Forms of Cyber-Terrorism and How to Protect Against Them
Write a paper analyzing the different forms of cyber-terrorism and focus on how an organization can protect against the threats that cyber-terrorists pose. Different identification, authentication, and access control methods exist within an organization. Some organizations have stronger resistance against possible attacks than others. In your paper, address the following:
1.Analyze of at least five identification, authentication, and access control methods organizations use to resist possible attacks.
2.Evaluate these methods and discuss how they can make an organization vulnerable to possible attacks.
3.Discuss ways to improve each of these methods to help ensure the organization is safe against possible attacks.
Introduction
The technology world today is experiencing significant increase in the amount of cyber crimes being reported. Cyber criminals are taking advantage of the growing internet users to commit different types of crimes. Evolving technology has significantly contributed to the growing incidents of cyber crimes because criminals can now have different access points that hackers can attempt to exploit in order to gain unauthorized access. The growing threat associated with cyber security is costing institutions a lot of money through loss of important confidential information to cyber criminals. Though attempts have been made to enhance the current legal infrastructure to deal with the evolving threats of cyber crimes, the fact that the internet offers a platform for cyber criminals to conceal their identities and location has made it very difficult for law enforcers to deal with these crimes. However, computer scientist and other stakeholders have attempted to develop new defensive measures to enhance cyber security and prevent these attacks from happening. This paper discusses the different types of cyber-terrorism being perpetrated today and some of the strategies that can be applied to overcome them.
The Different Forms of Cyber-Terrorism
Cyber-terrorism is a form of crime where computer technology is used as the tool of committing the crime (Vegh, 2002). Cyber criminals used computerized devised to launch attacks on their victim’s computer devices so as to steal sensitive information or manipulate data to inflict damage on their targets (Vegh, 2002). Advancing technology has led to the development of many electronic devices that cyber terrorist use to launch their attacks on their targeted victims (Lehto, 2013). As such, cyber-terrorism has taken many different forms. The most common forms of cyber-terrorism include, phishing emails, identity theft, DoS attacks, hacking and cyber-stalking. By applying these tactics, cyber terrorists are able to commit all manner of crimes over the internet.
Phishing Emails
A Phishing email is a form of cyber-terrorism where attackers send emails with malicious attachments or URL links to their targets (Koops, 2016). Attackers hope that their victims will open the malicious attachments or URLs so that they can infect their devices with viruses or malware that will launch their attacks (Koops, 2016). Attackers also use phishing emails to trick their victims into changing their passwords or billing information on a given product or service with the intention of stealing confidential information that can give them access to their financial accounts (Wendt, 2013). In most cases, email service providers often provide tools that flag phishing emails as spam but advancing technology has enabled cyber terrorist to device new ways to beat these security measures (Wendt, 2013). This means that phishing emails remain a major cyber security threat that continues to bother internet users today.
Identity Theft
Identity theft is another form of cyber-terrorism where attackers obtain personal identity details about their victims so that they can use them to impersonation. In most cases attackers will obtain the personal identity of an attacker such as their driver’s licenses or bank account records so that they can use them to obtain products and services in their attacker’s name (Kilger, 2015). In most cases, identity theft is a technique used to carry out different types of frauds without the victim knowing what is happening. Attackers are likely to acquire the personal details of their victims either by stealing them physical in order to use them for identity theft or they may use phishing emails to trick their targets to submit their personal details (Pilling, 2013). Most people only notice that they have been victims of an identity theft only after the crime has taken because the attackers usually carry out their attacks in the identity of their victims. One way to detect cases of identity theft is when victims notice suspicious withdraws from their bank accounts or find other fake charges billed on their credit card (Pilling, 2013). Computer security experts have often found it hard to deal with incidences of Identity theft because in most cases they are only detected after they have occurred while attackers use sophisticated electronic devices and technology to conceal their identity and location (Kilger, 2015). As such, identity theft has become one of the most challenging forms of cyber-terrorism.
