We talk about how and where user data flows away, what happens to them later and why the profession of a cybersecurity specialist is so well paid.
What is cybersecurity and why is there a future for this profession?
The amount of data is growing avalanche-like: from 2010 to 2020 alone, the amount of information stored has grown 50 times. The number of Google and Amazon servers is in the millions. As Alibaba’s founder Jack Ma put it, “data is new oil”. The value of information has become comparable to the value of raw materials. Information becomes especially important in the context of its processing by means of machine learning and other modern technologies. The more valuable information for business, the higher the need to protect it.
Cyber security belongs to one of the branches of information security and covers the protection of data in networks of companies and organizations, as well as the protection of private information of individuals. Cyber security professionals are trained in both higher education institutions and specialized courses. At the end of the material, we will tell you how to choose such a course yourself.
Role of cybersecurity in today’s world
Data leaks in companies cause both direct financial loss and delayed reputational damage. Attacks on valuable information can be both external and internal:
In an external attack, the attacker invades a secure information perimeter;
in an internal attack, data leaks are caused by company employees.
Here are the consequences of several recent data leaks:
In 2014, Eileen Daly caused $250 million in damage to a PNC bank. Elin removed her work computer screen from her mobile phone and passed the information on to competitors from Morgan Stanley Bank.
Due to a personal data leak, 57 million customers and drivers of Uber had to pay $148 million to the aggregator. ELIN’S PERSONAL DATA WAS LEAKED TO 57 MILLION CUSTOMERS AND DRIVERS, AND THE AGGREGATOR HAD TO PAY $148 MILLION.
A Texas court recovered $740 million from Amrock Insurance for theft of trade secrets in favor of a competitor, HouseCanary.
The loss of valuable data to the American aggregator of credit reports Equifax cost $700 million.
Several times a year, there are “mega-leaks” when the confidential data of tens and hundreds of millions of users is made available to the public. The biggest information leak occurred in 2019, when 773 million people’s logins and passwords were published in the public domain. Earlier in 2018, more than 500 million customers of the Marriott hotel chain, 440 million users of Veeam software and 300 million customers of SF Express logistics company were compromised.
In Russia, more than 14 million former students have been “lost” after hacking into Rosobrnadzor’s website. In May 2019 the personal data of 900 thousand clients of OTP Bank, Alfa Bank and Home Credit Bank became publicly available.
Leaks of data were encountered by the CIA, FBI, Ministries of Defense of the USA, Great Britain, Japan, European Parliament, International Olympic Committee, People’s Bank of China, services of BitTorrent, GitHub, Skype, Tinder, WhatsApp and YouTube.
The data is not only flowing through the network. Often, hackers and insiders receive valuable data via removable media, voice messages, SMS, audio and video communication channels, paper documents and even by examining the contents of trash cans. Theft or loss of laptops and other gadgets remains a common problem.
Information as a commodity
Databases that store personal and confidential information are sold and bought in Darknet. Among the goods in this illegal market there are logins and passwords of administrators of various resources, as well as data needed to access financial and banking information. The most expensive are the accounts required to access sites, domains and other network resources. Often, such data goes from auctions at a price from 125 thousand to 500 thousand dollars per account.
Data users of antivirus programs, logins and passwords to file exchange networks cost 1-2 dollars per valid pair – they are sold in tens of thousands. At a bargain price, a few tens or hundreds of dollars of data for access to social networks. Then such data is used for various scams associated with obtaining loans, registration of dubious companies.
The cost of information
It is important that the value of information changes rapidly. If the first customer receives a database of bank users at a price of several thousand rubles per record, after several resells the record price falls below one ruble. Often users help fraudsters themselves by providing them with their confidential information when filling out the “drawing form”. It also happens that the information provided for obtaining a tourist visa or installment plan “flees” from the company that is obliged to store such data.
Multiple use of account data
The research conducted by Digital Shadows analytical company showed that in 2019 the number of compromised accounting data increased by 4 times compared to the previous year. The main reason is that users use the same or even the same passwords. Hacker software tools such as Sentry MBA and OpenBullet can handle millions of valid passwords per day. The data from one successful hack is immediately used to try to access the rest of the user’s accounts.
Those who are going to commit a crime on behalf of another person can buy a “digital identity” in Darknet, which includes both social networking entries and data for access to mail, streaming and other services. There is also a service for renting someone else’s account at illegal sites, paying for the time of use.
Medical data and cybersecurity
According to “Kaspersky Lab”, in 2019 and 2020, medical information becomes more relevant to hackers than financial and banking information. Health data is used to blackmail and deceive not only the users themselves, but also their relatives. Cybercriminals can potentially modify a patient’s electronic medical records, making it difficult to diagnose and forcing doctors to prescribe the wrong treatment.
It turned out that even medical research devices and MRI are vulnerable to remote hacking. Back in 2017, the company producing medical equipment Abbott had to update the software for 465 thousand pacemakers – the vulnerability allowed the hacker to change the heart rate of the patient.
Methods of information attack
Sung in mass culture hackers hacking into banks via the Internet is mostly a myth. Statistics show that 91% of information attacks on banks are carried out by corrupt employees of the banks themselves, 8% are bank intermediaries and only 1% are hackers. The password cracking procedure shown in the movies takes at least several hours, not seconds.
There are two main methods to crack a password:
Dictionary search, where the attacker tries different combinations of characters. Priority is given to those combinations that are based on the user’s name, important dates and other personal information.
Examination of hashed data on the user’s computer to establish patterns that will allow finding the password.
These are not all methods available to today’s cybercriminals. They are also at their disposal:
Programs like Keylogger and Form-grabber that record and transmit user actions to the remote computer.
Backdoor and C&C: Software loopholes that allow you to take control of the system.
SQL injections that work at the database level.
XSS attacks that create malicious code on a web server.
Directory Traversal – attack via spoofing the path to the directory on the hosting.
Remote File Inclusion – an attack that consists in embedding a file or script on the server. Such a file will be a “Trojan horse” for other types of attack.
What tasks do cybersecurity specialists solve?
Cyber security specialists protect the resources of companies and organizations against hacking. Some progress has been made in this direction: large-scale leaks from the Pension Fund, traffic police and other government organizations in Russia have ceased to appear in the network.
DLP (data-loss prevention) strategy, which is implemented by specialists in information security, allows you to control possible ways of data leakage. Thanks to DLP, users’ actions are controlled via e-mail, network protocols, Skype, messengers and applications. DLP does not allow you to write valuable data for the enterprise to a disk, flash drive, mobile phone memory or other external media. The strategy also prevents data theft by taking pictures of the work screen.
Biometric authentication and identification systems, cryptographic protection systems for transmission channels and data carriers, software solutions for encryption key management are at the disposal of information security specialists. Protected corporate VPN tunnels, professional Firewall, closed cloud services are used.
To start a career in this field, it would be a good solution to take an information security course. However, in order to get the most out of the course, it must be led by practitioners. Take a look at the GeekBrains Online University Security course. The practical part of the material includes team competitions. Throughout the course, a personal tutor helps you master both theoretical and practical information. Additional specializations such as auditing, logging systems and personal data protection can be added to the main course.