An overview of cyber security, cyber crime, and personal protection against hackers. Includes a brief summary of the Equifax breach and why everyone should be aware of it. Other subjects include: how cyber security has failed to advance with technology, what hackers may target, more.
According to this ITRC (Identity Theft Resource Center) report, over 177,000,000 personal records were exposed by hackers in 2015 (qtd. in DiGiacomo). This number has only grown in the past few years, which might surprise some people. The truth is, the more technology that we use, the more ways we allow hackers to access our information. When all of our information was on paper, it was much harder for sensitive information to be exposed or stolen. Now most of our data is digitized, but as a result, more accessible than ever. Computer professionals have worked for years developing an idea to help us protect our new, computerized information. This idea, coined cyber security, is how we defend against hackers and cyber criminals, protect our devices, and how companies are supposed to protect our information.
In a world of smart-devices and computers, everyone has heard of hackers. A hacker is anyone who gains unauthorized access to information or control of a device. While this does technically make your friend who “hacked” your instagram an official hacker, these are not the kind of people to be worried about. Hackers who have the goal of stealing identities, money, or other data are the real problem. Tom Andre is a healthcare security expert and he teaches that hackers have many different targets. He explains, “A stolen medical chart can earn $50 on the black market, whereas a social security or credit card number will fetch only $1” (Andre 2). Avi Rubin, another security expert, adds that even things like pacemakers and cars can be the point of attack for a skilled hacker (Rubin). These examples show that information as well as certain devices can be vulnerable to hackers. While we may not know the intentions of every hacker out there, we know they aren’t going away and that we need to fight against them.
Because nearly everyone uses technology, it is important that the general public is aware of what threats might affect them. Knowing basic fundamentals of cyber security can be very beneficial to experts and non-experts alike. Simple things like having different passwords for different accounts greatly increases someone’s security. It sounds cliche, but sharing personal information to untrustworthy sources could give them information that can lead to a breach. Other methods hackers gain access to information is through viruses and scams. John DiGiacomo reports:
In another cyber-attack that affected the entire world, thousands of Microsoft Windows computers across the globe where hijacked by the WannaCry ransomware, cryptoworm. The WannaCry malware held user files hostage by encrypting the content of the files and demanded a Bitcoin ransom before the files would be unlocked/unencrypted More than 200,000 computers in 150 countries were affected by the WannaCry malware. Some of the most well-known victims of the cyber-attack include FedEx, Britain’s National Health Service, and Spanish telecom giant Telefonica (DiGiacomo).
It is very likely that a simple software update could have prevented this attack. Many people, especially the older part of the population, tend to ignore important updates on their personal computers. They are there for a reason, and that reason is to protect you from hackers. Practicing this as well as the aforementioned strategies could be viewed as a type of personal cyber security, available to everyone.
Simson L. Garfinkel is a professor and renowned computer expert. In an article of Communications of the ACM, he explains that as technology advances there are more ways for a hacker to gain access to something (Garfinkel). He also explains that the problem with cyber security is not only our technology, but the technology industry as a whole (Garfinkel). In the last decade or two, we have seen some of the most amazing technological advancements. Smartphones, 3D printing, artificial intelligence, high-speed computers, and self-driving cars are just a few of the technologies that didn’t exist twenty years ago. Garfinkel argues that the speed of advancement in cyber-security has not kept up with the speed of technology (Garfinkel). He also states, “ [...] companies see information technology, and especially information security, as a cost or a product rather than as an enabling technology (Garfinkel).” What he means is that companies think that cyber security is a box that they can check off. They allot a certain amount of money for that department, then leave it alone. Garfinkel’s point is that cyber security is a technology itself. It needs to grow and advance like smartphones, cars, and computers do.
