Information security is a major concern for meeting international organisations. Over the past decade, companies have transformed their internal structures by implementing computerised information systems which have allowed them to expand their scale of operations. In order to effectively serve potential customers as well as existing ones, it is imperative that the organisation accurately identify their consumers needs and wants. This can be achieved by gathering data on these individuals, for example, Massy Cards. Due to this fact, information security is of paramount importance.
Information security refers to the methods and tools by which data and information is secured so that only persons authorised to use it can do so. Similarly, Ferrari and Thurarsingham (2066) portrayed information security as shielding information and frameworks from dangers, for example, unapproved access, unlawful use, exposure, interruption, alteration or destruction. Knowledge is power, this peel review seeks to examine the threat associated with information security, as well as provide solutions to mitigate these threats.
A threat can be described as the capability of an adversary to attack a system
(Swiderski & Snyder, 2004).
One of the most common information security threats is malware.
Malware are malicious software programs which include a variety of threats such as computer viruses, worms and Trojan horses. A computer virus is a rogue software program that attaches itself to other software programs or data files to be executed, usually without user knowledge or permission. Viruses typically spread from computer to computer when humans take an action, such as sending an email attachment. Unlike viruses, worms, which are independent computer programs that copy themselves from one computer to another over a network, operate on their own without attaching to other computer program files and rely less on human behaviour to spread from computer to computer. Worms destroy data and programs as well as disrupt or even halt the operation of computer networks.
According to IT Security Experts, mobile devices pose greater security risks than computers because so many wireless devices are now linked to corporate information systems. By the end of 2015, Mc Afee Labs had collected more than 6 million samples of mobile malware (Snell, 2016). Moreover, Panda Security reported that it had identified and neutralised more than 84 million new malware samples throughout 2015. More than 27 percent of all malware samples ever recorded were created in that one year alone (Panda Security, 2016). More than 51 percent of the infections Panda found were Trojan horses. A Trojan horse is a software program that appears to be benign but then does something other than expected. It is not a virus because it does not replicate, but it is often a way for viruses or other malicious code to be introduced into computer systems.
Another common security threat is hacking and computer crime. According to the Merriam Webster Dictionary (2013) a hacker is a person who illegally gains access to and sometimes tampers with information in a computer system. The main reason for hacking is to create attention. Hackers gain unauthorised access by finding weaknesses in the security protections websites and computer systems employ, often taking advantage of various features of the internet that make it an open system and easy to use. Most hacker activities are criminal offences and the vulnerabilities of systems make them threats for other types of computer crime as well. In its simplest form, computer crime is a crime that involves a computer or network. According to the Panaman Institutes 2015 Annual Cost of Cyber Crime Study, the average annualized cost of cyber crime for U.S. companies benchmarked was $15 million per year (Panaman Institute, 2015). The most economically damaging kinds of computer crime are DOS attacks, activities of malicious insiders and mob based attacks.
Furthermore, identify theft is also a threat associated with information security. Identity theft is a crime in which an imposter obtains key pieces of personal information such as social security numbers or credit card numbers to impersonate someone else. The information may be used to obtain credit, merchandise or services in the name of the victim or to provide the thief with false credentials. According to the 2016 Identity Fraud Study by Javelin Strategy & Research, 13.1 million consumers lost 215 billion to identity fraud in 2015 (Javelin, 2016). One popular form of identity theft is called phislyto. This involves setting up fake websites or sending email messages that ask users for personal information. The email message instructs recipients to update or confirm records by providing social security numbers, bank and credit card information and other confidential data either by responding to the email message by entering the information at a bogus website or by calling a telephone number.
In order to combat these security threats, organisations can provide the following recommendations :-
Firewalls prevent unauthorised users from accessing private networks. A firewall is a combination of hardware and software that controls the flow of incoming and outgoing network traffic. It acts like a gatekeeper that examines each users credentials before it grants access to a network. The firewall prevents unauthorised communication into and out of the network.
Authentication is the ability to know that a person is who they claim to be . Authentication is often established by using passwords known only to authorised users. An end user uses a password to log on to a computer system and may also use passwords for accessing specific systems and files. There are two forms of authentication, biometric authentication which uses systems that read and interpret individual human traits, such as fingerprints, irises and voices, to grant or deny access and two factor authentication which increases security by validating users through a multistep process. To be authenticated, a user must provide two means of authentication, one of which is a physical token, such as a smartcard and the other which is typically data such as a password.
Intrusion Detection Systems
Intrusion Detection Systems feature full-time monitoring tasks placed at the most vulnerable points or hot spots of corporate networks to detect and deter intruders continually. The system generates an alarm if it finds a suspicious event. The intrusion detection tool can also be custom read to shut down a particularly sensitive part of a network if it receives unauthorised traffic.
Risk Assessment determines the level of risk to the firm if a specific activity or process is not properly controlled. Ethical hackers can minimise the risk of impact by exploring vulnerabilities beforehand to minimise the risk. This can be achieved by allowing the organisation to undertake penetration tests to find if they are vulnerable to attack.
Information is esteem and organisations are acknowledging that information security dangers can severely impact business. The world is constantly evolving and it is the organisations responsible to keep abreast of the latest issues impacting information security such as malware, hacking and computer crime and identity theft. In the event that such a threat arises and identity theft arises, organisations would take the initiative and establish programs and policies to obliviate the negative consequences associated with these threats such as firewalls, authentications, intrusion detection systems, risk assessment and antivirus software.
Ferrari,E. & Thurarsingh, B. (2006). Guest editorial.
Special Issue On Privacy Preserving Data Management.
The Vldb journal, 15 (4), 291-291
Hacker. Merriam-Webster.com. Merriam-Webster (2013)
Web. 9th December 2017
Javelin Strategy & Research. (February 2, 2016). 2016 Identity Fraud Study.
Laudon, K.C., & Laudon, J.P. (2018), Management Information Systems.
Managing the Digital Firm (15th ed). Hoboken. NJ : Pearson
Panda Security. (January 28, 2016). Pandalabs 2015 Annual Report.
Snell,B. (2016). Mobile Threat Report. Mc Afee Inc.
Swaderski, F. & Snyder, W. (2004). Threat Modelling Microsoft Press