How do engineers make cyber networks safer?

In 2018 1,244 successful data breaches were reported and 446.52 million records were exposed as a result causing businesses to lose 7.91 million dollars. Did these companies have an experienced engineer on staff? Most likely not. 

There are many different types of engineers that work on computers/computer systems and make them safer: cyber security engineers, network security engineers, and system security engineers. They all roughly do the same thing: create security procedures and systems that prevent intrusion and utilize tools to make systems secure and more functional. In other words- they make stuff secure and hard to reach. 

Depending on the organization an engineer can utilize things such as Virtual Private Networks, patch management, firewalls, Intrusion detection systems, Intrusion prevention systems, and even alerts to keep a system safe. 

Refs:

https:// (www) .aureon.com/network/security/why-your-business-needs-experienced-network-engineers/

(https) ://hc.edu/science-and-engineering/degree-programs/ug-major-cyber-engineering-bs/what-does-a-cyber-security-engineer-do/

What is the overlap between criminal justice and cybercrime? How does this overlap relate to the other disciplines discussed in this class?

The overlap between criminal justice and cybercrime is a prominent one. Criminal justice refers to the laws, procedures, institutions, and policies at play before, during, and after the commission of a crime. Cyber crime is criminal activity that either targets or uses a computer, a computer network or a networked device in its commissioning. 

Due to advancement in technology, criminals no longer need to physically put a gun to a victim and rob them. They can effectively do the same thing from behind their computer across the country, just with a couple clicks of a mouse. Now they’ve stolen someone’s identity and drained their bank account. A cyber crime has been committed, now what can a victim do to get justice? That’s where criminal justice comes in. The police use digital forensics to collect proof and eventually charge a suspect with a cybercrime. 

Refs:

https:// (www) law.cornell.edu/wex/criminal_justice

(https) ://usa.kaspersky.com/resource-center/threats/what-is-cybercrime

1.  How can you tell if your computer is safe?

Have you found that when you are looking for a file in your computer, that it has gone missing? Does your computer freeze and the fan begin to whirl up when performing a simple function such as opening Notepad? When you look at the details of your files do you see that the “last modified date” is not consistent with the last time you modified it? Have you been unable to access your files until you pay 10 million in bitcoin? If your answers to these questions are “yes” then your computer is not safe. 

But what if the answer is “no”? Does that mean you’re in the clear? Well not necessarily. There are tools on the market that you can use to answer this question. If you are using a Windows computer, it most likely has Windows Defender built in. It “provides real-time malware detection, prevention, and removal with cloud-delivered protection.” Meaning, it will tell you if there is malware installed on your device and will remove it for you. If you are using a password manager, such as Google or Nordpass, they typically have a report that will tell you if your passwords are weak or have possibly been compromised. 

So you’ve done all of these things and your computer appears to be safe. Now what? Keep it that way- ensure your passwords are complex, utilize two factor authentication, continually run your antivirus software, ensure you are up to date on updates and patches, and make sure only those who need access to your computer have it!

2. Describe three ways that computers have made the world safer and less safe.

What is a computer? A computer is an electronic device that manipulates information, or data and has the ability to store, retrieve, and process data. By this definition a lot of things are considered computers that you may typically not think about. 

3 ways computers have made the world safer:

1. The apple watch has a feature that lets the wearer know if they are having a heart attack. Or maybe a person has fallen during a hike and requires emergency services. The latest apple watch has a feature that can indicate an emergency event has occurred and will notify the respective emergency services to come to your location for help. 
2. Data encryption and cloud backups have allowed for your important files to remain safe from hackers and recovered if a physical event such as a fire occurs.
3. The military uses Missile defense systems to indicate if a missile attack is about to happen and can lock onto the target and stop it.

3 ways computers have made the world less safe:

1. People are more vulnerable to identity theft nowadays than they were 60 years ago. Someone can simply send you an email with a link, and suddenly with one click, your life has changed for the worse. 
2. Modern cars such as Teslas run on computers and electricity, making them susceptible to being hacked.  
3. Advanced technology means advanced warfare. Cyberwarfare is just another method that a country’s adversary can use to disrupt an economy, military, or to spy on its citizens. 

