INFORMATION SECURITY
STUDY OF THE IMBALANCE AND DISPROPORTIONS IN THE OPPOSITION OF CYBER DEFENSE AGAINST HACKERS
- 1 Faculty of Information Technologies – University of Librarian Studies and Information Technologies, Bulgaria
Abstract
Study outlines the contours and the magnitude of the asymmetry in the opposition of cyber defense against hackers. Propose a
model that reflects the dynamics of the opposition on both sides and the impact of the listed disproportions. It consist a functional analysis of the differences between organizational and technical approaches applied from both sides. Contains research into why even the most highly protected systems suffer from successful hacking attacks. The analysis sheds light on the magnitude of pressure exerted by malicious actors on cyber security for organizations and the disproportionate response from experts who protect information systems and networks.
Keywords
References
- [1] SWIMLINE, Automating Incident Response, 2018. [Online]. Available: https://swimlane.com/resources/ebook-automating-incident-response/
- I. Nedyalkov, A. Stefanov, and P. Apostolov, ―Modeling of the convergence time of an IP - based network with different traffic loads,‖ in IEEE EUROCON 2019 -18th International Conference on Smart Technologies. IEEE, jul 2019.
- IGN MANTRA— Chairman, Peneliti Cyber War, Cyber Crime dan Cyber Security, Indonesia Academic CSIRT, Seminar Cyber Defence, Teknik lnformatika, Universitas Jendral Soedirman, PURWOKERTO, AcadlCSlR‘l’.
- I. academic CSIRT. Seminar cyber defence unsoed 21 september 2014. [Online]. Available: https://www.slideshare.net/- ignmantra/seminar-cyber-defence-unsoed-21-september-2014
- E. Paul van Kessel, Cybersecurity regained: preparing to face cyber attacks 20th Global Information Security Survey 2 017– 18, 2018.
- E. Lichtblau, ―Hackers Get Employee Records at Justice and Homeland Security Depts.‖ 2 2016. [Online]. Available: https://www.nytimes.com/2016/02/09/us/hackers-access-employee-records-at-justice-and-homeland-security-depts.html
- Z. Zorz. (2016, 2) Info on 20,000 FBI and 9,000 DHS employees leaked following alleged DoJ hack - Help Net Security. [Online; accessed 10. Nov. 2019]. [Online]. Available: https://- www.helpnetsecurity.com/2016/02/09/info-on-20000-fbi-and-9000- dhs-employees-leaked-following-alleged-doj-hack
- C. Bing. Doe warns of potentially ‗imminent‘ cyberattack on power grid. [Online]. Available: https://www.cyberscoop.com/- energy-department-warns-imminent-cyberattack-power-grid/
- S. Chapter IV: Ensuring Electricity System Reliability and Resilience, ―Transforming the nation‘s electricity system: The second installment of the qer | january 2017.‖
- A. Mathur. (2019, 9) DXC Technology Co. (via Public) / Why predictable cyber security practices are less secure. [Online; accessed 1. Sep. 2019]. [Online]. Available: http://- www.publicnow.com/view/- 6DE296A267A3EFD2290A46DC893EFB08836AB09F?2019-08- 15-14:00:19+01:00-xxx2981
- M. Giles, ―AI for cybersecurity is a hot new thing—and a dangerous gamble,‖ MIT Technology Review, 8 2018. [Online]. Available: https://www.technologyreview.com/s/611860/ai-for-cybersecurity-is-a-hot-new-thing-and-a-dangerous-gamble
- ENISA, Cyber Security Culture in organisations, NOVEMBER 2017.
- L. Pietre-Cambacedes, M. Tritschler, and G. N. Ericsson, ―Cybersecurity myths on power control systems: 21 misconceptions and false beliefs,‖ IEEE Transactions on Power Delivery, vol. 26, no. 1, pp. 161–172, jan 2011.
