العربية
|
Site Map
|
RSLF Portal
 
Skip navigation links
Home Page
About the Magazine
Chief Editor word
Contact Us
Information security: a collective responsibility
Royal Saudi Land Forces > Albarriyah Magazine > Articles > Information security: a collective responsibility

The modern technologies revolution in telecommunication and information networks has spawned new threats and risks, posing a security challenge to installations and individuals alike. Computer crimes are wide spread due to the wide-scale use of the internet. Hackers are now having the upper hand in this sphere which could easily be likdened to the battle grounds of conventional wars.

It is a fierce total war in which all legal and illegal weapons are used and whose field is getting wider day in and day out.The information security company “F secure” has said that the number of viruses has increased 200% in the year 2008 compared to the numbers discovered in the last two decades.This gives a clear indication of the magnitude of the problem at the end of 2010. Such expansion has transcended the limits of planet earth to invade the space as the virus designed to steal the code of a computer game has found to its way to the international space station through a mobile telephone infected with the virus.

Secrete Economy:

This non-conventional war or the “secrete economy” as called by News Week has become a source of income for such thieves. The security and cooperation organization in Europe estimated their profits at more than $100 billion annually. Add to this the indirect losses incurred by states, companies and even individuals as a result of the theft of private data, loss of reputation and confidence, systems stoppage and sabotage repair costs.
A cursory glance at the costs incurred by the banking sectors reveals that losses of U.S banks in the second quarter of 2008 totaled $16 billion or $178 million daily. In the Arabian Gulf region alone the losses due to financial fraud in 2009 was estimated at more than $380 million.

Normally, during wars each party will be armed with the weapons that protect him from his enemy’s weapons and fire power, but the case here is quite different: the greatest danger posed by this war is that we (the other party) are not aware that we are a party in such war. Consequently, we are not prepared and sometimes the war is over and we are still unaware of the seriousness of the situation.A survey by A Tracks showed that more than 50% of internet users falsely believe that they are protected against hackers. And the case is similar for institutions according great attention to information security such as banks. Information Week magazine said 75% bank sites contain security loopholes used by pirates.

A scaring figure:

Such E-wars are neither fictitious nor taking place in a distant battle ground. They are occurring daily and momentarily here and there. You may now be engrossed in reading while you are one of their victims. A report by Kasper Sky covering 2008 said Egypt ranked second internationally (15%) with regard to attacked internet users, followed by Turkey in third place. You may be particularly surprised to know that Saudi Arabia ranked 9th , a scaring figure as the number of users is very small compared to other advanced nations and compared to first place China. Moreover, the website of Kasper Sky, the pioneering anti-virus security company, was attacked by hackers during the last two years.

Those professionals are driven by various factors to commit such internationally prohibited practices. They may be strictly material ,collecting money by illegal means, including credit card thefts and e-robbery targeting banks or other means.
Other factors include curiosity and the desire to be famous. The factors may escalate to an information war at the level of states, organizations and commercial installations. And they range from military to political, economic, social and cultural spheres.

As is well known there is no absolute information technology protection. We are called upon to achieve the maximum possible protection and be convinced that the security of our system and networks deserve much more attention from us, rather than considering it as projects carried out by pessimists to protect us against dangers that are far away from us.

Most international companies accord utmost attention to the protection of their data and systems, considering it a feasible investment that spares them the cost of losing this war. Worthy of mentioning in this context is the 4-year internet security initiative approved by U.S president George Bush in 2008 at a total cost of $30 billion. Also on may 29 last year president Obama announced the setting up of an office for protecting the national infrastructure against e-crimes, saying that the U.S lost $8 billion due to e-crimes in the last two years.

Addressing information security risks:

From a personal point of view I think that the first step lies in abandoning the false sense of security and the belief that we are not concerned with this menace either due to ignorance or hypotheses instilled in our minds by security systems companies to make us believe that the purchase of this or that system will ensure the protection of our devices, networks and e-sites. Such false sense of security is in fact more dangerous than the real sense of insecurity. Jell Fox, editor of Consumer Reports magazine considered this false sense of security one of the seven mistakes that make internet users prone to hackers attacks.

The best means at this stage is to make a comprehensive analysis of the risks encountered by us or by our internet sites ensuring the best protection method. Afterward we will gradually understand that there are many measures to be taken to avoid these risks.

The second step is security awareness for computer users in general. The level of security for information systems is measured by their weakest link, most probably the human element. This step involves continued effort and various programs to upgrade security and awareness of computer users, changing certain customs, behaviors and beliefs that make our systems and networks prone to hacker attacks. Securing the locks is not enough if the guard is fast asleep.

Later steps concern implementation of the security plan according to resources to be protected and their environment. The security systems are comprised of many layers beginning with the fire walls and hacker detection.
Another layer involves site filtering programs’ e-mail messages, anti-virus programs and Trojan horses. The third layer concerns security loopholes detection programs and security policy imposition programs. The penultimate layer concerns systems coding, data bases and application of PKI basic environment. Lastly taking all these precautions is not enough without a human element able to run this system and promptly respond to developments, not to mention the development and modernization of the system.

Information security is not confined to protection programs:

The information security of any facility should not be confined only to protection programs and systems, they should be bolstered by security polices and measures to ensure continued protection of resources. They should be based on the facility’s work requirements and expected risks. All its personnel should adopt and abide by these measures at all times.

We do not intend to scare computer users, but it is a cautioning message to seriously ponder investment in the security of our networks and information systems. We also have to arm ourselves in this battle to emerge victorious. The huge preparations for any war and the strenuous search to plug any loopholes that could be used by the enemy constitute the first signs of victory.

By: Major/ Saleh Bin Ahmad Al-Megren.
Copyright © RSLF - All Rights Reserved.
Terms of Service | Privacy Policy