Está en la página 1de 10

1 Research Project: Cybersecurity Introduction Security industry has emerged as response to the threats of different kind that follow

humanity from its birth. The need in protection from animals and then from other tribes made first people think about their security. Through the ages, security issues started to become more and more sophisticated. Therefore, security measures changed as well. The technology era has changed everything. However, it did not change the desire of some people to get something illegally that others have. Thus, the new era of challenge between security and its counterparts has begun. Technology has brought many innovations and advances into the world of security. At first, there were code locks and highly sophisticated mechanical solutions that allowed making security breaches rather difficult. Then, different wired electronic devices provided security protectors with opportunities to have distant access to the security control systems and thus be able to control them better. Despite all these advances, their counterparts have always been close in this race. The third parties with criminal or other intent that wanted to get unauthorized access to something that was protected have always been inventive and that allowed them creating mechanisms and devices for security breaches (Guan and Huck 2012).

2 Implications of Cyber Security The advent of information technologies provided mankind with outstanding opportunities in different areas. Electronic means of communication, like wired networks, wireless, and mobile technologies have made the process of information transfer as quick and easy as never before. Such state of things required new approaches in terms of security measures because criminals have always been a threat. However, there are reasons to believe that the greatest threats to the organizations information security are constituted by employees. Why it is so? It is rather easy to explain. At first, think about the following: IT specialists, CIOs, security teams, etc. are all focused on development and implementation of the most sophisticated and advanced security measures because they do realize the significance of the consequences that security breaches might have. Then, these people within any organization oppose the other side (criminals) that play by the same rules, meaning the approaches, ideas, and concepts both side exploit. Therefore, security specialists generally know how to stop criminals, at least in theory (Benzel 2011; Kemmerer 2003). Meanwhile, employees, in most cases, have rather poor computer literacy. It means that a normal IT related individual will not write down the password from highly-secured enterprise database on the back side of keyboard. It also means that such kind of individual realizes in full that it is not appropriate to store pricy, secured, important data on mobile phone, laptop, thumb drive, or any other device, convenient to be stolen or lost. Therefore, sloppiness, foolishness, careless, and, in some cases, anger of employees are the greatest threats to the security plans and measures of any company. The greatest challenge for an IT security specialist is to try to think like regular users do and then develop such security

3 measures that would consider all imaginable actions, theoretically possible to be performed by a typical employee. Otherwise, information security is in great danger, always.

4 Limitations Unauthorized access to the protected network, such as Ministry of Interior could have, is the biggest issue today. Mobile devices are more and more popular these days so it is very important to implement protection for such devices as well. Thus, encryption and smart cards access can be useful in this matter. Protection of sensitive information has always been an issue. People have tried to protect important data for centuries and used rather different methods in order to achieve this goal. The most useful and efficient method was encryption. A sender (or keeper) altered information using a specific key. No one else was able to understand such encrypted message without having and applying the key. Therefore, the main goal to protect the data was achieved in this way. Further development of data carriers led to the sophistication of encryption methods. It was the only way to assure protection. With the advent of information technologies as we know them today, the need in protecting data grew drastically. Computers provided us with substantial computational capability that allowed developing new, more advanced and powerful encryption algorithms. Such achievement made encryption a more reliable and widespread method of data protection (Benzel 2011; Kemmerer 2003). At first, encryption was used by military in order to not allow enemies understand intercepted messages. Later, business community realized that encryption could be used for protection business secrets and internal information from the third parties. Thus, encryption tools became commonly used not only for military and business purposes but also in day-to-day life of regular people. New encryption algorithms were developed. The old ones were improved. However, the contemporary era of the Internet, smartphones, laptops, and mobile data storages required new

5 approaches in data protection. Business required solutions that were able to protect sensitive information from the unauthorized access. Eventually, different encryption techniques (algorithms) were developed. AES, DES, algorithms with symmetric and asymmetric keys, SSL, and many others were developed to assure that data was safe and could not be acquired by the third parties without permission. Even the full disk encryption technique was created to provide the business community with extra security measures. Modern business industry can be called customer-driven. It is rather easy to agree with this statement if we just look at the current situation on nearly any market. However, this tendency is easier to follow using the market of financial services as an example. This market grew substantially after the advent of information technologies (IT) and their rapid development. The reasons for such drastic increase were more than obvious. Banks and other financial institutions got the opportunity to provide their customers with usual services via the achievements of informational era, such as global network (the Internet), mobile terminals (smartphones and other mobile devices), smart chips in credit cards, etc. (Benzel 2011; Kemmerer 2003; El-Khatib et al. 2010; Seltsikas 2010). Along with the rapid development of financial products and services lines, oriented on the online distribution, the need in securing such kind of transactions grew as well. It was clear that people would not entrust such sensitive information as financial to the channels they were not sure about. Therefore, at the beginning of information era the number of financial services was small but they were rather secure. Credit cards, checks, other financial instruments were protected comparatively well because the customers personal financial data (personal identification numbers, for example) was not transferred via unsecured networks, including wireless ones.

