Question

Research modern cyber requirements and share with the class how they differ from traditional enterprise security requirements. How do these requirements affect the way an organization might want to protect its data? Provide a real-life example of a cybersecurity failure.

Answer 1

Cyber security:

The cyber security is a way/practice to how we secure our computers, mobiles, servers, networks and many other electronic systems. From the past few decades the cyber crimes are growing like anything and became so common that sometimes we receive a call and someone asks for our credit/debit card credentials.

Provided a pie chart above showing worldwide cyber attacks and the figures behind this has been grown with time.

Modern Cyber Security Requirements:

The modern cyber requirements needs to be dynamic as the modern cyber problems are to cope with:

   -Ransomware:

    Ransomware is the bane of cybersecurity, IT, data professionals, and executives. Includes spreading virus that latches      onto customer and business information that can only be removed if you meet the cybercriminal’s demands. And usually, those demands land in the hundreds of thousands (if not millions) of dollars.

Ransomware attacks are one of the areas of cybercrime growing the fastest, too. The number of attacks has risen 36 percent this year (and doubled in cost). The attacks are increasing by time while it should be minimized.

-Artificial Intelligence

Robots might be able to help defend against incoming cyber-attacks. Artificial has grown like a boom even the attackers are happily using AI approach to attack. Hence, security with AI is definitely gonna help in near future. With that development comes several benefits. First of all, you don’t have to pay robots by the hour. They work for free once you have them. (Also, no healthcare or catered lunch). Which brings us to the next benefit. Namely, that they can work around the clock. (Sans overtime.) Robots don’t take breaks. Humans do.

How they differ from traditional ones: The current cybersecurity requirements are dynamic and if an attack occurs the time to fix that is required so low at the current scenario. Back then, the internet speed wasn't that fast the devices weren't this much interconnected if at current scenario if an attack occurs most of the users prefer high speed internet which gives attacker the required data or can spread the infection within a few seconds.

-IoT Threats

Most people are always plugged in. The vast majority of humans in first-world countries have an iPhone in their pockets, a computer at work, a television at home, and a tablet in their cars.

The Internet of Things is making sure that every single device you own is connected. Your refrigerator can tell you when the milk runs out. Alexa can order you a pizza. Of course, all of that connection carries with it massive benefits, which is what makes it so appealing in the first place. You no longer have to log in on multiple devices. You can easily control your TV with your phone.

The problem is that all of that interconnectedness makes consumers highly susceptible to cyberattacks. In fact, one study revealed that 70 percent of IoT devices have serious security vulnerabilities. Specifically, insecure web interfaces and data transfers, insufficient authentication methods, and a lack of consumer security knowledge leave users open to attacks.

Real-life example of cyber security failure:

YAAHOO!

In December of 2016, Yahoo! reported that 1 billion user accounts had been hacked, and sent user notifications out in February of 2017. Unfortunately, it was later disclosed in October 2017 that the breach had actually taken place in 2013 and 3 billion user accounts were affected (that is every single user account at that time). Additionally, Yahoo! suffered a separate breach in late 2014 that wasn’t disclosed until 2016 that affected 500 million accounts. These breaches are the two largest breaches in the history of the Internet. It took 4 years for full disclosure.

At issue was the unfortunate fact that users weren’t required to change their passwords. Yahoo! was using the MD5 algorithm for their hash function, which is relatively easy to crack. Consequently, usernames and passwords were compromised, along with answers to encrypted security questions. Again, the big fail here is the delay in discovery and reporting, not to mention the lax attitude within Yahoo! towards security. Until very recently, Yahoo! still didn’t require users to change their passwords. This has now become one of the largest class action lawsuits ever because of the amount of time it took to disclose.

Thanks.