Post your thoughtful analysis about one key point you took from this assigned reading. (This first week you are not required to post: One question to ask your fellow classmates to facilitate discussion, nor are required to post In The News nor comment on other students’ postings.)
Reader Interactions
Comments
Leave a Reply
You must be logged in to post a comment.
The chapter, Threat Environment, explains the pros and cons that Internet access creates for companies who become critically dependent on IT. Besides the benefits of the Internet, criminals became attackers, and websites, databases, and critical information systems are objects for threatening the environment. The understanding of the threat environment is important for a company to defend itself.
Figure 1-1 shows us that malware, phishing, social engineering, and web-based attacks are way more than physical attacks, which require more attention to Internet access attacks considering the threat environment. To defend these types of assets, it’s important to have a good foundation for security goals, aka CIA. There are also countermeasures, safeguards, protections, or controls that help companies to deal with attacks.
Data breaches are high-impact situations where companies lose records of customers and their own data, and PIIs are what attackers are looking for most of the time. Eventually, it cost a lot to handle notification, detection, escalation, remediation, legal fees, and consultation. One of the good takeaways from the data breach section of the reading is that the holiday times are high-risk times where attackers are willing to attack the most number of POS systems (ex. target). I also learned the difference between Cyberwar and cyber terror where war attacks are made by national governments and terrorist attackers or groups of terrorists.
Chapter 1 of Corporate Computer Security provides an overview of the cyber threat landscape facing companies today. The authors provide a detailed overview of threats from data breaches, employees/ex-employees, malware, hackers, criminal gangs, cyberterrorism, et. al. The section on criminal gangs, cyberterrorism, and cyberwarfare provides interesting examples of how advances in technology provide opportunities for abuse.
The promise of technology to improve our lives also provides adversaries the opportunity to improve their criminal pursuits. The advent of cars made transportation easier for the world. Cars do not discriminate against who they transport and the same technology can be used for both legal and illegal activities. Criminal use of cars resulted in the creation of license plates to help police track vehicles being misused. The internet provides a contemporary example of this issue as it’s helped to provide unprecedented access to information, while also providing vast opportunities for criminals to exploit such access.
Technology may change but the underlying criminal models remain the same. Cyber criminals will use their technical abilities to fund age-old crimes such as extortion, fraud, and drug trafficking. A study conducted by VeriSign in 2003 found a high correlation of IP addresses used in hacking and those used in fraud. In another example, police found that locations used in identity theft had drug paraphernalia indicating that the criminals were stealing this information to fund their addictions.
It’s important to understand the motivations of criminal actions when responding to today’s cyber threats. While the threat landscape is continually evolving, the core drivers often remain the same, e.g fraud, extortion, etc. Understanding these drivers will help defenders to identify how new technologies can be used illegally and what steps can be taken to deter criminal usage.
One key point I took away from the first chapter of Boyle and Panko is how ever changing and fluid the attack vectors are that companies face. As time goes on the attacks hackers can use and vulnerabilities they can exploit grow in number. And when new attacks are uncovered it only adds to the list, you still need to worry about the old methods that attackers use. The chapter illustrates how much goes into managing a company’s threat environment, and why it’s so important. One particular statistic I found interesting that I had not heard before is “…information loss was the single most expensive consequence of computer crime, with losses averaging $5.9M annually per firm in 2018. Business disruption was the second highest cost, at $4.0M. Equipment losses and damages were only $0.5M of the lost value.”. This certainly reiterates the point that the most value a company holds lies with its data and not with its hardware.
Overall, as a Criminal Justice major, I really enjoyed this chapter on threat environment and I noticed a lot of material overlap with my Terrorism, Transnational Crime, and Global Security course. I considered how with the facility of international movement and communication, criminal opportunities have grown accordingly. By virtue of its nature, many types of cybercrime can take advantage of very loosely organized structure. Unfortunately, the challenges of transnational crime are: differentials in international law, cultural norms, and political boundaries. International boundaries can be a great impediment to legal action and investigation efforts and evidence, witnesses, and offenses can be far flung – and multijurisdiction which make it more difficult to prosecute.
