Amateurs

Amateurs, or script kiddies, have little or no skill, often using existing tools or instructions found
on the Internet to launch attacks. Some are just curious(tafit), while others try to demonstrate
their skills and cause harm. They may be using basic tools, but the results can still be
devastating(haribiwa)

Hackers

This group of criminals breaks into computers or networks to gain access for various reasons.
The intent of the break-in determines the classification of these attackers as white, gray, or black
hats. White hat attackers break into networks or computer systems to discover weaknesses in
order to improve the security of these systems. The owners of the system give permission to
perform the break-in, and they receive the results of the test. On the other hand, black hat
attackers take advantage of any vulnerability for illegal personal, financial or political gain. Gray
hat attackers are somewhere between white and black hat attackers. The gray hat attackers may
find a vulnerability and report it to the owners of the system if that action coincides with their
agenda. Some gray hat hackers publish the facts about the vulnerability on the Internet, so that
other attackers can exploit it.

Organized Hackers

These criminals include organizations of cyber criminals, hacktivists, terrorists, and state-
sponsored hackers. Cyber criminals are usually groups of professional criminals focused on
control, power, and wealth. The criminals are highly sophisticated and organized, and may even
provide cybercrime as a service. Hacktivists make political statements to create awareness to
issues that are important to them. Hacktivists publically publish embarrassing information about
their victims. State-sponsored attackers gather intelligence or commit sabotage on behalf of their
government. These attackers are usually highly trained and well-funded. Their attacks focus on
specific goals that are beneficial to their government. Some state-sponsored attackers are even
members of their nations’ armed forces.
Why Become a Cybersecurity Specialist?
The demand for cybersecurity specialists has grown more than the demand for other IT jobs. All
of the technology that transforms the kingdom and improves people’s way of life also makes it
more vulnerable to attacks. Technology alone cannot prevent, detect, respond and recover from
cybersecurity incidents. Consider the following:

 The skill level required for an effective cybersecurity specialist and the shortage of
qualified cybersecurity professionals translates to higher earning potential.

 Information technology is constantly changing. This is also true for cybersecurity. The
highly dynamic nature of the cybersecurity field can be challenging and fascinating.

 A cybersecurity specialist’s career is also highly portable. Jobs exist in almost every
geographic location.

 Cybersecurity specialists provide a necessary service to their organizations, countries,

and societies, very much like law enforcement or emergency responders.
Becoming a cybersecurity specialist is a rewarding career opportunity.

Thwarting Cyber Criminals

Thwarting the cyber criminals is a difficult task and there is no such thing as a “silver bullet.”
However, company, government and international organizations have begun to take coordinated
actions to limit or fend off cyber criminals. The coordinated actions include:

 Creating comprehensive databases of known system vulnerabilities and attack signatures

(a unique arrangement of information used to identify an attacker’s attempt to exploit a
known vulnerability). Organizations share these databases worldwide to help prepare for
and fend off many common attacks.

 Establishing early warning sensors and alert networks. Due to cost and the impossibility
of monitoring every network, organizations monitor high-value targets or create
imposters that look like high-value targets. Because these high-value targets are more
likely to experience attacks, they warn others of potential attacks.
  Sharing cyber intelligence information. Business, government agencies and countries
now collaborate to share critical information about serious attacks to critical targets in
order to prevent similar attacks in other places. Many countries have established cyber
intelligence agencies to collaborate worldwide in combating major cyberattacks.

 Establishing information security management standards among national and

international organizations. The ISO 27000 is a good example of these international
efforts.

 Enacting new laws to discourage cyberattacks and data breaches. These laws have severe
penalties to punish cyber criminals caught carrying out illegal actions.

The figure displays measures to thwart cyber criminals and a brief description of each.
Threats to Internet Services
There are many essential technical services needed for a network, and ultimately the Internet, to
operate. These services include routing, addressing, domain naming, and database management.
These services also serve as prime targets for cyber criminals.

Criminals use packet-sniffing tools to capture data streams over a network. This means that all
sensitive data, like usernames, passwords and credit card numbers, are at risk. Packet sniffers
work by monitoring and recording all information coming across a network. Criminals can also
use rogue devices, such as unsecured Wi-Fi access points. If the criminal sets this up near a
public place, such as a coffee shop, unsuspecting individuals may sign on and the packet sniffer
copies their personal information.

Domain Name Service (DNS) translates a domain name, such as www.facebook.com, into its
numerical IP address. If a DNS server does not know the IP address, it will ask another DNS
server. With DNS spoofing (or DNS cache poisoning), the criminal introduces false data into a
DNS resolver’s cache. These poison attacks exploit a weakness in the DNS software that causes
the DNS servers to redirect traffic for a specific domain to the criminal’s computer, instead of
the legitimate owner of the domain.