Cyber security is a widely accepted idea, and its relevance is incontrovertible. Despite this, it is one of those things that people don’t take seriously until they are a victim. Almost half of US Citizens are now in that position with the recent Equifax security breach (Gressin). Equifax is one of the largest consumer credit reporting agencies in the world. Seena Gressin, Attorney for the FTC, explains that names, birth dates, social security numbers, and addresses were a handful of the types of information accessed by the hackers (Gressin). This colossal breach happened this month, September 2017, and is the perfect example of how volatile our information can be. A depressing aspect of this event is that the 145.5 million people did nothing wrong. It was the company’s fault and Equifax will have to deal with the repercussions of this event for years to come. This is a prime example of why companies need to put more resources into developing cyber security.
The staggering events of the Equifax breach only got worse as another large security issue developed within Equifax. Maggie Astor, from the New York Times, explains how in an attempt to assist victims, Equifax created a new website for the victims to gain some protection. Nick Sweeting, a curious software engineer, saw a major flaw in Equifax’s plan. 20 minutes into action, Sweeting had published a clone website with a deceivingly similar name. Astor reports that it was so similar, Equifax’s official twitter linked to Sweeting’s site, securityequifax2017.com, rather than the official equifaxsecurity2017.com (Astor). Aside from being awfully embarrassing for Equifax, this is a fantastic example of how easily information could be gained. Luckily, Sweeting displayed ethics and didn’t allow any personal information to be inputted, but his core message was that anyone could have done what he did. Thus, one of the most intimidating aspects of cyber crime; it only takes one person with a computer to do some damage.
Security in technology has become more critical than basic defence against personal information thieves. Many departments of the U.S. Government, like the FBI, are making great strides to defend our country’s national security. The FBI reports, “[Cyber-attacks are] incredibly serious—and growing. Cyber-intrusions are becoming more commonplace, more dangerous, and more sophisticated”(FBI). The FBI is aware of issues such as identity theft, online predators, and other cyber crimes. Different terror groups and countries have been virtually assaulting each other for information more often. Phrases like ‘Cyber-Terrorism’ and ‘Cyber-Warfare’ are becoming more familiar as terrorist groups look for new ways to attack people. Regular criminals and thieves are more common. Luckily, it is becoming standard that cyber crimes carry the same, if not more, gravity than many physical crimes, solely due to the value of information.
From all this we can gather that cyber crime is common. Individuals all over the world are affected by it every day, and many of the problems are simple fixes. Updating software, changing passwords, and keeping personal information private are a selection of the things anyone can do. These things are important because technology is advancing rapidly and users need to do their part to keep up with it. Larger problems arise that require experts and government officials who are beginning to treat cyber crime like physical crime. Regardless, hackers will continue to attack the world, and we will continue to defend it with cyber security practices. Monumental events like the Equifax breach will most likely still happen but if we stopped defending our information, it would happen much more often. Our efforts may seem futile, but as the line between cyber crime and physical crime blurs, the line between physical security and cyber security will blur as well. The gravity of the cyber security problem is becoming more evident. Hopefully the technology industry can do its part to protect our beloved information and devices.
Andre, Tom. "Cybersecurity: An Enterprise Risk Issue." Hfm (Healthcare Financial Management),
vol. 71, no. 2. Feb. 2017, pp. 1-6. EBSCOhost
Astor, Maggie. “Someone Made a Fake Equifax Site. Then Equifax Linked to It. .” The New York Times,
20 Sept. 2017,www.nytimes.com/2017/09/20/business/equifax-fake-website.html?mcubz=1
"The Cybersecurity Risk." Communications of the ACM, vol. 55, no. 6, June 2012, pp. 29-32.
DiGiacomo, John. “Hacking Statistics for 2015 and 2016: How Bad Will 2017 Be?” Revision Legal,
John DiGiacomo. https://revisionlegal.com/data-breach/2017-security-breaches/
Rubin, Avi. “All Your Devices Can Be Hacked.” TEDx. TEDxMidAtlantic, 27 Sept. 2017, Washington
D.C, District of Columbia, http://www.ted.com/talks/avi_rubin_all_your_devices_can_be_hacked.
United States, “Cyber Crime.” Cyber Crime, FBI, Sept.2017. www.fbi.gov/investigate/cyber.
United States, Gressin, Seena. “Consumer Information.” Consumer Information, FTC, 8
Sept. 2017. https://www.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-do