Day 54 – Q 5. Enumerate the security threats imposed by misuse of communication networks and social media.
5. Enumerate the security threats imposed by misuse of communication networks and social media.
संचार नेटवर्क और सोशल मीडिया के दुरूपयोग से उत्पन्न होने वाले सुरक्षा खतरों की जाँच करें।
Smartphone and internet usage in India is set to massively swell in the next four years.
By 2022, there will be 829 million smartphone users in India, accounting for 60% of the population, according to Cisco’s 13th annual Visual Networking Index (VNI).
With the increase penetration of smartphones, the security threats related to cyber space are cause of concern
Security threats due to misuse:
- Social engineering: Today, ‘social engineering’ is one of the most prevalent social media threats and also the most popular tactic for cyber criminals. Social media platforms allow attackers to find personal information that can be used to target specific individuals. Using information from employee profiles, a plausible fake account can be created to establish trust over time. Once the trust is built, the attacker might start asking for specific information, like internal server names, project names, or even have the new friend open an infected document or visit a prepared website that will drop a backdoor onto their computer. Eg: The recent case of BrahMoS Engineer being lured by Pakistan’s ISI.
- Targeted phishing attacks: Such attacks are carried out to steal money or confidential information, as was the case with the Hydraq attacks in early 2010 that compromised critical information of several multi-national companies. This social media threat is an example of social engineering tactics, whereby attackers exploit fear and anxiety, instead of system vulnerability to get users to part with their money. Since these attacks are so specific and targeted, the chances of success are higher. Rent Examples from India include July 206 attack on Union bank of India swindling bank of $171 million, a prompt action did help to recover the amount, data theft of millions of users of zomato.
- Steal of confidential information of official. national, defence and businesses through advanced persistent threats Eg: DeepPanda in 2015 – attack on US office of personal management by China, StuxWorm 2010-Attack on Iranian infrastructure .
- Fake news: The internet has enabled a whole new way to publish, share and consume information and news with very little regulation or editorial standards. This has in turn led to deliberate propaganda and clickbait articles causing disharmony in society Ex: Communalism of incidents related to death of person
- Radicalisation of youth: The modus operandi of ISIS was usage of social media to spread the message and target vulnerable youth who felt alienated leading to increase in crimes like lone wolf attack in West .
- Criminal Activity and Money laundering: Organised criminals are now using social media to recruit some public individuals to act as unsuspecting money launderers of their money they got from their dirty works like drug smuggling, people trafficking and fraud.
The various steps which can be taken to safeguard the threats include
1)PPP Model for Cyber security :
- State Cybersecurity Framework shall be envisaged in P-P-P Model
- Government shall partner with the private sector and the academia to strength cybersecurity posture of the state.
2)Information Security policy and practises:
- IS Policies & practices shall be mandated at govt. functionaries & its service providers
- Security Audit Adhering to international standards applicable for all govt. websites, applications before hosting and publishing
- Govt. to ensure ISPs operating in the state shall deploy cybersecurity plans in line with State cybersecurity policy.
3) State Computer Response teams:
- Establishment of the State CERT to operate in conjunction ICERT and coordinate with NCIIPC
- Cybersecurity drills shall be carried out under the supervision of I-CERT
Govt. agencies implementing IT Projects shall allocate appropriate budget towards compliance with the security requirement of IT Act 2000 and State cybersecurity policy, ISMS, security solution procurement and trainings.
5)Capacity Building and awareness:
- Govt. shall take appropriate steps for enhancing awareness of citizens and small business for cybersecurity
- Cybersecurity Capacity building and training for professional, extending ISEA program, introducing curricula academia and organizing conferences
- Strengthening LEAs through training, establishment of forensics labs, etc.
With the increase in penetration of internet in India , need is to be aware of risks and handle those risks on war footing
Best Answer: Swapnil