Digital_Disaster_Notes (1).docx

Full Transcript

**[Digital Revolution]**

The Digital Revolution refers to the advancement of technology from
analog electronic and mechanical devices to the digital technology
available today. The era started to during the 1980s and is ongoing. The
Digital Revolution also marks the beginning of the Information Era.

### **History of Digital Revolution:**

No alt text provided for this image

The development and advancement of digital technologies started with one
fundamental idea: The Internet. Here is a brief timeline of how the
Digital Revolution progressed:

- 1947-1979 -- The transistor, which was introduced in 1947, paved the
way for the development of advanced digital computers. The
government, military and other organizations made use of computer
systems during the 1950s and 1960s. This research eventually led to
the creation of the World Wide Web.

- 1980s -- The computer became a familiar machine and by the end of
the decade, being able to use one became a necessity for many jobs.
The first cellphone was also introduced during this decade.

- 1990s -- By 1992, the World Wide Web had been introduced, and by
1996 the Internet became a normal part of most business operations.
By the late 1990s, the Internet became a part of everyday life for
almost half of the American population.

- 2000s -- By this decade, the Digital Revolution had begun to spread
all over the developing world; mobile phones were commonly seen, the
number of Internet users continued to grow, and the television
started to transition from using analog to digital signals.

- 2010 and beyond -- By this decade, Internet makes up more than 25
percent of the world\'s population. Mobile communication has also
become very important, as nearly 70 percent of the world\'s
population owns a mobile phone. The connection between Internet
websites and mobile gadgets has become a standard in communication.
It is predicted that by 2015, the innovation of tablet computers
will far surpass personal computers with the use of the Internet and
the promise of cloud computing services. This will allow users to
consume media and use business applications on their mobile devices,
applications that would would otherwise be too much for such devices
to handle.

**Digital Technology Benefits:**
--------------------------------

### **1: Social Connectivity:**

Digital technology makes convenient to link with friends, family, and
work even if apart from each other one to another country. Due to the
social media like Facebook, Instagram, WhatsApp, and Email via laptops,
tablets, and mobile phones, nobody needs feel isolated in the digital
era.

**2: Learning Opportunities:**

The digital technology is helpful for the learning opportunity by using
the internet. Lessons and courses can now be delivered virtually online.
It can also be easier to use for people with disabilities and often give
them equal access.

**3: Information Storage:**

This technology has provided storing of gigantic values of information
in relatively small spaces. Bulk of media *i.e *photos, music, videos,
contact information, and other documents can be carried around on small
devices like mobile phones. 

**4: Entertainment:**

Since the start of the digital revolution most of peoples get their fun
from online social media or playing computer games. Traditional media
has evolved too, as televisions and broadcasting have become digitized,
along with radio.

**5: GPS and Mapping:**

Global Positioning System or Mapping will help us to finding our way
with satellite technology, which gives you up-to-date information such
as time of arrival at your destination, as well as alternative routes.

**6: Ecommerce:**

Ecommerce is which refers to the online business with the use of
internet. The individuals and companies which buying and selling their
products and services online they're engaging in ecommerce engaging in
ecommerce. Terminology of ecommerce is also emphasized other facilities
like auctions, internet banking, payment gateways, and online ticketing.

***7*: Optimize and Obtain Better Conversion Rates:**

Unlike traditional marketing, which includes expensive TV, radio, or
print ads, online advertising platforms are much more affordable. You
can also [improve your ad conversion
rate](https://www.cardinaldigitalmarketing.com/conversion-rate-optimization-agency/) more
conveniently than you can with traditional advertising.

**Importance of Science and Technology in Disaster Management**
---------------------------------------------------------------

Science and technology play an important role in disaster management
because they can be used to predict and monitor potential disasters, as
well as to develop strategies for responding to and mitigating the
impacts of disasters.

In the past, science and technology have been used to predict
and [[monitor natural
disasters]](https://core.ac.uk/download/pdf/294762175.pdf) such
as earthquakes, hurricanes, and floods. By understanding the patterns of
these events, scientists and engineers have been able to develop warning
systems that give people time to evacuate or take other safety
precautions.