Packets transport data across a network or the Internet. Packet forgery (or packet injection)
interferes with an established network communication by constructing packets to appear as if
they are part of a communication. Packet forgery allows a criminal to disrupt or intercept
packets. This process enables the criminal to hijack an authorized connection or denies an
individual’s ability to use certain network services. Cyber professionals call this a man-in-the-
middle attack.

The examples given only scratch the surface of the types of threats criminals can launch against
Internet and network services.

Internal and External Threats

Internal Security Threats

Attacks can originate from within an organization or from outside of the organization, as shown
in the figure. An internal user, such as an employee or contract partner, can accidently or
intentionally:

 Mishandle confidential data

 Threaten the operations of internal servers or network infrastructure devices

 Facilitate outside attacks by connecting infected USB media into the corporate computer
system

 Accidentally invite malware onto the network through malicious email or websites

Internal threats have the potential to cause greater damage than external threats because internal
users have direct access to the building and its infrastructure devices. Internal attackers typically
have knowledge of the corporate network, its resources, and its confidential data. They may also
have knowledge of security countermeasures, policies and higher levels of administrative
privileges.

External Security Threats

External threats from amateurs or skilled attackers can exploit vulnerabilities in networked
devices, or can use social engineering, such as trickery, to gain access. External attacks exploit
weaknesses or vulnerabilities to gain access to internal resources.

Traditional Data
Corporate data includes personnel information, intellectual property, and financial data.
Personnel information includes application materials, payroll, offer letters, employee
agreements, and any information used in making employment decisions. Intellectual property,
such as patents, trademarks and new product plans, allows a business to gain economic
advantage over its competitors. Consider this intellectual property as a trade secret; losing this
information can be disastrous for the future of the company. Financial data, such as income
statements, balance sheets, and cash flow statements, gives insight into the health of the
company.

The Vulnerabilities of Mobile Devices

In the past, employees typically used company-issued computers connected to a corporate LAN.
Administrators continuously monitor and update these computers to meet security requirements.
Today, mobile devices such as iPhones, smartphones, tablets, and thousands of other devices, are
becoming powerful substitutes for, or additions to, the traditional PC. More and more people are
using these devices to access enterprise information. Bring Your Own Device (BYOD) is a
growing trend. The inability to centrally manage and update mobile devices poses a growing
threat to organizations that allow employee mobile devices on their networks.
The Emergence of the Internet of Things
The Internet of Things (IoT) is the collection of technologies that enable the connection of
various devices to the Internet. The technological evolution associated with the advent of the IoT
is changing commercial and consumer environments. IoT technologies enable people to connect
billions of devices to the Internet. These devices include appliances, locks, motors, and
entertainment devices, to name just a few. This technology affects the amount of data that needs
protection. Users access these devices remotely, which increases the number of networks
requiring protection.

With the emergence of IoT, there is much more data to be managed and secured. All of these
connections, plus the expanded storage capacity and storage services offered through the Cloud
and virtualization, has led to the exponential growth of data. This data expansion created a new
area of interest in technology and business called “Big Data".

Using Advanced Weapons

Software vulnerabilities today rely on programming mistakes, protocol vulnerabilities, or system
misconfigurations. The cyber criminal merely has to exploit one of these. For example, a
common attack involved constructing an input to a program in order to sabotage the program,
making it malfunction. This malfunction provided a doorway into the program or caused it to
leak information.

There is a growing sophistication seen in cyberattacks today. An advanced persistent threat

(APT) is a continuous computer hack that occurs under the radar against a specific object.
Criminals usually choose an APT for business or political motives. An APT occurs over a long
period with a high degree of secrecy using sophisticated malware.

Algorithm attacks can track system self-reporting data, like how much energy a computer is
using, and use that information to select targets or trigger false alerts. Algorithmic attacks can
also disable a computer by forcing it to use memory or by overworking its central processing
unit. Algorithmic attacks are more devious because they exploit designs used to improve energy
savings, decrease system failures, and improve efficiencies.

Finally, the new generation of attacks involves intelligent selection of victims. In the past,
attacks would select the low hanging fruit or most vulnerable victims. However, with greater
attention to detection and isolation of cyberattacks, cyber criminals must be more careful. They
cannot risk early detection or the cybersecurity specialists will close the gates of the castle. As a
result, many of the more sophisticated attacks will only launch if the attacker can match the
object signature targeted.
Broader Scope and Cascade Effect
Federated identity management refers to multiple enterprises that let their users use the same
identification credentials gaining access to the networks of all enterprises in the group. This
broadens the scope and increases the probability of a cascading effect should an attack occur.

A federated identity links a subject’s electronic identity across separate identity management
systems. For example, a subject may be able to log onto Yahoo! with Google or Facebook
credentials. This is an example of social login.

The goal of federated identity management is to share identity information automatically across
castle boundaries. From the individual user’s perspective, this means a single sign-on to the web.

It is imperative that organizations scrutinize the identifying information shared with partners.
Social security numbers, names, and addresses may allow identity thieves the opportunity to
steal this information from a partner to perpetrate fraud. The most common way to protect
federated identity is to tie login ability to an authorized device.

