Managing Cyber-crime Menace: Train, train, and more training!
According to Techopedia, Cyber-crime is defined as a crime in which a computer is the object of the crime (hacking, phishing, spamming) or is used as a tool to commit an offense (child pornography, hate crimes). Cyber-criminals may use computer technology to access personal information, business trade secrets, or use the Internet for oppressive or spiteful purposes. Criminals can also use computers for communication and document or data storage. These kinds of criminals are known as hackers.
In the recent past there have been reports of organizations getting their websites and social media accounts hacked. The hackers have in a number of instances denied access, defaced the sites, left threatening messages or even used them as platforms to hack to other sites. The worst of the cases is where the activities have led to loss of revenue by the victims especially where the hacking activities have been aimed at financial data in financial institutions such as banks.
Here in Kenya, our Vice President’s Twitter account hacked into and tweets made from it. We also have had our National Police Force Website hacked into more than twice in a span of three years. Other instances where hackers have targeted institutions include- Bank cybercrime (https://www.jambonewspot.com/how-fraudsters-stole-ksh1-5-billion-from-kenyas-banks-in-one-year/), IFMIS, Kenya Defence Forces twitter account , etc. Even after all the sighted occurrences, in last quarter of last year, 77 Chinese aliens were arrested in Runda, a luxurious residential estate in Nairobi, after the police responded to a fire accident. The fire accident proved to be God sent after it revealed a Cyber-crime scene. The sad thing is that if the fire hadn’t occurred, the criminals would still have been operational since the police had no clue whatsoever.
Common types of cyber-crime include online bank information theft, identity theft and unauthorized computer access. Cyber terrorism is also steadily on the rise. The trend is steadily rising and it’s very important that the government starts looking for ways to curb the rising cases of cyber crime. And our answer to this problem lies in the hackers.
Any time we hear of hackers we tend to gravitate to the dark side of computer criminals committing crimes for their personal gain but the truth of the matter is that there are different types of hackers. Hackers range from the black hats, white hats and the grey hats. The Black hats are the kind of hackers that we all know of. They will infiltrate a computer out of personal and malicious interests. They will seek to bring a system to a vulnerable position that they can exploit it from. The White hats are also referred to as Ethical hackers. This kind is usually hired by an organization to be able to infiltrate a company’s system all in a bid to understand their weakness and thus be able to seal it before it is attacked. This act is also known as Penetration Testing. The Grey Hats are placed in between the black and white hats. A grey hat will infiltrate a system without any prior permission, which is illegal yet inform the organization of the breach thus take no malicious action. The problem with the grey hats is that they might inform their victim of the breach publicly thus opening up the avenue for the black hats to react before the breach is rectified.
We need more White hats in our security agencies to perform penetration tests that will reduce the possibilities of critical information being accessed. These individuals will be in charge of ensuring Cyber crimes are reduced and effectively nipped in the bud before they can bear great repercussions.
NEED FOR TRAINING AT INSTITUTIONAL AND NATIONAL LEVELS
When challenged by a situation such as this one, organisations may choose various options to counter the threats. One option is to hire services of the experts in hacking to clean up their system or perform periodic Pen tests and then advice on the way forward. Whereas this may seem to be an easy and quick way out of the situation, it has its own pitfalls. Like any other area relating to security, Information Security should not be part of what an organisation would feel comfortable outsourcing. The reasons are quite obvious and ominously dire especially when you consider that breaches can occur in the hands of the outsourced firms hence leading to devastating consequences.
The other option is slow but calculative, where an organisation embarks on breeding their own expertise through systematic training and knowledge transfer. The organisation IT staff are well placed to handle information breaches as they are exposed to it everyday. They also understand the user behavior /pattern within the organisation and thus can be proactive in a number of circumstances. Furthermore, they can be instrumental in user education when it comes to implementation of IT Security Policy which must be a closely monitored item within the organisation.
There are a number of training institutions that provide this training to organisations and individuals. Some provide training that may equip the trainees with relevant skills that can point to them towards certifications whereas other offer low-level non expert security skills on cyber use.
Here at Kenvision Techniks, we pride ourselves in offering an effective Ethical hacking and Countermeasures Training program to the interested parties. One such program is coming up in June this year. This class will immerse the student into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defenses work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation.
What’s more, this class will enable you begin your journey to Ethical Hacking Certification (ECH) if you consider this route for your great career!! We are registering.