DoS Attacks
Denial-of-service attacks happens when cyber-terrorists try to prevent users from accessing a given computer service or electronic device by attacking their servers (Cassim, 2012). This type of attack applies the technique of flooding the servers of a given network so that the victims resources are overwhelmed making it difficult for them to access the network. In most cases, such attacks are used by cyber criminals to make bring down a given online service such as a website or online billing service by overwhelming its servers and traffic using multiple sources (Cassim, 2012). Bonnets with large networks carrying infected devices are often used to deposit malwares and viruses on the servers of the targeted networks which make the network un-operational (Cassim, 2012). Attackers use this tactic as their initial stage of attack before they can launch techniques of hacking into the jammed network (Cassim, 2012). As such, organizations should always have computer security mechanisms in place to defend against such attacks.
Cyber-Stalking
Cyber-stalking is a form of cyber-terrorism where an attackers target their victims by sending them threatening emails and messages (Cohen, 2014). In most cases, cyber stalkers are people who know their victims very well and they conceal their identity in order to harass their targeted victims. Stalkers often leverage on the anonymity accorded by the internet to execute these types of attacks because it conceals their identity from being detected (Cohen, 2014). The difference between cyber stalking and email phishing is that stalkers target a specific individual who is probably well known to them while email phishes send multiple messages to many unknown victims (Cohen, 2014). These types of attacks can often cause a lot of emotional damage to the targeted victims.
Methods Organizations Use To Resist Possible Attacks
Different techniques are applied to prevent the different types of cyber-terrorism depending on the nature of these attacks. In most cases, attackers take advantage of their victim’s naivety and ignorance to launch their attacks. As such, the first step an origination should take towards resisting possible attacks is educating its members on the common types of attacks and the basic procedure necessary to overcome them. Having basic education on the different forms of cyber-terrorism will help an organization avoid some incidences of cyber attacks (Blazic & Klobucar, 2016). However, given the fact that it can be very difficult to detect human behavior, a more sophisticated approach towards cyber security needs to be adopted.
In the past computer security experts have often found it difficult to deal with cyber security attacks such as phishing because the attackers take an anonymous identity (Blazic & Klobucar, 2016). Moreover, no single computer security technology has been known to prevent phishing attacks. However, an organization can adopt a multi-layered security approach to reduce the frequency and number of phishing attacks as it would help lessen the impact such attacks have on an organization (Blazic & Klobucar, 2016). Among the common methods to defend against phishing attacks is the use of cyber-security technologies such as various malware and virus software while access control and behavior monitoring tools are used to detect any suspicious activity so that appropriate measures can be taken before an attack can take place (Blazic & Klobucar, 2016).
In the case of protecting against identity theft, organization should use user education as the first security measure. Educating their members on how different forms of identity theft occur ensures that they are aware of this type of attack so that they can undertake precaution measures (Blazic & Klobucar, 2016). In addition, installing firewalls, anti-malware and virus detection on all their electronic devices will help detect suspicious activities so that defensive measures can be taken immediately. The security features installed in these devices should be updated regularly (Blazic & Klobucar, 2016).
Organizations can defend against DoS attacks by first ensuring that there is a good response plan in place when they occur. Before taking any defense measures the organization should first contact their internet service provider to establish whether the attack is indeed a DoS attack or some other factors could be causing the degradation in performance (Cassim, 2012). The ISP is able to respond to such attacks by rerouting the malicious traffic so that its effects on a given network can be minimized. DoS attacks firewalls and software can also be applied to detect and prevent such types of attacks from occurring (Cassim, 2012).
