Hacking Humans

This article questions whether digitizing DNA is worth it, considering the scientific advancements this data could bring. Consumers of DNA testing services are already providing this information to private companies, whether they know it or not. These companies should be legally required to ask permission and explicitly inform customers about what their data will be used for. Companies providing DNA testing services store customers’ digitized DNA to improve the accuracy of test results. Unlike other forms of personally identifiable information, digitized DNA cannot be changed so easily. If it were possible, you probably would not want to be the first test subject. Individuals might not be worried about this information getting breached, because what would somebody even do with it? However, extraordinary scientific breakthroughs happen every year, and gene editing has already existed for a while. It is only a matter of time until technological advancements make it possible to weaponize digitized DNA. Also, hackers banking on these technological advancements are eager to get their hands on this valuable data to sell on the black market. So, it is crucial to legally require companies housing such data to practice strict data security at the very least. There is a plethora of ethical considerations surrounding the use of digitized DNA as well. For example, widespread access to individuals’ digitized DNA could result in discriminatory actions for things, such as genetic disorders, that people cannot change. Since DNA is similar among family members, parts of your genetic data could be out there without your consent. However, what worries me the most is the unforeseen possibilities of using such data in medical experiments, especially ones happening behind closed doors.

The Human Factor in Cybersecurity

Being faced with a limited budget can make it difficult to balance the training and additional cybersecurity technologies. It is important to create a strategic approach that keeps in mind long-term needs and immediate action. Human error is a prevalent occurrence among cybersecurity issues. This makes training a crucial area when dealing with allocating funds. A well-trained staff can act as the first line of defense, preventing many threats before they even reach technical systems. This explains the importance of allocating funds toward educating employees on best practices, phishing awareness, and data protection. Employees well-versed in these topics will reduce risk. Furthermore, cybersecurity technology such as firewalls, intrusion detection systems, and encryption software is essential for safeguarding critical data and infrastructure. To make sure funds are allocated effectively, I would prioritize high-impact technologies that complement the training. Ultimately, the optional allocation depends on the organization’s specific risks and vulnerabilities. From my understanding, the best approach would be to devote around 50-60% of the funds to training, and the other 40-50% toward acquiring cybersecurity technologies. This ensures that both human and technological defenses are strong. 

Exploring Attacks on Availability

According to (Berghout et al., 2022), “availability attacks are a DoS attack that can delay or completely prohibit authorized individuals from accessing certain services at the time when they need to.” The type of attack I have chosen to discuss is called a man-in-the-middle attack. As the name suggests, this attack occurs when a culprit places themselves between a client and an application to either secretly listen to or imitate a party. The two stages often incorporated with this attack method are interception and decryption. This attack can target availability if the culprit receiving the data does not pass it along to the correct recipient. If the attacker’s activities are identified, it can cause downtime and legal repercussions for an organization. With the conventional MITM attack, the attacker needs access to an unsecured network and endpoints (Mallik,2018). However, another variation exists called man-in -the-browser where malware is injected into a PC and records information until it finds what it is coded to, sending it to the attacker (Mallik,2018). It is common for attackers to make free/open wifi or hotspots and wait for victims to join, which gives them access to their online information trade. On a broader scale, the information intercepted could be used for fraud, unapproved support exchanges, or unlawful watchword change (Mallik,2018). Some possible defenses for MITM attacks include encryption, authentication, monitoring, VPNs, and, most of all, using computers securely. The positioning gained to carry out such an attack can evolve into the infiltration phase of an Advanced Persistent Threat (Mallik,2018). Inevitably, these attacks can result in legal consequences, increased cybersecurity investments, further attacks like malware distribution, data breaches, exposed personally identifiable/financial information, and loss of trust.

Berghout, T., Benbouzid, M., & Muyeen, S. M. (2022). Machine Learning for Cybersecurity in smart grids: A comprehensive review-based study on methods, solutions, and prospects. International Journal of Critical Infrastructure Protection38, 100547. https://doi.org/10.1016/j.ijcip.2022.100547

Mallik, A. (2019). Man-in-the-middle-attack: Understanding in simple words. Cyberspace: Jurnal Pendidikan Teknologi Informasi2(2), 109-134.