Most Important Cybersecurity Vulnerability Facing IT Managers Today - Term Paper Example

?PHISHING: MOST IMPORTANT CYBERSECURITY VULNERABILITY FACING IT MANAGERS TODAY Phishing: Most important cybersecurity vulnerability facing IT managers today Author Author’s Affiliation Date Introduction With the developments in information technology (IT) field, there emerged a large number of useful techniques to support a wide variety of functions such as better online communication, data transfer, business, marketing, management, etc. Without a doubt, these tools and techniques have provided wonderful advantages for the business organizations as well as individuals. On the other hand, these advancements of technology have also created a large number of security problems for the business organizations. In this scenario, cyber security vulnerabilities are most modern kinds of criminal activities for the reasons that these activities are carried out using the computer and the internet. In view of the fact that IT managers are the most important part of any organization in ensuring the secure execution of an organization’s IT processes hence it becomes their responsibility to deal with these activities (Laudon & Laudon, 2005; Turban, Leidner, McLean, & Wetherbe, 2005). Though, there are a number of vulnerabilities that IT managers are facing IT today but I think phishing is the single most important vulnerability facing IT managers today. Phishing is a most commonly used term for the online criminal and negative activities. This paper will present a detailed analysis of phishing. This paper will discuss some of the important aspects associated with phishing. Historical Overview of Phishing The 1980s was the start of the substantial marketplace application of the WWW (World Wide Web). With its success and procedure there took place a development in the way to infect mass quantities of computer systems. All the way through transferring SPAM crafted to seem alike to an approved demand from any organization like that an online university or bank, we might be trapped into by using a web based link to an internet site that was hosting malware or some infection that transfers to our system. This in point of fact could have the similar consequences as we click on a dirty email file attached to any message (Rodriguez, 2007). The subculture transformed once more in the 1990s in the way of financiers. With the related elementary technique, that employs the transmission of the email SPAM formed to seem similar to it was derived through an officially authorized organization as well as in that way trapping us to go after a weblink to a wrong website that had been shaped to as well seem similar to it belonged to a valid organization, we could be trapped into sensational individual data and information regarding yourself that is also acknowledged as the Phishing (Rodriguez, 2007). The recompense was twofold. The executor of this act could go behind doesn't matter what economic capital we had like that our credit or debit card number, bank account, etc. or they could copy or steal an adequate amount of data and information from our computer to get hold of our identity. This category of online fraud is acknowledged as the identity theft. Identity theft possibly being even further shocking to the actual person for the reason that a hacker could make use of our individuality to open up credit and debit cards, bank accounts as well as carry out further negative activities and crimes concealed at the back of our identity (Rodriguez, 2007). Introduction to Phishing I believe phishing is the single most important cyber security vulnerability that IT managers are facing today. Actually, phishing is the process in which an authorized person tries to get access and use sensitive data and information such as usernames, personal information, credit card information and passwords by making use of deceptive and fake means as a trustworthy entity in an online and other internet supported communication. In addition, phishing is normally carried out through E-mail or through the instant messaging, as well as its generally directs online system users to go through particulars on a false website whose appearance or interface are approximately alike to the actual one. Even when carrying out server verification, it can demand great expertise or knowledge to make a distinction that the website is false. Phishing is a case of community engineering methods which are used to make fool to online users, as well as exploits the concentrated usability of present web safety expertise. Additionally, effort to tackle the growing amount of reported phishing events needs public awareness, user training, legislation, and technical safety procedures (Tan, 2006; Abad, 2006). Process of phishing This section presents a detailed analysis of the process of the phishing. In this process every step entails particular skills from other associates of the web community. In the section below I will present the different steps or stages of the phishing process: Planning This is the preliminary step of the phishing process that engrosses the planning regarding the attack on the particular organization, community, group, or person. In this phase phisher will necessitate information to be collected, like that target scam page template, e–mail lists as well as challenging information from customers of phishing identification. Wide-ranging data and information like that indented e–mail files as well as scam page patterns requirements to be gathered. The Phisher has no need to be proficient in internet design, on the other hand in its place that should be able to accomplish a previously employed scam page. Pages for the SACM as well as e–mail patterns are