Visa. PayPal. MasterCard. Sony. Nasdaq. Each of these major international firms have been targeted by hackers, who can infect global information systems with denial-of-service attacks and malware, seriously disrupting business activities.
What types of cyber-threats have been unleashed on information systems? What can be done to stop spam, phishing, spyware and other cybersecurity threats?
Spam and Phishing Attacks – Spam is increasingly harmful. It can disrupt business by taking resources away from productive activities. It can also lead to phishing attacks, where unsuspecting individuals are tricked into divulging sensitive or personal information. Spammers can then use this information to steal identities and cause financial losses. As anti-spam software becomes more efficient, spammers simply change their techniques to avoid blocks, continuing their unlawful activities.
Phishing is an increasing problem for businesses and the federal government. Besides financial losses, phishing also causes consumers to distrust financial and government institutions, which presents them with enormous challenges. How can business be safely conducted through the Internet? How can an individual know that an email from their financial institution or the Internal Revenue Service is genuine? Fighting these phishing threats requires constant effort – and vast human and capital resources.
Spyware – Spyware is the third major emerging cybersecurity threat, disrupting the availability and confidentiality of business and federal government information systems. Hackers can remotely install spyware on thousands of personal computers simultaneously, using them to capture sensitive data or slow down entire systems.
Other emerging cybersecurity threats include the blending of spam, phishing and spyware into new tools that are more difficult to detect and prevent, as well as new methods of using technology to unleash worms, viruses and malware that interrupt business and threaten privacy and sensitive data.
Historically, efforts in the private sector and federal government entities have focused on detecting and blocking spam, phishing and spyware. In 2002, the Federal Information Security Management Act (FISMA) was enacted, requiring federal agencies to conduct reviews of information security and report to the Office of Management and Budget (OMB). In addition, FISMA assigns the National Institute of Standards and Technology (NIST) with responsibility for developing guidelines to provide adequate information security for various federal agencies.
The Federal Trade Commission (FTC) has led efforts in educating users about cybersecurity threats and increasing consumer protection. The FTC has issued alerts and reports on spam, and has provided guidance to businesses and individuals in avoiding identity theft.
Several consumer protection groups have formed over the years, including the Anti-Phishing Working Group and The Phish Report Network. These groups publicize phishing scams, educate businesses about the costs associated with phishing and safeguard consumers from phishing attacks. Additional resources include real-time notification of new phishing sites, sharing information and best practices, and discussion forums.
What more can be done to fight the ever-more prevalent and sophisticated threats from spammers and hackers against government agencies?
Awareness and Training – These are two of the most important weapons against emerging cyber attacks. Sharing information and reporting incidents to a single entity can help increase awareness among government agencies. Providing up-to-date cybersecurity training is vital in reducing spam, phishing and spyware threats.
Bring the Best and Brightest to the Fight – Programs like US Cyber Challenge (USCC) attract thousands of highly-skilled programmers, recruiting them to become cybersecurity warriors. Cyber Foundations is a national competition for high school students, designed to identify future industry experts and offer scholarships and other prizes to the top performers.
Put Servers on Lock Down – Locking down a server to prevent a data breach is like locking down a school to prevent a break in. Closing unused ports, dismantling old user accounts and removing unnecessary software can help keep a server from doing the work for hackers.
Bring Spammers and Hackers to Justice – It’s important that the federal government use legal means to close loopholes and clarify language that hackers successfully hide behind. The cybersecurity official appointed by the president is a good step in this direction. The federal government can provide legal solutions to combat cybersecurity threats, prevent spammers and malware installers from using other people’s computers to conduct their unlawful activity and allowing third parties to use their services to unleash harmful viruses, spyware and spam.