Monday, May 2, 2016

Issues & Challenges in Securing Cyber World

Prof. Meena Kumari
Dept of CSE&IT
THE NORTHCAP UNIVERSITY, Gurgaon

It is a fact that individuals all over the world are gradually going the digital way and merging lifestyles when it comes to personal and professional lives. In this digital era, we are connected globally all the time, everywhere and virtually with everyone through Internet using smartphones, ipads, Internet of Things (IOT) and “WiFi”. The technologies such as mobile internet and cloud are being adopted at a rapid pace. Today’s workforce value flexibility more than anything, so to support BYOD (bring your own device), organizations are adopting a comprehensive set of solutions which address challenges in cyber security. Cybercrime is fast becoming one of the formidable threat globally. Breaches are taking place, besides elaborates security arrangements in the organizations. Data theft & web application attacks are increasing immensely because hackers are able to sneak into networks and steal/damage critical data. Hacktivist group has been involved with many high profile attacks on government, religious and corporate websites through DDoS (Distributed Denial of Service) attacks. In the USA, 1.8 million records have been exposed since the beginning of 2016 & largest data breach was reported by Centene Corporation, in which medical information on 950,000 subscribers to the company’s health insurance products. India being the third largest Internet user base in the world, out of which more than 50% are mobile users, this brings India into a high risk zone, where hackers will exploit key vulnerabilities to breach these devices. Privacy concern is utmost important with IoT and billions of connected devices in this digital world of eCommerce, eGovenance, ePayments & IT corporates. As data grows, enterprises need a robust data privacy solution to prevent breaches and also intrusion, detection & prevention schemes based on big data for detecting vulnerabilities & analysing malware. As eCommerce will grow in 2016, cyber criminals will ramp up attacks on mobile devices and point of sale(POS) systems. Point of Sale (POS) is the time and place where a retail transaction is completed by making payment to the merchant in exchange for goods or after provision of a service.

Ransomeware is one of the latest extortion attacks that infects computer with viruses known as ‘ransomeware’ by encrypting data and demanding payment for it to be unlocked. Recently in 2016, it was reported that a research scholar’s work in his computer was encrypted for ransomeware in India. Already in 2015, RaaS (Ransomeware as a Service) was hosted on the Tox by making use of virtual currency for payment purposes. The new targets for the creaters of ransomeware will be the operating system Mac and unpredictable encryption key on linux platforms.

As mobile phone & wearable devices are being used for monitoring the health of individuals, the hackers may try to cripple them with unlawful activities. The time is not far off, when criminal will try to hack life saving devices like pacemakers or insulin pumps. This raises the question of risks of information use and data ownership on IOT.

There will be tremedous increase in Sextortion attacks, in which scammer can blackmail and threaten to leak personal photographs and videos of celebrities , politician or emminent personalities in return of money.

Attacks on open source software (OSS) are inevitable because these products & libraries such as OpenSSL are integrated into another piece of software.

There will be increase in Android exploits , as android allows hacker to take over an android phone by enabling malicious programs into audio files delivered via MP3 or MP4 format.

With the advent of mobile wallets like PayTM, Apple Pay, Android Pay etc., cyber criminals will indulge with untested financial services.

Vulnerabilities in virtualization firmware could become an acccess point for cyber crooks to gain entry into the infrastructure of an enterprise to extract valuable information. Virtual machines could be the next target with system firmware rootkit.

The use of Drones to provide superior shopping experiences to the retail customers will be used by cyber criminals to steal passwards, user names, band details and even home addresses from the smartphones. 

The massive increase in cybercrime incidents can be attributed to the rising popularity of social media, growing usage of mobile technology in the enterprise and continuing move on cloud services.

India, being emerging in this environment, provides an attractive option for hackers to track vulnerabilities in computer networks, Microsoft OS, office, Adobe files and in devices like Cisco Routers, Juniper IPS, Oracle products, Web browsers, Mobile Phones with and various other products. 

Today, the criminals are intelligent, possess skills and have lot of experience. There is the need to analyse the growing cybercrimes at a high level and better understanding of the potential issues. To combat cyber crime, all the stakeholders should work together to strengthen cyber security. To take up the challenges of cyber security, each country is framing laws around cybercrime in such a way that there is scope for law enforcement
agencies to work closely with global counter parts and invest in training, to deal with cybercrime. India also needs tremendous skilled manpower in cyber security, who are intelligent and having knowledge in network & web security, cloud computing, malware analysis, reverse engineering, secure coding, data analytics and hands on practices in ethical hacking, web attacks & intrusion detection. The Northcap University, Gurgaon has started MTech in Computer Science with specialization in Cyber Security to provide skilled manpower in this specialized area of Cyber Crime Detection & Prevention. Also the subject like Cyber Security, Data Analytics, Cloud Computing, Network Security & Cryptography & Mobile Security are taught at undergraduate programs.