Cyber Security: Pre-requisite in Cyber-World

The creation of cyber world has given us a big responsibility of ensuring cyber security

It is a world gone by where we used to say that ‘World is shrinking’. Today it would be no hyperbolic statement to say that ‘World has already shrunk’. And what has facilitated this convergence-Internet.

Today, Internet has become that omnipotent tool which literally ‘knows it all’.  So given the situation , its no surprise that for everything we now rely on computers and the Internet communication (email, cellphones), entertainment (digital cable, mp3s), transportation (car engine systems, airplane navigation), shopping (online stores, credit cards), medicine (equipment, medical records), and the list goes on. How much of your daily life relies on Internet? How much of your personal information is stored either on your own computer or on someone else’s system? And imagine if all this information of ours stored on the computer is not protected and secured.

Every big innovation brings along with it big responsibility. So with this very enabling ‘cyber world’ that we have created, we have also inherited the even bigger responsibility of  ensuring ‘cyber security’ secure because its almost our entire life which can in one way or the other be accessed through this tool of ‘cyber world’. So how would we define this ‘cyber security’? Cyber security entails protecting the stored information by preventing, detecting, and responding to any malicious attack made towards any wrong usage of these information stored on the web world. Amuleek Bijral, Country Manager, India and SAARC, RSA, the Security Division of EMC, said, “Online fraud as a whole is a $3.2 billion industry. In fact, RSA Anti-Fraud Command Center (AFCC) itself, which is a 24×7 war-room detects, monitors, tracks and shuts down phishing, pharming and trojan attacks against more than 200 institutions worldwide. The AFCC has shut down over 80,000 phishing attacks till May 2008 across 185 different countries and is a key industry source for information on phishing and emerging online threats.”

Why Cyber Security is Necessary

Cyber security is important because there are many risks involved, some more serious than others. Among these dangers are viruses erasing your entire system, someone breaking into your system and altering files, someone using your computer to attack others, or someone stealing your credit card information and making unauthorized purchases. Unfortunately, there’s no 100% guarantee that even with the best precautions some of these things won’t happen to you, but there are steps you can take to minimize the chances. As the saying goes, ‘Prevention is better than cure.’

Trends in Cybercrime

The recent trends in cyber crime are professionalisation of cybercrime; hacktivism; cyberwarfare; rising rate of identity theft; epidemic of security vulnerabilities in software & networking products; shrinking time from exposure to attack; soaring rates of SPAM; targeting of web-based applications; targeting of desktop computers; new risks stemming from mobility of data; and emergence of   sophisticated, multi-vector “blended threats”.

Take an Initiative

So now the question arises what can we do? The first step towards protecting oneself against these cybercrimes is to recognise the risks and become familiar with some of the terminology or jargon associated with them.

Hacker, attacker, or intruder: These terms are applied to the people who seek to exploit weaknesses in software and computer systems for their own gain. Although their intentions are not be always malicious. But the results can range from mere mischief (creating a virus with no intentionally negative impact) to even malicious activity (stealing or altering information).

Malicious code: This category includes code such as viruses, worms, and Trojan horses. Although some people use these terms interchangeably, they have unique characteristics.

Viruses: This type of malicious code requires you to actually activate it by simple interventional steps like opening an email attachment or going to a particular web page, before it infects your computer. So one needs to be very careful aganist these kind of attacks.

“The current cyber security laws are not adequate to fight the cyber menace we are facing”

Amuleek Bijral
Country Manager,

Worms: Worms propagate without user intervention. They typically start by exploiting a software vulnerability (a flaw that allows the software’s intended security policy to be violated), then once the victim computer has been infected, the worm will attempt to find and infect other computers as well. Similar to viruses, worms can propagate via email, web sites, or network-based software. The automated self-propagation of worms distinguishes them from viruses.

Trojan horses: A Trojan horse program is software that claims to be one thing while in fact doing something different behind the scenes. For example, a program that claims it will speed up your computer may actually be sending confidential information to a remote intruder.

Legal Framework in Place

Governments are failing to prioritise cyber security issues despite the evident increasing risk through it to national security, governments, economy as well as the general populace. And the first hurdle when it comes this prioritising cyber security within government is the technical ignorance and lack of foresight of the widespread and longer term risks this can entail, which thus is acting as an impediment towards allocating legislative time and resources to it. According to Amuleek Bijral, “The current cyber security laws are not adequate to fight the cyber menace we are facing. For example there is a lot of fraud on the internet banking channel in the form of Phishing and Trojan attacks happening today in India, but the cyber laws are inadequate to prosecute anybody for that crime. Moreover, identity theft in general is not a recognised crime as yet.”

The Council of Europe Cybercrime Convention is acting as a global model law for setting up the standards for cyber security. Though most significant jurisdictions now have laws in place in the world of cybercrimes but legislation alone is not enough to reduce cybercrime to acceptable levels. And as laws are too technology specific, so they go out of date quickly.

Moreover, the efficacy of these laws is heavily dependent on successful investigation and prosecution, thus there ensues a continuous struggle with the transnational nature of cybercrime. Hence there is the need for a holistic solution which goes beyond the criminal law. Therefore countries must be encouraged to harmonise laws at the highest level whilst putting massive effort into international cooperation.

Tannu Singh