Cybersecurity - How Secure is Cyberspace?
As we become more and more connected online, so do the opportunities for cybercrime. According to the RSA 2012 Cybercrime Trends Report, cybercrime activities in 2011 marked a year of new advanced threats and an increased level of sophistication.
The first half of 2012 revealed that cybercrime is diverging down a different path as new financial malware variants emerge and cyber criminals find new ways to monetize non-financial data. In fact, every minute, 232 computers around the world are infected by malware. Malware is a growing problem in Canada as, according to Dean Turner, director of Symantec Intelligence Group, the volume of malicious software detected in 2011 was up 41 per cent over the previous year.
Cybercrime shows no sign of slowing down and it seems no-one is untouchable. As computer technology evolves so do the tools available to cybercriminals and the damage they are able to do not just to businesses but individuals like Mat Honan, a senior writer for Wired's Gadget Lab, whose digital identity was dissolved by hackers.
In the future, quantum computers (which exploit the fact that the tiniest particles, molecules, atoms and subatomic particles can exist in more than one state simultaneously) that are capable of carrying out calculations billions of times faster than today's super computers could be used by cybercriminals for cracking passwords and decrypting secret messages much faster than they do now.
Given this, the security of cyberspace will be questioned. Consequently, cybersecurity is only going to become more important and is thus the theme for this month’s ITAC Online which features Symantec (Canada) Corp., Cybera and TwelveDot.Tell us your thoughts on this story
Symantec (Canada) Corp.
Protecting People and Information Today and Tomorrow!
Today, smartphones, tablets, and PC’s are increasingly an integral part of our lives. They help us do our work, maintain our personal lives, and give us incredible access to media and each other. And they contain an incredible amount of our information.
It is this information that cyber criminals are interested in hacking as the potential rewards are considerable. According to the 2011 Norton Cybercrime Report, the total bill for cybercrime footed by online adults in 24 countries topped USD $388bn. This is bigger than the global black market in marijuana, cocaine and heroin combined ($288bn), is approaching the value of all global drug trafficking ($411bn) and more than 100 times the annual expenditure of UNICEF ($3.65 billion).
Although most of us may not think that we are a big enough target for cyber criminals, no-one is immune. Cyber criminals, like other criminals, are always looking for the path of least resistance to the assets they seek to acquire. This is why information is the focal point for Symantec Canada Corp.
“Our approach to information security is almost architectural. We look at how important the information is, how it can be protected and how it can be shared,” says Sean Forkan, Vice-President, Country Manager, Symantec (Canada) Corp. “Doing this enables us to arrive at solutions that protect information and people.”
According to Sean, Symantec (Canada) Corp. is uniquely positioned to provide security, storage and systems management solutions to help its customers – from consumers and small businesses to the largest global organizations – secure and manage their information against cybercrime. Overall, he says, Symantec is proactive in trying to stay ahead of cyber criminals as they become more sophisticated due to the growing number of tools that are available to them. Sean compares having security for your information to having insurance because you never know when you might need it.
It is an insurance that is much needed as, according to the Government of Canada, eight million Canadians fell victim to cybercrime in 2011. Cybercrime thrives on our personal and business information that we all share online with companies, organizations, websites, and occasionally with botnets. Botnets are networks of personal computers that have been infected with malware which cyber criminals use to install malware on other computers, carry out denial-of-service attacks, and steal information from individuals and businesses without anyone realizing it.
“As IT evolves so do the tools available to cyber criminals,” says Sean. “And so do the security threats. Symantec recently released new research highlighting the rapid expansion of ransomware scams throughout Western Europe, the U.S. and Canada. It is conservatively estimated that cybercriminals are extorting over $5 million a year from victims of this threat.”
Up to 2.9 percent of victims end up paying ransoms which is significant especially as fees range up to $460 and a single criminal gang was seen attempting to infect 495,000 computers in just 18 days. Cybercrime gangs are also using social engineering to convince users that they are being required to pay a fine by local law enforcement for browsing illicit materials. According to Sean, Symantec predicts that in 2013, ransomware will become the premier cybercrime strategy. Other predictions include:
- Attackers will follow users as they shift to mobile and cloud by exploiting Secure Sockets Layer (SSL) Certificates used by mobile devices and applications.