Science and technology have also been used to develop better methods for
responding to and mitigating the impacts of disasters. For example,
advances in communications technologies have allowed first responders to
coordinate their efforts more effectively during emergencies. And new
construction techniques are being developed that can help buildings
withstand the force of earthquakes and hurricanes.

As we continue to face the threats of natural and man-made disasters,
science and technology will play an increasingly important role in
helping us manage these risks.

**Role of Science and Technology Plays in Disaster**
----------------------------------------------------

1. Preparation

2. Response

3. Recovery

4. and Mitigation

Science and technology play an important role in disaster management by
providing information and tools that can be used to prepare for, respond
to, recover from, and mitigate the effects of disasters.

Disaster management is the process of planning, coordinating, and
executing activities to reduce the impact of a disaster. Science and
technology can provide information and tools that can be used at each
stage of the disaster management process.

**Preparation:** Science and technology can be used to identify
potential hazards and develop plans and procedures for dealing with
them. For example, computer modeling can be used to predict the path of
a hurricane or the spread of a wildfire. This information can help
emergency responders plan their response and evacuation efforts.

**Response: **Science and technology can also be used during a disaster
to assist emergency responders. For example, satellite imagery can be
used to assess damage after a hurricane or earthquake. [[GPS
tracking]](https://www.google.com/aclk?sa=l&ai=DChcSEwjJ_KKhmLGAAxVjkmYCHb_WDIUYABAAGgJzbQ&sig=AOD64_2W0uSrAcMTbZaOrgDBnjHUN437ng&q&adurl&ved=2ahUKEwiQzJuhmLGAAxVha2wGHRIfAYMQ0Qx6BAgHEAE) can
be used to locate people who are stranded or lost. And mobile apps can
provide real-time updates on conditions in affected areas.

**Recovery:** After a disaster has occurred, science and technology can
help with the recovery effort. For example, Geographic Information
Systems (GIS) can be used to map damage from a hurricane or earthquake.
This information can help aid workers identify areas that need
assistance. [[Remote
sensing]](https://www.usgs.gov/faqs/what-remote-sensing-and-what-it-used#:~:text=Remote%20sensing%20is%20the%20process,sense%22%20things%20about%20the%20Earth.) can
also be used to assess damage from floods or landslides.

**Mitigation: **Finally, science and technology can be used to mitigate
the effects of future disasters. For example, engineering can be used to
design structures that are resistant to earthquakes or hurricanes. And
disaster risk reduction plans can be developed that take into account
the potential impact of climate change.

**Technology Resources for Disaster Management**
------------------------------------------------

In recent years, there has been an increasing emphasis on the role of
science and technology in disaster management. This is due to the fact
that technology can play a vital role in mitigating and managing the
effects of disasters.

There are a number of different technology resources that can be used
for disaster management.

One of the most important is satellite imagery. Satellite imagery can be
used to map the extent of damage caused by a disaster, as well as to
track the movement of people and debris. This information can be used to
help plan rescue and relief operations.

Another important technology resource is GIS (geographic information
system). GIS can be used to create detailed maps of an area affected by
a disaster. This information can be used to identify safe routes for
evacuation, as well as potential locations for relief camps.

Other useful technology resources include weather forecasting systems
and early warning systems. These systems can provide critical
information about impending disasters, which can help people take
appropriate precautions.

Aerial Robotics: It assesses damage in real-time, increases situational
awareness through high-resolution mapping and delivers items faster,
cheaper and more efficiently. E.g. Global Non-profit We-Robotics Program
Assistance Robotics identifies local human needs and provides robotics
solutions through regional flying labs

Social Media Solutions: Resulting in faster, more effective answers that
ultimately help the beneficiaries. For example, World Food Program (WFP)
Mobile Vulnerability Analysis and Mapping (mVAM) uses mobile technology
to address the barriers of data collection.

Security Threats To Your Computer Systems
=========================================

**A computer system threat is anything that leads to loss or corruption
of data or physical damage to the hardware and/or infrastructure**.
Knowing how to identify computer security threats is the first step in
protecting computer systems. The threats could be intentional,
accidental or caused by natural disasters.

**What is a Security Threat?**
------------------------------

Security Threat is defined as a risk that which can potentially harm
computer systems and organization. The cause could be physical such as
someone stealing a computer that contains vital data. The cause could
also be non-physical such as a virus attack.

