Threats to Information Security
The increase in cybercrime has prompted many companies to come up with ways of securing their data. In not doing so, may result in vital data landing into the hands of corrupt individuals who may exploit them to their benefits. The purpose of writing this paper is to discuss some of the numerous threats information security faces. In doing this, we are going to answer some of the questions such as: why is information security an important issue? ; What are the sources of information threats (human, nature, and technology factors)? Information will be obtained from various assigned materials. As a result, we will understand the risks to information and see some of the ways of curbing them.
Importance of Information Security
Information that is important to an individual or an organization should be well taken care of to make sure that the rights of the persons are respected through their private data not being accessed without authorization. According to Pesante (2008), information stored electronically is more vulnerable than its counterpart which is contained in printed papers and locked in a cabinet. She goes ahead to state that there are fundamental security concepts to storing data on the internet, which is availability, integrity, and confidentiality. Therefore, only the right person should have entry to the details contained on the internet to avoid being sued.
Loss of confidentiality happens when someone copies or reads data they are not authorized to access. Pesante (2008), pointed out that privacy is a crucial attribute when it comes to some types of information. Examples include insurance and medical records, corporate investment strategies, research data, and new products specifications. In other cases, there may be a legal obligation for the company to safeguard the privacy of individuals. This is probably true for debt collectors; hospital records and medical testing laboratories; banks; and agencies that provide counseling services. Consequently, if such information is accessed by an unauthorized individual, there may be a legal liability which could result in the company losing a lot of money in damages.
Information security should be maintained to prevent data from losing integrity through modification in unexpected ways. According to Pesante (2008), the unauthorized alteration could either be intentional or by human error. Activities such as financial accounting, air traffic control, and electronic funds transfer are an example of tasks whose data cannot afford to be compromised. If such a thing happens, an individual may lose money by transferring it to the wrong person, and a change in air traffic controls by a terrorist could result in plane crashes.
Information security is also essential since data can even be erased entirely making it unavailable. As a result, information cannot be accessed when needed by those approved to do so. Businesses that deal with the online inventory system and airline schedules are an example of companies that depend on the availability of information when it is needed. Loss of availability of information may lead to waste of time in recovering from the problem which could result in a decrease in productivity (Pesante, 2008). Care should be observed to ensure data is always made available when it is needed to prevent things such as loss of staff hours due to businesses coming to a standstill.
Cyber threats continuously put our federal systems at risk due to the vital information and dockets they control. According to United States Government Accountability Office (2009), cyber threats to cyber-based essential infrastructure and federal information system keeps on growing and evolving. With the advancement in computer technology, various agencies are becoming more reliant on the computerized based information system to carry out its numerous operations and also to store data. Due to this fact, care needs to be taken by the federal agencies to preserve the accountability, integrity, and confidentiality of their various information system. Failure to do so could lead to many things such as federal payments being stolen, critical operations being disrupted such as those supporting emergency services and national defenses, and attacks could be launched on other computer systems through computer resources (United States Government Accountability Office, 2009). Consequently, policies should be adopted to make sure entry is not granted to wrong people.
Intellectual Property (IP) which ranges from trade secrets such countries where a patent is registered, the chemical formula for the product or dates for product launch are more valuable than any physical assets the company possess. According to Behr and Slater (2012), Intellectual Property Commission have shown that IP theft costs companies in the USA yearly to the tune of 600 billion dollars. Henceforth, denying the rightful owners a vast amount of revenue.
Sources of Information Threat
Information threat can be categories according to human, nature and technological factors.
Human beings can prove to be a threat to information either intentionally or unintentional. According to Behr and Slater (2012), an example of a situation of an individual deliberately becoming a threat to report is an engineer who often had lunch with his previous boss who currently works for a rival firm kept revealing the competitive secrets of his company. In a span of 14 months, the information ended up costing his employer to lose three prime deals.
Employees may also give out some secrets of the company without intending to do so. Scientists who were from Eastern Europe and were working on the defense in America got an invitation to serve as consultants or address people at a seminar (Behr and Slater, 2012). As scientists, this call appealed to them as they wanted to share information with their peer’s about their work. In doing so, their country gathered information which would have been expensive if they had researched.
Combating the threat of human to information involves a variety of measures being put in place. Rooms housing sensitive data should be well locked, and the number of workers accessing it should be limited. Educating employees on the importance of preventing IP leaks can prove to be important in protecting information. According to Sasser (2010), installing anti-phishing software can help in identifying suspicious content that gets integrated into our email clients and web browsers. Two-factor authentication also helps to prevent fraudsters from using bank cards since one requires the card plus a PIN number to access it. Physical security helps to reduce the risk of an unauthorized person accessing data; this is through locating the facility in a secure location, putting deterrence and delay by erecting high fences and also hiring guards (Infosec Institute, 2012).
When technology is put to good use, it leads to prosperity and success in the country, but if not taken good care of, it can be disastrous. An example is a cyber-attack aimed at the city water utility based in Illinois which destroyed a pump. The attacks took place over a series of months where they powered the system on and off severally burning out the water pump this was done by taking control of the Supervisory Control and Data Acquisition system (SCADA) network ( Krebs, 2011). From this, we can see that if the technology is not monitored carefully, it can lead to other areas shutting down.
Another way through which technology can affect information is through software failure. According to Perrow (2008), 75% of crashes that occurred in 2005 was as a result of software failure. The software errors come about as a result of a faulty code, operator error, specification errors, and also due to management and organizational problems. Such failures have disrupted financial activities, hospital, communication systems, and airports. Therefore effort should be taken to create proper codes and educate people on the various methods and specification put by the manufactures on their products.
Human beings are not involved in any manner in environmental factors affecting informational technology. Jouini et al. (2014), states that natural disasters such as floods, lightning, earthquakes, animals, and wildlife interference hurt the information systems. Floods can destroy systems holding information making them inaccessible. Shock can ruin communication infrastructure making it impossible to access data through the internet. It is hard to control these factors since most of them are beyond our scope. However, measures should be put in place to come up with backups in case we face such tragedies.
From the article, we have seen how vital information systems are. If not protected and safeguarded thoroughly, unauthorized people may manipulate them to their benefits, a business may incur losses, and accidents may occur due to technological errors. Therefore, appropriate infrastructure has to be put in place to prevent such things from happening.
Institute, I. (2012, December 18). Physical Security: Managing Intruder. Retrieved October 10, 2017, from INFOSEC INSTITUTE: resource.infosecinstitute.com/physical-security-managing-intruder/
Jouini, M., Rabai, L. B., & Aissa, A. B. (2014). Classification of security threats in information systems. In ScienceDirect (pp. 489-496).
Krebs, B. (2011, November 11). Cyber Intrusion Blamed for Hardware Failure at Water Utility. Retrieved October 28, 2017, from Krebs on Security: https://krebsonsecurity.com/2011/11/cyber-strike-on-city-water-system/
Office, U. S. (2009). Cyber Threats and Vulnerabilities Place Federal Systems at Risk. In INFORMATION SECURITY (pp. 2-10).
Perrow, C. (2008). Software Failures, Security, and Cyberattacks.
Pesante, L. (2008). Introduction to Information Security. Carnegie Mellon University.
Sasser, P. (2010). Anti-phishing software. Retrieved from articleworld.org: www.articleworld.org/Anti-phishing_software
Slater, A. B. (2017, September 6). Intellectual property protectio: The basics. Retrieved from CSO: https://www.csoonline.com/article/2138380/loss-prevention/loss-prevention-intellectual-property-protection-the-basics.html?page=1