The growth of the Internet and the World Wide Web has been largely dependent on the development of necessary physical infrastructure. By contrast, the Internet of Things (IoT) is fascinating because it is not limited by physical infrastructure – only by the number of devices.
Cybersecurity. It’s a recent addition to our lexicon, one that is often misunderstood and underrated. The Oxford English Dictionary defines cybersecurity as ‘security relating to computer systems or the Internet, especially that intended to protect against viruses or fraud.” The need to protect against viruses and fraud has increased at a staggering rate. The demand for technicians trained to meet that need has also increased rapidly.Â
The complexity of today’s cyber environment has grown exponentially in recent years, making it extremely difficult for a nonprofessional to handle. Businesses must not adopt a casual approach towards cybersecurity; rather, they should deal with it through a planned, methodical strategy.  Â
What should be the correct approach?     Â
Cybersecurity is not just about knowing the prevalent threats and the best available safeguards. Neither is it an area to be left solely to the IT department. The complexity of cybersecurity must be understood by C-suite executives and other upper management, many of whom have no substantial experience with IT. So, what is the correct approach to handle this nuisance?
The answer is, that for executives and top management, cybersecurity should always be dealt like any other conventional threat to their business goals; the technical details are unnecessary. This stance towards cyber-security allows executives to feel at ease regarding the complexity and technicality of cybersecurity while keeping the organisation well-prepared to deal with cyber threats.
Recommended Approach
What are your business goals?
Before tackling any business problem, executives focus on the business goals. By contrast, IT and other departments, are focused on their specific areas, rather than on the overall goals of the business. Because of this limited scope, when individual departments are given complete initiative for tackling organization-level problems, they can sometimes solve the problem for their department, but wind up causing more damage to the business as a whole. Therefore, executives and top management must work together to ensure that individual departments, including the IT security department, have a proper understanding of the big picture and their place in it. This should help reduce and clarify the threat environment for everyone.
What is the value of the assets to be protected?
Customer credit card data, business transactions, trade secrets, or even information gathered from a customer through a website are all examples of IT assets that must be identified by the top management, with the help of the IT security department. They should either be assigned a dollar value or be graded from 1 to 10, based on their criticality. The value assigned to each asset is not its exact cost; rather, the value includes factors like development and maintenance costs, value to rivals, potential legal problems from the asset’s loss or compromise, etc. Valuation provides executives with a clear view of each asset’s priority and allows a cost-benefit analysis to be performed later, after the costs and values of safeguards have been calculated.
What are the relevant threats and vulnerabilities?
Threats are circumstances that can impact assets in such a way that the business experiences some loss. On the other hand, vulnerabilities are defence weaknesses that an attacker can exploit. For example, if virus infection is the threat, then a related vulnerability would be lack of antivirus software on the system.
It was only a decade ago that the Internet was primarily used and accessed by desktop and laptop computers. Today, mobile devices (phones, tablets, etc.) are quickly becoming the bulk of devices connected to Internet. Additionally, many types of sensors, instruments and devices are also seeking Internet connectivity.
However, some of the most significant Internet-related growth in the coming years will be from what is called the Internet of Things (IoT)—a number of objects hooking to Internet, some of which are hard to imagine even now: refrigerators, microwave ovens, bridges, traffic signals & lights, gates, etc. IoT allows users to sense and control objects through existing network infrastructure, such as Internet, with expected results including increased efficiency, better accuracy and added economic paybacks.Â
What could be the ‘things’ in IoT?
A wide variety of objects are included in IoT. These objects are “things†such as sensors, automobiles, environment monitoring devices, household utility devices, or medical instruments like cardiac monitors, etc. These “things†can be a mix of hardware, software and services. Any object with a sensory component and some associated data can be part of IoT. For example, a refrigerator may need to sense conditions such as the change in temperature or the present position of food in the refrigerator, and it can have associated data about its internal temperature, the amount of food in it, and other relevant information. A refrigerator with those capabilities would be a viable candidate for IoT.
