StudyDaddy Article Writing Subject: Analyzing and Visualizing DataQuestion 1: Write a 500 word essay (APA format & 2 latest scholarly journal article references 2016 on words) Kirk (2016) tells us that data adjustments affects

Subject: Analyzing and Visualizing DataQuestion 1: Write a 500 word essay (APA format & 2 latest scholarly journal article references 2016 on words) Kirk (2016) tells us that data adjustments affects

Running head: INFORMATION THREATS 0

Week 4 Paper

Information Security Threats for Organizations

ITS 834: Emerging Threats and Countermeasures


Most organizations are dependent on IT in all their operations. Information security has an array of benefits for an organization in conducting business, keeping financial records, and other uses. It also facilitates in meeting the daily needs of customers as well as future demands. Organizations are responsible for managing the data, personal details, and security information of customers (Surma, 2019). They must also ensure the stored data are private since it can be hacked by unauthorized persons. Information systems in an organization are exposed to various forms of security risks and the ferociousness of attacks. The most common damages that affect an organization's information assets include physical damage, database integrity security breaches, and more. Computer systems that lack proper security control can be interrupted by malicious actions and software. Threats can arise from carelessness during data entry, hackers, and employee mistakes. The adoption and use of modern technology in business are associated with multiple forms of threats, making the protection of information a major challenge.

Errors and Omissions

Mistakes and exclusions are common security threats that people often underrate. Information security damage can be through security breaches of data ware, hardware, and life ware, which makes omissions and errors noteworthy addressing. In addition, employees commit most mistakes deliberately (Surma, 2019). For instance, employees with a large workload daily may intentionally fix incorrect values in a database or as well omit it. However, it is not the employees that are responsible for errors and omission, users who are the source of data. These types of threats are impossible to handle since there cannot be a mechanism for preventing mistakes during data entry. Thus, an organization needs to educate its employees on the danger of these threats to information data. It can also improve their working conditions to enhance positive attitudes in their operations. Apart from database entries, the error can occur during the development of information systems and programming. A developer may commit some mistakes when manually coding, which can have a significant impact on information system security. According to research, over 60% of all information asset threats are due to omissions and errors regardless of their cause. Bugs, programming errors, may have zero impacts or severe enough to cause a system malfunction. The organization may incur a lot of money to attempt the debugging. This, in turn, affects a company's financial status and damages its profile.

Fraud and Theft

This is a form of information asset threat that can be done by transforming the traditional ways of fraud through automation. Fraud and theft can also be carried out using contemporary methods such as technology devices. It can occur both internally or externally (caused by insiders and outsiders). For instance, an employee may use a program in a computer to allocate themselves a small amount of money without the consent of the management. This fraud leaves the financial accounts with a very insignificant balance, and the transaction is not suspicious. However, the cumulative stolen amounts result in a significant financial loss to the company. This form of threat affects other systems other than financial assets. The fraudster may steal data with private access such as telecommunication information systems, public institutions' information systems, and warehouse information systems (Jain et al., 2019).

Fraud and theft from the insiders are the most common since they are authorized to use the system regularly. The reason is that their access is unlimited, which allows them time to plan. They also have knowledge regarding the system operation, security controls, and how the indictable theft can be evaded. Another form of fraud affects technology companies that offer advertising services. For instance, Google AdSense has a pay per click product and service promotions. The service is set to benefit those who intend to find out about a product when they click and reward the owners of a website containing the advert. However, a fraudster clicks the link with no concern of the product, but with the motive of making money. They may hide their identities or use automated clicking software.

Employees as inside threats

Employees are the most vulnerable source of information threats. They have access to most physical equipment in an organization, and the management has to apply trust as sole assurance that damage and theft do not happen (Jain et al., 2019). Copying or compromising the hardware, such as hard drives, can result in loss of customer and company data. It can happen through the stealing of the company devices or using USB flash disks to transfer data. The information can be sold to third parties, competitors, or published online.

Moreover, they can physically destroy data or equipment by smashing a hard-drive or intentionally deleting the data. Also, they can plant logic bombs to destroy data or programs. An employee can even crash the systems. Studies also show that power loss, floods, fires, terrorism, and other disasters can destroy information assets. The reason is that they damage equipment and cause data loss. Although some of the calamities are as a result of natural forces, employees can sabotage a company purposely using some of these disasters.

Other sources of vulnerabilities can occur unintentionally. For example, an employee who documents some work details in a personal computer can forget it in a means of public transport. If the laptop is unlocked, it can expose a lot of information to unauthorized persons who open it. Also, a person can permanently delete a folder containing important information, yet the action was entirely accidental. The hardware can also be damaged through accidents such as spills. Studies have revealed that these errors occur when organizations invest limited time to monitor and train their staff (Surma, 2019). Thus, protective organizations educate workers on the proper use and safety of IT devices.

Malware

Malware is malicious software that has adverse effects on organizations. It interrupts the processes of computers and IT systems and is also capable of accessing, stealing, and deleting essential stored data. Although this threat can be prevented through proper cybersecurity and the use of firewalls, acquisition of knowledge regarding malware can assist workers and business owners to protect their network and computer systems. There are various forms of malware that affect businesses:

Worms: According to Yao et al. (2017), these are types of malware that replicate themselves. Thus, a human effort or action does not necessary for them to spread on different computers. Worms enter the email address book of a user and distribute infected emails impersonating the user. Consequently, they can infect multiple networks within a short period.

