Much as technology offers numerous solutions that easy human activity across fields, technology wizards in the Information Communication Technology caution computer/internet users on loopholes in cyber security. Knowledge and awareness of these loopholes has protected users from a horde of dangers hackers cause as much as ignorance in the area has caused losses related to information leakages.
Experts have discovered that the main challenge to cyber security could be in form of software loopholes and/or human flaws. Software flaws are weaknesses in the system design that hackers use deliberately to exploit systems. Many a hacker will use the alternative of exploiting a flaw in the application server or operating system rather thus bypassing the computer security other than cracking passwords.
The most common flaws in operating systems and server software are; buffer overflow, hidden back doors, default settings and many more. Buffer overflow is caused by feeding a programme too much data or different data from earlier programming, thus crashing the system. It becomes potentially dangerous as the data overload can command the computer to wipe out files, open ports or give the hacker administrator access.
In software creation, programmers create default accounts or back door and passwords for testing purposes to ease the process of login and quicken access to other parts of the program. After finalizing on the program, the programmers ought to remove the back door accounts and password to eliminate opportunity for hackers.
Default settings come with programs like operating systems with inbuilt security. However, during installation, a program cannot self-install unless when commanded and it is a common feature for a user to install a perfect secure program with all the security features turned off.
Security can be ensured by testing systems continuously to check for systems for weaknesses in exchange of financial gain. Companies are hiring professional hackers also known as penetration testers who ensure the program is bug free and responds to queer demands without leaking the secrets it is safeguarding. This reward system ensures that knowledge is utilized to enhance cyber security.
The human element in cyber security cannot be overlooked. A 2014 Cyber Security Intelligence Index by IBM indicates that 95% of all security attacks involve human error. The main lesson from the US military experience on cyber security supports the above findings, even though technical upgrades are necessary, reducing human error is even more important. The pentagon approach is to train staff rigorously to avoid mishaps, to detect and correct anomalies before they result in serious malfunctions.
The attackers prey on human weakness to entice insiders to unknowingly give access to confidential information which becomes a costly venture. Research shows that the impact of success attacks through insiders is; introduction of malware, theft of intellectual property and exposure to sensitive information.
The research found that 59% of respondents agreed that the threats directly resulted from innocent mistakes from insiders rather than malicious abuse of privileges. Other errors include sending confidential information to unintended recipients, sending documents home or on removable media like USB sticks which can be rectified by security controls which monitor leaking of sensitive data.
Malicious attacks by outsiders use social engineering techniques to lure targeted users.95% of these attacks involve spear phishing scams with emails containing malicious attachments with malware.
Increased awareness on technological crimes of this nature through training of employees goes a long way in minimizing attacks. Well-trained staff are better off in identification of phishing emails.
Focus on technology and people should be given equal attention. Technology provides automated safeguards and processes while user education and awareness should be continuous in order to stem errors made from social engineering and potential costs caused by carelessness and technology.
Nicholas Katende is pursuing PhD IT, Msc Data Communication, and BCSIT and he is an Associate Dean at the University of Kigali