- C. Gopalakrishnan, ―Sophisticated tools provide false sense of cyber-security: Survey,‖ 9 2019. [Online]. Available: https://www.scmagazineuk.com/sophisticated-tools-provide-false-sense-cyber-security-survey/article/1660872
- G. Ness. (2018, 5) The All or Nothing Cyber Security Paradox - Security Boulevard. [Online; accessed 3. Sep. 2019]. [Online]. Available: https://securityboulevard.com/2018/05/the-all-or-nothing-cyber-security-paradox
- W. Ashold. (2019, 9) Pen testers find weaknesses in banks‘ cyber security. [Online; accessed 3. Sep. 2019]. [Online]. Available: https://www.computerweekly.com/news/252441525/- Pen-testers-find-weaknesses-in-banks-cyber-security
- Димитров, ―Рискове при използване образи на виртуални машини в облака,‖ CIO, Октомври 2013. [Online]. Available: http://cio.bg/- 5745_riskove_pri_izpolzvane_obrazi_na_virtualni_mashini_v_obla ka&ref=cat
- C. S. Review. (2019, 2) Attack Uses Docker Containers To Hide, Persist, Plant Malware Cyber Security Review. [Online; accessed 21. Feb. 2019]. [Online]. Available: https://- www.cybersecurity-review.com/news-july-2017/attack-uses-docker-containers-to-hide-persist-plant-malware
- S. Sultan, I. Ahmad, and T. Dimitriou, ―Container security: Issues, challenges, and the road ahead,‖ IEEE Access, vol. 7, pp. 52976–52996, 2019.
- J. hua Li, ―Cyber security meets artificial intelligence: a survey,‖ Frontiers of Information Technology & Electronic Engineering, vol. 19, no. 12, pp. 1462–1474, dec 2018.
- S. Paavolainen and P. Nikander, ―Security and privacy challenges and potential solutions for DLT based IoT systems,‖ in 2018 Global Internet of Things Summit (GIoTS). IEEE, jun 2018.
- H. Halpin and M. Piekarska, ―Introduction to security and privacy on the blockchain,‖ in 2017 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE, apr 2017.
- M. Lagazio, N. Sherif, and M. Cushman, ―A multi-level approach to understanding the impact of cyber crime on the financial sector,‖ Computers & Security, vol. 45, pp. 58–74, sep 2014.
- T. Pham. (2016) A guide to stronger security in pci dss 3.2. [Online]. Available: https://duo.com/blog/a-guide-to-stronger-security-in-pci-dss-3-2
- ―Data breach incident investigation report. cathay pacific airways. unauthorized access to personal data of passengers.‖ Report Number:R19 -15281 Date Issued: 6 June 2019.
- F. S. B. C. P. G. Federal Communication Commission, Cyber Security Planning Guide, 2015.
- M. Hopkins and A. Dehghantanha, ―Exploit kits: The production line of the cybercrime economy?‖ in 2015 Second International Conference on Information Security and Cyber Forensics (InfoSec). IEEE, nov 2015.
- M. Trend. (2017, 2) Tracking the Decline of Top Exploit Kits - TrendLabs Security Intelligence Blog. [Online; accessed 5. Sep. 2019]. [Online]. Available: https://blog.trendmicro.com/- trendlabs-security-intelligence/tracking-decline-top-exploit-kits
- V. Chebyshev, ―IT threat evolution Q2 2018. Statistics,‖ 12 2018. [Online]. Available: https://securelist.com/it-threat-evolution-q2-2018-statistics/87170
- T. smart security on demand, The Security Survival Guide for Growing Businesses, 2016.
- B. Li and J. C. C. T. Analysts). (Posted on:March 15, 2016 at 5:43 pm in:Exploits, Vulnerabilities) Exploit kits in 2015: Scale and distribution.
- (2019, 11) What Executives Get Wrong About Cybersecurity. [Online; accessed 10. Nov. 2019]. [Online]. Available: https://sloanreview.mit.edu/article/what-executives-get-wrong-about-cybersecurity
- L. Tucci. (2016, 5) Stuart Madnick: Dark Web hackers trump good guys in sharing information. [Online; accessed 10. Nov. 2019].
- K. Corbin. (CIO) U.s. cio aims to cut legacy spending, proposes it modernization. [Online]. Available: http://- www.cio.com/article/3075842/government-use-of-it/u-s-cio-aims-to-cut-legacy-spending-proposes-it-modernization.html