What are the costs and benefits of developing cybersecurity programs in business?

Developing a cybersecurity program for your business is one of the most important things you can do. 68 percent of small business have incurred at least one cyberattack, protecting against these are crucial to the security of a company’s data and money.  However, not all losses can be attributed to an attack, human error can often lead to data leaks and end up costing the company. For this reason, it is important to have an incident response plan developed which, depending on the size of the company, may require hiring a response team to assist in recovery.

According to IBM’s “Cost of a Data Breach Report”, the average cost of a company to a data breach in 2019 was $392,000. Cyberattacks cost businesses $5,000 in lost business opportunities and $23,000 in downtime in addition to professional services. This is not to mention how much confidence you could lose in your already established customer base. Upon review of the most popular antivirus, a business can expect to pay on average $30 for coverage on 5-10 devices. Does your business want firewall protection? A business can expect to pay between $5-8$ per user per month for endpoint detection and $9-$18 per server per month. Of course, the prices go up depending on how much protection a company wants, there is no “one size fits all”. On average a company can expect to spend about 10% of their annual IT budget on cybersecurity.

So what happens if a company has purchased its protection but for some reason, whether it be cyber attack induced, user error, or a physical equipment issue, data is still lost? This is where the incident response plan will kick in. If your cyber security plan already included backups and recovery costs, then your incident response shouldn’t be costly. However, if your company ends up needing to hire an incident response firm to assist in recovery efforts, costs range between 30k and 150k.

Its probably looking, based on this reading, that the benefits are good but the costs seem high, and you’d be right. However, the costs aren’t as high as the $3.9 million that your company could lose to a data breach!

Ref: https://www.thales-ld.com/the-costs-of-developing-a-cybersecurity-program-for-your-business/

https:// (www) security.org/antivirus/cost/#:~:text=Antivirus%20software%20costs%20anywhere%20from,costs%20around%20%24100%20a%20year.

https:// (www) ibm.com/reports/data-breach

https:// (www) marconet.com/blog/cyber-incident-response#:~:text=1.,a%20loss%20you’re%20facing

How has cyber technology created opportunities for workplace deviance?

What is deviance? Workplace deviance refers to “voluntary behavior that violates significant organizational norms. As a result, it threatens the well-being of a company, its employees or both.”

There are a number of ways cyber technology has opened the door for workplace deviance such as using company resources for employees gain, remote work, and access to critical information.

With technology advancing, workers, especially in the cyber field, are able to perform functions at a more efficient rate. Meaning, if they are working a 9-5 job it is almost guaranteed that all eight hours are not spent working. With that time, employees now have the opportunity to utilize the technology at work for non-work related activities such as checking their social media or watching a video on Youtube. I mean, right now I am typing this while at work. This is a very common occurrence and while it doesn’t appear outright malicious it is still considered workplace deviance.  

Due to the COVID pandemic in 2020 a lot of companies shifted to a remote work environment. While this has a lot of benefits for both the company and the employee, it also opens the door for deviancy. Workers could now fabricate when and how long they were working. The bosses and coworker eyes were no longer on them, so people could pretend they were working when in fact they were out at a store or at the gym. Products such as a ‘mouse jiggler’ became popular because they could be placed on your work computer’s mouse and prevent your computer from going ‘idle’ and allowing others to see that you weren’t actually at your computer working.

Nowadays with every company operating online, if there are not proper procedures inplace, an employee could have access to critical information related to the company or PII/PHI related to a customer’s health. This information could be used in unethical ways if so desired, with the employee using the information for personal gains such as when to buy or sell company stock or even identity theft. Its important for companies to utilize proper security protocols to prevent this from happening.

Refs:

Refs:

https://www.researchgate.net/profile/Meena-Scindia-Chavan/publication/353212626_Millennial%27s_Perception_on_CyberloafingWorkplace_Deviance_or_Cultural_Norm/links/60fbc005169a1a0103b20f94/Millennials-Perception-on-CyberloafingWorkplace-Deviance-or-Cultural-Norm.pdf

Question 1.

