Working in the Information Technology (IT) industry, I have noticed the increase of trends developing over a short period of time. There are amazing and innovative trends, but there are malicious and downright evil trends as well. The trends I will be discussing are: the pressure to move from the data server to the cloud, lack of cybersecurity within the companies and an increase in cracker attacks. These trends are issues that do not come with complete and concrete solutions to them, but with time and money these trends could be minimized in the IT industry.
Every CEO sees the newest and greatest technology that hit the market and wants to implement them into their company. It is always a great idea to upgrade a company’s network infrastructure, but at what cost are they willing to take for a potential risk to arise. The cloud is the newest wave every business owner is surfing on. The cloud is obtainable anywhere and everywhere as long as there are computers with internet connectivity. This makes the cloud a very powerful tool for organizations around the world. Five to ten years ago, documents and applications were bound to a specific computer system on the organization’s network. In order to travel on business trips, employees would store applications and documents on USB drives or some type of external hard drive in order to carry with them wherever they needed to go. Now, cloud applications allow you access to the documents from around the world with only requiring a laptop and the internet.
Understanding how boundless and how advanced the cloud is, I would like to explain the reasons why the pressure is on every Chief Information Officer (CIO) in various organizations to migrate to the cloud. Moving to the cloud is a huge transition within a company, but it’s up and coming. This means that a lot of the employed IT staff are not properly educated on the subject matter of the cloud and how to manage it. Now there are only two feasible options, the company will have to re-train the entire staff on how to manage the cloud, or have a third-party company manage it for them. According to Optimal Networks, “For colocation, plan for anywhere from $400 per month for one server, to $15,000 per month for your entire back-office infrastructure (Optimal Networks, 2013).” Also, companies could spend upwards to $100 to $200 per desktop per month, which is not including implementation, data migration, and ongoing storage cost (Optimal Networks, 2013). The cost of having and maintaining the cloud is a very expensive process, that comes with risks that could possibly destroy companies as well. As a company, understanding that with each new technology advancements, the security concerns come with it as well.
Cloud service providers inform companies that they provide the most reliable, solid, and encrypted data security system. Unfortunately, this is not entirely true, the cloud data is on the internet and is accessible from any computer in the world. The organization’s data is in the cloud is equivalent to being on the internet which indicates that the company’s data could be breached and compromised by a malicious user, an unhappy employee, or a careless employee leaving their username/password written down on a sheet of paper. Some of the biggest companies have experienced immense data breaches in which they had to pay a costly price as a consequence. For example, Anthem Health insurance suffered a data breach in 2015 affecting approximately 79 million customers. Investigators found malicious users stole the names, birth dates, Social Security numbers, home addresses, and other personal information through their cloud-base file sharing service (Teichert, 2018). Anthem has agreed to pay the government $16 million, this agreement is by far the largest settlement reached by HHS’ Office for Civil Rights for a Health Insurance Portability and Accountability Act breach (Teichert, 2018). Anthem is not the only big-time company that has been hacked through the cloud. Other companies such as Amazon and LinkedIn have also been the victim of cyberattacks. These are merely examples of the consequences faced after a large data breach has occurred.
Cybersecurity has become a nightmare for the entire IT industry. Companies, like Anthem Healthcare insurance, IRS, and even Equifax have been spending millions in lawsuits due to data breaches. Not only is it hurting businesses around the world but is also causing the consumer unwanted disclosure of their social security numbers, names, and home addresses. According to Pew Research Center, “Nearly 64 percent, over 170 million record exposed, of Americans have experienced a data breach and half of Americans do not trust the federal government or social media sites to protect their data (Kulp, 2017).” Organizations have started to double security tools that are not usually compatible with each other in efforts to build a Frankenstein security system together, hoping not to become the next victim of a cybercrime.
An Important Issue
An important issue going around in the IT industry is an increase in cracker attacks. A cracker is someone who breaks into someone else’s computer system, often on a network; bypasses passwords or licenses in computer programs; or in other ways intentionally breaches computer security (Rouse, 2007). Do not confuse yourself in thinking that this is a hacker; the two terms are completely different. Hackers are mostly computer programmers with extensive knowledge of the operating system and program languages (Pearson, 2002). Hackers constantly explore networks attempting to discover vulnerabilities in order to gather information, but never to intentionally damage data. A cracker will gain access to the network and their intent is to destroy data or cause problems to the intended user or business (Pearson, 2002). The main difference between these two techniques is “Hacking builds things” and “Cracking breaks them ( Bawane & Shelke , 2014).”
