دانلود رایگان مقاله امنیت شبکه در سال 2016: مردم، فناوری و فرایندها

You have been, are being, or will be hacked. It’s that simple, that certain, and that daunting. For most organizations today, it’s no longer a matter of if, but when. As James Comey, director of the Federal Bureau of Investigation (FBI), bluntly stated in a 60 Minutes interview in 2014: ‘‘There are two kinds of big companies in the United States. Those who’ve been hacked by the Chinese and those who don’t know they’ve been hacked by the Chinese’’ (Cook, 2014). According to the National Association of Corporate Directors (NACD), from 2014 to Q2 2015, companies reported over 2,429 data breaches affecting more than 1.25 billion records, at a hard (out-of-pocket) cost of over $150 perrecord. Forindividual firms,this typically means costs of $5.85 million for a single security incident (CompTIA, 2015; Owen & Bondi, 2016). And it is only going to get worse. The forthcoming, aptly-named Internet of Things (IoT) will see well over 10 billion internet-connected devices by 2020–—more than the current number of computers, smartphones, tablets, and wearables combined (Adler, 2013), providing hackers with untold gateways into the world’s networks and databases. The Ponemon Institute reports that it takes an average of three months for financially vigilant firms to discover they have been hacked, an average of seven months for most organizations, and even years for others; meanwhile, it may take hackers just minutes to compromise a network (Kennedy, 2016; Osborne, 2015). A compilation of some of the largest hacks in recent history attests to this. Following is a miniscule sample of the many large breaches (Dingman, Silcoff, & Greenspan, 2015): Target — December 2013: 110 million records TJX — January 2007: 94 million records JP Morgan — August 2014: 83 million records The Home Depot — September 2014: 56 million records We are witnessing a new dawn in cybercrime: a layer cake, if you will, of criminals eagerly seeking out networks and data. The bottom layer–—in more ways than one–—are the so-called script kiddies: hackers who troll the internet for attack scripts and then copy-paste them into attacks of their own. Not terribly sophisticated; but then again, a recent report calculated that over 652,000 distributed denial-of-service (DDoS) attacks occurred in a seven-day period (Graphic News, 2015). The next layer consists mainly of criminals, who have become increasingly enamored of ransomware: encrypting companies’ data and offering to sell back the decryption key at a high price (Dingman, 2016)