Cybersecurity involves protecting information against manipulation or usage by unauthorized people. It involves the protection of both the hardware and the software of the information system from theft and damage, and its service from being disrupted or misdirected. It is usually achieved by protecting devices against harm that may come through network access, physical access to hardware, and the injection of code and data. A disruption may also happen due to operators’ malpractices that can be accidental, intentional or tricked to deviate from secure procedures. Cybersecurity is becoming vital as more information technologies are released to the cyberspace. Mobile devices are becoming a commonly used mode of communication due to their fast and timely delivery of information. Therefore, they need to be protected from cybercriminals, who are targeting at financial gains. Many mobile devices have poor protection making them easy targets. Cybersecurity is therefore important for both mobile and computer devices. After reading various articles on cyber-crime, I have realized that there is a need for people to understand it well to be able to prevent, detect and respond to an attack.
Vulnerability and Attacks
As argued by Broadhurst et al., hackers and other people with ill motives attack only those devices that are vulnerable and have no protection. There are various causes of vulnerability, for instance, the lack of a strong antivirus, passwords and firewalls. Attacks can occur if an unauthorized person gets direct access to a computerized device. In such a case, the person can install software worms and make modifications in the computer system. Broadhurst et al. also state that attacks can happen through backdoor access, namely, the access using any secret method meant to bypass normal security control. Security threats can come about as a result of a poor configuration or original design, intentionally added by the authority for legitimate use or maliciously by an attacker causing computer vulnerability. Attacks also happen through spoofing, a situation where false data are used to masquerade successfully as a program.
I have also learned that people with malicious intentions can use eavesdropping to acquire important information from others. Eavesdropping is the listening of a private conversation with ulterior motives on a network between hosts. Such activities make important information get to unintended people. The leakage of information can cause insecurity in a country, especially if that data are intended for national security.
Another common type of cyber-crime is a distributed denial-of-service (DDoS) attack. It ensures that the intended user of machines and network resources cannot access them. Access is achieved by entering the wrong password more than the accepted number of times for account to be locked, blocking all users at once. Every other day organizations are reported by the media to face a security breach that has happened because of DDoS. Such kinds of attacks compromise employees and customers’ data in large corporations. Apart from attacks that happen in high-profile companies, a thousand other attacks happen and remain unreported by the media. Developments in information technology have tried to fight cyber-crimes with no success. Hackers have always been ahead of technology; thus, I feel that the issue of cyber-crime is an urgent phenomenon, and something needs to be done to eliminate it.
Prevention of Threats
People use several ways to protect their devices from cyber-attacks. These involve upgrading protection, notifying relevant legal authority, counter attacks and many more methods depending on an individual system security requirement. In a few special instances, a wholly compromised system is completely destroyed because detected resources may only be part, and others are not detected, posing a risk. Risks are numerous in nature and differ in their effects. They include viruses that can erase the entire system and practices of the alteration of files by someone who breaks into the system, attacker using a computer to attack others, and a person stealing credit card information to make unauthorized purchases.
According to Gori, passwords are effective methods of protecting a computer from access by unauthorized users. However, I believe that a password alone cannot protect a device from an attack. A firewall can be used together with passwords to strengthen protection. It can either be a software or hardware base, which enhances the protection against an internal network being accessed.
Devices should also have an intrusion detection system for stronger protection. Intrusion detection methods are made to enhance the detection of in-progress network attacks, assisting in forensics of a post-attack. They are also used in individual system logs and audit trails detection. Holt, Strumsky, Smirnova, and Kilger recommend cryptography as a system protection method against attacks. Cryptographies are usually unbreakable if properly implemented, as breaking them requires a stolen key, stolen plaintext or some other extra information that is cryptanalytic. Holt et al. also recommend the use of two-factor authentication for cybersecurity. This method requires one to know a PIN or a password and have a device such as a mobile phone or any other piece of hardware. An unauthorized person needs both of these to be able to access information. Therefore, it increases users’ security.
Apart from the above methods of device protection, I presume that it is important to keep devices up-to-date. Updating a system with security patches and updates, using security scanners and employing competent people specialized in system security can help reduce system attacks. If done carefully, insurance and backup can help reduce effects of a data loss and damage.
Just like computer devices, mobile devices have been facing the same problem of cybercrimes. The latter are used to convey verbal or written information from one place to another and from one person to another at the shortest time possible as may be allowed by network coverage. Thus, they are vulnerable to attacks through network connections. A mobile device can be attacked when an infected mobile is used to infiltrate nearby devices. An infected mobile device allows direct access to a network and can attack devices in that network directly. One can steal contacts from other devices, and if connected to a WIFI, one can destroy other systems on that network with the use of an infected mobile device.
Hackers also access private mobile information throughmobile phishing and ransomware. In the first case, social engineering is used through a mobile app and SMS (short message services) text message, taking advantage of trust and human behavior to access data to make a victim click on the link, which enhances malware. The latter is installed on the victims’ gadget. Cyber attackers can access important information and conversations. Marcum, Higgins, and Ricketts argue that hackers use this method to stalk users and even kidnap children. Mobile phones are also used to access bank information through cross-platform banking attacks. It involves the use of malware to get information about banking accounts. One is told to download a link that will ensure extra computer security and asked for their phone number and email address to download the link. This malware enhances attacker access to the bank account as they type them on a laptop or a phone. Access to banking information is also possible through crypto currency mining attacks, where malware in search of digital currencies infiltrates mobile devices.
Ways of Securing Mobile Devices
The Center for Security & Privacy Solutions argues that phone users can be protected by updating mobile security programs. Viruses, malware, and other online threats can be prevented by using current operating system software, web browser and mobile security. My response to this argument by the Center for Security & Privacy Solutions is that people should also take responsibility for protecting their mobile devices by giving their contacts to people that they trust only. People should always seek consent before giving out their friends’ or other people’s contacts. They should also be careful while using network connections. They can do this by being cautious about the information they release to others and the sites they visit.
Users of WIFI hotspots should ensure security is in place to limit those who can access information from connected devices. It is also important not to respond to text, call and voicemails when in doubt as they may be scams. Users should not download links from unknown sources as they may contain malware. Mobile users should always be wise in regards to downloading the latest updates in technology. They should be aware of Internet developments to ensure they are safe. Mobile users should also act as good online citizens. Good citizenship can be achieved by texting others what one expects from them and get permission from people if one wants to take pictures or videos of them expecting the same from other users.
It is important to conduct deeper research on cyber-crime to be able to understand better intentions of cyber-criminals. The information technology sector should be abreast of these malicious activities and work to upgrade technology that will protect users from attacks. On the contrary, Internet hackers have always remained ahead and up-to-date regarding the latest technologies.
Cybersecurity is becoming of great concern as more and more people are exposed to information technology. Institutions use information technology to increase financial gains, especially in the financial sector, such as banks that are a storehouse for money. With the increased use of mobile phones to make bank transactions, fraudsters mainly target banks. Hence, it results in the need for cybersecurity by most organizations and mobile security by individuals who do not want to be victims. Cybersecurity does not involve the government alone to make sure that citizens are safe on the Internet. It is also the responsibility of every member of the community to take actions in improving the safety of Internet connections. Reporting of malicious activities or suspected cyber-crime is also important to keep users abreast of what is happening in the cyberspace.