This article was written by (Felix Uribe)
The source of this article is at the bottom
"Malsubject"
(Malicious Subject) is an unauthorized individual or subject whose activities
are intended to break into an Information System (IS) with malicious intent to
compromise the information's confidentiality, integrity, or availability of
organizations and individuals. Malsubjects include hackers, cyber-thieves,
spammers, hacktivist, and nation states among many others.
It is easier to identify
these individuals in the cyber security space by one common name instead of
several, such as bad actors, threat actors, bad guys, cybercriminals, and
others. The term malsubject defines these individuals regardless of their
intended actions. After all, their intentions are always malicious in nature,
no matter who they are or what we label them.
The term
"malware", or Malicious Software, is defined by the National
Institute of Standards and Technology's (NIST) Glossary of Key Information
Security Terms as "a program that is inserted into a system, usually
covertly, with the intent of compromising the confidentiality, integrity, or
availability of the victim's data, applications, or operating system or of
otherwise annoying or disrupting the victim." Malware by this definition
include viruses, worms, trojan horses, or other code-based malicious entity
that successfully infects a computer system.
Because
"malsubject" provides an opportunity to identify all types of
"cyber bad guys" with a single term, the term "malware"
ought to include, in addition to malicious programs, malicious hardware (e.g.
ATM and gas pump skimmers) or malicious techniques (e.g. social engineering).
Malicious hardware gets inserted into a system (physically and covertly) with
the intent of compromising the victim's data. Malicious techniques are also
used on individuals with the purpose of tricking them into performing actions
or divulging information in order to gain access to information system's data.
As a result, I use "malware" in general terms to identify malicious
software, hardware, and techniques used to perform cyber-attacks.
In the world of
cybercrime and cyber warfare, the fight is always aimed to prevent malsubjects
and malware from penetrating information systems of public and private
organizations as well as individual systems. It is clear that malsubjects using
selected malware can identify, target, and attack all types of IS
infrastructure. Once an attack is successful, the results and consequences of
these malicious actions become a series of unfortunate events played against
individuals and organizations.
The latest Verizon's
2013 Data Breach Investigations Report (DBIR) stated that the 2012 combined
dataset of security incidents analyzed for the report represented the largest
they have ever covered in any single year, spanning more than 47,000 reported
security incidents; 621 confirmed data disclosures; and at least 44 million
compromised records. Unfortunately, these security incidents will continue to
become regular news as malsubjects intensify their efforts using more and more
sophisticated malware. For example, the recent malsubject attack on the Target
Corporation produced a breach that exposed personal information on millions of
its customers.
An effective cyber
defense against attacks from malsubjects requires technologies, people, and
processes capable of preventing or mitigating the damage caused by their
malicious activities. Effective security controls and security awareness
training are the best weapons against their intrusions.
According to NIST,
"using the risk management tools and techniques that are available to
organizations is essential in developing, implementing, and maintaining the
safeguards and countermeasures with the necessary and sufficient strength of
mechanism to address the current threats to organizational operations and
assets, individuals, other organizations, and the Nation".
Well implemented
security controls based on appropriate risk management tools and techniques
increase the odds of preventing many of the cyber-attacks currently affecting
information systems and infrastructures all over the world.
In today's cyber space
malsubjects span from one individual to organized crime groups and nation
states capable of conducting sophisticated cyber-attacks from the most remote
places in the world. All they need is a communication line to the public
internet or private networks and the use of well-crafted malware to reach their
targets. We might not be able to prevent them from reaching the system
boundaries, but with good implementation of security controls; appropriate risk
management tools and techniques; and constant security awareness training for
organizational staff and the general public, we can slow down and someday we
might be able to stop their advances.
Article Source: http://EzineArticles.com/?expert=Felix_Uribe
Article Source: http://EzineArticles.com/8258401
No comments:
Post a Comment