Running head: 21st CENTURY SECURITY THREATS
21stCentury Security Threats
21stCentury Security Threats
The21stsecurity threats are much different from security threats thatexisted during 20thcentury most countries face many diverse national securitychallenges. For instance, the pirates are threatening the UnitedStates citizens the al-Qaeda, a terrorist organisation, is a greatthreat to the Somalia citizens, and some countries such as NorthKorea are working hard to acquire nuclear capability. Apart fromthese threats, other threats include the continuous unrest in MiddleEast countries and the military build-up in China. These securitythreats comprises of a broad-spectrum threat ranging from nuclearweapons to improvised explosive devices. Unfortunately, the locationof these threats tends to move to other location every day. Forinstance, there was a security threat that initially started inUnited States, and later moved to Afghanistan, Pakistan, and Libyarespectively. Every nation’s government has laid strategies that ituses when any security threat arise. This paper discuss about thecyber threats, insider threats, and the perimeter threats, as well astheir security strategies and tactics to fight against them.
Cyberattack is a serious offensive manoeuvre whereby an individual ororganisation targets computer devices, computer networks,infrastructure, or even information systems to commit a crime. Theoffender conducts a malicious act by using certain software to steal,destroy, alter, or hack a susceptible system. In addition, thecriminal may install a spyware while attempting to destroy the entireinfrastructure of the machine. Cyber threat consists of cyberwarfare, cyber terrorism, or cyber campaign. Cyber warfare dependsand attacks computer information and networks that inhabitscyberspace through a prolonged cyber campaign. This denies the deviceits ability to work effectively, and in other cases, the device fallsto function again even after repair. On the other hand, cyberterrorism is the use some computer software to delete some criticalnational infrastructures. In most cases, the terrorists targetsgovernments ministries such as transportation and energy ministriesand other governments operations to intimidate them and refer them asfailures. Recently, cyber threats have greatly increased in mostparts of the world. Nevertheless, there are various ways to fightagainst these cyber threats.
Countermeasures(Security Strategies and Tactics to Fight with Cyber Threats)
Today,high-tech threats are everywhere. However, usage of common sense andlittle knowledge can help even a mere individual to fight against it,and protect his or her financial loss and identity theft. Everyinternet user need to be more vigilant at all time. According toBrenner(2010),the most defence strategy of cyber crime is to understand thecomputer, tablet, and the Smartphone that you are using. Below aresome of the simple strategies to eliminate cyber threats.
Inmost cases, people receive emails from unknown people that resembletheir financial institutions or companies they deal with everyday.They also give a link that directs them to a web page that appears tobe very legitimate. This web page may request the user to verify someinformation such as social security number, account number, password,and other critical information. It is advisable that in case of suchincidence, one should not give out their personal information. Thisis usually a fraud to steal personal information. Therefore, oneshould forward the email to the respective authority and laterpermanently delete it. In addition, one should not go click linksthat he or she does not understand. One can also use usaa.com, acompany that assist in phishing the attacks.
Insome cases, the criminals may falls to send a bogus text or an emailand decide to make a call. They claim to be calling from a certaininstitution, local court system or a bank they think you may trust.Therefore, in case of such phenomena, one should be extra carefulbefore giving out any information. The offenders normally ask forpersonal information and social security number. One may chose tohang up and then call the organisation to double-check they were notcyber criminals. According to Brenner(2010),a genuine organisation will never ask for email password and socialsecurity number. In case they require any personal information, theynever do so through email, phone call, or text message. Hence, it isalways important for everyone to be more cautious.
Introductionof Internet Safety Precaution
Laurello(2013), urges that pop-ups ads are terrible software. Clicking themtriggers the computer to download malicious spyware and virus. As aresult, these virus and spyware gathers personal information such aspasswords and email addresses. Other nasty software is theunsolicited emails and social media messages like Facebook andtwitter. A malicious code hijack the operating system of a computer,send spam, launch unrelenting pop-up ads, and send keystroke to itscontroller. To fight against such ads, one should install a stronganti-virus, anti-spyware, anti-spam, and pop-up blocker programs.Further, one should use browsers that have additional securityfeatures that block such ads. Finally, trust no one on the internet.
Insiderthreat is an act of malicious threat that occurs within anorganisation or an institution, and is conducted by currentemployees, ex- employees, business associates, and contractors. Thesepeople usually have the organization’s security practises, computersystems passwords, and full information about the organisation. Thethreat may consist of a theft of confidential (valuable information),fraud, damage of computer systems, or the theft of intellectualproperty. The insiders have access to the organisation computersystems that were previously given to them in line of their duties.As a result, they use these privileges to harm the organisation. Theinsider has ample time to circumvent security measure due to theirfamiliarity with the organisation’s intellectual proximity anddata. Furthermore, insiders have high ability to conduct a crimecompared to outsiders who do not have access to the organisation’sassets and information.
Countermeasure(Security Strategies and Tactics to Fight with Insider Threats)
TrainingSimulation for Insider Threat
Nowadays,most organisations are adopting the MERIT-interactive program. Thisis a foundation that was started to develop a stand-alone tool withthe aim to offer insider threat risk education, creates awareness,and mitigation. The foundation uses multi-media technologies to drawsimulations that immerse organisations into settings that help themto prevent, detect, and respond to insider threats actions. TheMERIT-interactive program provides an effective means to communicatein case of a suspicious insider risk and tradeoffs (Catrantzos,2012). It enables fast flow of information from the systemadministrators to corporate CEO, both technical and non-technicalpersonnel. In addition, the program provides a stand-alone,multi-media education for threat analysis, policies, practises, andtechnologies of the malicious insider activities.