broadly accessible inside the group of people. If additional superior templates methods are favored, professional website designers who present on recognized fraud associated environments can be hired (Abad, 2006). Setup In this second phase of the phishing the phisher needs to make sure the appropriate scam page communications on the negotiated hosts utilized in the phishing hit. Planning a course of action, to send back qualifications to a nameless chat room or an email address. In this step phisher necessitates insignificant mechanical knowledge as well as engross small or additional than uploading online site data, as well as locating up what is known as an egg-drop or an easy email-mail structure. An egg-drop bot employed for the reason of yielding recognition from a phishing page apparatus could be designed to depend the composed data and information support to an online user or send to chat-room demand (Abad, 2006). Attack For making this phase of the phishing effortless a variety of programs have been developed to hold group mailings, as well as there are money-making applications which as well generate group mails. As with the previous steps of the phishing process the phisher does not have need of definite information to propel out emails en masse as well as merely requires getting hold of the correct tool (Abad, 2006). Collection This step of the phishing process engrosses the phished files is frequently executed in secret; for instance, a course of action on the scam page hosting contraption rarely drives reverse phished files to unfamiliar web-based email records. These financial statements are then contacted through a proxy server or derived to an online chat-room through an egg-drop conversation bot. It is as well probable to place the files into a comprehensible listing on the web-based server as well as download up-to-date information explicitly from a browser critical to the apposite index where the files are stocked up (Abad, 2006). Cashing This is frequently the finishing step of the line for the phisher. At the present time, phishers are contributing the files goods by means of an imperfect supply of clients. Customers of monetary organization recommendation are identified as cashers. The casher’s most important role is to get hold of the phished files as well as accomplish cash straightly from the economic records attached to the files. In addition, phishing and cashing are dissimilar as well as normally split positions (Abad, 2006). Types of Phishing As discussed above, phishing is the most critical cyber security vulnerability because it can be performed in many ways. This section explores the most important techniques and areas that are targeted for the information hacking and online information exploitation. There are diverse kinds of phishing attacks which have currently been known. I will present and explore some of well known types below: Deceptive Phishing This procedure of phishing generally referred to information theft by means of fake and instant messaging on the other hand the majority extensive broadcast technique at the present time is a deceptive email phishing that makes use of the email message for this function. Messages on the subject of the need to authenticate or verify the user bank, credit or any payment account information, system breakdown necessitates clients to re-enter their data and information, fabricated payment account payments, unwanted account transforms, up-to-date free of charge services necessitates fast action, as well as a lot of other scams are transmitted to an extensive group of receivers by means of the anticipation that the innocent will react through clicking a fake link to or logging in onto a fake site where their secret data and information could be gathered (Courtesy of Computer Associates, 2007; Aburrous, Hossain, Dahal, & Thabtah, 2010; Gan, Ling, Yih, & Eze, 2008; Tatum, 2013). Malware Based Phishing Malware Based Phishing method encompasses the scams that require running fake and malicious application software on client’s PCs. This Malware software can be initiated as a fake email message that holds file attachment, as well as downloadable malware software file from a website, or else through abusing recognized safety vulnerabilities: a meticulous matter for medium and small businesses that are not eternally competent to preserve their online software and business related applications advancement (Courtesy of Computer Associates, 2007; Aburrous, Hossain, Dahal, & Thabtah, 2010; Gan, Ling, Yih, & Eze, 2008; Tatum, 2013). Session Hijacking Session hijacking is also another well-known phishing method that is based on an online attack where client’s operations and activities are monitored in anticipation of them log in to an indented user payment or information account or business transaction as well as set up their authentic verification. At that position this hidden application (malicious software) occupies and can be able to carry out prohibited actions, like that reallocating funds, with no the user's information (Courtesy of Computer Associates, 2007; Aburrous, Hossain, Dahal, & Thabtah, 2010; Gan, Ling, Yih, & Eze, 2008; Tatum, 2013). Web Trojans Web Trojans are also another familiar phishing technique that engages the popup imperceptibly enters into user system when users make an effort to sign in. They get together the client’s recommendation close by as well as broadcast them to the hacker/phisher (Courtesy of Computer Associates, 2007; Aburrous, Hossain, Dahal, & Thabtah, 2010; Gan, Ling, Yih, & Eze, 2008; Tatum, 2013). Hosts File Poisoning When a client types a website address to visit an online-site it can initially be decoded into an IP address earlier than its broadcasts in excess of the web. The