Cyber crime is becoming increasingly expensive and embarrassing for organisations but there are some basic, cost-effective, training-related steps that organisations can take to prevent disaster, reports Bob Little.
If, as commentators keep saying, training activities are becoming more closely aligned with business goals, then one of the key growth areas for training is in countering cyber crime. This training concentrates on two main areas: IT professionals - and every other computer user in an organisation.
“The US government has reported that revenues made by criminals through cyber crime now exceed those from drugs and narcotics - and with little risk if done well,” according to Rajive Kapoor, of the UK-based cyber crime fighters, SSR-i. “Some reports claim that the cyber crime market is worth as much as $1.6tr - but, whatever the true figure, the cost to organisations is high. On the other hand, rectification and prevention are simple and, by comparison, inexpensive.”
Even with modern cyber security levels - including the use of better encryption, intrusion detection systems, cryptography and so on – CardSystems Solutions in Tucson, Arizona, a third-party processor of payment card transactions, recently noticed that a hacker had gained unauthorised access to its database and installed a script-to-screen for particular transactions, placing more than 40m credit card accounts at risk.
Systems administrators continue to experience problems in ensuring that their corporate networks are completely secure across geographical regions with multiple servers, a variety of software, thousands of users and with the daily dose of patches that need to be applied.
These administrators are IT professionals. They usually receive some training in computer security but everyone who uses a computer poses a security risk. So, all computer users need to know about such things as spyware, trojans, phishing attacks, spamming and hacking techniques.
SSR-i is the master distributor throughout Europe for a range of anti cyber crime courses for professional and ‘amateur’ computer users from the New York-based International Council of Electronic Commerce Consultants (EC-Council). According to the EC-Council’s president, Sanjay Bavisi: “If you are someone who banks online, pays utility bills online, shops online, has children chatting online, downloads shareware and games, communicates over emails, subscribes to a broadband connection or uses a computer system at work and/or home, you need to have ‘Security 5’ training – an entry level training and certification for those interested in computer networking and security basics to help you guard your information assets.
“Identity theft, social engineering, credit card fraud, online bank phishing scams, virus and backdoors, email hoaxes, sex offenders lurking online, loss of confidential information and hackers are just some of the threats you will face on a daily basis,” he added. “Are organisations prepared to face them and defend themselves?”
“Organisations fail to understand that, even if they invest in the best technology, security is only as good as the weakest link. This includes the human link - who can be an ill-informed administrator, an inept security professional or a disgruntled or ignorant employee,” added Kapoor.
Key questions, as far as cyber crime is concerned, are: who, in your company, completely understands all of the configuration and security challenges raised by all of these multiple installations, and who is looking out for automated security vulnerabilities caused by these installations?
“Of course,” pointed out Kapoor, “In many cases the very technologies bought to protect organisations are being used to ‘hack’ their systems. Technology has no conscience. Those who are skilled in its use can make it do what they want it to do. The ultimate responsibility to prevent cyber crime lies with staff, since they are the ultimate guardians of the key information that every cyber criminal needs in order to succeed.”
Hackers – who can be both from inside and outside the organisation aim to get into the system at any cost. Moreover, few people even IT professionals understand all the complexities of the hacking world or that many hacking tools available for download on the internet can compromise a network with just a mouse click.
Consequently, independent companies, such as EC-Council, its distributors and the International Information Systems Security Certification Consortium (ISC²®) offer ‘anti cyber crime’ courses. These include Certified Ethical Hacker (CEH) and Certified Security Analyst (ECSA) training courses and materials, as well as courses that develop peoples skills to conduct controlled, ‘licensed penetration tests’ (LPT) on their organisation’s infrastructure throughout the year, so that they can identify potential points of intrusion and secure them - before hackers find them.
Bob Little has been writing and commentating on technology based training, including e-learning, since 1990. His work has been published across three continents – the USA, Europe and Australia, making him unique as a commentator on the worldwide e-learning scene.
