Diplo Internet Governance Community

Stay networked. Get informed. Broadcast your projects.

Three common myths and how to address cybercrime

Today, everyone, I mean end users and small businesses need to consider the risks of cybercrime. Most organizations are ill equipped to handle this situation, even though there are security policies and controls a variety of technical and nontechnical instead.

Cybercrime risks and threats.


Currently, information is the new currency, and compromised data security can result in financial loss or reputation. Moreover, it could lose the confidence of the customers which in turn, causes a rapid decreased ability of the company to compete.

Any organization is now susceptible to a variety of threats ranging from spear phishing advanced persistent threats. No magic solutions to stop these threats, but a series of integrated measures can help to counteract and prevent cybercrime.

While many organizations have strong controls against external attacks, they do not have to be equal to the most advanced persistent threats, fraud, insider and social engineering, which is currently widespread.

Myths of Cybercrime


Here are some common misconceptions about cybercrime risks :

1. That does not happen to me: This belief is common for any adverse event, leading to a deadlock, which in turn leads to lack of preparation.

2. I have a small company, so I'm invisible: This is no longer true. If you are in the market, you are visible.

3. Uneducated (eg cleaning staff) are harmless: Not true, even the lowest level of employee is a potential agent attack.

Countering the risks of cybercrime


Here are some key steps to help counter cyber crime risks:
  • Sort the data at various levels of importance, allowing the security team and everyone in the company to focus on the key information that must be protected.
  •   Implement controls such as content management system and document flow system of the company throughout the organization covering both clerks, secretaries, and so on.
  • A policy-based infrastructure is important. The implementation of security controls and policies should help guide the change to a culture of safety.
  • Many studies show that nearly three quarters of the stolen information by hard copy.'s Where procedural controls are useful. For example, network printers, biometric authorization could be applied, so that an employee must be physically present in the printer before the print job starts.
  • When traveling, all sensitive data must be deleted from portable devices. This is because encryption is not a viable defense, as many governments require decryption of data to Customs.
  • Implement strict controls on portable devices and storage media and educate executives who never left alone in hotel rooms while traveling, to address the risks of cybercrime.
  • Conducting risk assessments across the enterprise to optimize security spending and effort.
  • Setting up a secure connection so that executives not on the network to access company resources without compromising sensitive information.
  • Note that anti-malware applications fail to protect all attacks. Tools like Graviton and Zeus toolkit allows attackers to make small variations of malware to effectively defeat signature-based detection. An attacker does not need to have any technical knowledge, as some experts would be responsible for developing specific malware.
  • Intense awareness campaigns related to social networks. Policies must address sensitive issues such as the ownership of social media audiences, blogs about work, for example.
  • Review the software developed for the security of each stage.
  • It is crucial that IT departments beyond firewalls and intrusion prevention systems, and instead examine the flow of traffic to track malware and mitigate the risks of cybercrime.
  • Implement measures such as controlling access to the network at all entry points of the enterprise networks.
  • Moving to the cloud, work the service level agreements carefully. Clarify areas such as data ownership, geographical location of the servers, opportunities and digital forensic audit rights.
  •   Strengthen removal processes data storage in general. Perform forensic data deletion through overwrite the disk with zeros, or, in extreme cases, physically destroy the disks to minimize the risks.
  • Note that two-factor authentication can be compromised by infection end users.
  • Update the firmware of the device frequently.
  • IPv4 has to be removed and replaced with IPv6, which provides for communications IPSec fixing through Internet. To this end, a suitable public key infrastructure needs to be established.

Views: 410

Comment

You need to be a member of Diplo Internet Governance Community to add comments!

Join Diplo Internet Governance Community

Members

Groups

Follow us

Website and downloads

Visit Diplo's IG website, www.diplomacy.edu/ig for info on programmes, events, and resources.

The full text of the book An Introduction to Internet Governance (6th edition) is available here. The translated versions in Serbian/BCS, French, Spanish, Arabic, Russian, Chinese, and Portuguese are also available for download.

Interviews


Karlene Francis (Jamaica)
Ivar Hartmann
(Brazil)
Elona Taka (Albania)
Fahd Batayneh (Jordan)
Edward Muthiga (Kenya)
Nnenna Nwakanma (Côte d'Ivoire)
Xu Jing (China)
Gao Mosweu (Botswana)
Jamil Goheer (Pakistan)
Virginia (Ginger) Paque (Venezuela)
Tim Davies (UK)
Charity Gamboa-Embley (Philippines)
Rafik Dammak (Tunisia)
Jean-Yves Gatete (Burundi)
Guilherme Almeida (Brazil)
Magaly Pazello (Brazil)
Sergio Alves Júnior (Brazil)
Adela Danciu (Romania)
Simona Popa (Romania)
Marina Sokolova (Belarus)
Andreana Stankova (Bulgaria)
Vedran Djordjevic (Canada)
Maria Morozova (Ukraine)
David Kavanagh (Ireland)
Nino Gobronidze (Georgia)
Sorina Teleanu (Romania)
Cosmin Neagu (Romania)
Maja Rakovic (Serbia)
Elma Demir (Bosnia and Herzegovina)
Tatiana Chirev (Moldova)
Maja Lubarda (Slovenia)
Babatope Soremi (Nigeria)
Marilia Maciel (Brazil)
Raquel Gatto (Brazil)
Andrés Piazza (Argentina)
Nevena Ruzic (Serbia)
Deirdre Williams (St. Lucia)
Maureen Hilyard (Cook Islands)
Monica Abalo (Argentina)
Emmanuel Edet (Nigeria)
Mwende Njiraini (Kenya)
Marsha Guthrie (Jamaica)
Kassim M. AL-Hassani (Iraq)
Marília Maciel (Brazil)
Alfonso Avila (Mexico)
Pascal Bekono (Cameroon)

© 2023   Created by Community Owner.   Powered by

Badges  |  Report an Issue  |  Terms of Service