INTERNET SECURITY HOLES?
Emergence of Cyber Crime
Sorry to say, not all of you are using the Internet in an optimistic way. The Internet has not only permitted you to communicate around the world, it has also opened up the doors for electronic offense. The Computer Security Institute's (CSI's) 2002 Computer Crime and Security Survey raised the level of awareness and aided in formative the scope of cyber crime. This survey of huge corporations revealed that 73 percent of the respondents detected the illegal use of their computer systems in the last year.
Throughout the past few years, the most severe financial losses due to attacks have occurred through financial fraud and theft of proprietary information, according to CSI. Sixty-nine respondents in CSI's 2002 Computer Crime and Security Survey reported a total loss of
$99,019,000 in theft of proprietary information while 87 respondents reported a total loss of $88,229,000 in financial fraud. These 2002 totals were higher than the combined totals of the previous six years! The review also established that the following trends have evolved over the past few years:
- Cyber attacks are hitting organizations from the outside and inside.
- Enormous financial losses are reported due to cyber attacks.
- A broad spectrum of attacks has been spotted.
- Information security technologies are not the sole solution to stop these attacks
Outside Attacks
Internet users are starting to realize the ruthlessness of these attacks. In the past eight years, the CSI has established that people are more aware of attacks occurrence, rather than being in rejection. The following types of attacks have been accepted in the wide spectrum of cyber crime.
Unauthorized Intrusion
- Networks that are not 100 percent confined are prime targets for external intrusion. Between 380 and 500 Web page hacks occur every week at small Web sites; while on larger sites, the amount is greater. The New York Times Web site was recently brought down for 12 hours and then vandalized. Information that is tampered with leads to financial losses, service disruptions for a company's site, and potentially irreparable damage to the corporate variety.
Service Denial
Similar to illegal intrusion, malicious denial of service also results in the loss of reputation and revenue. Big name Internet companies, such as Yahoo!, Hotmail, and Amazon.com, recently experienced denial-of-service (DoS) attacks. Hotmail's site shut down for six consecutive days, not only preventing seven million users from accessing it, but also scarring the status of Hotmail.
Malicious Downloads
The "Email Bomb," as well as the I LOVE YOU and Melissa viruses, have plagued e-Mail addresses. More newly, Microsoft's computer system was hacked by a Trojan horse called QAZ, due to a few machines being insecure. Security experts confirm that "this is all it takes" and are hopeful for this to be a lesson for other companies to keep their antivirus software updated and educate their employees on good security practices
Inside Attacks
Newly, more media concentration has been placed on the "sexy cyber attacks" before cited, rather than insider attacks. But, in reality, more of the common attacks are now coming from insiders. CSI established this when it reported that the majority of the attacks in the past year have been from insider unauthorized and abuse access. And, insiders are not just trustworthy employees. Business subsidiaries, partners, and third-party suppliers have the similar access as traditional employees of a company.
Threats Due to Lack of Security
According to the SANS Institute, the answer to the previous question is "Yes!" SAN's have developed the following three lists of mistakes people make that make possible attackers.
End Users: The Five Worst Security Mistakes
1. Downloading games and screen savers from unreliable sources.
2. Not testing or creating backups.
3. Opening unwanted e-mail attachments from unpredictable sources
4. forgetting to install security patches, including ones for Microsoft Office, Microsoft Internet Explorer and Netscape
5. Using a modem while connected via a local area network