Moreover, I would argue that it is important to define cyber war and cyber terror as individuals sometimes mistakenly use the terms interchangeably. Boyle and Panko describe cyberwar as consisting of computer-based attacks made by national governments whereas cyber terror is conducted by a terrorist or group of terrorist. Furthermore, cyber terror is typically used in conjunction with conventional warfare or physical attacks. Nonetheless, they are both a threat since the incapacity or damage to critical infrastructure could have a debilitating impact on the defense or economic security of the United States; not to mention, it threatens public health and/or safety, harms commerce, affects the viability of a facility, etc. Lastly, I think it is important to point out that at this time there are no recognized cyber attacks originating from a terrorist organization. Cyber attacks are still more commonly committed by nation states (sometimes supported by APT groups), international criminal organizations and hacking groups, and/or lone hackers.
I found the criminal era section interesting, specifically when the author talks about how we are seeing the black market evolve. The author seems to believe it’s hardly different then various other markets, which are initially dominated by all-in-one providers and overtime sees smaller niche markets develop and grow. The author writes, “…vertical and horizontal specialization appear. In cybercrime, some criminals search for exploits, others develop, toolkits. others specialize in distribution and botnet management, others run markets for identity theft and credit card numbers, and others create shared codes and libraries”. I’ve never really taken a deep dive into the black market from a business perspective but it certainly stuck out to me in the reading. I liked the authors comparison to other markets and it makes sense since there is a large demand of people who want to obtain legal products or services some way or another.
The growth of the Internet has put businesses in a dangerous environment. The Internet has given companies access to billions of customers and business partners. The Internet has also allowed criminals to attack websites, databases, and gain access to critical private information without entering the company.
The threat environment refers to the types of attackers and attacks that a company faces. Usually we know about the threat of hacking, malware, data breaches, cyber terrorism, etc. Interestingly, human error can also cause huge losses, such as an employee losing a $2,000 laptop, which includes replacing the computer , the time cost of installing software, and the value that competitors gain from collecting information on lost computers. However, the cost of computer crime can be very low. The Internet threat environment presents new types of attacks every year or two, and companies must continually reassess the threat environment to ensure corporate Internet security and information security.
One key point I’ve taken from Chapter 1, “The Threat Environment”, is that there are multiple ways to countermeasure a compromise in a company’s data. The three types of countermeasures are preventative, detective, and corrective. I’ve learned that the type of countermeasure you should use is based off when the compromise is recognized. Preventative would be used to defend from the attack ever succeeding. Detective would be used to identify an attack once it’s forming or if it’s beginning to succeed. Corrective is used to help get a business back on track once it has already been compromised.
Agree, I also included one important part of Internal threat is one of the big challenges to every organization, need to implement different types of preventive measures, analysis of end-use security behavior show that the possibility for an error affecting information security is reduced by system design, separation of duties, employees are satisfied by work stability and are afraid of being fired. Their motives for the intentional attack are reduced. Analysis showed that internal threats cause by employee negligence, carelessness and cognitive base errors are show most important issues that should be addressed because are not trained or are about what is a good security behavior, they merely adopt co-worker attitude and behavior.
This chapter introduces me general and important information about security terminology. The chapter also provides hints how the threat modelling needs to be set up and why the threat environment is changing rapidly. “Attacks always get better, they never get worse”. Therefore, attackers always analyze victims’ countermeasures/safeguards/controls (classified as preventive, detective, and corrective) and find ways to get around them. Moreover, they are not slow to take advantage of new technology.
