The Unfortunate Necessity of Security

In a perfect world where everyone follows the rules and nobody sabotages others security would not be necessary. However, we live on Earth, and for every well intention citizen there will be someone out to improve their lives at the expense of others. Some of the most obvious cases come from people online. Even now, as you read this post, shady people are scouring the web for vulnerable people and systems. 


Motivations To Steal

According to Jory MacKay from Identity Guard, “scammers and hackers are almost always financially motivated”, meaning that Cybercriminals will always go after things that make them money. One of the most prolific money makers online is real-world data. This data is often on the average person, but can scale up to operational data for businesses. 

Like individuals, companies have many things cybercriminals can steal for profit. In fact, companies are more lucrative than individuals. Granted, corporations often have the same data an individual holds, but what makes them different is the scope of data saved. While one person will only have information pertaining to them, a corporation will have information pertaining to many people. Different organizations will often save different data. For example, a shopping website or online banking system will have personal identifiable information, purchasing history, and financial data. Meanwhile, a social media platform will store more personal identifiable information, personal media (audio/messages/videos), usernames/passwords, and connected third-party apps. Hacking a bank may grant more value up front, but the data people have on social media could be invaluable to crack accounts on other websites or provide cashflow through data brokers. Overall, individuals and companies are encouraged to protect their data at all times. With respect to companies, that responsibility is heightened as some of their data is not technically theirs. 


Security Flaws: Social Engineering

A system can be completely impenetrable with conventional hacking processes. This system can have the most state-of-the-art firewalls, malware detectors, best-in-class technicians, and even THREE-factor authentication; however, a system is just as strong as its weakest link. Often, this link is people. Despite people’s best interests, plots and tricks to get information from them have become increasingly prevalent. As Heidi Wilcox and Maumita Bhattacharya state in their paper A Human Dimension of Hacking: Social Engineering through Social Media, people “possess a natural inclination to trust others and disclose information in a well-meaning, helpful manner.” In other words, the average person is well natured and may give out potentially revealing information. 

Social engineering naturally affects individuals and companies. An individual can be good-natured, and a company can be employing good natured people. This makes both groups very susceptible to social engineering attacks. If successful, this form of attack gives cybercriminals sensitive information that can eventually reveal vulnerabilities. In the worst case, a cybercriminal can use the context to commit identity theft (CompTIA, 4.2.1).  

The primary concern of Social Engineering is unpredictability. There is no counterplay for a person that gives away their username and password. However, work can be done to mitigate the damage of a successful breach or make it harder for a person to be convinced. The first idea is education. People need to understand the importance of social engineering. In a world where one mistake can cost an organization millions of dollars, the average employee needs to understand that they play an important role in making sure mistakes do not happen. An employee that questions a suspicious link or knows to hold back on confidential information is a strong asset to preserving data security. If a breach does happen, another important step is the process of least privilege. Simply put, people should only be given enough access to a system that allows them to do their job. Any more access and you run the risk of losing more data to cybercriminals or giving too much power to an employee that simply should not have it (CompTIA, 4.1.5). 


Security Flaw: Computer Viruses

Like Social Engineering, computer viruses are a result of bad security practices. A virus, at its core, are computer programs built to harm computers and their users. Once installed, they disrupt regular operations of a device and can destroy the software and hardware that keeps the computer running (Reisler M., 2022). There are many types of viruses with different functions. Some are smaller in scale and disrupt users, but others like ransomware can outright encrypt and lock features and files from users. To get access to the key that breaks the encryption, users may have to pay a ransom to the virus owner (Comptia, 4.2.4). Computer viruses cannot download themselves onto a computer, so they need to be intentionally installed before they can make any impact. In this way, computer viruses draw inspiration from their real-world counterparts. They often enter a device through unintentional or accidental means. In practical terms, this means viruses usually start once a person runs an infected payload, which can be done by clicking suspicious links, opening infected files, or viewing compromised websites (Reisler M., 2022). 

