Global Reach
This is my initial discussion post with colleagues, there will be a response post following.
Discuss why Cyber Security is now a global issue and why it is important for companies to invest in Cyber Security.
Company mentioned:
Since the beginning of the digital age, threats to security have existed. The complexity of each case grows over time due to the growth of knowledge and prevention methods (Anderson, 2022). However, even with such forward advances, the world struggles to keep up still. Data is most at risk on email, with 83% of organisations experiencing a data breach from employees “clicking a link” and phishing scams, it seems there’s still quite a lot to learn even with the basics (Anon, 2021).
Investing in cyber security is vital to protect and maintain the CIA triad. Confidentiality is key due to a breach in confidentiality costing reputation, personal information, and intellectual property. Integrity is another core concept, data must be trusted and not tampered with, and any data that has been illegally accessed is exposed to change or illegal activity reducing the integrity of the data. Availability as the third part of the triad addresses the availability of data, if a threat actor can restrict access to data or destroy hardware, this can cause monetary and reputation loss due to physical damage or restriction of business. Optimising data minimisation and similar behaviours can drastically reduce the amount and impact of breaches involving data interception and abuse of data.
If we look at the great hack of 2012 with LinkedIn, we can see that 6.5 million user accounts were stolen. LinkedIn says the forensic investigation and other recovery costs of the data breach in June could have topped $1m (Ashford, 2012). This failure from LinkedIn was due to the failure to salt passwords from users. If this simple security procedure was in place, the cost of the implementation would have been much less than the breach, not just a direct payment of $ 1 million. Losing the trust of the public also had a knock-on effect on their confidence in LinkedIn, this lack of confidence means revenue decreases long-term, not just short-term. In addition, any legal fees from this case may be a hidden cost of this breach.
Works Cited
Anderson, R. (2022). Security Engineering: A Guide to Building Dependable Distributed Systems, Third Edition. Wiley.
Anon. (2021, March 1). Data is most at risk on email, with 83% of organizations experiencing email data breaches. Retrieved September 2022, from HELPNETSECURITY: https://www.helpnetsecurity.com/2021/03/01/email-data-breaches/
Ashford, W. (2012, August 06). LinkedIn data breach costs more than $1m. Retrieved September 2022, from Computer Weekly: https://www.computerweekly.com/news/2240160962/LinkedIn-data-breach-costs-more-than-1m
Response Post
The initial post focused on the global impact of cybercrime based on the LinkedIn hack in 2012. This case specifically affected a global audience due to it being social media. This covered the CIA triad in relation to the event, and how it broke the triad.
The method of storing and accessing passwords seems unknown to non-IT workers, the use of SHA-1 algorithms for storing passwords and salting passwords are methods of protection that companies use, and this is where LinkedIn went wrong. It is likely LinkedIn relied on the public not being aware of how passwords are stored, however, they were not aware of the intelligence of threat actors. Although, this is the nature of software development and production environments “if it had been successful, software security vulnerabilities wouldn’t be as common as they are today” (Sawano, 2019, p. 36). From the discussion, security mitigation that could be installed for day-to-day user-focused security, such as 2FA, was mentioned. This is now vital for account safety; users can implement 2FA on LinkedIn accounts for another layer of cost-effective security (Jurisons, 2022).
The research into global cybercrime spurred a further look into global cybercrime. “Having high-quality locks isn’t sufficient if the key hangs on a nail or if the vault door hinges are weak” (Sawano, 2019, p. 29) this applies to nuclear command and control. The capability of countries for nuclear weapons is astounding, 44 have nuclear programs 15 of those countries don’t have any cybersecurity laws in place (Anderson, 2021, p. 543). Nation-states have a huge global responsibility to protect their population from other countries that pose a threat.
From this discussion, the act of layering cybersecurity and viewing security as a concern, not a feature (Sawano, 2019, p. 29) is key for the global protection of data and lives.
Works Cited
Anderson, R., 2021. Security Engineering: A Guide to Building Dependable Distributed Systems, 3rd Edition. s.l.:WIley.
Jurisons, M., 2022. Two-Factor Authentication: The Pros and Cons. [Online]
Available at: https://messente.com/blog/most-recent/2fa-pros-and-cons#:~:text=The%20common%20ownership%20of%20mobile,extra%20protection%20your%20accounts%20need.
[Accessed 9 October 2022].
Sawano, D. B. J. &. D. D., 2019. Secure by Design. New York: Manning Publications Co. LLC.