- Malware will continue to spike – particularly as companies seek to drive mobile ad revenue.
- New security dangers & tricks for consumers will lurk on social networks.
- Conflicts between nations, organizations and individuals will predominately take place in the cyber world.
“Every day there are 1 million plus cybercrime victims which is twice as many new born babies. Even I have had an online account compromised,” he said. “At Symantec, we are dedicated to helping our customers secure and manage their information and identities. This is our focus because we believe people should work and play freely in a connected world.”Tell us your thoughts on this story
Connecting Albertans to a better future
Cybera is the publicly funded agency in Alberta responsible for supporting and advancing the province’s cyberinfrastructure or “e-infrastructure”.
In this role, Cybera is the architect and guardian of the ultra-high-speed network, CyberaNet, which is used for research and education in Alberta (and is fast enough to transmit 1,000 high-definition movies in one minute). Cybera also acts as an unbiased e-infrastructure expertise resource for Alberta's public sector, and helps pilot new projects related to networking, cloud computing, and data storage. For example, its cloud experts contributed to the international open source project OpenStack by creating the first OpenStack cloud in Canada (a data-sharing cloud for space researchers). They also regularly provide introduction to cloud workshops. Beyond this, Cybera advocates for broader, faster access to the Internet for Albertans.
“Cybera oversees Alberta’s e-infrastructure or cyberinfrastructure. This advanced system of networks and computers was originally created by and for university research,” said Robin Winsor, Cybera’s President and CEO. “Although this network is still used for its original purpose, we are also focused on using it to pilot above-the-network projects, such as cloud-based computing.”
Cybera would like to see everyone in Alberta connecting to the “pipes” of the Web to access innovative services such as this. It wants to do away with the current system of digital haves and have-nots (for example, children who do not have Internet access to do their homework are at a disadvantage to those who are connected). Cybera also sees cloud computing growing to the level of a utility, delivering software and big data on demand. This would be a major economic driver, as it would increase productivity for everyone, in both urban and rural areas.
Challenges to achieving this include:
- Canadian Internet falling behind international norms (speed, price, capacity, etc.)
- Reluctance of Canadians in general to accept cloud computing
- Data security: Canadian data is often sent through American internet exchanges and stored in US-based clouds, which makes it subject to Patriot Act incursions.
Cybera is not a cybersecurity organization, but it is concerned about data security as it has piloted data storage and security projects for health care facilities in Alberta. According to Robin, the continuing battle between the code makers and code breakers means that security systems need constant updating. For example, infrastructure that seems safe now could one day be vulnerable to quantum computing technologies, which will have the ability to crack complex codes that are considered “unhackable” today.
Robin thinks a solution to this is quantum cryptography, which is being researched by Dr. Wolfgang Tittel at the Institute for Quantum Information Science, University of Calgary. Using quantum physics, Dr. Tittel and his colleagues have developed a method to send encrypted messages with a secret key that can never be broken by eavesdroppers. It does this by using individual photons (particles of light), which cannot be spied on without being noticed. Cybera is working with Dr. Tittel to test long-distance applications of such quantum cryptography.
Despite advances in cyber security, Robin believes that user literacy about information systems plays an important role in securing data. Often people who use computers have little idea as to what they should do to make their information more secure. According to him, the average user does not need to become a computer expert. However, Robin firmly believes we should all know the basic do’s and don’ts of computer security. Increasing public literacy about computers and networks through education is therefore important, as it also reduces the potential for cybersecurity risks.Tell us your thoughts on this story
A one-stop ICT security shop!
For many of us, cybercrime is an activity that includes the exposure of sensitive business information including identity theft, hacktivism, and corporate espionage. Unbeknownst to most users is that the mobile device in their pocket is the next enabler to access the corporate crown jewels.
The mobile device you carry with you everywhere is loaded to personal data and provides access to a wealth of confidential information. These devices have more computing power than laptops did about 10 years ago with multiple wireless interfaces to connect to every kind of network. Two hundred years ago thieves used to rob banks because that was where the money was……today, that money is data held on private networks and mobile devices.
Enter TwelveDot Inc., an Ottawa-based security consulting company with over 17 years experience in security engineering, corporate security policies, international standards, network, application vulnerability assessments and just about everything else in between.