**What are Physical Threats?**
------------------------------

**A physical threat is a potential cause of an incident that may result
in loss or physical damage to the computer systems**.

The following list classifies the physical threats into three (3) main
categories;

- - -

To protect computer systems from the above mentioned physical threats,
an organization must have physical security control measures.

The following list shows some of the possible measures that can be
taken:

- - - - - - - - - -

**What are Non-physical threats?**
----------------------------------

**A non-physical threat is a potential cause of an incident that may
result in;**

- - - - - -

The non-physical threats are also known as **logical threats**. The
following list is the common types of non-physical threats;

- - - - - - - - - - -

**To protect computer systems from the above-mentioned threats**, an
organization must have **logical security measures **in place. The
following list shows some of the possible measures that can be taken to
protect cyber security threats

**To protect against viruses, Trojans, worms, etc. an organization can
use anti-virus software**. In additional to the anti-virus software, an
organization can also have control measures on the usage of external
storage devices and visiting the website that is most likely to download
unauthorized programs onto the user's computer.

**Unauthorized access to computer system resources can be prevented by
the use of authentication methods**. The authentication methods can be,
in the form of user ids and strong passwords, smart cards or biometric,
etc.

**Intrusion-detection/prevention systems can be used to protect against
denial of service attacks.**There are other measures too that can be put
in place to avoid denial of service attacks.

**Spoofing**

Spoofing is when someone hides their identity to evade detection for
their wrong acts and pretends to be someone else in an attempt to gain
trust and get sensitive system information. The common spoofing done by
changing the hardware or MAC address is called MAC cloning, changing the
IP address or the unique identity on the network is called IP spoofing,
and impersonating as someone else in their digital communication is
called email spoofing.

**Information-gathering attacks**

Information gathering is the practice of attacker gaining priceless
details about probable targets. This is not an attack but only a
pre-phase of an attack and is totally passive as there is no explicit
attack. Systems including computers, servers, and network
infrastructure, including communication links and inter networking
devices, are sniffed, scanned, and probed for information like whether
the target system is up and running, what all ports are open, details
regarding the operating system and its version, etc. Some of the
information-gathering attacks are sniffing, mapping, vulnerability
scanning, phishing, etc.

**Password attacks**

The simplest way to achieve control of a system, or any user account, is
through a password attack. If the personal and behavioral details of the
victim are known, the attacker starts with guessing password.
Frequently, the attacker uses some form of social engineering to trace
and find the password. Dictionary attack is the next step in password
attacks and is automated.

**Malware**

After gaining access to a system, the attacker takes the support of
malware or malicious software that clandestinely acts against the
interests of the computer user.

**Virus**

Computer viruses are the most communal threat to the computer users.
Computer viruses are malicious software designed to blow out from one
computer to another through file transfer, piggybacks on genuine
programs and OS, or e-mails. The email attachments or downloads from
particular websites contaminate the computer and also other computers on
its list of contacts by using the communication network. Viruses
influence the system security by changing the settings, accessing
confidential data, displaying unwanted advertisements, sending spam to
contacts, and taking control of the web browser
\[[](https://www.intechopen.com/chapters/72730#B2)\]. The
viruses are identified as executable viruses, boot sector viruses, or
e-mail viruses.

**Worms**

Computer worms are fragments of malicious software that reproduce
swiftly and blow out from one computer to another through its contacts,
again spreading to the contacts of these other computers and so on and
reaching out to a large number of systems in no time. Captivatingly,
worms are prepared for spreading by exploiting software vulnerabilities.
Worms display unwanted advertisements. It uses up tremendous CPU time
and network bandwidth in this process thereby denying access to the
systems or network of the victim, creating chaos and trust issues on a
communication network.

**Trojans**

Trojans are programs that appear as perfectly genuine but, in reality,
have a malicious part embedded in it. Trojans are spread usually through
email attachment from the trustworthy contacts and also on clicking on
fake advertisements. The payload of Trojans is an executable file that
will install a server program on the victim's system by opening a port
and always listening to that port whereas the server is run on the
attacker's system. Hence, whenever the attacker wants to login to the
victim machine, they can do so by means of the backdoor entry making it
hidden from the user.

