What are the “Merits” of Thorough Security Measures?
First, let’s start with the conclusion you’re curious about.
The benefit of implementing security measures is to protect information and IT equipment from the loss of approximately 30,000 yen per incident, as 1 person is subjected to advanced cyber attacks every 10 seconds. (Quoted from the 2017 public information from the National Institute of Information and Communications Technology)
This sounds scary, but since it’s 2017 information, the situation has worsened. Of course, OSs that operate IT equipment have begun to be equipped with security measures and free defense software.
However, these are like “mandatory automobile liability insurance.” Without anything else, it’s like speeding through main streets and shopping districts without any optional insurance. If you don’t get the image, think of a president or prime minister. It’s like that person eating at a crowded public restaurant without SPs or bodyguards, and even working there.
Everyone would feel it’s “too defenseless!”
Let’s get back to the topic. In these examples, the bodyguard is the security measure. Cyberattacks mean all actions that endanger IT equipment and information.
From erasing or stealing confidential files, destroying the underlying OS, to infecting with “malware” that maliciously leaks information, there is no room for carelessness. To safely operate IT equipment, you would have to “not connect to the internet or any network.”
But that wouldn’t allow you to work, and is that the only measure?
The answer is no.
The world of the internet is radiant. But with light comes darkness, and the existence that deals with the darkness is the security-related system. We keep saying “make security measures thorough” like a mantra…but what should we make “thorough” against?
- Looking at the text of an email you don’t recognize, clicking on a string showing a website out of curiosity. Browsing a website you don’t recognize.
- Trying to check something attached to an email, clicking it. Saving it as a file and then trying to view it.
- From the way IT equipment moves, to the contents of files, and even the working speed of the software being used is slow, can’t be displayed on the screen, is moving on its own, etc.
In case (1), it’s trying to leak personal information such as passwords and credit card numbers by running “malicious software” planted on the website.
Or it displays content that incites you to enter information yourself, such as “Confirmation required.” This is a “fake” or “scam” site called a phishing site.
Case (2) directly tries to install “malicious software” on the IT equipment used by individuals and companies. Deceiving you by pretending to be “non-malicious” document files or images can be easily done by a technician with a certain level of skill.
If you’re in state (3), you may be under a cyberattack.
The opponents that need countermeasures are “fake sites” and “malicious software.” In addition, it is the information itself that is taken in or sent out from the outside. This can be considered the internet version of eavesdropping or filming. Stealing information, reselling it, or misusing it is collectively called “information leakage,” which is treated as an accident and leads to a negative image.
If you can’t find such an “opponent” quickly, it can develop into something terrible.
But human error cannot be prevented, such as accidentally clicking or viewing a website with pitfalls. What should I do about internet eavesdropping?
That’s why the key is the phrase “make security measures thorough” to deal with “just in case.” It feels difficult and troublesome, but don’t worry.
By introducing “advanced” security measures, software, and systems (mechanisms), you can quickly transform into a state where you can work and operate comfortably while hundreds of strong bodyguards are watching.
・Can advanced and strong security measures guard even “cloud” related things?
To put it simply, “yes.” So, if you want to be in an “advanced and strong” state, is it perfect to install multiple free security software?
The world of the internet to which computers and digital devices can connect is a vast existence on a global scale.
Taking advantage of its vastness, we have been blessed with the ability to connect to various parts of the world with just a few clicks, even when working remotely.
The cutting-edge “cloud technology” will undoubtedly become common soon.
Internet websites are scattered all over the world. But since the sites are “connected,” this name was created because it looks like a “cloud.”
By enabling the connection environment of the terminal that uses the internet, you can change the place into a place for work or work, whether from home, from work, from overseas, or even from the International Space Station.
However, like modern rocket launches, “unforeseen” worst-case scenarios are not zero. Looking at the statistics of cyberattacks mentioned above, I feel that the probability of rocket launch failure is lower.
Therefore, AI-enabled security measures with “advanced and strong” features that can automatically respond to and deal with many unexpected events and reduce the time, effort, and resource consumption that system administrators have to do manually are now “required” from the stage of necessity.
Cyberattack technology is also advancing, and “mutated malware (computer viruses)” are being created and targeted, just like in the real world. It is an era when “ransom demands” are sent unless you solidify your defense with flexible AI technology that can search for these similarities and characteristics.
“Ransom??”
If you cannot guard against the act of “infecting IT equipment with ransomware,” the system can be operated from the system to the inability to use it due to the encryption of files in an instant. And if you want the system unlocked or the encryption decrypted, you will suffer enormous damage saying “pay.” The decryption of the code is at a level of difficulty that even experts take thousands of years, so it is a dead end.
Requests have been sent to companies that have neglected security measures and individuals, and companies and organizations that have succumbed to paying hundreds of millions of yen, and individuals who have been “fired” for neglecting security measures from bankrupt companies. There is no end to the story.