The fact of the matter is that a virus can occur with any executable file. If the file can force code to run, it can infect a computer. Individuals and companies are vulnerable to these types of attacks. They both run computers, which can run code, which can therefore be infected.  

Trustworthy and updated malware scanners and firewalls can help prevent a virus from spreading. Some programs can stop the virus from infecting in the first place. Even if a suspicious link is clicked, a good security system may stop the link from fully opening and warn you about continuing (Reisler M., 2022). The second and arguably more important safeguard is to be smart while navigating online. Viruses need you to act. If you never click that link, the virus will never have the chance to infect. 


Works Cited 

Reisler, M. (2022, November 30). How do computer viruses work? [updated May 2025]. Malware Removal Guide. https://malware.guide/article/how-do-computer-viruses-work/ 

CompTIA. (n.d.). CertMaster Learn Tech+. https://labsimapp.testout.com/v6_0_675/index.html/productviewer/1215/0.0/e2363228-53bb-4e27-87e7-26cd1de40137/outline?nonce=xbmpXhyvgjw36wJTM3KqPwKJRSdjUCDx7TWmZ2GUAkA 

Wilcox, H., & Bhattacharya, M. (2020). A Human Dimension of Hacking: Social Engineering through Social Media. IOP Conference Series: Materials Science and Engineering. https://iopscience.iop.org/article/10.1088/1757-899X/790/1/012040/pdf 

MacKay, J. (2024, February 14). What data do cybercriminals steal? (how to protect yours). Identity Theft Protection You Can Count On. https://www.identityguard.com/news/what-information-do-cyber-criminals-steal 

Comments

Post a Comment

Popular posts from this blog

A Timeline of Hardware History

Image
As mentioned, my reasoning for making this blog is twofold. I wanted an excuse to deep dive into technology concepts. Simultaneously, I used it to persue an interest I have had with almost everything, history. People are only on Earth for a limited time. Knowing this, I have always been extremely invested in things older than me. This pursuit has been successful too as I currently own a Compaq Armada 1750.  All this to say, my choice of “Hardware components of computer systems” and “History and future of computers” is well founded. Not only is it something I am interested in, but it also allows me to cover many important topics within tech.  The Basics | How Hardware Developed The first area to discuss is the fundamentals of tech. This is a broad topic, so we will mainly look at the systems needed to make computers run. In a sense, the history of computers and understanding these fundamentals go hand in hand. Take a major hardware component, the CPU, for example, “CPUs are the...
Read more

Java: A Relic Still in use Today

Background Java was developed and released in 1990 and has come to be one of the most popular programming languages out there. A part of this popularity comes from its effortless compatibility between Operating Systems. Each Operating System is different. At its simplest, different OS’s look  different. Often times, the way you interact with them are different too. E ach OS has a unique style and way of interacting with files , creating a unique end user experience .   At its most complex, there are  differences in fundamental background tasks that allow each Operating System to run at all. These changes add up, resulting in programs requiring special versions for each operating system.   This is why download pages are typically organized by OS.   "Write Once, Run Anywhere"  Java programs are different though.  Usually, the code written for an app is translated into something physical hardware and the OS can understand. This is why different O...
Read more

Navigating a Network

Networking is one of the more difficult areas of IT to learn while starting out. The level of abstraction skyrockets and has caught me off guard many times. In an attempt to learning about networking, I booted up a command prompt and began pinging websites. I live on the east coast of Florida, so these are my results based on that.  Almost poetically, I had an interesting start to this project. Any attempt to ping a website would time out.  Although obvious to some of you already, I expected the regular IPV4 IP address and could not understand why this was pinging something different. I eventually figured it out during the research phase, but was stumped at the beginning. Given this issue, I loaded up a separate computer and swore to return to the issue.   Ping Results  Google     Pings Sent: 4      Pings Received: 4      Response Time Range: 33ms to 44ms      Average Response Time: 39ms      Home ...
Read more