ComingUp With Legal and Privacy Issues Policies
Sincemalicious insiders are commonly current or former employee, businesspartners, or contractors of an organisation, the best way to dealwith them is to set up legal policies and procedures to deal withthem. For instance, the organisation may lay out profile for eachcrime that describes what, who, when, how the crime was conducted.Additionally, the procedure may also define the patterns ofbehaviours, technical actions, and organisational issues at hand.Following these procedures, it makes it easy for an organisation torecognise practices that can mitigate insider threats. It is alsoeasy for management to differentiate between the insider theft forfinancial gain and insider theft for business advantage. The policiesalso create the ability to make informed decisions concerning theimplementation of practises for insider threat mitigations.
Tominimise chances of insider threat, an organisation needs to have astrong monitoring program to monitor what their employee does totheir systems. Unfortunately, most organisations find it expensive toinstall such programs. They never audit or monitor their system tosee what people do in the system proactively. Just in the same way, afirm have an audit log to indicate any unauthorised change, the samethey should monitor insiders. In this case, an organisation may alsochoose to use complicated passwords to their system and should begiven to specific people. Additionally, these passwords should bechanged occasionally and should never be given to unauthorisedpersonnel.
Sometimeback, network specialists set their mind that switches should switch,firewalls should firewall, and routers should route. They decidedevery component should do it own thing and do it well. Everyonethough it was a good idea since everything was simple. It was easy totroubleshoot, there was clear separation of duties, and there werefew chances of failure. As everyone was busy protecting his or herperimeter, the nature of perimeter threat emerged. As the threatemerged, so did the other computer software such as firewalls. Itbecame complicated to conduct a simple task as packet filteringfirewall and to find a network hub. Laurello (2013), comparesperimeter security to opening and closing a house door. If one leavesthe door open, gnats, flies, and any other insect will find way tothe house. On the other hand, if one closes the door, there are nochances of insects getting to the house. In the same way, a protectedfirewall will keep away all the attackers. Below are some ofeffective perimeter protection to adapts to a network
UsePanda Security To Offers Perimeter Protection.
Almostninety-nine percent of perimeter threats are internet-borne threats.Therefore, corporate perimeter protection is not a luxury but anecessity. Some of the benefits of using panda security as perimeterprotection are it increases user’s productivity, it get lid ofunnecessary network traffic, and optimises resources by freeingworkstations and servers. Panda security uses GateDefender Integra, aUnified Threat Management (UTM) device to protect a computer systemfrom any type of internet-borne threats. It is an “install andProtect” software that offer protection by default and contains allsingle protection devices such as VPN, IPS, firewall, web filter,content filter, and anti-spam. In addition, panda security has aPanda GateDefender Performa that is a “connect and forget”solution to fight against spam, malware, and unsuitable content.Unlike the GateDefender Intergra, GateDefender Performa fightscontent-ased threats. Panda security offers several types ofperimeter protection to suit the need of any organisation. Everyorganisation has specified needs depending on its volume, size, andthe kind of traffic it handles.
IncreasingComplex Mix of Technology
Inmost organisations, the perception of firewall remains that“firewalls should firewall” and other ancillary devices such asvirtual private networks, anti-spam, anti-virus, content filtering,security information and event management, prevention systems andintrusion detection, as well as email encryption should be assignedother tasks. However, the most important thing while dealing withperimeter threat is to make sure all the perimeter bases are takenprotected, not considering of how they are accomplished. Besides,computer user should adopt Unified Threat Management (UTM) concept,as well as other multi-functional perimeter devices. Installation ofUnified Threat Management (UTM) is one of the effective solutions tointegrate duties and serves as a perfect foundation for changemanagement. Apart from freeing up internal resources, the UTM achange to perimeter security is documented, evaluated, and isdifferent from the previous operations.
Sinceintroduction of new technology, security threats were there and theywill remain. Nevertheless, traditional threats remain up to date.Spam distributing malware, virus, and spam are distributed all overthe internet (Laurello, 2013). This calls for the IT specialists towork hard, and come up with permanent and long-lasting solutions tothese security threats. There must be a reliable protection procedurethan it was sometime back. Currently, antivirus is the most commonsoftware to offer protection to the entire IT infrastructure. Themost effective protection means should have the capability ofblocking malware and any other threat using modern technology toblock malware into IT infrastructure. In addition, this softwareshould have the ability to exploit and attack vulnerabilities insoftware. As a result, this will reduce the burden of the ITspecialists while dealing with computers.
Brenner,S. W. (2010). Cybercrime:Criminal threats from cyberspace.Santa Barbara, Calif: Praeger.
Catrantzos,N. (2012). Managingthe insider threat no dark corners..Hoboken: CRC Press.
Laurello,J. L. (2013, July 3). Perimeter threats: Network security requires amix of technology. CommunityBlog Perimeter threats Network security requires a mix of technologyComments.Retrieved October 17, 2014, fromhttp://searchhealthit.techtarget.com/healthitexchange/CommunityBlog/perimeter-threats-network-security-requires-a-mix-of-technology/