Common Information Security Threats September 22, 2012 Common Information Security Threats As company’s dependence on computers and the internet increase, there are more and more threats that they face from hackers and anarchist alike. For ever solution that companies come up with to defend themselves against cyber attacks, those who wish to do harm find other means to attack, it is a constant cat and mouse struggle. If 2011 has been any indication, it is clear that everyone is vulnerable to cyber attacks.
There was wave after wave of hacking, malware, and spear-phishing attacks that succeeded in exploiting many well-known businesses, such as RSA and Sony, which lead to the exposure of millions of records. (Schwartz, 2012) The purpose of this paper is to discuss three of the top information security threats that any business and organization face today: breaches, cyber espionage, and mobile malware. A breach is when there is unauthorized access to someone’s personal information for means to collect, use, or to disclose.
These breaches happen mostly when the information is stolen, lost, or disclosed by accident (e. g. , a computer containing personal information is stolen or the information emailed to the wrong people by accident. ). Breaches may also be a result of errors in an organization’s procedure. Such information that is stolen can belong to a customer, patient, client, or employee. Once a breach has been identified, the organization must take immediate action to address the incident and reduce any additional risk that results from the event.
This is when redundancy becomes very important in enterprise architecture because organizational information systems provide a failover mode that helps to ensure that failed components trigger the appropriate backup components with similar capability. Another common threat that companies face in terms of information security is cyber espionage. This practice is when secrets are obtained without the permission of the holder of the information (whether it is personal, sensitive, or classified in nature), from a person, competitors, rivals, roups, governments for an advantage. This type of attack typically lead to identity theft, lower quality counterfeit goods, lost sales, or the lost in brand value, thus lowering overall economic growth and declining international trade. (Roberts, 2012) There are many reasons what corporate espionage in on the rise: including the worldwide decline in the economy and frequent job changes. There are even countries that use the acquisition of trade secrets for their benefit to boost their economy.
Sadly, in order for some companies to succeed, they must use these means to get a “one up” on their competition. This means getting the best product developed and out to the market first, and at the best price. In order to help prevent cyber espionage, the first step is to identify information that, if loss, could harm a company, as well as how valuable that information is to a company and its competitors. This information is the most important and requires the most attention.
Once this information has been identified, it must be decided how to best protect it against low-tech attacks. A company needs to perform an effective and targeted security awareness program, along with regulatory security testing over the entire enterprise. Lastly, they need to run simulations of actual attacks against their data systems to find any loopholes that can be exploited. The last information security threat that will be discussed is mobile malware. Companies are becoming more and more reliant on mobile employees, workers with a laptop, Smartphone, or tablet.
This evolution towards a mobile work force is being forced mainly by lifestyle choices, productivity gains, and technology advancements. But as the use of these devices increase in the workplace, so does the threat of compromising information through malware. Just as recently, the Internet Crime Complaint Center (IC3), a government task force that includes the FBI, issued a mobile malware warning stating: “The IC3 has been made aware of various malware attacking Android operating systems for mobile devices,” the warning said. Some of the latest known versions of this type of malware are Loozfon and FinFisher. ” (Kerr, 2012) Most of the malware that infects mobile devices are delivered through bogus e-mail messages that are sent to the user. Once the link is clicked, the malware is then installed and can either steal information from the user, or some can even take over components of the Smartphone itself. Various security reports state that mobile malware has been on the rise over the past year and that it has been multiplying at a faster rate now than any other time in the last four years.
Mobile device operating systems (iOS, Android, Blackberry, and Windows) have been updating their systems in hopes of offsetting the rise in malware being passed along. As the updates come out, so does new hacks and malware over time. One step that users can use to help minimize their chances of catching malware on their mobile device is by uninstalling all unneeded programs and applications. Before downloading anything, including emails, verify the source first, if it is unknown, do not download or click on any links.
Businesses are not obligated to protect confidential information in their computer systems just to satisfy their customers, there are both ethical and legal reasons too. There are numerous federal laws that exist to protect sensitive information. If any of these laws are broken, the companies risk not only the public humiliation, but also a great deal of fines and penalties. Privacy is the main ethical issue that information systems face. A person has the right to have their information secured from misuse and the right to be left alone when solitude is desired.
In this paper the topics discussed included three of the most common information security threats, including breaches, cyber espionage, and mobile malware, as well as the legal and ethical responsibilities of a organization. If companies take these threats into account and make sure to safeguard themselves against them, they can insure that they will have continued success. If they do not, they can jeopardize their brand name, as well as face heavy financial penalties.
References Friedman, J. , & Hoffman, D. V. (2008). Protecting Data on mobile Devices: A Taxonomy of Security Threats to mobile Computing and Review of Applicable Defenses. Information knowledge Systems Management, 7(1/2), 159-180. Kerr, D. (2012, October 15). FBI Warns Users Of Mobile Malware. Retrieved from http://news. cnet. com/8301-1009_3-57532937-83/fbi-warns-users-of-mobile-malware/ Locke, G. , & Gallagher, P. D. (2011, March). Enterprise Architecture. Information Security, 800(39), 17-19. Podszywalow, M. (2011, November 29). How to Detect and Stop Corproate Cyber Espionage. Retrieved