CyberSecurity is the protection of any device that involves a computer system, fromthe interruption of operation and service by theft and damage to the hardware,software or data information. The industry is vulnerable to a vast range ofrisks that originate from hazardous cyber and physical threats. Every day,malicious individuals with honed skills exploit vulnerabilities in whateverways possible, disrupting companies’ operations and services to steal importantinformation that are leveraged for financial gains. Unfortunately, the industryis still new and is facing multitudes of problems amongst which include, cyberphishing. Cyber phishing, a major source of ransomware in the federalgovernment is prevented by data lost prevention, reduce the employment shortagein the industry and corporate employees on the matter.Accordingto the article Serious shortages in federal Cybersecurity Workforce in the PATimes, the fast growing and promising industry of cybersecurity is confrontedwith a big dilemma as there is a shortage of skilled cyber professionals withinthe said workforce that pauses a threat to our national security.
Barak Obama,the U.S. president back in 2009, declared cybersecurity to be one of the mosteconomic and national security challenges we faced as a nation. The articlesees the root of the problem to be the lack of strategic approach in seekingcybersecurity talent, mainly due to fragmentation and uncoordinated leadershipand broken, complicated hiring process that makes it hard to meet agenciesrequirements and needs. The workforce shortage in fact is a vulnerability thatmakes it possible for hackers to pause a threat to computer systems.
Theshortage of skilled professionals in the industry renders fight against hackervery difficult. That challenge has led the government, schools, and companiesto think outside the box in efforts to bring on new talent which led to topofficials from the Department of Homeland Security to travel to hackerconferences such as Black Hat and DEF CON to recruit talent (Jack, 2015 Para 1).Jack states that there are three things that could be done to better thatissue. Creativity, industry partnerships and Trust is essential.
Creating funchallenges and programs in school that gives students the opportunity to engagein different competition, encouraging students to engage in activities that are consideredmischievous such as browsing and looking around the deep web. Having companiesin the industry sign partnerships with schools that will enable new graduatesto be recruited and trained is also another important step in resolving theongoing issue. Jack also states that trust is really important in our industrybecause it is quite often hard for corporates to hire people as they have to gothrough strenuous series of background checks. “Tobuild trust, Ben Scribner, director of the Department of Homeland Security’sNational Cybersecurity Professionalizationand Workforce Developmentprogram, said both the government and contractors need to engage withtech-savvy youngsters before they’re drawn into black hat hacker communities”(Jack, 2015 Para 8). Recentlythe battle in data lost prevention has seen an increase in the number ofRansomware attacks.
Ransomware is type ofmalware that prevents or limits users from accessing their system. This is doneby locking the user’ system screen, keeping them out of their files or takingthe entire files and not releasing them unless a ransom is paid. Ransomwareis reported now as hacker’s favorite tool to make money in cybercrime (Howorganizations, 2017 Para 1). Because holding files for ransom is fast, low riskand easily profitable financial wise especially with the recent surge ofcryptocurrency that makes it possible for the transactions not to be traceable.This has resulted in the growth of attacks targeting businesses. There are manymethods of ransomware delivery amongst which include: viruses, Trojans andworms. Lately there has been the WannaCry worm, which travels automaticallybetween computers without requiring any human assistance.
Having cited thedifferent way of Ransomware delivery, the more tradition and typical method ofdelivery is using Trojans that deceives users to download it when it comes asattachments in their email looking very similar to legitimate files. Thatmethod is more commonly know as Phishing. Phishingis a type of cyber-attack in which the main weapon are disguised emails thatare used to trick users. This method is one of the oldest in the books anddates back to the 1990s (Josh, 2017 Para 1). Although it is one of the oldest,it’s still the most widespread method just like stated in the previousparagraph.
Just as it sounds like the actual from of “fishing” the analogy isto cast a baited fishing line (in this case a phishing email) and hoping thatthe end user or the recipient at the other end of the email will bite.Duringa phishing operation, the attackers will pretend to be a legitimate entity ororganization such as a bank, utility company, sending a message pertaining tosomething that the user wants or need. This will required them to click on alink or to download an attachment that turns out to be malicious. Now mostpeople will tend to say that this will not work on them. The reason why thisactually works is because the message often is from a real or possibly realperson that is somehow associated to the user. It may be someone they workwith, or someone have done business.
When talking about phishing, there are arange of techniques that fall under that category but usually they are brokendown to two things. The attackers usually either wants the user to hand oversensitive information or download malware. Although phishing seems to be verytricky, there are ways and different studies that have been done on how toprevent it.
Educationon phishing is the best preventive method.