There is a real war in the cyber world; this war is between countries, business organizations, and even between good and bad guys.
Although web sites and social networks update their security features regularly, they are still can’t face the tremendous kinds of attacks. Every day we hear about hundreds of new attacks and hacking accidents. So we can ask ourselves, why this is happening?
From my point of view, the main reasons for successful attacks on web sites and social networks are:
- The Internet is evolving in a fast manner but it doesn’t offer much security measures. If we compare the importance of the Internet with its security features we can say only one word, “weak!”
- Starting a security attack using the Internet is so easy and fairly cheap, the attacker only needs a computer and an Internet connection to start an attack, and he/she could get a lot of advantages with a successful attack.
- Popular operating systems for clients and servers still offer little or no security at all against viruses or other malicious software.
- Web sites and social networks have been made by humans and they can have security flaws and errors that could compromise their security measures.
- Although web sites and social networks keep adding more features to their security controls and refining existing ones, but at the same time they are also continue to innovate on their platforms and add exciting new features. These new options need to keep up with the security features or they will too suffer from security weaknesses and this actually what is happening.
- Weak administration practices for web sites and social networks can help attackers to hack users’ accounts or help them stage bigger attacks.
- Some web sites and social networks don’t have enough privacy controls in place, or the ones they have do not protect all user data.
- Business organizations should use strong security policies. These policies should be clear for the employees and the customers as well because these policies essentially useless if all of the involved parties do not know and understand them.
- Eavesdropping and acting under false identity in the Internet is very simple and stealing data is undetectable in most cases.
- User awareness for security risks is threateningly low. The user also don’t use the available security controls because they appear too complex or time-consuming (laziness or lack of knowledge).
- The user doesn’t choose appropriate passwords nor use passwords rules and policies such as changing passwords regularly, making passwords as meaningless as possible, or using biometric passwords.