Regular employees, known as users, are the main targets of a cracker attack. The users who do not create complex passwords are usually the ones subjected to attacks. They believe that simple passwords are easy to remember and login with, which is technically true, but it is a huge security risk that should not be made. There are hundreds of passwords-cracking techniques used, but here are a few of the top attacks:
- Dictionary attacks is a file containing popular and commonly used passwords compiles into dictionary or word list (Highfield, 2018). The file is embedded into a cracking application and ran against a user’s profile.
- Brute force attack tries every possible combination of letter, numbers and symbols to crack a password (Datarecovery, 2017).
- A keylogger attack can be installed by malware which records everything you type or takes screenshots during a login process, and then forwards a copy of this file to hacker central (Highfield, 2018).
- A Phishing attack is an email sent by an attacker disguised as a trusted entity, tricking the user into opening the email. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system, then revealing data (Imperva, 2019)
One of the best solutions to implement is by creating a strong password. A technique that could be used for users is generating a complex password or passphrase. For example: IE@tC@k3D@i1y, having a mixture of upper and lowercase letters, numbers, and symbols enhances security greatly. Other techniques include changing passwords every 90 days, and not using the same password back to back.
For administrators running test on their system using password cracking-tools would be highly advised. It is better for the administrator to know the company’s weakness rather than an attacker to know your vulnerabilities. Also, system administrators should consider physically locking down their machines on the network. An attacker is not only on the outside trying to infiltrate the network, but as well as inside your company. There are many unhappy and disgruntle employees trying to take revenge on the company when things have not gone their way. To prevent insider attacks from using malicious USB or CDs, the administrators should disable all USB and CD drives from the BIOS and never enable them again.
Negative trends in the IT industry are continuously growing due to the rapid growth of the industry. The pressure of having companies move to the cloud as well as not being fully qualified to manage a new system could be catastrophic to a company. Also, not being able to transfer all of the company’s data to the cloud and risk losing data could be a huge loss to the company. The increase of password cracker-attacks are rising at an alarming rate, but by educating the user on the security and the complexity of their passwords should help prevent cracker attacks within the company. Also, keeping an antivirus software up-to-date and actively monitoring network traffic is very important in the company’s cybersecurity process. These preventative measures are extremely helpful for today’s current IT problems. As cyberattacks continue to develop daily, one wonders what new IT issues may arise in the future.
- Bawane , M., & Shelke , C. (2014). Analysis of increasing hacking and cracking techniques. International Journal of Application or Innovation in Engineering & Management (IJAIEM), 270.
- Datarecovery. (2017, September 18). Cracking passwords: 11 password attack methods. Retrieved from Datarecovery.com: https://datarecovery.com/rd/cracking-passwords-11-password-attack-methods-work/
- Highfield, V. (2018, June 26). The top ten password-cracking techniques used by hackers. Retrieved from Alphr: https://www.alphr.com/features/371158/top-ten-password-cracking-techniques
- Imperva. (2019). Phishing attack. Retrieved from Imperva Incapsula: https://www.incapsula.com/web-application-security/phishing-attack-scam.html
- Kulp, K. (2017, November 15). Navigating the brave new world of cybersecurity investing. Retrieved from CNCB: https://www.cnbc.com/2017/11/14/navigating-the-brave-new-world-of-cybersecurity-investing.html
- Optimal Networks. (2013, October 10). How much does cloud computing cost? Retrieved from Optimal Networks: https://www.optimalnetworks.com/2013/10/10/how-much-does-cloud-computing-cost/
- Pearson. (2002, November 18). Hackers and Crackers. Retrieved from Inform IT: http://www.informit.com/articles/article.aspx?p=30048
- Rouse, M. (2007, June). cracker. Retrieved from Search Security: https://searchsecurity.techtarget.com/definition/cracker
- Teichert, E. (2018, October 16). Anthem to pay $16M in record data breach settlement. Retrieved from Modern Healthcare: https://www.modernhealthcare.com/article/20181016/NEWS/181019927