The recent data breach at Target involving at least 70 million customer accounts (pundits estimate that this figure could be over 100 million) has again focused our attention on the risks that we face in this age of the Internet. The Internet has revolutionized the way we work, live, socialize, and conduct businesses. Today, we have abundant connectivity through computers at home and at work, and on our laptops, tablets, smart phones, etc. Even our cars and homes are finding ways of getting connected. This Internet environment is the so-called cyberspace, and ubiquitous connectivity and the expansion of cyberspace has resulted in enormous gains in many sectors. It has revolutionized the education sectors with many universities now offering traditional classes, hybrid classes, and online classes. You can book your airline ticket without leaving your home or office and check-in for your next flight online. You can buy almost anything via the Internet and have it delivered to your home or office. You can buy and sell stocks from anywhere via the Internet. Applying for jobs nowadays is conducted almost entirely online. The list of things you can do is endless. The Internet is also full of social media: Facebook, Twitter, LinkedIn, etc.
The common aspect of all Internet-based interactions and transactions is that the exchange of information can be personal, confidential, or financial in nature. While the benefits of using the Internet are undeniable, there is also a dark side to the Internet. Lurking in the same environment are hackers, hacktivists, and other malicious entities with different malicious objectives. Some of these entities want to steal personal information and use it for financial gain; others want to cause harm or damage to other entities or their adversaries and so on.
Hacktivists use the Internet to promote political ends, to promote free speech or human rights, and to achieve other objectives. Hacktivism traces its roots back to the late 1990s, when a hacker collective called Electronic Disturance Theater (EDT) protested against Mexican government policies that were considered oppressive by staging online versions of sit-ins. These took the form of distributed denial-of-service (DDoS) attacks, a technique using large networks of hijacked computers to jam up websites with so much traffic that they crash. The EDT’s actions shut down several websites, including that of the Mexican president, igniting a flurry of concern about the security of the internet.
Target’s data breach is one of the largest in the history of the Internet when compared with the previous two largest data breaches in history. In August 2009, 130 million credit and debit card accounts were stolen from the Heartland Payment Systems servers, and at least 94 million credit and debit card accounts were stolen from TJX. In December 2009, 32 million user accounts were stolen from RockYou. Data breaches of smaller sizes occur all the time but most companies would prefer not to make the violation public for obvious reasons. It was reported today, as I write this article, that a data breach involving 27,000 customer records had occurred at Barclays bank.
When it comes to cybersecurity, it is unfortunate that companies tend to comply as minimally as they can with regulations because improved cybersecurity can be costly; but a data breach could also spell the demise of a company. Many Fortune 500 companies are still using outdated software. Hackers often exploit vulnerabilities in older versions of popular software to load malicious programs into computers, which can then be used to launch attacks.
Hence, there is a crucial need to secure this cyberspace using several defense mechanisms to ensure confidentiality, availability, integrity, accountability, and non-repudiation (an entity cannot deny having conducted a transaction); and this is what cybersecurity is all about. As a result of the changing nature and sophistication of attacks, there is a new demand for cybersecurity specialists to fight cyber terrorism at all levels of society, from multinational corporations to governments.