Weakness of the Methods Organizations Use To Resist Possible Attacks And How They Can Be Improved
Though cyber security measures have been put in place to deal with different types of cyber-terrorism, the attacks still occur today. Cyber criminals use computerized devised to launch attacks on their victim’s computer devices so as to steal sensitive information or manipulate data to inflict damage on their targets (Ariely, 2014). Today the technology used by cyber criminals is evolving rapidly and they tend to use sophisticated techniques to launch attacks on their victims (Ariely, 2014). This means that failure by an organization to update its cyber security infrastructure can lead to attackers devising new strategies to penetrate the existing defense mechanism. For this reason, an organization’s information technology team should be actively engaged on devising new technique to upgrade its cyber security framework to defend against any emerging security threats.
An organization can also enhance its information technology security system by establishing strong password policies that attackers would find difficult to crack. These passwords can use a combination of letter, numbers and other functional characters (Ariely, 2014). However, an organization may face challenges when employing this approach especially in situations where the attackers have obtained confidential information from insiders within an organization. Incidences of unhappy or criminal employees working with attackers are very common and in some situations they might leak passwords to potential attackers to facilitate security bleaches (Ariely, 2014). Changing passwords regularly will ensure that cyber security threats are minimized significantly.
Conclusion
The evolution in modern technology has significantly contributed to the growing incidents of cyber crimes because criminals can now have different access points that hackers can exploit to gain unauthorized access. The growing threat associated with cyber security is costing institutions a lot of money through loss of important confidential information to cyber criminals. Though attempts have been made to enhance the current legal infrastructure to deal with the evolving threats of cyber crimes, the fact that the internet offers a platform for cyber criminals to conceal their identities and location has made it very difficult for law enforcers to deal with these crimes. However, organization can overcome these challenges by upgrading their network security regularly to withstand emerging cyber security threats. Moreover, changing passwords regularly should also be considered another important security feature especially in situations where an organization has many untrustworthy employees. In conclusion, the evolving nature of cyber terrorism means that cyber-security upgrades should be an ongoing process that changes with time.
References
Ariely, G. A. (2014). Adaptive Responses to Cyber terrorism. Cyberterrorism, 175-195. doi:10.1007/978-1-4939-0962-9_10
Blazic, B. J., & Klobucar, T. (2016). Missing Solutions in the Fight against Cybercrime and Cyberterrorism—The New EU Research Agenda. 2016 European Intelligence and Security Informatics Conference (EISIC). doi:10.1109/eisic.2016.033
Cassim, F. (2012). Addressing the spectre of cyber terrorism: A comparative perspective. Potchefstroom Electronic Law Journal/Potchefstroomse Elektroniese Regsblad, 15(2). doi:10.4314/pelj.v15i2.14
Cohen, D. (2014). Cyber terrorism. Cyber Crime and Cyber Terrorism Investigators Handbook, 165-174. doi:10.1016/b978-0-12-800743-3.00013-x
Kilger, M. (2015). Integrating Human Behavior Into the Development of Future Cyberterrorism Scenarios. 2015 10th International Conference on Availability, Reliability and Security. doi:10.1109/ares.2015.105
Koops, B. (2016). Megatrends and Grand Challenges of Cybercrime and Cyberterrorism Policy and Research. Advanced Sciences and Technologies for Security Applications Combatting Cybercrime and Cyberterrorism, 3-15. doi:10.1007/978-3-319-38930-1_1
Lehto, M. (2013). The Cyberspace Threats and Cyber Security Objectives in the Cyber Security Strategies. International Journal of Cyber Warfare and Terrorism, 3(3), 1-18. doi:10.4018/ijcwt.2013070101
Pilling, R. (2013). Global threats, cyber-security nightmares and how to protect against them. Computer Fraud & Security, 2013(9), 14-18. doi:10.1016/s1361-3723(13)70081-2
Vegh, S. (2002). Hacktivists or Cyber terrorists? The Changing Media Discourse on Hacking
Wendt, J. D. (2013). Omen: Identifying potential spear-phishing targets before the email is sent. doi:10.2172/1093687. First Monday, 7(10). doi:10.5210/fm.v7i10.998