Cyber security in the software worldAbstract This report deliberatesthe importance of cyber security when it comes to the real world, and theeconomical downfall that is caused by the booming of several cyber-attacks, thereview also explores into the exploitation of the computers that has encouragedpresent day crimes, and the code of ethics that surrounds an individualprofessional. In addition, we also discuss the legislative frameworks that hasbeen implemented to restrain cyber security attacks.Introduction The informationtechnology has evolved immensely over the past couple of years, and as itexpands it brings in more threats in harm’s way. There is an increased concernregarding the protection of ICT systems from unknown cyber-attacks. The perception of modern society from theirperspective is the cause of many cyber-attacks as high addiction of informationtechnology made us liable to the cyber-attacks that disturb the data.Cyber-attacks are carried out in various forms and threat levels such as DoSattack, Trojan attacks, Phishing attacks, E-mail bombing, Cyber trafficking,Brute force attacks and many more. Although no other technical definition byany legal or the lawful body for cybercrime.
It is being defined by computerresearch Centre as “Crimes committed on internet using the computer either astool or a target”. Heightened role of information technology and rise of thee-commerce sector has turned cyber security into a very crucial policy issueall over the world. Cyber security means safeguarding information, assets andthe computer document or the resources stored. As in the growing era modernthief can steal more with the computer than the gun. Literature review There are three factors which depends on the risk associated, threats(who is attacking), vulnerabilities (the weakness they are attacking) andimpacts (the effects of the attack). The threat that these attacks bring is not.There are many incidents regarding these crimes in the past years for exampleMore than 4,000 ransomware attacks have occurred every day since the beginningof 2016.
That’s a 300% increase over 2015, where 1,000 ransomware attacks wereseen per dayComputer Crime and Intellectual PropertySection (CCIPS). Phishing emails have continued to grow as an attackvector for ransomware. The statistic reported by PhishMe earlier in 2016 was shocking, with 92% of phishing emailsthey collected containing ransomware in the first quarter of 2016PhishMe 2016 Q3 Malware Review, as we can see thetypes of attacks has increased by an alarming amount. A distributed denial ofservice or DDOS is a major attack in which multiple compromised computersystems target a server or a website flooding with unwanted data thus slowingdown or crashing the system, thus making it the single largest threat, thereare many recent examples. On the end of November 2016 a wave of DDos attacks hitat least five Russian banks, the attack was conducted by a series of botnetsconsisting of around 10000 computers which were located at around 10 countries,fortunately the attack was considered a weak one, even though it is known asthe first time hackers have conducted a massive DDos campaign against Russianbanks since October 2015.During the period of the Rio Olympics a DDos for hireservice known as Lizard stresser was responsible for one of the attacks, as theOlympics were scheduled to begin botnets attacked affiliated organizations using thelesser-known IP protocol Generic Routing Encapsulation (GRE) and high-volumepacket-floods destined for UDP/179. The attack ultimately peaked at 540 Gbps.,an attack like this could have easily destroyed the media coverage of theOlympics and many more.
Another incident occurred on 21 October 2016, whichaffected the servers of a company named Dyn, which controls the internet’s DNSinfrastructure, the cause of this havoc was a series DDos attacks which causedcomputers to be infected with malware but what makes the attack special wasbecause it was carried out using a weapon known as the Mirai botnet, this wasmade up from Internet of things devices such as digital cameras and DVRplayers, due to this the attack had many devices to choose from thus creating abigger attack this made high profile websites like GitHub , Twitter, Spotify,LinkedIn to go offline and suffer from the service interruptions.Helping to make sure the security takes place in orderto achieve a successful environment eventually comes down to every government,business, private institution and individual around the world. We are thetargets when it comes to cybercrime any government department, corporatenetwork or even your phone can be used for an attack. Good governmentregulations, professional and skilled IT staffs in a company and the righteducation with proper training can reduce the exposure to cyber-attacks. Whenit comes to cyber security it’s not only about defending the technical aspectsof it, it’s also about the people and how we handle data in the workplace, theinformation we give out, the emails we send and the sites we access.