Four ethical issues that arise when storing electronic information about individuals involves Confidentiality, Integrity, Availability, and Privacy:

1. Confidentiality is preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information. This basically means we are keeping information secure to only those are allowed to view it by the information owner. Ethical issues arise when companies are unable to keep customer data secure, Internally, an example of this would be developing permissions within a company to limit IT personnel from viewing customer billing information. Externally, an example would be to implement a firewall to keep bad actors out of secure systems.
2. Integrity is guarding against improper information modification or destruction. Ensuring that data a user has entered has not been altered or tampered in any way by unauthorized systems or people. Ethical concerns arise when inaccurate data is stored. An insider threat could alter numbers on a financial sheet and cost a company millions of dollars. Companies can safeguard against this by monitoring audit trails and encrypting data.
3. Availability means that authorized users have timely and easy access to information services. This involves protecting systems from threats such as malicious code, DDOS attacks, and even physical ones such as damage to the electrical grid or theft. Ethical concerns occur when an attack prevents a system from being available to its consumer and impacts essential services such as gas and electricity.
4. When users store data on a site or with a company, they expect that data to be contained and not given to other companies for their use. Ethical issues arise when more data is stored improperly or sold to other companies in turn resulting in identity theft or a violation of the user’s privacy rights.

Ref: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-59.pdf

Question 2.

Cyber security risks exist in every country not just the United States. Usually, unless an attack is state sponsored, bad actors don’t care who or what country they are attacking- they just have a goal of collecting data, stealing money, or disrupting service. In a study conducted by comparitech.com, 75 different countries were reviewed for their cyber security fitness. The least cyber secure countries included Tajikistan, Bangladesh, and China. The types of attacks and risks did vary however, with Tajikistan on the receiving end of the most banking malware attacks, ransomware trojans, and crypto miners coming from outside of their country. While the most secure was Denmark, Sweden, and Ireland. Denmark has been place in the top 10- having zero users attached by mobile ransomware trojans or mobile banking trojans. Where did the U.S fall? The United States fared well, averaging right in the middle between least and most safe.

ref: https:// (www.) comparitech.com/blog/vpn-privacy/cybersecurity-by-country/

I’m interested in cybersecurity mainly because it’s a way to stay in the IT field and upgrade my skills and depth of knowledge. For the previous 12 ½ years I was in the Navy working in the IT field. However, as an IT the job you do is very broad, you’re doing networking, sysadmin, cyber security, and radio comms, as well as managing a group of people – along with a million other things shipboard related. Which means while it’s possible to be a master of all, you’re more likely to be just a jack of all trades.

Which leads me to cyber security and why I landed on it in post-Navy college journey. Towards the end of my Navy career I started preparing myself to get out. In my last year I was able to get COMPTIA Security + and Cyber Security Analyst certified, mainly just to pad my resume and help open up some job opportunities. The material was very dry and I was quite sure I was uninterested in the field. Shortly after getting out I got a job as a System Administrator and actually quite enjoy it. However, I work next to one of the company’s sr cyber security analysts and seeing what he does everyday made me more interested in the field and it encouraged me to go back to school and pursue it as a degree. 

It’s also an industry that isn’t going anywhere anytime soon and one that every other industry relies on. To touch on that a bit more, here are four majors ODU offers: Nursing, Marketing, Elementary Education, and Criminology. How do they involve cyber security you may ask?

Nursing: Working in the medical field, nurses are in direct connection to a patient’s PII and PHI. If you are working in this field it is vital to protect your patients information. That means locking your computer, keeping your passwords protected, and keeping patient information locked down to those who need it. 

Marketing: Marketing teams work directly with cyber security folks to keep customer information secured as well as creating secure websites/accounts. 

Elementary Education: Web security helps keep elementary classroom networks secure, filtering out any sites that may be too adult for children. 

Criminology: Have a crime that’s been committed? Cyber security goes hand in hand with cyber forensics to secure data in a criminal case, as well as help keep the systems that are holding this information secure.