6 With the advent of such technologies, as wireless networks, instant access to the Internet from mobile devices, contactless access to smart cards based on radio frequency identification (RFID), and many others, the number of opportunities to provide financial services grew substantially. However, there is an opinion that it has been done at the expense of customer security. The aim of this paper is to discuss this issue in order to understand whether it is true or not. At first, it is necessary to understand what these financial services are and what features they have. Thus, it would be easier to obtain broader view on the main issue. Online financial services are usually provided via online banking. It is also sometimes called Internet banking. Online (Internet) banking gives an opportunity to conduct various financial transactions using secured website of a bank. Most of the common operations performed via online services can be addressed to transactional and non-transactional categories, and also financial institution administration, management of numerous users that have different levels of authority, approval process of transactions. In addition, online banking could include such unique services as personal financial management support and account aggregation that would allow customers monitoring numerous personal accounts via the Internet (El-Khatib et al. 2010; Seltsikas 2010). Now, it is important to clarify the major concern of every transaction or simply action related to financial activities security. Security in such kind of transactions is issue number one beyond any doubts. Usual banking services are provided with rigid security measures, such as combination of different authentication methods, secured cards, heavily guarded safes, etc. However, in case of online banking, there are no opportunities to provide these security measures.

7 Solutions Online services provided regular people with tools that make their life easier and comfortable. Security specialists of different sectors developed various systems that should secure online transactions and make them as secure as it would be in the real bank, for example. However, considering the level of technology, it is not wise for anyone to feel entirely safe entering PIN from personal account into mobile banking application (for example). This data goes though different nodes and wireless networks so it can be intercepted, decrypted, and then used (El-Khatib et al. 2010; Seltsikas 2010). Online banking indeed provided customers with numerous services that were unreachable before. However, it lowered the overall secureness of financial transactions conducted over the Internet. It is true that customers either accept such state of thing or not. Some of them use online banking intensively, other prefer going to the nearest bank because it is more secure. In any case, it is the choice of each person whether to use online services provided by the financial institutions or not. Therefore, the implementation of online services was a very significant step. People begin entrusting their financial and other information to the Internet medium and it has its advantages and deficits. The number of services that banks can offer via online is much bigger but such freedom of choice is connected with increased risks. It could be said that such variety of services caused the overall simplification of customer security in order to provide these service to as many customers as possible. However, it cannot be said that these services were imposed. The development of the internet technologies inevitable led to the changes in many industries and the banking industry simply could not ignore it (El-Khatib et al. 2010; Seltsikas 2010).

8 Reflection In order to realize how dependent we are from the technologies, I chose morning to go without using information systems and technologies. Morning is the busiest time of the day in this matter checking the emails, news, twitts, Facebook messages, etc. so it was decided to do so to see how long my mind will be disturbed by the absence of this data. I normally use tablet and smartphone to browse the Internet and socialize, use emails and various IMs to communicate. Considering the situation, it was nearly impossible to even think that I was not able to visit Facebook there are my friends and lots of information I need to see and share from the very beginning of the day! It was obvious that communication in the old-school regime (like over the wired phone, for example or a simple meeting in a caf) could not been applied in this case. Simple process of information transfer became utterly difficult people were not nearby the phone and of course had no time for meetings. Communication this is the most difficult task to complete without IT. Based on this one-time-short experience, it is sad to conclude that we cannot live without technologies. Well, we can survive, but our life will change completely. Social connections will be either destroyed or substantially narrowed. Society will die as we know it today.

9 Conclusion Analyzing the current paradox when the number of tools to assure cyber security grows but we are less secured in this area, it becomes clear that something should be changed on the deeper levels and in the broader scope. People should learn to accept the need in technologies in every area of day-to-day activities and that the technologies should be treated accordingly. Therefore, since we know that we must look on the road when we cross it, we must realize the problems cyber security issues can cause. It is necessary to teach young people how to assure cyber security on the most primitive level from the school desk. Organizations must accept the truth that it is important to teach employees to be cyber conscious and qualified in this area to assure the secureness of the data at every desk and workplace. Societies need to change the attitude towards cyber security, alter laws and increase the responsibility for the cyber-related crimes, pay more attention to the educational process in this area, etc.

10 References Benzel, T. 2011. The Science of Cyber Security Experimentation: The DETER Project. ACSAC 11, ACM. Orlando, Florida, USA. El-Khatib, K., Hung, P., Thorpe, J., and Rjaibi, W. 2010. Cybersecurity issues for businesses. CASCON 10, Proceedings of the 2010 Conference of the Center for Advanced Studies on Collaborative Research, 364-365. IBM Corp. Riverton, NJ, USA. Guan, J. and Huck, J. 2012. Children in the digital age: exploring issues of Cybersecurity. iConference 12, Proceedings of the 2012 iConference, ACM, 506-507. New York, NY, USA. Hoffmann, L. Risky business. Magazine Communications of the ACM, 54(11), 20-22. New York, NY, USA. Kemmerer, R. A. 2003. Cybersecurity. ICSE 03, Proceedings of the 25th International Conference on Software Engineering, IEEE, 705 715. Washington, DC, USA. Oehmen, C., Peterson, E., and Dowson, S. 2010. An Organic Model for Detecting CyberEvents. CSIIRW10, ACM. Oak Ridge, TN, USA. Seltsikas, P., Marsh, G., Frazier-McElveen, M., and Smedinghoff, T. J. 2011. Secure government in cyberspace? DG.O 11, Proceedings of the 12th Annual International Digital Government Research Conference: Digital Government Innovation in Challenging Times, ACM, 359-361. New York, NY, USA. Ten, C.-W., Liu, C.-C., and Govindarasu, M. 2008. Cyber-Vulnerability of Power Grid Monitoring and Control Systems. CSIIRW '08, Proceedings of the 4th annual workshop on Cyber security and information intelligence research: developing strategies to meet the cyber security and information intelligence challenges ahead, 43, ACM. New York, NY, USA.