Introduction to IT Threats
Added on 2020-05-11
14 Pages3737 Words236 Views
INTELLIGENT MANAGEMENT
I. Introduction to IT Threats:
In the modern virtual world, one of the major branches of criminal activity is
cybercrime. Along with that, due to the increased dependence of people on
machines and virtual storage, there is always a threat of loss of information,
degradation of network and attack of hackers or viruses, all of which can
severely hamper the functions of an organization and invite both legal costs and
damage of the reputation of the organization. Thus, it is necessary for
organizations to educate themselves on the kinds of threat that could attack a
network or system and make sure that the threats could be neutralized before it
can damage or hinder the networking procedures of the organization (Berger &
Heath, 2007).
The key threats to an organization are:
Loss of PII: The loss of Personally Identifiable Information which is stored in the
organization with a trust that it will keep it safe contains all the useful
information of the owner of the PII that could be used against him if it is ever
compromised. Hence, it is necessary for the organization to keep PII secure so
that it does not damage its reputation or loses the trust of customers and
employees due to negligence and poor security.
Degradation of Networking: Since IT companies run on networking, it is
important to keep a track of the hardware that connects the machines and
makes the networking possible. Along with that, it is also necessary for the
software to be updated and to keep a check whether foreign traffic or the
inclusion of hackers is not involving in the degradation of the networking
procedures in the organization (Duan, Gu & Whinston, 2008). Viruses and
spywares could also lead to the degradation of networking and it is necessary to
prevent the attack of either of these for the security for the transfer of the
networking packets.
I. Introduction to IT Threats:
In the modern virtual world, one of the major branches of criminal activity is
cybercrime. Along with that, due to the increased dependence of people on
machines and virtual storage, there is always a threat of loss of information,
degradation of network and attack of hackers or viruses, all of which can
severely hamper the functions of an organization and invite both legal costs and
damage of the reputation of the organization. Thus, it is necessary for
organizations to educate themselves on the kinds of threat that could attack a
network or system and make sure that the threats could be neutralized before it
can damage or hinder the networking procedures of the organization (Berger &
Heath, 2007).
The key threats to an organization are:
Loss of PII: The loss of Personally Identifiable Information which is stored in the
organization with a trust that it will keep it safe contains all the useful
information of the owner of the PII that could be used against him if it is ever
compromised. Hence, it is necessary for the organization to keep PII secure so
that it does not damage its reputation or loses the trust of customers and
employees due to negligence and poor security.
Degradation of Networking: Since IT companies run on networking, it is
important to keep a track of the hardware that connects the machines and
makes the networking possible. Along with that, it is also necessary for the
software to be updated and to keep a check whether foreign traffic or the
inclusion of hackers is not involving in the degradation of the networking
procedures in the organization (Duan, Gu & Whinston, 2008). Viruses and
spywares could also lead to the degradation of networking and it is necessary to
prevent the attack of either of these for the security for the transfer of the
networking packets.
Insider Attack: Insider attack is one of the worst threats that could take place
in an organization in which a trusted employee, or former employee could plant
some form of malicious device into the system that could harm the company or
steal sensitive information from the company and use it for unauthorized
purposes for personal gain. Proper security analysis and protected access should
be made to make sure that any former employee could not have access to a
data and for that the protection or the security pattern of an organization should
be flexible, that is, it could be reconstructed and changed when need be.
Ransomware: Ransomware is malicious software which locks the systems and
threatens to publish the victim’s data unless a certain amount of ransom as
stated is not paid. The Ransomware has attacked systems as recently as 2017
and has come into the limelight due to its ability to stay under the radar of
normal antiviruses. The Ransomware software has been known to wreak havoc
in any system and targets IT organization for its purpose. Using advanced
malware techniques called cryptoviral extortions, the software encrypts the
victim’s files thereby preventing access to the files and then demands a ransom
for decrypting the files which on receiving they either decrypt or leave without
response (Fisher, 2010). For such a malicious software, it is necessary to keep
the virus information updated and for advanced education into the ransomware
software to prevent it from ever attacking the IT system of an organization.
Theft of IP: The theft of Intellectual Property is a high rising cybercrime where
theintellectual property, that is, the plans, ideas and the creative innovation
designs of an organization is stolen from their databases and used by people
that do not have access, permission or ownership of the said intellectual
property (Jansen, Zhang, Sobel & Chowdury, 2009). Hackers are generally guilty
of stealing intellectual property from the organization and selling it in the market
or to competitors at higher prices.
in an organization in which a trusted employee, or former employee could plant
some form of malicious device into the system that could harm the company or
steal sensitive information from the company and use it for unauthorized
purposes for personal gain. Proper security analysis and protected access should
be made to make sure that any former employee could not have access to a
data and for that the protection or the security pattern of an organization should
be flexible, that is, it could be reconstructed and changed when need be.