How does IoT work?
IoT is the connectivity of candidate objects over a common network, such as Internet. For those objects to be able to communicate on the network in easily understandable language, special, concise interfaces must be prepared. Currently, connectivity to IoT consists of hooking up a candidate to the network, wired or wirelessly, assigning an IP address to the candidate, and providing the candidate with the necessary bandwidth to communicate. But there must also be agreement between the candidate and the rest of IoT regarding what data is to be communicated and how it will be understood by others on the network. For this agreement to work, IoT candidates must be prepared with the necessary languages, protocols, or other skills needed to communicate over the IoT. With the huge number of objects predicted to be on IoT in near future, allowing so many objects to communicate with each other promises to be gigantic task.
A reliable IoT requires the following components:
Network infrastructure
Today’s Internet, with its typical expansion rate, is the best-suited network for hosting IoT objects. However, it still leaves room for improvement. As and when more objects form part of the network, the backbone bandwidth must also be enhanced. Fortunately, the Internet has proven that network expansion can such enhancements with little trouble.Â
Leaving cybersecurity solely to the IT department is irrational in today’s competitive world. While it may be difficult for an executive with a non-IT background to have a firm understanding of IT security, the solution for the executives is to leave the technicality to the technical guys, but know the technical management themselves. Understanding the threat environment, including potential risks, is an important aspect of information security management. Careful study of tools like the Verizon Data Breach Investigations Report (DBIR) provides insight into the most predominant threats. This year’s report, DBIR 2016, discusses several major types of data breaches.
Phishing
Phishing is masquerading as a trusted entity to steal valuable information from the entity’s users or customers. The information can be usernames, passwords, credit card data, or other personal data. Normally, phishing is done through social engineering, techniques that persuade or trick a user to take some action the user would not otherwise take, such as following some malicious link or opening an attachment containing malware.
The 2016 DBIR reports that phishing has been mainly used for installing persistent malware. Persistent malware is malicious software that keeps coming back regardless of efforts to remove it. These malware are often able to modify the system registry; that is how they remain on the system for long. Executives should know the prevalence of phishing and understand how malicious parties use phishing to place persistent malware on the organization’s systems and steal sensitive data from the system. DBIR 2016 also recommends measures to curtail the phishing threat: isolate the infected system or systems and then disinfect them selectively.
Web Application Attacks
Web applications are a good way to reach customers and promote businesses. Today’s websites are dynamic and interactive; many require login credentials to view member areas with additional accesses and privileges. The downside of these additional accesses are the lucrative playground they create for malicious parties. Hacked user credentials may compromise the backend web servers and enable enemies to gain a strong foothold within an organization’s system.
Why Information Security matters
In the last 20–25 years, information technology has flourished, as offices, businesses, industries and even households, have become significantly automated. In addition, online connectivity has converted the world into a global village. Now, as the world moves into the era of the Internet of Things, it has become nearly impossible to operate in society without online connectivity. Even the sensitive government and military organizations are having trouble staying isolated.
While the increased reliance on IT and connectivity often makes life convenient, with increased connectivity has come issues of increased threats to confidentiality, integrity, and availability of information. Automated systems with security loopholes can now cause greater disasters than were possible from the insecure, isolated, manual systems of the past. For example losing an office laptop while traveling is significantly more problematic than losing a briefcase containing office documents. With lost documents, the loss stops with the documents; with a lost laptop, the potential impact affects every system to which that laptop could connect.
The gap between bigger threats and limited staff
While many organizations, particularly government and military agencies, now recognize the need for information security, there are not enough information security professionals around the globe to meet current and anticipated requirements. As a result, some organizations must rely on inexperienced and unqualified information security staff, or they may have to outsource their information security matters.
