Q&As: general questions about computer security

Here are the questions you asked our panel of people who work in cybersecurity and computer forensics in Ireland.

James O’Gorman (Microsoft): Hi Kevin, good question! In actual fact people have devoted their careers to developing such systems. There is no single solution to protect against these threats, most organisations choose to protect systems using a combination of security systems and principles, for example; securely designed networks, anti-malware engines, intrusion detection systems etc.

However, the weakest factor in any system is usually the human element! People are incredibly vulnerable to a practice known as social engineering, which is the art of manipulating people to conduct certain actions or get certain information from them.

Tony Davitt (Cisco): Hi Kevin, there are programmes (anti-virus software) on the market to do just that. There are typically two ways in which they work: the first has a list of known attacks and it looks out for these constantly – and if it spots something it can then quarantine the virus. This doesn’t cater for unknown attacks.

The second type comes at the problem by looking out for good behaviour of the software and that’s all it allows and hence it can stop a program doing something it typically shouldn’t be doing.

Having said that, attacks are always becoming more sophisticated and harder to identify and stop. So if you have an idea for something – follow it – you never know.

James O’Gorman: Stuxnet is being heralded as the most advanced virus of all time. It was discovered by researchers in the last two years and exploited previously unknown vulnerabilities to specifically target nuclear enrichment centrifuges in Iran.

It is widely believed that Stuxnet was developed by a government due to its inherent complexity and political motivation. This is opposed to previously seen malware which has usually been produced by an individual or criminal organisation.

James O’Gorman: Great question! Unfortunately there is no one answer: it depends entirely on how important cybersecurity is to the organisation. NASA’s investment in cybersecurity is likely to be a lot more than your local high-street retailer, yet both will rely to some degree on secure systems in order to protect their valuable data.

Cybercrime currently costs society an estimated USD $1 trillion and it estimated that the cybersecurity market will be worth USD $80 billion by 2017.

Tony Davitt: Hi, Good question, and this is a question that a lot of organisations are struggling with, especially in a public cloud environment. A lot of the security concerns for customers in a virtualised world is ensuring the integrity and confidentiality of their data.

However, there is a lot of security infrastructure today in place to counter these concerns, and lots of work / development being carried out today to advance these technologies.

Keyun Ruan (UCD and EADS): Cloud computing is a paradigm shift in computing history and brings a sea change in many areas including cybersecurity. While cloud computing has been rapidly adopted around the world, both public and private sectors are in need of an acceleration on cloud security standards, as well as new security research and developments, solutions, products, services adapted to the cloud computing environment.

Cloud computing brings new threats to the dynamic attack landscape, but it also opens a lot of “green” spaces and opportunities for novel cybersecurity innovations and solutions.

Tom Leonard (CPL): This is probably one of the key topics and issues facing the IT industry right now. The short answer is that far greater emphasis will be put on security than ever before, both within the data centres/co-location facilities and companies providing cloud services and the companies utilising them.

Data centres are continually subjects to denial-of-service attacks, malware, hacking and other nefarious and serious threats from people looking to do harm, steal data or simply bring down a system “because they can”.

Companies providing security software, solutions and services are thriving due to the increase in cloud computing, and the demand for security architects, engineers and cybercrime specialists is also on the increase.

Vast amounts of data are now online and even from personal cloud use, through companies such as Dropbox, Amazon and Google and even the data we store on the likes of Facebook, all this data will be targeted by those looking to misuse it.

Also it will most likely mean a technology innovation drive. As hackers become more sophisticated those companies specialising in preventing them will have to become more advanced. This in itself will create job opportunities.

James O’Gorman: Passwords are certainly one way of protecting access to data; however, many organisations now employ “dual factor authentication” which may involve the use of a secondary form of authentication such as an ID tag or smart card which contains a secondary key.

Use of biometric data such as fingerprint or retina scans is somewhat controversial for privacy reasons as this information is very personal. Biometric authentication has also led to cases where people have been physically harmed in an effort to subvert biometric authentication systems.

Tony Davitt: In the security world we refer to this as authentication and there are lots of methods (some you alluded to) such as username and password, two-factor authentication, biometrics etc,

Like everything else in life there is a balance between cost and the need for the technology which really comes down to an analysis of the risk of an attack and how important what you are protecting is.

Some systems that organisations have will simply use username / password where others will deploy more advanced methods for the more important information. When you have these different methods then separation of these systems is also very important.

Tom Leonard: The short answer is that it is already becoming commonplace to use biometrics such as fingerprint scans and retinal scans.

Typically these were cost prohibitive to use for smaller companies and smaller scale, but many PC/Laptop manufacturers already incorporate fingerprint scanners and facial recognition software in their products. This will only become more commonplace.

A problem for companies, though, is putting these measures in widespread use in their companies. There are now effective password scramblers (as soon as you type your password the system then scrambles it again before it is entered in the system, so outside observers cannot detect it) on the market and also software which allows the user to split their passwords, making it far harder for hackers to run algorithms to detect passwords.

It remains a fact though that the majority of people still make their passwords far too easy to guess. Using a strong combination of numbers and lower and upper case letters (alphanumeric) and unmemorable or “less obvious” words is still effective.

James O’Gorman: The most important rule here is to always use strong passwords, do not use computers you do not trust and use a different password for each account you use. Lastly ensure that you regularly maintain your computer or laptop with the latest security patches and anti-malware software.

NEVER share your passwords with anyone! Notifying the relevant authorities was the best course of action, using your newly found skills as a cybersecurity professional is not advisable. Cybersecurity professionals are bound by a strict code of ethics which explicitly limit how you use your skills.