Combat Threats with Cyber Security Training
Visa. PayPal. MasterCard. Sony. Nasdaq. Each of these major international firms has been targeted by hackers, who infect global information systems with denial-of-service attacks and malware, seriously disrupting business activities.
What types of cyber-threats have been unleashed on information systems? And what can be done to stop spam, phishing, spyware and other cyber security threats?
Today’s Prevalent Cyber Threats
Spam and Phishing Attacks: Everyone agrees that spam can be annoying. But with proper email spam filters, it’s pretty harmless, right? Wrong. Spam is increasingly harmful. Spam disrupts business by taking resources away from productive activities. Spam also leads to phishing attacks, where unsuspecting individuals are tricked into divulging sensitive or personal information. Spammers then use this information to steal identities and cause financial losses. And as anti-spam software becomes more efficient, spammers simply change their techniques to avoid blocks, continuing their unlawful activities.
Phishing is an increasing problem for businesses and the federal government. Besides financial losses, phishing also causes consumers to distrust financial and government institutions, which presents them with enormous challenges. How can business be safely conducted through the Internet? How can an individual know that an email from their financial institution or the Internal Revenue Service is genuine? Fighting these phishing threats requires constant effort – and vast human and capital resources.
Spyware: Spyware is the third major emerging cyber security threat, disrupting the availability and confidentiality of business and federal government information systems. Hackers can remotely install spyware on thousands of personal computers simultaneously, using them to capture sensitive data or slow down entire systems.
Other emerging cyber security threats include the blending of spam, phishing and spyware into new tools that are more difficult to detect and prevent, as well as new methods of using technology to unleash worms, viruses and malware that interrupt business and threaten privacy and sensitive data.
Past Efforts to Combat Cyber Security Threats
Historically, efforts in the private sector and federal government entities have focused on detecting and blocking spam, phishing and spyware. In 2002, the Federal Information Security Management Act (FISMA) was enacted, requiring federal agencies to conduct reviews of information security and report to the Office of Management and Budget (OMB). In addition, FISMA assigns the National Institute of Standards and Technology (NIST) with responsibility for developing guidelines to provide adequate information security for various federal agencies.
The Federal Trade Commission (FTC) has led efforts in educating users about cyber-security threats and increasing consumer protection. The FTC has issued alerts and reports on spam, and has provided guidance to businesses and individuals in avoiding identity theft.
Several consumer protection groups have formed over the years, including the Anti-Phishing Working Group and The Phish Report Network. These groups publicize phishing scams, educate businesses about the costs associated with phishing, and safeguard consumers from phishing attacks. Additional resources include real-time notification of new phishing sites, sharing information and best practices, and discussion forums.
New Methods to Fight Cyber Security Crime
What more can be done to fight the ever-more prevalent and sophisticated threats from spammers and hackers against government agencies?
Awareness and Training: These are two of the most important weapons against emerging cyber security threats. Sharing information and reporting incidents to a single entity increases awareness among government agencies. Providing up-to-date cyber security training is vital in reducing spam, phishing and spyware threats.
Bring the Best and Brightest to the Fight: Programs like US Cyber Challenge (USCC) attract thousands of highly-skilled programmers, recruiting them to become cyber security warriors. Cyber Foundations is a national competition for high school students, designed to identify future cyber security experts and offer scholarships and prizes to top performers.
Put Servers on Lock Down: Locking down a server to prevent a cyber security breach is just like locking down a school to prevent a safety breach. Closing unused ports, dismantling old user accounts and removing unnecessary software can keep a server from doing the work of hackers.
Bring Spammers and Hackers to Justice: It’s important that the federal government use legal means to close loopholes and clarify language that hackers successfully hide behind. The cyber security czar appointed by the president is a good step in this direction. The federal government can provide legal solutions to combat cyber security threats, prevent spammers and malware installers from using other people’s computers to conduct their unlawful activity, and allowing third parties to use their services to unleash harmful viruses, spyware and spam.