**Spyware and adware**

Spyware and adware are software with a common property of collecting
personal information of users without their knowledge. Adware is
intended to track data of the user's surfing behaviors, and, based on
that, pop-ups and advertisements are displayed. The adware clause in the
agreement during the installation process is often skipped with least
seriousness. Spyware on the other hand gets installed on a computer and
gathers information about the user's online activities without their
knowledge. Spyware contains keyloggers that record everything typed on
the keyboard, making it unsafe due to the high threat of identity
mugging.

**Scareware**

Scareware is yet another malware that tricks victims by displaying fake
alerts and forcing the victim to buy protective software that is
fraudulent. The alerts or the pop-up messages sound like warning
messages along with proper protective measures, which if followed
creates security issues.

**Rootkit**

Rootkit is a pool of software tools that gets mounted in stealth along
with some genuine software. Rootkit allows remote access and
administrative control on a system. With these privileges, the rootkit
performs malicious activities like disabling of antivirus, password
sniffing, keylogging, etc.

**Keylogger**

Keylogger software has the ability to record keystrokes and also capture
screenshots and save it to a log file in encrypted form. Keylogger
software can record all the information that is typed on the keyboard
including passwords, e-mail, and instant messages. The log file created
by the keylogger is saved and mailed to the attacker on a remote machine
with the motive to extract password and banking details for financial
fraud.

**Ransomware**

Ransomware is a malicious software that hampers admission to computer or
files on the computer. The computers may be locked or files encrypted.
Accordingly, the two common types of ransomware are lock screen
ransomware and encryption ransomware. The victim will be demanded ransom
for the restriction to be removed, and this gets displayed on victim's
system. There can also be notification stating that establishments have
detected illicit activity on this computer and demands ransom as fine to
avoid prosecution.

**Rogue security software**

Rogue security software is another malicious program that deceives users
to believe that there is malware installed on their system or the
security measures are outdated and hence of concern. They offer
installing or updating users' security settings. Then it is an actual
malware that gets installed on the computer.

**Botnets**

A collection of compromised systems or bots acts as a team of infected
computers under the control of a bot master to remotely control and send
synchronized attacks on a victim host. This army of bots, agents, and
bot master constitute a botnet. Botnets are used for sending spams and
also for distributed denial of service attacks.

**Denial-of-service attacks**

Denial-of-service (DoS) attacks as the name suggests deny users from
accessing or using the service or system. This is mainly done by
overwhelming the bandwidth, CPU, or memory wherein the access to the
network of the victim machine or server offering the service gets
denied. DoS attacks thus interrupt the service of a computer or network
systems, making it inaccessible or too inferior in performance.

**Distributed DoS**

In distributed DoS (DDoS) attacks, the victim is targeted from a large
number of individual compromised systems simultaneously. The DDoS
attacks are normally done with the help of botnets. The botmaster is the
attacker who indirectly attacks the victim machine using the army of
bots or zombies. The DDoS attacks occur when a large number of
compromised systems act synchronously and are being coordinated under
the control of an attacker in order to totally exhaust its resources and
force it to deny service to its genuine users. It is the upsurge in the
traffic volume that loads the website or server causing it to appear
sluggish.

**IoT-based attacks**

The last decade has seen exponential increase in the use of Internet of
Things (IoT) that are smart devices used at home, organizations, and
businesses. The issue with these IoT is its weak security as these
devices are often overlooked when it comes to applying security patches
that create lead-ins for attackers to seize these devices to infiltrate
the networks. An IoT-based attack is any cyberattack that leverages a
victim's use of IoT to sneak malware onto a network.

**Session hijacking**

In session hijacking, the hacker takes control of a session going on
between two hosts. Session hijacking usually takes place in applications
that use TCP with a sequence number prediction. With that sequence
number, the attacker sends a TCP packet.

**Blended attacks**

A blended attack is a software exploit that encompasses a mixture of
exploit techniques to attack and propagate threats, for example,
viruses, worms, and Trojan horses.

**Website attacks**

Website attacks are targeting browser components that are at risk of
being unpatched even when the browser is patched. SQL injection attacks
are intended to target any website or web application that uses an SQL
database such as MySQL, Oracle, etc. by taking advantage of the security
flaws in the application's software. This attack is used to obtain and
corrupt user's sensitive data.