Therefore,professional bodies play a major role when it comes to cyber security.In any company ethics will play a major role and shouldbe of particular concern when it comes to cyber securitydifferent sectors,will have their own rules people will have to follow, for an industry asdiverse and skilled as ICT it helps if professionals can demonstrate adherenceto a code of ethics through membership of a professional institution. Manyprofessional organizations hold their members to standards that ensure thereputation and respectability of a profession is preserved.
LegalImplications and the framework of the attack When these attacks occurwe should consider the legal implications for the businesses that suffercyber-attacks, the major attack which involved a domain name serviceprovider(Dyn) caused many casualties for a lot of sites like LinkedIn, Amazon,Netflix, Reddit, Soundclound. In the Report of June 2014 taken by Center forStrategic and International Studies stated that yearly cost to the globaleconomy by the incidents of cybercrime is more than $400 billion. Cybercrimeimplications will progressively increment more and more as business functionsare continuously flourishing their business online and more of the company’sand customers of the world are linking to the internet. In another incident ithas been reported that money was taken from around 20000 Tesco customeraccount. After the attack, Tesco bank has put in measures temporary in order tostop the current account so that customers won’t be making payments.
InDecember last year Yahoo has reported two cyber-attacks involving the leak ofdetails of more than billion accounts, however the biggest problem was notdirect damage from the attack but the several class action suits filed againstit and the investigations by the congress. As we can see these examplesillustrate the grave legal repercussions that can results from a cyberattack oncompanies, since they can be exposed by clients whose identity have beencompromised. Issues and theimplications that arise from the software world Nearly every softwaredevelopment company faces various kinds of challenges throughout its dailyoperations and some of these issues have implications.Before starting initialphase of the development process, one must have a clear idea about the client’srequirements. Unfortunately for the developers sometimes what the customerwants is not what the customer needs, this would be the job of the systemanalyst, to recognize the requirements. This doesn’t mean that the clientdoesn’t know what he wants from a system, but it’s often the case that theclients describes the system how it can solve the current problem.
Not knowingclear initial client requirements may affect the workplace in numerous waysfrom time management to budget constraints, as an individual you could writethe requirements beforehand, have it signed by the client and explained to thedevelopment team prior of starting the project.Scheduling work andkeeping the track of project timelines is another issue, the problem lies inorder to track and keeping up with the minimum time allocated for a certaintask this could lead to the final product being in a lower standard, a solutionfor this could be as Maia Heyck-Merlin, author of the Together Leader (2016),suggests that having your team members track their respective times, and byhaving the project manager to review the tasks.Another issue is thechange of requirements; most development companies will inform if the initialrequirements are altered, this will most definitely affect the delivery period,if this is an outsourcing company it will also cause other projects to bedelayed as well since the projects are arranged sequentially, a solution forthis could be if the clients are informed about necessary changes beforehand.
The task to identify the oncoming delays is up to the project manager, where heis to communicate with the developers to minimize the delivery period.The developers are put ina risk when the requirements to follow should be in a standard that will workwith both global and national markets, due to these reasons of risks the finalproduct value might decrease in quality and personal contribution would also beaffected, it also affects the professional development and the team basedsoftware since there is high pressure involved when working in teams with lessamount of time. And since the end product received to client has lowexpectations, the client may change their product as well. Due to theseproblems the best way to solve it is by introducing the Agile methodology in tothe industry, this will help maintain the efficiency and value of the softwareproduct. Conclusion Inconclusion there are many types of cyber-attacks that people are not even awareof, these attacks can happen in the smallest form from like getting access toyour social media account to the biggest, such as hacking your personal details.
Even big companies with noteworthy resources devoted to cyber security havesuffered from huge compromises and organizations that do not have such levelsof talents have faced even bigger threats. The only solution to attacks likethis would be that organizations would need to understand their threat levelsand the risks they encounter daily, address these cyber security problems andhire the most suitable professionals to deal with it. Theissues that were discussed are common problems that is faced by any softwaredevelopment companies. And it all comes down to making the procedures andclearly identifying with who and how the work will be done from within thecompany. Another factor which is important to consider is to automate theprocesses using the available systems this will help in managing many projectsand also many clients, this will also decrease the time management on a certainproject and focus could be given to the software development and testing.