Ransomware: Ransomware is malicious software which locks the systems and
threatens to publish the victim’s data unless a certain amount of ransom as
stated is not paid. The Ransomware has attacked systems as recently as 2017
and has come into the limelight due to its ability to stay under the radar of
normal antiviruses. The Ransomware software has been known to wreak havoc
in any system and targets IT organization for its purpose. Using advanced
malware techniques called cryptoviral extortions, the software encrypts the
victim’s files thereby preventing access to the files and then demands a ransom
for decrypting the files which on receiving they either decrypt or leave without
response (Fisher, 2010). For such a malicious software, it is necessary to keep
the virus information updated and for advanced education into the ransomware
software to prevent it from ever attacking the IT system of an organization.
Theft of IP: The theft of Intellectual Property is a high rising cybercrime where
theintellectual property, that is, the plans, ideas and the creative innovation
designs of an organization is stolen from their databases and used by people
that do not have access, permission or ownership of the said intellectual
property (Jansen, Zhang, Sobel & Chowdury, 2009). Hackers are generally guilty
of stealing intellectual property from the organization and selling it in the market
or to competitors at higher prices.
II. Analysis into the Threats and Protection:
1. Personally Identifiable Information (PII):
Nowadays, every organization acquires, uses and stores the Personally
Identifiable Information or PII for their employees, and depending on the nature
of the business or area of establishment, the customers, patients, residents and
users. PII is any information that can be used to uniquely identify, contact or
locate an individual. About 86% of the US population could be accurately
identified by their gender, age and ZIP code with the use of PII. Thus, this
amount of private information if compromised could fall in the hands of a wrong
person and could be used for ill purposes without the original owner of the PII
being involved and that could only be traced back to the original owner (Kim &
Srivastava, 2007). Hence, a compromise of the PII could not only lead to a legal
harassment of the original owner of the PII but it could also be used as a perfect
cover for performing illicit crimes under a fake identity.
Thus, because of this sensitive issue regarding PII, it is expected of the
organizations which deals with the acquiring and storing of PIIs to manage this
private data very carefully, and keep it secured to protect it from theft, loss, or
any form of unauthorized access. Any form of misuse of the private data, or loss,
1. Personally Identifiable Information (PII):
Nowadays, every organization acquires, uses and stores the Personally
Identifiable Information or PII for their employees, and depending on the nature
of the business or area of establishment, the customers, patients, residents and
users. PII is any information that can be used to uniquely identify, contact or
locate an individual. About 86% of the US population could be accurately
identified by their gender, age and ZIP code with the use of PII. Thus, this
amount of private information if compromised could fall in the hands of a wrong
person and could be used for ill purposes without the original owner of the PII
being involved and that could only be traced back to the original owner (Kim &
Srivastava, 2007). Hence, a compromise of the PII could not only lead to a legal
harassment of the original owner of the PII but it could also be used as a perfect
cover for performing illicit crimes under a fake identity.
Thus, because of this sensitive issue regarding PII, it is expected of the
organizations which deals with the acquiring and storing of PIIs to manage this
private data very carefully, and keep it secured to protect it from theft, loss, or
any form of unauthorized access. Any form of misuse of the private data, or loss,
or compromise of any information could lead to legal proceedings, and carry a
steep financial loss and damage to the reputation of the organization. Above
that, a compromise of PII can also result in the loss of customer trust, employee
dissatisfaction and attrition and clean-up costs after the breach. As a result, the
necessity to keep PII safe and secure from any form of compromise should be
one of the top priorities of an organization (Kim, Le, Lauw, Lim, Liu & Srivastava,
2008).
The following flow-chart provide an overview of the solutions that an
organization should look for while counterattacking any form of breach that
might threaten PII:
Some way in which PII could be protected are:
Encryption:A full disk encryption of PII could make it difficult for an
outside to access the information.
USB, CD and Removable Media encryption
Policy-based Email Encryption
File share encryption
Central key management and backup
Ability to audit encryption status
steep financial loss and damage to the reputation of the organization. Above
that, a compromise of PII can also result in the loss of customer trust, employee
dissatisfaction and attrition and clean-up costs after the breach. As a result, the
necessity to keep PII safe and secure from any form of compromise should be
one of the top priorities of an organization (Kim, Le, Lauw, Lim, Liu & Srivastava,
2008).
The following flow-chart provide an overview of the solutions that an
organization should look for while counterattacking any form of breach that
might threaten PII:
Some way in which PII could be protected are:
Encryption:A full disk encryption of PII could make it difficult for an
outside to access the information.
USB, CD and Removable Media encryption
Policy-based Email Encryption
File share encryption
Central key management and backup
Ability to audit encryption status
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Ransomware and its Impacts on Societylg...
|12
|2901
|122
Network Security: Protecting the Integrity and Usability of Networking Services and Datalg...
|25
|1420
|50
IS Security and Risk Management Assignment PDFlg...
|10
|3410
|84
Signs of a Network Data Breach & How to Prevent Onelg...
|6
|1682
|13
Understanding SQL Injection, Insider Attacks, and Malware Threats for Enhanced Cybersecuritylg...
|7
|2711
|157
Security Threats to Organizationlg...
|5
|1156
|22