・There is only one countermeasure against the worst social engineering
Next is the evil act called “social engineering,” which is difficult for even AI to defend. To put it simply,
“It is the act of paying money to have people belonging to companies or organizations steal information.”
It is an internal crime that takes advantage of psychological gaps and behavioral mistakes, sometimes secretly hiring them for money, and deliberately leaking information from server administrators to organization staff.
It is often thought that there is “no way to deal with it” no matter what digital technology is used. It’s half right, but if the security software or system can be customized in detail, it’s a different story.
If you customize the authority and scope of people who handle important information and files, and how much access they have on the Internet, you can prevent them from copying customer information data and do nothing.
Although it tends to be inconspicuous and neglected, it is a point that should not be overlooked whether the function configuration that suits the usage style can be customized in security measures.
・”CIA” defined for security measures
You might misunderstand, “Is this an organization that does the opposite of security?”
“CIA” here is an abbreviation shown in the “Guidelines for Information System and Network Security.” The guideline for investigating threats when accessing information and taking effective measures is exactly the CIA.
When using the Internet, we use a function that is not clearly stated, called a port, and work countless software and tasks (processing). I explained at the beginning that the function that acts as a certain wall against cyber attacks on those ports when accessing, “firewall,” and security enhancements such as malware countermeasures are fully equipped like “mandatory automobile liability insurance.”
One of them is to protect information from unexpected interception and unauthorized access (unauthorized communication), and measures using “encryption” technology are becoming commonplace.
Haven’t you seen it often lately?
The one where the beginning of the string indicating the website is not “http” but “https.”
This is also an atmosphere close to an extra, but it is part of security measures.
The “s” at the beginning means “secure communication,” and is a mark that encrypts the information and communication that is exchanged and takes security measures. Conversely, if there is no “s” mark on a site where you enter personal information or on a shopping site, communication is dangerous because the communication and information will be transmitted over the Internet “in a form that anyone can see if they want to.”
In general, these important sites and wireless LANs (Wi-Fi) use a technology called “WPA/WPA2” for encrypted communication.
・What about “integrity”?
Measures to periodically check changes in information (files) as “whether or not they have been tampered with” are considered effective. However, this measure is a post-mortem response, not a “preventive measure” that constantly maintains the integrity of information according to the “CIA definition” mentioned earlier, and deviates slightly from the definition.
Even so, if you introduce a system that automatically checks for security measures, you can detect all changes and tampering of information, and it will protect and protect information.
For the time being, in addition to these, it is recommended to take measures to encrypt the contents of the information independently so that the contents of the information will not be understood in the event that the information falls into the hands of malicious users, in advance.
・What about “availability”?
Availability roughly means “users who are authorized to access information can use it when they want to use it.” This is a guide to usability and management. If it breaks down frequently or software errors occur, you will not be able to use it when you want to use it at all.
Although it can’t be helped in this day and age, the number of people using the network is increasing, and communication lines such as the Internet are congested. On top of that, the number of people accessing it is increasing, and the number of cases exceeding the processing capacity of network-related systems is increasing. I occasionally hear news of system downtime.
If the service is frequently stopped or inaccessible due to the load on the system, including the server, availability will be a major problem.
Summary of security measures
Do you feel that security measures technology has advanced and ideas have been established?
There is one important point that people make.
That is to check the status and information of security measures, and the “updates” that even the OS performs. No matter how precise the device is, there is no possibility of zero error occurrence, or conversely, 100% complete and unparalleled operation is impossible.
Cyberattacks are sneak attacks. Similarly, unexpected troubles can unfortunately occur with any device.
Therefore, even if you set up automatic updates, it is essential to check the status with the human eye. If the countermeasures software to be introduced has a specification that allows you to easily check the security status, you can quickly see the status even if you are barely protecting your files and system from a torrential cyberattack.
We live in an age where information warfare dominates everything. If you confirm the danger, you can customize the security-related functions temporarily to make them stronger. When the “opponent” gives up, you can customize it again and return it to a security system and state that is not too strong.
In addition, you can quickly take countermeasures such as issuing password change instructions and customizing and restricting the authority of important software that can be used in the workplace or organization.
“Is it better to set the security stronger and stronger?”
Yes, it seems like such a voice will come out, but what if you have your identity and luggage checked 10 times at the entrance and exit?
What if you can’t get in or out if there is a defect in the inspection even once?
The exact same thing happens with IT equipment.
If the restrictions are too strong, the few disadvantages of security measures will become apparent: “Problems will occur with cloud-related software and apps. The software cannot be installed. It cannot be displayed on the screen.”
We believe that building and maintaining such a state, which can be customized and “flexible” in security measures, will lead to an ideal IT/ICT usage environment.
For further inquiries, please contact globalsupport@jiran.com.