The more purposes to make cyber attack s are, the more types of external attackers remain. The attackers are not only interested in fame, a feeling of power, also making money illegally, stealing a company’s trade secrets, making DoS attacks, creating cyberwar and cyberterror. The types of external attackers used to be employees, ex-employees, and traditional external attackers; now, the list is longer with career criminals, corporate competitors, national governmental agents, and terrorists. Also, recovery costs for attacks are increasing.
This chapter introduces the threat environment and understanding existing conditions that surround the work environment – or any environment for that matter – that can impose different types of threats. For example, in the cooperate world – threat actors could be foreign intelligence interfering with infrastructure and stealing intellectual property for their benefits. In parallel to worrying about foreign actors stealing proprietary information from massive corporations, other threats come from domestic entities such as outside attackers within the region or even other companies and corporations seeking to impact and devastate their competitors.
This is fundamental to understand the motive of the attack as knowing your enemy will help understand what protections must be in place in order to protect from future attacks. As the environment changes, so might the origin of attacks; or even worse as the environment changes it escalates the number of potential bad actors resulting in a higher amount of threats for the organization to handle. As a result; the team playing defense must be just as responsive and resourceful as the team playing offense in an everchanging environment.
The 1st chapter of Boyle and Panko: Corporate Computer Security lists the variety of attacks and how they are accomplished. Each individual attack is unique in its own perspective and has it’s strengths when trying to hack into a system. With the unique characteristics of how malware, social engineering work hand in hand in order to accomplish data breaches which consists of valuable information that can be used for whatever intended purposes the hacker wants. The hacker is not the only threat to Corporate Computer Security but it is also those within the company that are possible threats as well. We need to protect our systems from external forces and internal forces as well in order to establish security. With the proper security infrastructure/architecture we can better prepare ourselves for the cyberwar and/or cyber terror.
I found the portion of this week’s reading on the theft of customer and employee data to be interesting. The book mentions that many cybercriminals like to focus on the “soft” or easy targets. Rather than spending hours upon hours researching and picking away at a large company’s defenses in hopes of stealing a large sum of money, these criminals target individual people. While a company has procedures and security structures in place, individuals are more likely to take risks and to be conned into sharing sensitive information. Cybercriminals may have to attack more targets to make a large sum of money but they are more likely to succeed overall and often less likely to be caught.
The one key point that I took is understanding of the threat environment—that is, the types of attackers and attacks companies face. “Understanding the threat environment” is a fancy way of saying “Know your enemy.” If you do not know how you may be attacked, you cannot plan to defend yourself. A cyber threat is an attempt to damage or disrupt a computer network or system. Cyber threats can become a reality if there are vulnerabilities present within a network, hardware, or software, which allow an attacker to reduce a system’s information assurance. Most cybersecurity guidance addresses access control, configurations, and accountability, but businesses cannot determine risk or know where to invest in security until they know the threat landscape facing their organization.
Hi Shubham,
I agree with you. Sometimes, the attack comes from internal employees. We always think of outside people when it comes to hacking and neglect the fact that internal employees can cause a sabotage to their information system. Knowing too much information, giving credentials access to all employees can also be a threat to the company environment.
This book provides ellaborate review on the topic of threat environment from the public and private domain access to the Internet and impact of cyber threats which involve the use of computers, storage devices, software networks and cloud-based repositories which affect businesses.
It emphasizes how corporations have become critically dependent on Information Technology (IT) as part of their overall competitive advantage and protection of their IT infrastructure from variety of threats, and subsequent profitability, corporations must have comprehensive IT security policies, well-established procedures, hardened applications and secure hardware.
I found that this reading material identifies the threat environment which consists of the types of attackers and attacks that companies face with the rise in technology advancements.
The CIA-Triad security objectives and goals sights the cogent reason why humans are the weakest link in security plan and implementation on confidentiality of information where people mostly cannot read sensitive information adequately, either while it is on a computer or while it is transit across a network.
The process where integrity means attackers cannot change or destroy information, either while it is on a computer or while it is traveling across a network.
Availability means people who are authorized to use information are not prevented from doing so. While compromises denotes the successful breach and attack and the countermeasures required to thwart attacks.