Virus: This is one of the most common forms of malware affecting computers. When a user opens an infected file, the virus may affect a part of the whole computer system (Yao et al., 2017). Viruses can be less harmful or extremely harmful; for example, they can simply alter the appearance of the computer or crash the entire operating system.

Phishing: This is a form of social engineering where an attacker masquerades as an individual or a known source of an email. The emails may contain instructions to log in or modify passwords. When a user sends the details, they are recorded in a clone website. This loss of data is common for companies when employees mistakenly disclose important business credentials. Some of the data targeted include the login details, addresses, names, credit card info, social security numbers, and more financial data. Phishing can also make a computer user download malware. They can be sent informing of files that download upon clicking. The downloaded malware steals sensitive information for the attacker to see. Also, it may send spam emails to their contacts. Phishing targets unsuspecting employees, thus, educating them on this type of attack is crucial.

Ransomware: A ransomware is a significant threat to organizations as attackers develop modern ways of spreading them. This software attacks a computer and hold the files, and asks for charges a specified amount of money to restore those (Kolias et al., 2017). The program encrypts the data to ensure it is unusable; therefore, the owner is left with no option other than meeting the demands. Ransomware is spread in the same way as a virus.

Trojan: An attacker fixes Trojans into downloadable files on the internet. When an employee or other user downloads it, they may fail to notice that additional malicious injections are a part of the file. Once in the user's computer, Trojan becomes active and can be used to send spam messages, weakening the security systems, or deleting data (Peterson et al., 2018). These types of drive-by download attacks can download automatically when a person clicks on a website via a browser. However, a company can use patch systems and update the software that blocks malicious websites.

Hacking

Modern technology has transformed communication networks and the internet, but hacking is a major threat to organizations' information security systems. A hacker is an individual who tries to gain access to an unauthorized information system and obtain data and other resources (Peterson et al., 2018). The extent of harm that a hacker causes to a network may not be significant, but the consequences of resulting theft and fraud can be enormous. Hacking actions usually target companies and organizations since they have vast amounts of data and money. Credit card numbers and other stolen information is a threat to every business using technology. Both the media and information system security experts agree that hackers have increased over the recent past.

Various reasons make hacking a hybrid threat to organizations. First, the intention of a hacker is mostly unknown. They may, after an indication of security flaws, alteration of data, pointing out of bugs, deletion of information, theft of data, and more (Surma, 2019). This makes it hard to prepare and prevent their access. Second, most hackers do not operate within the company; they are outsiders. Therefore, it may be difficult to sanction their actions. Third, the attackers may launch a malicious activity without a viable reason, which makes humans vulnerable. Consequently, one cannot approximate the scope of damage they intend to cause.

Cloud Computing Threats

Although the use of cloud is recommended for its way of securing organizations' operations, several cyber security threats may damage the cloud systems (Jain et al., 2019). With more businesses joining this type of technology, many types of attacks have been eliminated. Traditionally, cloud computing was prone to information threats such as abuse of use, data breach, loss of encryption codes, supply chain failure, privilege escalation, compliance risk, and more. The common threats of cloud use include distributed denial-of-service (DDoS) attacks, denial-of-service (DoS) attacks, and economic denial of sustainability (EDoS). The SLA (service-level management) is the common denominator for operation between users and service providers. It entails the nature of service that a client demands, and the cloud vendor provides it.

The client pays the provider depending on the number of resources they use. DDoS attacks from fraudsters may attack a client, and the cloud vendor has to respond immediately (Kolias et al., 2017). They may be forced to neutralize the attack by allocating huge sums of money for appropriate resources. If the DDoS becomes an EDoS attack, it has adverse financial implications that are bounced back to the client. When this occurs, a user may decline using the services of a cloud provider and choose the ones with low costs. The company ends up losing a client and its reputation.

To conclude, the current global information technology has affected the business models as well as the nature of handling information. Computer systems and computerized devices have become part of businesses. Some organizations entirely depend on IT for survival. However, new trends are prone to new forms of attacks. The most vulnerable point for an attack by unauthorized persons is the organization employees. Humans can easily be tricked into installing malicious software or clicking suspicious links via email. Phishing has been a major method of stealing data. Different types of malware can expose a company's data to competitors or lead to attacks by more dangerous enemies. Hackers also launch attacks by targeting weak points of the security systems as well as bugs. The latest use of cloud computing in businesses is considered as the safest due to its tight security. However, attackers succeed in launching various attacks such as DDoS that may render an operating system useless. Organizations can prevent various threats by installing the right protection software and educating their employees on how these threats can be avoided.

References

Yao, Y., Fu, Q., Sheng, C., & Yang, W. (2017, October). Modeling and hopf bifurcation analysis of benign worms with quarantine strategy. In International Symposium on Cyberspace Safety and Security (pp. 320-336). Springer, Cham.

Kolias, C., Kambourakis, G., Stavrou, A., & Voas, J. (2017). DDoS in the IoT: Mirai and other botnets. Computer, 50(7), 80-84.

Jain, D., Rana, A., & Nigam, U. (2019). Risks to Organizational Information Security from Insider Threats. JS International Journal of Multidisciplinary Research, 1.

Peterson, D. C., Adams, A., Sanders, S., & Sanford, B. (2018). Assessing and addressing threats and risks to cybersecurity. Frontiers of health services management, 35(1), 23-29.

Surma, J. (2019). Cyber Threat Intelligence Systems: problems and challenges. Collegium of Economic Analysis Annals, (54), 267-274.

Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!