I remember the days when a computer virus was more a curiosity rather than a threat. The situation is very different now with Stuxtnet (that damaged Iran's nuclear centrifuges in a big way) and Wannacry (that rendered data in thousands of computers inaccessible till a ransom was paid). The threats are increasing with the proliferation of devices connected to the internet (think Internet of Things).
In addition to increasing numbers of vulnerable devices there is also the fact that the sophistication of the threats are getting more and more refined. In fact, well-funded government agencies are now engaged in creating these malware. Both Stuxnet and Wannacry have been attributed to government agencies with the former being actively supported by US and Israel (according to reports) while Wannacry was stolen from NASA.
The support of government is not surprising considering likely warfare scenarios in the future: "...wars will not just be fought by soldiers with guns or with planes that drop bombs. They will also be fought with the click of a mouse a half a world away that unleashes carefully weaponized computer programs that disrupt or destroy critical industries like utilities, transportation, communications, and energy. Such attacks could also disable military networks that control the movement of troops, the path of jet fighters, the command and control of warships." (Mark Clayton from the Christian Science Monitor).
What this scenario projects is an ever increasing demand for security solutions and services, which can be provided by businesses and in-house cyber security specialists.
Computer Security: The Threats and Counter Measures
A new age has dawned. One where the masked thieves are now replaced by extremely intelligent and savvy computer programmers who choose to steal, wreak havoc, and leave their lasting mark on your business through accessing your sensitive data and protected information. A cyber-breach could literally bring a healthy organization to its knees... Armed with the knowledge that cyber-threats are now more common than ever, there are meaningful steps you and your organization can take to ensure you are not victimized by a hacker.
The variety of threats are ever increasing and include:
- Stealing data or compromising security by physically accessing a computer system
- Acquiring sensitive information like your credit card numbers using official looking or other credibility-generating emails or messages
- Sending malicious mail that look like it came from you or from a reputed organization
- Backdoor entry into computer networks using some built-in secret method for bypassing normal authentication processes
- Denial of service attacks that makes computer resources unavailable to users. These DoS attacks can be from a single computer or from a chain of computers (including your computer hijacked by the attacker)
- Listening to private conversations over the network using various tools, a favorite of government agencies
- Hijacking your clicks on an authentic page by overlaying it with a malicious page (so that the click goes to the latter)
Counter measures can include actions (e.g. restricting physical access to system premises), devices (e.g. a USB dongle that locks and unlocks computers), procedure (e.g. the multiple level login process into your bank account or email) or technique (e.g. designing software with security as a top priority)
- From the user end, a major countermeasure is to install anti-virus and malware software and be always up-to-date with updates and patches
- Using two-factor authentication for accessing sensitive data like bank accounts and emails
- Encrypting messages with a public key that can decrypted with a private key available to authorized users is a major counter measure
- Using vulnerability scanners to discover vulnerabilities like open ports, insecure configurations and susceptibility to malware, and taking precautions to minimize the vulnerability, detect any intrusions and reduce their impact
- Training users to consistently use the safety measures in place
Business opportunities arise in creating security products, rendering security services and providing security training. Look around for emerging needs, develop sound solutions, validate with customers and scale up to market it widely.