Chapter 1 of Corporate Computer Security gives us a general understanding of what exactly the threat environment is, which is the type of attackers and attacks that companies face, and to “know your enemy”, which basically means that in order to understand the threats to the business you need to know how to prepare and defend against the threats. While not a “key” point of the readings, to say, something that I found interesting was learning about cyberwar & cyberterror, as I never really thought about these different levels that are above the typical cyber attack. Typically when you think of an attack you think of moderately skilled hacker with some phishing or malware skills, but it’s scary to think how much more detrimental it can be, whether it is a terrorist organization or an actual government initiating the attacks. This is something most businesses probably are not ready for.
Hi Alexander,
Great summary! Myself did not know of cyberwar before and this chapter helped me understand the attacks companies may face on the daily basis. The base of this chapter is “know your enemy” as you mentioned in your post. You need know what constitute the threat environment and be prepared on how to respond or defend yourself when those attacks happen.
This chapter explains an idea about threat environment and security challenges, so many organizations face various types of attacks that’s are costly. Security professionals constantly work to mitigate threats, but every year generate new threats to breach IT security mechanisms. Data breaches become a big threat to everyone as well as various malicious code (malware) such as viruses, worms, ransomware, backdoors, Trojan horses nearly facing every organization and people.
To protect IT assets threat prevention is very important, but as per the behavior of threat challenges, preventive measure techniques always change day by day. Everyone needs to understand security awareness programs to use the internet. For protecting from threats various security tools available like antivirus, firewall, authentication mechanisms, etc., various hardware devices are available to protect security but they are a failure if security breaches at one point, so we can say that we need to use every security tool and hardware devices effectively otherwise all are unusable after the presence. Every year new users organizations join the internet they are the big target for the attacker, to preventive measures need to end-user training in organizations, also need to provide training in various educations systems each country, today too many countries do not have security regarding syllabus to IT student also, we can’t think what scenario for the other Art, commerce and science student. But if we see everyone to connect internet. To prevent threats need to educate everyone on how to use the internet safely and deal with security threats.
In this chapter we learned about Malware, hackers, attackers, and cyberwar. The key point I enjoyed learning about countermeasures. These are methods to try and stop threats and attacks. They consist of safeguards, protections or controls. The goal of these measures is to keep business processes on track. Countermeasures are classified into three types. Preventative, which keep attacks from succeeding. Detective, which identify when a threat is attacking and when it is succeeding, and Corrective which get the business back on track after an attack.
Hi Corey,
I liked your point and great summary. A company must understand the threat environment in order to get prepared when unplanned incidents happen. They need to “know their enemy”. In order words, how did this attack happen and why can we do to solve them?. Those questions will help them create policies and procedures to protect their system.
This chapter talks about the attacks companies are facing on the daily basis. They need to know how to defend themselves by understanding the threat environment. In other words, Boyle referred as “know your enemy”. In order to defend yourself, you need to be aware of the types of attacks your company can face. How did we get attacked and why can we do to resolve them and get prepared if it happens in the future? Those are the questions companies need to know to get prepared in case of unplanned incidents. The threat environment consists of anything related to a company information system or resources. Resources could be employees who are considered as a major attack of a company information system. Employees can be in fact a danger for an information system because they are the ones who are in charge of everything related to a company information system. For example, if all employees have access to sensitive parts of the system, this can be a threat to a company environment because the company allows all types of attacks into the system. An attack can be internal and can cause a sabotage( destruction of hardware) or hacking (downloading malicious link) from an internal employee by knowing excessive information.
This opening chapter of this book was pretty interesting. It gives insight on how the internet gave organizations access to an ample amount of new customers. On the other side, being on the internet has also made these same organizations susceptible to being accessed by the many criminals who plague the internet with malicious activity. The chapter goes on to describe the many threats an organization would need to protect themselves, their networks, and their assets / data from