Why researching IT Security
There is nearly every week an IT Security incident, more and more corporations and individuals are getting hit by Cyber Criminals. Based on commercial Kaspersky Security Bulletin (Kaspersky Security Bulletin, 2017) and Symantec Security report (Symantec Internet Security Threat Report ) the number of IT-related attacks are increasing and more end users are getting affected. And the researcher aims to find better ways to make anyone who is using technology more aware against the latest attacks used by hackers/ cyber criminals./
The current state of art of IT Security
Based on Microsoft SIR (Microsoft Security Intelligence Report) and Secunia Vulnerability Report ( (Secunia Vulnerability Review) most of the cyber-attacks are happening based on Software vulnerabilities. The cybercriminals are writing malware based on software vulnerabilities, and based on Erdal Ozkaya (Ozkaya, 2017) e-mails are widely used to spread their malware.
An attention taking example on this topic will be the “ Carbanak” malware which did infect the bank network via an email that caused more than 1 billion US dollars damage on 10 banks based on Kaspersky Reach labs (Carbanak APT, The Great bank robbery, 2015)
The specific problem of IT Security
Unlike other industries, such as automobile where there is a significant cost of goods, software needs relatively fast to be created as the market is really growing fast. The rush is causing the software’s not to get tested against the latest attack vectors, which enables cyber-criminals to find vulnerabilities and launch new attacks. Where software vendors have very limited time to test their products, cybercriminals usually spend significant time on one product to find new attack vectors.
The below graph from White Hat Security technical brief (White Hat Sec, 2014) shows clearly how there is a direct correlation – a negative one – between when a vulnerable code is written and when it is discovered. The longer the time between the generation(s) of bad code and when the software security process reports the error is, the more time a development group will need to fix it. The speed of the software testing itself – fast or slow – has the same positive or negative effect, respectively, on time and costs.
The significance of the research
The researcher aims to raise the awareness against the importance of IT Security, specifically against Vulnerabilities, which causes millions of people to be in risk; help Governments, Businesses and the IT community in finding workaround against software vulnerabilities, help them understand the importance of patching and whitelisting and make them aware of the dangers which mat they face.
The innovation part of the research
IT Security is such a broad topic, and based on the researchers experience many IT professionals are afraid to get into this topic. The researcher believes that Security is not just part of the IT Teams responsibility, it should involve anybody who is using a computer, tablet or smartphone. A weakness in any of these endpoints may cause damages on a network or individual.
The researcher aims to find an easy way to make anyone who is using technology aware of the dangers in a way where it’s easy to understand the dangers and let them understand the mitigations methods. This should help one of the specific problems which were mentioned figure above to give developers some time to develop a fix for a vulnerability as there will be fewer users affected.
Software vulnerabilities are one of the most common attack vectors used by cybercriminals to launch new attacks, recently published commercial reports are stating the facts on how this attacks occur and the damages which they cost. The researcher aims to find solutions and contribute to fix the IT Security issues. His research aims to list the main causes and hypotheses to find new ways and ideas with the existing knowledge.
(2015). Carbanak APT, The Great bank robbery. Kaspersky Labs.
(2017). Kaspersky Security Bulletin. Kaspersky.
(2017). Microsoft Security Intelligence Report. Microsoft .
Ozkaya, E. (2013, September 11). www.ErdalOzkaya.com. Retrieved from http://erdalozkaya.com/index.php/security/162-e-mail-crimes-and-violations-how-the-leakage-could-occur
Rochester Insitute of Technology. (2015, Februrary 2). Retrieved from https://www.rit.edu/security/aggregator?page=2
(2017). Secunia Vulnerability Review. Secunia.
(2017). Symantec Internet Security Threat Report
White Hat Sec. (2014). Retrieved from https://www.whitehatsec.com/: https://www.whitehatsec.com/resource/whitepapers/speedfrequency.html