May 27, 2023 6 min read

The Evolution of Information Security

The Evolution of Information Security

Closing the Digital Divide

In our modern technological age people in the first world have become reliant on information technology. Up until recently the rest of the world has generally been left behind in terms of their access to information technologies such as computers, mobile devices and internet access. This gap is referred to as the digital divide and it is rapidly closing as the proliferation of technology becomes cheaper and more easily accomplished through a variety of methods.

The closing of the digital divide is likely to have a dramatic impact on the world from a cybersecurity standpoint. One of the main reasons for this is the introduction of new users and information systems into the digital ecosystem. Underprivileged communities may not have a proper understanding of cybersecurity or the tools necessary to combat this threat. Introducing these new users to the multitude of digital services through internet creates an opportunity for attackers to prey on unsuspecting victims.

There are other potential cybersecurity downsides of closing the digital divide and through the widespread adoption of technological solutions to daily problems. The more information systems and devices that are in use the larger the potential list of targets for attackers. This provides more attack vectors that can be used to infiltrate an organization or hack an individual. Internet of Things (IoT) devices are becoming more widespread and have notoriously been equipped with low security features. IoT devices may serve as a vulnerable attack vector and adversary can use to infiltrate a network or larger and more important information system.

Additionally, as new communities gain the infrastructure to enter the cyber domain there will statistically be an increase in threat actors. Individuals and groups will quickly learn that it is possible to use technology for illicit activities such as scams, hacking, defacing websites, harassment and a multitude of economic crimes. As more threat actors come online the need for cybersecurity professionals and cyber awareness training will dramatically increase. Regular citizens will likely need to become more knowledgeable about the risks associated with information technology and how they can protect themselves.

Lastly, the increased volume of threat actors, attacks and other security risks may become to large for cybersecurity professionals. This may require the invention of new security related technologies and methods that are able to handle the rising number of threats. This may include an increased reliance on artificial intelligence, machine learning and quantum technologies such as quantum cryptography.

Technology Dependence and Increased Vulnerability

As more aspects of modern life are outsourced or conducted through information technology the potential vulnerabilities that can be exploited rises. Industries such as banking, transportation and critical infrastructure become more susceptible when they operate through technology that may be targeted by sophisticated threat actors. Adversarial groups can target these industries for a variety of reasons such as cyber warfare, economic gain and ideological purposes.

Critical infrastructure such as the power grid, nuclear facilities, rail systems and communication networks are essential components of modern society. Those in the modern world rely heavily on these industries and their disruption can cause massive societal damages. A small example of this is the U.S. pipeline ransomware attack in 2021 which left people without fuel for a short period of time. During this period tensions in society rose higher and people began panic buying as well as other scarcity minded behavior. This was only one brief attack on a single pipeline. If there was a coordinated attack on multiple aspects of critical infrastructure either directly or indirectly it could have disastrous consequences.

Additionally, the financial industry is another sector which is highly susceptible to cyber attacks. Consumer banks and institutional banks rely on sophisticated financial technology to operate properly. This includes payment processors, online banking, trading tools and other aspects of information technology that could potentially be disrupted. These institutions also hold massive amounts of private data about consumers which has been historically targeted by threat actors. An example of this is the major Equifax breach in 2017 which compromised hundreds of millions of users private information.

Businesses and organizations are also at risk of being targeted by cyber criminals and various threat actors. A cyber attack or breach at an organization can have disastrous consequences even if the initial damage was benign. A company’s reputation may be permanently damaged by the stigma caused by experiencing a cyber attack or breach. Additionally, most business store volumes of private data such credit card numbers, banking information, transaction details and other personally identifiable information (PII) which can be used by an adversary for financial gain or other malicious purposes.

Cybersecurity is also a threat to individuals who may be targeted by scammers or other threat actors in the cyber domain. Common threats involve financial scams, cyber stalking and harassment. In our modern technological age all of our information is on the internet for anyone to find. If people add to this through the use of social media and other practices one can play into the hand of the adversary by providing enough information to build a well crafted social engineering campaign. This can be used to scam people into clicking malicious links, providing personal information and further compromising oneself.

Moving forward individuals, businesses and government organizations will need to develop more advanced methods of protecting consumer data, proprietary information and classified information from cyber threats. This may involve a variety of advanced techniques such as quantum cryptography, advanced technical security controls and authentication methods. Additionally, it may be necessary for some industries to use no or low tech methods of information storage and communication to protect against cyber threats.

Cyber Attacks, Breaches and Incidents

Cybersecurity incidents are becoming increasingly common in the government and businesses sector as well as in the lives of individuals. Cyber incidents can have serious consequences for organizations large and small as well as for individuals. Damage caused to government organizations usually involves the loss of classified information or personally identifiable information (PII) relating to government personnel. Damage to businesses includes financial theft, the loss of trade secrets and damage to brand reputation. The damage to individuals commonly involves identity theft, financial loss and the psychological effect these incidents cause.

Cyber incidents can take on many different forms such as phishing attacks through email or text, malware such as key loggers and ransomware, and denial of service (DoS) attacks that limit the operational functions of organizations. The most common type of attack delivery is phishing emails which can be crafted in any way necessary to convince the victim to click on the malicious link. This action can instal malware, steal credentials and manipulate users into providing sensitive information such as banking details. Depending on the organization and the industry these actions could have devastating consequences.

An example of this is the Office of Personnel Management (OPM) cyber breach in 2014 carried out against the United States by threat actors associated with China.
Individual are also the sole targets of cyber related attacks which can arise for a variety of reasons. Individuals who have a high network may be targeted by cyber criminals in an attempt to steal their financial assets. This is an emerging threat in the cryptocurrency domain where attackers are using attacks such as subscriber identity module (SIM) swapping techniques to steal cryptocurrency wallets through bypassing multi-factor authentication.

Regular citizens may also become the victims of financially motivated cyber attacks. For example identity theft, credit card fraud and the sale of account credentials is on the rise especially with the existence of dark web marketplaces. Additionally, individuals may be attacked for political, religious and ideological reasons by hacktivists, lone wolf attackers and cyber terrorists. These attacks may involve personal threats, blackmail and other forms of harassment.

Conclusion

The widespread use of technology is accelerating faster each year as cheaper and more scalable solutions promise to deliver essential services to underserved markets. There are numerous security concerns that arise from the increasing number of users and devices on the global network. This includes the statistical increase in potential threat actors, attack vectors, targets and ancillary effects of technology dependence.

Cyber threat actors are continually inventing new and improved methods of conducting illicit activity whether it be for cyber espionage, fraud, theft or terrorism. The use of technology in these activities will likely increase as the world becomes more dependent on information technology to fulfill daily functions. This brings introduces many new concerns for individual privacy, national security and financial security. The aim of this study is to discover emerging trends in the widespread use of technology and how it relates to cybersecurity and information security. The next section will provide a detailed section on the methodology to be used in the proposed research study.

References

Cybersecurity: trends, issues and challenges. (EURASIP Journal on Multimedia and Information Security)

Foresight of cyber security threat drivers and affecting technologies. (Cambridge)

Subjective health complaints in adolescent victims of cyber harassment. (BMC Public Health)

Threat Actors’ Tenacity to Disrupt: Examination of Major Cybersecurity Incidents. (IEEE Access)

Trojan horse risks in the maritime transportation systems sector. (Journal of Transportation Security)

Understanding Cybersecurity Threat Trends Through Dynamic Topic Modeling. (Frontiers in Big Data)

eSecurity Institute
We are committed to helping individuals gain the knowledge and expertise they need to succeed in cybersecurity.
Great! You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to eSecurity Institute.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.