Monday, October 13, 2014

My Top 5 Computer Future Security Issues




Data Breaches

“A breach is defined as an event in which an individual’s name plus a medical record and/or a financial record or debit card is potentially put at risk—either in electronic or paper format.” (Ponemon, 2014)


For the first half of 2014, there were a reported 1,331 incidents. As a result of these incidents, there were a reported 502 million records exposed (datalossdb.org, 2014).  For the entire 2013, there were a reported 2308 incidents (datalossdb.org, 2014). While it is generally accepted that sooner or later an organization will be breached, the frequency with which these occur and the number of records involved is what is astounding.



Interestingly, these breaches are not limited to a specific country and or industry. Figure 1 below shows the number of breaches experienced by countries while Figure 2 shows by Industry during the period May 2013 to May 2014.

Figure 1
Source: Pomenon Institue

Figure 2:
  
 

Source: Pomenon Institue 



Identity Theft/Fraud

Identify theft is referred to as the “preparatory stage of acquiring and collecting someone else’s personal information for criminal purposes” (rcmp-grc.gc.ca). Identity Fraud on the other hand, is defined as “the unauthorized use of another person’s personal information to achieve illicit financial gain” (javelinstrategy.com, 2014)


With the massive amount of breached records and the known proclivity for cyber criminals to ensure they are compensated for their illegal activities one can only conclude that sooner or later, these records will be on the blackmarket. Some sites from which credit card and other personal information can be bought are rescator.* (.cm, .la. and .so), kaddaf[dot]hk, octavian[dot]su and cheapdumps[dot]org (Krebs, 2013).

More importantly, It is reported that there was A New Identity Fraud Victim Every Two Seconds in 2013” (javelinstrategy.com, 2014). Of greater importance, one in 3 people who received data breach notification letter were victims of identity fraud (javelinstrategy.com, 2014).

The graph below shows millions of Identity Theft Victims

Figure 3:


Source: Javelinstrategy.com


Human Factor

Whether it is a user that has clicked on a link via a phishing email or an administrator that misconfigured a firewall, the human factor plays a tremendous role in the security threats paradigm. It is reported that 30% of all data breaches is a result of Human Error (Ponemon, 2014).


Figure 4:

 

Organizations such as the SANS Institute have recognize the importance of the role of humans in IT Security and thus have implemented programs based on “Securing the Human” (securingthehuman.org).  It is through these programs that while everyone cannot be made an expert in IT security, everyone can at least be made knowledgeable about some of the dangers related to technology. Through its’ OUCH newsletter, SANS has also produced a free document which each explains a specific topic and the necessary actions people can take to protect themselves (securingthehuman.org, 2014)


Mobile/Wearable Malware


It is predicted that in 2015, 87% of connected devices sales will be tablets and smart phones (idc.com, 2013). This immediately implies that most of our online activities will be done via a smart phone and or tablet.  To be able to effectively use these devices, an operating system is required. It is estimated that Android owns 76% of this market with iOS at 14.4% as shown in the figure below.

Figure 5:
 
 

Source: MobileThinking


The threat comes not necessarily from these devices themselves but from the underlying OS which they used. According to the F-Secure, for Q1 2014, there were 275 threat families (malware) that run on Android, 1 for iPhone and 1 for Symbian (F-Secure, 2014). 

In addition, the advent of Smart Watches, google glass, fitness tracking bands and other wearables, makes for an even more interesting mobile future.


Internet of Things
As we continue to march towards the future, by biggest fears lies in what else we may choose to connect to the Internet.


The Internet of things is considered as a network of physical objects which are accessed through the Internet. Through the Internet of things, connections can be made between manufacturing floors, energy grids, healthcare facilities, transportations systems to the Internet (cisco.com).

It is reported at a staggering 30 Billion devices will connect wirelessly to the Internet of Everything in 2020 (abiresearch.com, 2013).  If we contrast this with the world’s population which currently stands at 7.2 Billion (worldometers.info), we can conclude that each person will be responsible for at least 4 devices in 2020. Our rush to have everything inter-connected will provide us with a very interesting future.

References:

(n.d.). Retrieved from rcmp-grc.gc.ca: http://www.rcmp-grc.gc.ca/scams-fraudes/id-theft-vol-eng.htm
(n.d.). Retrieved from securingthehuman.org: http://www.securingthehuman.org
(n.d.). Retrieved from cisco.com: http://www.cisco.com/web/solutions/trends/iot/overview.html
(n.d.). Retrieved from worldometers.info: http://www.worldometers.info/world-population/
(n.d.).
(2013, 9 11). Retrieved from idc.com: http://www.idc.com/getdoc.jsp?containerId=prUS24314413
(2013, 05 09). Retrieved from abiresearch.com: https://www.abiresearch.com/press/more-than-30-billion-devices-will-wirelessly-conne
(2014, 08 24). Retrieved from datalossdb.org: http://datalossdb.org
(2014, 08 25). Retrieved from census.gov: http://www.census.gov/popclock/
(2014, 02 5). Retrieved from javelinstrategy.com: https://www.javelinstrategy.com/news/1467/92/A-New-Identity-Fraud-Victim-Every-Two-Seconds-in-2013-According-to-Latest-Javelin-Strategy-Research-Study/d,pressRoomDetail
(2014, 08). Retrieved from securingthehuman.org: http://www.securingthehuman.org/resources/newsletters/ouch/2014
F-Secure. (2014). Mobile Threat Report Q1. F-Secure.
Krebs, B. (2013, 12 13). Retrieved from krebsonsecurity.com: http://krebsonsecurity.com/2013/12/whos-selling-credit-cards-from-target/
Ponemon. (2014). 2014 Cost of Data Breach Study: Global ANalysis. Ponemon Institute.
ZIOBRO, P. (n.d.). Retrieved from blogs.wsj.com: http://blogs.wsj.com/corporate-intelligence/2014/03/17/with-credit-card-data-in-play-who-hacks-the-hackers/

No comments:

Post a Comment