Founded by Faud Khan, the company’s goal was to become an enabler for organizations struggling to understand cloud and mobile computing and its inherent risks. TwelveDot currently provides consulting services in cloud computing, mobile, smart grid and Domain Name System Security Extensions (DNSSEC), helping organizations mitigate the risks associated with these ICT technologies.
“Right now our primary focus is risk management of mobile, the cloud, and bring your own devices (BYOD). Mobile devices provide access to privileged data from everywhere,” says Faud. “Understanding these risks and how your employees are leveraging these technologies is key to preventing the compromise of data. Devices are going to get lost - that’s a fact - how well you are prepared to react to the ramifications of this reality is the more important question.”
Some of the projects TwelveDot is currently supporting include:
- Security architecture services for a multi-national pharmaceutical company with a deployment of 40,000 tablets worldwide. The aim is to provide employees with the tools they need to be productive while maintaining a strict security posture.
- Standards Development for cloud computing such as ISO/IEC 27017.
- Program management for the DNSSEC deployment for .CA.
- Establishment of a sister company that will focus on the secure development of mobile software and application assessment of mobile software.
According to TwelveDot, many organizations are failing to recognize the challenges presented by the rapid adoption of mobile and cloud technology. Faud believes that business and government leaders are not equipped to deal with the aggressive growth of these technologies. They are simply viewing them as a means to facilitate organizational growth and provide flexible work environments. How risk is evaluated is outmoded and security practitioners are ill equipped to deal with the growing threat vectors provided by these technologies. Going forward risk will need to be seen in terms of behavioral considerations (modeling how we use tools) rather than just using a numerical calculation of risk.
While Canada has a good broadband penetration rate we are behind in leveraging technologies such as mobile payment, near field communication (NFC), and identity management. Countries around the globe are taking mobile to the next level by developing machine-to-machine (M2M) technologies to provide sensor networks and methods to allow mobile users to interact indirectly and anonymously.
“We need to educate users about the risks of using social media and make users aware that online identities are being data-mined. Don’t believe for a second that your online activities are not being logged, tabulated, curated, and sold at a premium. Chief Security Officers are going to have to focus on the linkages between mobile, cloud and M2M. As we move forward, corporate espionage and business intelligence will only differ in intent.”Tell us your thoughts on this story
Further reading: Cyber Security
The crafting of the ITAC Online requires a good amount of research as the themes change on a monthly basis. Here are some of the articles that formed part of this research:
Cybercrime in Canada said to be skyrocketing
The number of Canadian servers being targeted by hackers has increased sharply, according to an IT security company that compares cybercrime rates around the world.
The Norton Cybercrime Report
According to the 2011 Norton Cybercrime Report, cybercrime is bigger than the global black market in marijuana, cocaine and heroin combined ($288bn), is approaching the value of all global drug trafficking ($411bn) and more than 100 times the annual expenditure of UNICEF ($3.65 billion).
Cyber security matters to everyone, everyday
Our personal and professional lives have gone digital: we live, work and play in cyberspace. So cyber security affects us all. Cyber attacks can take many forms and have serious consequences.
Get Cyber Safe
The first step to keeping yourself safe from online risks is knowing where they are.
Kill the Password: Why a String of Characters Can’t Protect Us Anymore
You have a secret that can ruin your life. It’s not a well-kept secret, either. Just a simple string of characters—maybe six of them if you’re careless, 16 if you’re cautious—that can reveal everything about you.
Tell us your thoughts on this story
November 29, 2012
ITAC/CWC Speakers Series: Women in Corporate Leadership
December 4, 2012
CCIO Breakfast and Panel Discussion
December 12, 2012
ITAC Board of Governors Event
For a full list of events, and to register for ITAC events, visit itac.ca
Shared Services Canada, IT Modernization and Emerging Market Opportunities for SMEs
A new report commissioned by Public Works and Government Services Canada (PWGSC) provides advice for small and medium IT suppliers to help them succeed in the new business environment created by the Government's IT modernization program.
Shared Services Canada consults ITAC Experts
Shared Services Canada (SSC) kicked off industry consultations by presenting its plans to consolidate Government's ICT architecture, with a focus on data centres and networks.