preponderance of the SMB client ’ system’s running a MS Windows OS to begin with seeming up these host identities in their client file previous to activating a DNS search for. Throughout exterminating the client’s information and data file, phisher/hackers have fake web address broadcasting, appealing the client merely to a bogus emerges similar online website where their information and data could be stolen (Courtesy of Computer Associates, 2007; Aburrous, Hossain, Dahal, & Thabtah, 2010; Gan, Ling, Yih, & Eze, 2008; Tatum, 2013). System Reconfiguration Attacks System Reconfiguration Attacks are also major phishing technique that engrosses the hacking user information. In this technique the unknown application comes into the user system and modifies system settings on a client’s system for cruel reasons. For instance website email address in a favorites data file could be customized to express client to seem similar websites. For instance: an online bank site address (URL) can be changed from "abcbank.com" to abccbank.com (Courtesy of Computer Associates, 2007; Aburrous, Hossain, Dahal, & Thabtah, 2010; Gan, Ling, Yih, & Eze, 2008; Tatum, 2013). Data Theft The phishing also comprises the data theft through the fake IDs and online address. This encompasses the a smaller amount protected systems those are frequently held subsets of responsive data and information stacked up somewhere else on protected servers. Without doubt systems are employed to contact similar servers as well as can simply be compromised. Information and data stealing is an extensively employed technique to industry intelligence. Through theft of personal infrastructure, plan credentials, officially permitted estimations, worker associated records, etc., information robber’s proceeds from promotion to those who can want to make self-conscious or reason economic harm or to contestants (Courtesy of Computer Associates, 2007; Aburrous, Hossain, Dahal, & Thabtah, 2010; Gan, Ling, Yih, & Eze, 2008; Tatum, 2013). Ways to avoid phishing IT managers are responsible for dealing with IT operations of an organization. In fact, business organizations heavily rely on IT in order to successfully operate their business. In this scenario, it is the responsibility of IT managers to implement strict security measures to ensure the secure execution of these IT operations. Given below are some of the important actions that can be taken to stop phishing (Warren, 2005; Kerstein, 2005): 1. IT managers should install effective anti spyware software 2. IT managers should get knowledge of latest cyber security vulnerabilities and train other staff members how they can secure their information 3. Protect the hosts file 4. Install firewalls 5. Do not click on hyperlinks in e-mails 6. Take benefit of anti-spam applications/software 7. Install latest antivirus and keep it up to date 8. Don't enter perceptive or financial information into pop-up windows 9. Make use of backup system images Conclusion This paper has discussed some of the important aspects of phishing. In the past few years, phishing has become very common. In fact, there are many kinds of phishing and the basic purpose is to steal someone’s personal information using illegal ways. Without a doubt, organizations today heavily rely on their business data and information and for this they heavily rely on an IT department. So if this information is accessed by any unauthorized person it can be used for illegal purposes. In some cases, a business competitor can also hack this information to destroy the business of an organization. So it is essential for IT managers to keep them up to date with the latest knowledge of cyber vulnerabilities and be ready to implement solutions to deal with these vulnerabilities. References Abad, C. (2006). The Economy of Phishing: A Survey of the Operations of the Phishing Market. Cloudmark Inc. Aburrous, M., Hossain, M. A., Dahal, K., & Thabtah, F. (2010). Experimental Case Studies for Investigating E-Banking Phishing Techniques and Attack Strategies. Journal of Cognitive Computation, Volume 2 Issue 3, pp. 242-253. Courtesy of Computer Associates. (2007, September 12). Types of Phishing Attacks. Retrieved March 06, 2013, from PCWorld.com: http://www.pcworld.com/article/135293/article.html Gan, G. G., Ling, T. N., Yih, G. C., & Eze, U. C. (2008). Phishing: A Growing Challenge for Internet Banking Providers in Malaysia. Communications of the IBIMA, Volume 5, pp. 133-142. Kerstein, P. L. (2005, June 19). How Can We Stop Phishing and Pharming Scams? Retrieved March 04, 2013, from CSOOnline.com: http://www.csoonline.com/article/220491/how-can-we-stop-phishing-and-pharming-scams- Laudon, K. C., & Laudon, J. P. (2005). Management Information Systems: Managing the Digital Firm, 9th edition. New York: Prentice Hall. Rodriguez, M. 2007, Phreaking, SPAM, Phishing, Botnets, Pharming, Vishing, SMiShing & SPIM oh my. CTSO @ Western Illinois University. Retrieved March 04, 2013, from: http://www.wiu.edu/utech/securitySpecial/techSecurity/pdf/May2008SecurityPrivacyNews.pdf Tan, K. (2006, 02 12). Phishing and Spamming via IM (SPIM). Retrieved March 02, 2013, from Internet Storm Center: http://isc.sans.org/diary.html?storyid=1905 Tatum, M. (2013). What Are the Different Types of Phishing Attacks? Retrieved February 15, 2013, from WiseGeek.com: http://www.wisegeek.com/what-are-the-different-types-of-phishing-attacks.htm Turban, E., Leidner, D., McLean, E., & Wetherbe, J. (2005). Information Technology for Management: Transforming Organizations in the Digital Economy . New York: Wiley. Warren, S. (2005, August 04). 12 steps to avoid phishing scams. Retrieved March 04, 2013, from http://www.techrepublic.com/article/12-steps-to-avoid-phishing-scams/5818568 Read More