[BreachExchange] Threats to information security

[Audrey McNeil]

http://www.herald.co.zw/threats-to-information-security/

Imagine the nuclear codes of the world’s deadliest nuclear warheads in the
hands of cyber criminals. Or imagine your hard earned money just vanishes
from your electronic wallet without a trace.

If that is thought provoking, then it’s a clear indication of how intense
and critical information security is. This article will touch on threats to
information security. These are negative entities that pose constant danger
to assets.

The modern digital world has allowed more innovation in many areas
including social and business activities. It has also opened doors to
cybercriminals who are now carefully discovering new ways to tap the most
sensitive networks for sensitive data in the world for their own gain.
Protecting business data is a growing challenge but awareness is the first
step.

Currently, organisations are struggling to understand what the threats to
their information assets are and how to obtain the necessary means to
combat them which continues to pose challenges. There are different types
of threats to information. Some threats are through technical failures,
natural disasters and poor management decisions.

Threats beyond our control such as natural disasters require management
intervention through disaster management strategies.

Social Engineering – As people are becoming more and more aware of
different technologies, cyber criminals are resorting to human hacking.

In the security chain, the weakest link is the human mind and these are
known as non-technical methods. This act is unpredictable and mostly
involves psychological manipulation. Almost everyone who uses the internet
has a digital footprint which can be used against them.

For instance, if you are to Google search your name you will be surprised
with the detailed information that comes up about yourself in cases where
you have many social media accounts such as Facebook and Twitter.

These kinds of threats mainly target individuals and rarely on corporates.

Inadequate Security Technology – Most organisations are using outdated
software that is no longer receiving software updates. A good example is
Windows XP. This poses a serious threat if a financial software package is
run on it.

Cyber criminals can create a backdoor entrance into your systems and enjoy
fruits they did not sow without you noticing it.

A reputable company can suffer huge losses because of poor technological
management practices. Malicious software can penetrate these outdated
systems undetected.

Information technology professionals must help in upgrading the systems.
Investing in software that monitors the security of a network has become a
growing trend in the enterprise space lately.

The software is designed to send alerts when intrusion attempts occur,
however the alerts are only valuable if someone is available to address
them. Companies are relying too heavily on technology to fully protect
against attack when it is meant to be a tool managed by skilled manpower in
order for the full benefit to be accrued from it.

BOYD (Bring Your Own Device) Policy. A process of allowing employees to
bring their own devices like laptops, tablets and other related gadgets to
access corporate ICT resources. This is very common in local organisations.
Company confidential data can be easily distributed to unintended
destinations.

Lack of Encryption – Financial, telecommunication and health care
institutions are well aware of the sensitivity of the confidential
information which is in their possession.

It is necessary to protect the data when it is being conveyed from one node
to the other. Data should be disguised from unauthorised users, which is
achieved by a process known as encryption. Using old technologies that use
old encryption methods is not safe.

Technology with Weak Security – If you have been following technological
trends, you would notice that almost every day new and smart gadgets are
released. However security is behind and in some of these gadgets, the
suppliers tend to cover up the flaws with software patches.

With the advent of IoT, some of them rely on cloud services. A weak or
unsecure connection to the cloud presents a serious risk. Cyber criminals
prefer the path of least resistance.

Mobile Malware – Several security experts diagnosed risk in mobile device
security since the early stages of device connectivity to the Internet.
These mobile devices have now been targeted by spyware which is software
that can secretly monitor user browsing habits without their knowledge.

Improper Configuration of Systems – Companies continue to neglect the
importance of properly configuring security settings.

Big data tools come with the ability to be customised to fit an
organisation’s needs.

Ignorance in this area is a serious threat as it poses a high risk of data
breach. It is important to know your systems in order to protect an
organisation’s information.

These are a few of the threats to information security corporates face. In
the next issue we will highlight mitigation measures that individuals and
corporates can apply to protect this valuable business asset.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170626/03263f71/attachment.html>