**Mobile phone and VOIP threats**

Malware target mobile phones, VoIP systems, and the IP PBXs as these
devices have plentiful published vulnerabilities. There are attack tools
freely available on the Internet, and misusing these vulnerabilities
makes these attacks too common and simple even for a script kiddie.

**Wi-Fi eavesdropping**

Wi-Fi eavesdropping is an attack used by network attackers to grab
sensitive information of a target system. It is the act of silently
listening on an unencrypted Wi-Fi network.

**Spam**

Spams are unsolicited bulk e-mail messages that annoy the user with
unwanted and junk mails. It gives burden for communications service
providers, organizations and individuals alike. These emails can be
commercial ones like an advertisement or noncommercial one like chain
letters or anecdotes. Spam is considered an active vehicle for virus
propagation, scams, fraud and is a threat to computer privacy. Spam also
phishes for interesting information with offers and promotions that
trick victims into following links or entering details.

**Present-day computer security threats and trends**

Predicting the computer security threats and trends is usually done to
lend a hand to the security experts who take proactive measures to
protect security. Normally the predictions for any year depends on how
it went in the previous years, and the changes expected are mainly in
terms of the tactics and scale of the biggest and significant threats
that were successful in implementation and also in evading detection.
The investment on security is justified in many organizations only after
analyzing these predictions.

Phishing and other social engineering tactics are likely to continue in
the coming years too with increased complexity and sophistication. They
will appear to be more and more convincing to trick people into clicking
on a link or opening attachments. Even with strong defenses to protect
against ransomware, hackers are expected to all the time target more
victims with large digital assets. The rise of cryptocurrency like
bitcoin will also trigger more ransomware attacks by letting demands for
payment made incognito. Cryptojacking can also be seen as a common trend
of future as it involves hackers hijacking with a purpose of mining for
cryptocurrency.

As the Internet of Things is becoming widely popular and more
ubiquitous, the IoT attacks will be on the upsurge. IoT includes
laptops, tablets, smart wearable devices, webcams, household appliances,
Wi-Fi-enabled speakers, appliances, alarm clocks, medical devices,
manufacturing equipment, automobiles and networking devices like
routers, gateways, switches, NAS servers, and even home security
systems. Security is rarely the first concern in the competition to
bring new products and technologies. Thus the more IoT devices, the
greater the risk, making IoT attacks to be on the rise in coming years.

Data breaches will continue in the coming years as data remains a
valuable black market attraction.

Totally new approaches for data and infrastructure protection are
essential as more and more data is moved to the cloud. Also, in the
coming years, there will be more attacks targeting electrical grids,
automated transportation systems, computerized water treatment
facilities, etc.

State-sponsored attacks are when states or nations are using their cyber
skills to infiltrate other governments and execute attacks on severe
infrastructure. As political strains grow, state-sponsored attacks steal
political and industrial secrets, spread misinformation, perform DDoS
attacks, execute prominent data breaches, etc.

Another target of attacker is the all-time sensitive medical record of
patients. As the healthcare industry gets used to the digital age,
concerns around privacy, safety, and computer security threats are also
seen to rise. There are worries about a hacker taking over and changing
dosages of medicines, disabling vital sign monitoring, etc., as these
are life-threatening to the patients.

Now, with the self-driving cars, semiautonomous vehicles, and the
connected cars, the risk of cyber security is stringent and serious.
With high-tech automobiles, the future will likely see an increase in
not only the number of connected cars but in the number and severity of
system vulnerabilities detected. For hackers, this means yet another
opportunity to exploit vulnerabilities and cause threat to life.

Endpoint security will be a major concern for organizations as malware
infections of employee-owned devices are going to be a major security
issue in 2020 when employees start "working from home" in the wake of
COVID 19 pandemic. When organizations permit employees not to risk their
health and safety and allow them to use their own devices, attackers
will target those devices to bypass the multilayered defenses of the
organization. The advantage to hackers is that the users' personal
devices are less protected compared to corporate devices as users rarely
apply added measures to protect their smart devices from impending
threats.

Artificial intelligence also gets applied on both sides of the barricade
for protecting and attacking the computers. Artificial intelligence is
being used for person identification, threat detection, etc. to aid
security; however it is also being weaponized by hackers to develop
increasingly complex malware and attack methods.