B&GC-CT recognized for achieving key distinctions in professional development
KILLEEN, Texas, July 10, 2015 /PRNewswire-USNewswire/ — Dr. Mary Keller, CEO, Military Child Education Coalition (MCEC), presented the MCEC Seal of Excellence in Service at the Bronze Level to Mr. Jon Charles, Chief Personnel Officer, Boys & Girls Clubs of America – Central, TX (B&GC-CT) in recognition of the B&GC-CT having achieved the key requirements of the MCEC Professional Development Certification Program. https://www.flickr.com/photos/militarychild/sets/72157655296634770
Acknowledging the program’s success, Mr. Charles said, “We’ve seen great dividends on the training. We’ve put it into action and have had zero issues in this busy first half of summer.” Mr. Abdul Subhani, Chief Volunteer Officer for B&GC-CT, added, “Professional development is the key, important feature for any staff to excel. Our focus on education, especially technical education, will be enhanced by this staff enrichment.” The Professional Development Certification Program offers a systematic approach to professional development through research-driven strategies that address the academic, social, and emotional needs of the child. The program consists of three levels of certification: bronze, silver, and gold, which all represent increasingly advanced thresholds for professional development.
Reeces Creek Elementary School in Killeen won the Juvenile Diabetes Research Foundation Kids Walk email fundraising contest. Reeces Creek supporters sent the most emails of any school in the nation registered in the event.
The foundation awarded the school a $250 gift card for their success. This is the first year Reeces Creek took part in the kids walk and the school is the first in Killeen ISD to participate. The school raised funds for two weeks, culminating with an awareness-raising walk last October.
CTC Foundation receives scholarship donation from Subhani Foundation
The Central Texas College Foundation recently announced it received a $5,000 donation from the Subhani Foundation to endow a scholarship for qualified students pursuing a degree in computer science. Founded in 2010 by Abdul Subhani, managing partner of CenTex Technologies, the Subhani Foundation supports worthy nonprofit, charitable and community-based organizations in an effort to encourage future generations’ appreciation and understanding of the potentials of technology and science through creative education and community outreach programs.
“This scholarship is a tremendous addition to the more than 150 endowed scholarships offered by CTC Foundation,†said James Anderson, board chairman of the CTC Foundation. “As a CTC graduate and adjunct faculty member, Subhani continues to give back to the community. His generosity is paramount to the existence of our scholarship program.â€
Websites are a powerful tool for businesses, giving owners direct control over the message they are trying to deliver to customers.
Below are 10 reasons why websites are important in today’s world.
1. Cheaper and more flexible than print advertising: The Internet is extremely different from print advertising in that space is cheap, your advertisement is accessible for a longer period of time, the content can be changed without having to ask someone to do it for you (if you use a content management system) and you can potentially reach a wider audience.
2. Market expansion: The Internet has allowed businesses to break through the geographical barriers and become accessible, virtually, from any country in the world by a potential customer with Internet access.
3. Diversify revenue streams: A website is not just a medium for representation of a company, it is a form of media from which everybody can acquire information.
4. 24-7-365: No more turning customers away when it’s time to close shop, putting up a note saying closed for public holiday or leaving an irritating message on an answering service specifying trading hours. Tell them to visit your website for information.
5. Offer convenience: It is far more convenient for a person to research a product on the Internet than it is to get in a car, drive somewhere and ask someone for information on a product.
The Central Texas College (CTC) Foundation recently announced it received a $5,000 donation from the Subhani Foundation to endow a scholarship for qualified students pursuing a degree in computer science. Founded in 2010 by Abdul Subhani, managing partner of CenTex Technologies, the Subhani Foundation supports worthy non-profit, charitable and community-based organizations in an effort to encourage future generations’ appreciation and understanding of the potentials of technology and science through creative education and community outreach programs.
“This scholarship is a tremendous addition to the more than 150 endowed scholarships offered by CTC Foundation,†said James Anderson, board chairman of the CTC Foundation. “As a CTC graduate and adjunct faculty member, Subhani continues to give back to the community. His generosity is paramount to the existence of our scholarship program.â€