making the digital world secure and safe

Effective strategies for a secure and trusted infocomm...

Upcoming Events

Contact us
Copyright © Connect-World 2022. All rights reserved

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More