Safety Implications
Emergency call centers in the U.S. are vulnerable to cyberattacks that could shut down 911
networks, jeopardizing public safety. A telephone denial of service (TDoS) attack uses phone
calls against a target telephone network tying up the system and preventing legitimate calls from
getting through. Next generation 911 call centers are vulnerable because they use Voice-over-IP
(VoIP) systems rather than traditional landlines. In addition to TDoS attacks, these call centers
can also be at risk of distributed-denial-of-service (DDoS) attacks that use many systems to flood
the resources of the target making the target unavailable to legitimate users. There are many
ways nowadays to request 911 help, from using an app on a smartphone to using a home security
system.

Heightened Recognition of Cybersecurity

Threats
The defenses against cyberattacks at the start of the cyber era were low. A smart high school
student or script kiddie could gain access to systems. Countries across the world have become
more aware of the threat of cyberattacks. The threat posed by cyberattacks now head the list of
greatest threats to national and economic security in most countries.

Addressing the Shortage of Cybersecurity

Specialists
In the U.S., the National Institute of Standards and Technologies (NIST) created a framework for
companies and organizations in need of cybersecurity professionals. The framework enables
companies to identify the major types of responsibilities, job titles, and workforce skills needed.
The National Cybersecurity Workforce Framework categorizes and describes cybersecurity
work. It provides a common language that defines cybersecurity work along with a common set
of tasks and skills required to become a cybersecurity specialist. The framework helps to define
professional requirements in cybersecurity.

The National Cybersecurity Workforce

Framework
The Workforce Framework categorizes cybersecurity work into seven categories.

Operate and Maintain includes providing the support, administration, and maintenance
required to ensure IT system performance and security.

Protect and Defend includes the identification, analysis, and mitigation of threats to internal
systems and networks.

Investigate includes the investigation of cyber events and/or cyber crimes involving IT
resources.

Collect and Operate includes specialized denial and deception operations and the collection of
cybersecurity information.

Analyze includes highly specialized review and evaluation of incoming cybersecurity

information to determine if it is useful for intelligence.

Oversight and Development provides for leadership, management, and direction to conduct
cybersecurity work effectively.

Securely Provision includes conceptualizing, designing, and building secure IT systems.

Within each category, there are several specialty areas. The specialty areas then define common
types of cybersecurity work.

The figure displays each of the categories and a brief description of each.
Industry Certifications
In a world of cybersecurity threats, there is a great need for skilled and knowledgeable
information security professionals. The IT industry established standards for cybersecurity
specialists to obtain professional certifications that provide proof of skills, and knowledge level.

CompTIA Security+

Security+ is a CompTIA-sponsored testing program that certifies the competency of IT

administrators in information assurance. The Security+ test covers the most important principles
for securing a network and managing risk, including concerns associated with cloud computing.

EC-Council Certified Ethical Hacker (CEH)

This intermediate-level certification asserts that cybersecurity specialists holding this credential
possess the skills and knowledge for various hacking practices. These cybersecurity specialists
use the same skills and techniques used by the cyber criminals to identify system vulnerabilities
and access points into systems.
SANS GIAC Security Essentials (GSEC)

The GSEC certification is a good choice for an entry-level credential for cybersecurity specialists
who can demonstrate that they understand security terminology and concepts and have the skills
and expertise required for “hands-on” security roles. The SANS GIAC program offers a number
of additional certifications in the fields of security administration, forensics, and auditing.

(ISC)^2 Certified Information Systems Security Professional (CISSP)

The CISSP certification is a vendor-neutral certification for those cybersecurity specialists with a
great deal of technical and managerial experience. It is also formally approved by the U.S.
Department of Defense (DoD) and is a globally recognized industry certification in the security
field.

ISACA Certified Information Security Manager (CISM)

Cyber heroes responsible for managing, developing and overseeing information security systems
at the enterprise level or for those developing best security practices can qualify for CISM.
Credential holders possess advanced skills in security risk management.

How to Become a Cybersecurity Expert

To become a successful cybersecurity specialist, the potential candidate should look at some of
the unique requirements. Heroes must be able to respond to threats as soon as they occur. This
means that the working hours can be somewhat unconventional.

Cyber heroes also analyze policy, trends, and intelligence to understand how cyber criminals
think. Many times, this may involve a large amount of detective work.

The following recommendations will help aspiring cybersecurity specialists to achieve their
goals:

 Study: Learn the basics by completing courses in IT. Be a life-long learner.

Cybersecurity is an ever-changing field, and cybersecurity specialists must keep up.

 Pursue Certifications: Industry and company sponsored certifications from

organizations such as Microsoft and Cisco prove that one possesses the knowledge
needed to seek employment as a cybersecurity specialist.

 Pursue Internships: Seeking out a security internship as a student can lead to

opportunities down the road.

 Join Professional Organizations: Join computer security organizations, attend meetings

and conferences, and join forums and blogs to gain knowledge from the experts.