Security Threats Faced by Organization

All modern organisations use information systems that are networked and connected to the external world via the internet. Though this brings access to a vast ocean of useful information and services, it also poses a tremendous security challenge. The threats to the modern information systems environment are many and varied.

Security threats arise from the malicious software that enters the organisation from outside, from internal users who have malicious intent or from accidental loss or exposure of internal information. The sections below explain some of the threats faced by organisations.

Security Threats Faced by Organization

Malware

Malicious external software that pose a threat to the security of organisations come in many forms. One of the most widely prevalent threats is that of viruses which are software packages that harm the organisation’s information technology assets. Viruses typically enter the organisation through various applications of the internet or through devices such as USB memory sticks, and then spread within the network to many hosts. There are millions of viruses that harmfully impact computer systems.

A cousin of the virus is the worm, another malicious software application that spreads relentlessly across networks and chokes them up. A third type of malicious software is called Trojans, or Trojan horses. Trojans typically reside in the computer and allow malicious software or users from outside to invade the computer and use its resources. Spyware is a type of software that also resides in the computer and secretly relays information about the usage of the computer to agents outside.

A common term used to describe the various kinds of malicious software mentioned above is malware. Malware are a massive security problem for Chief Information Officers (CIOs) of organisations and require careful planning and large investments to manage. Analysts estimate that huge losses worldwide are caused by malware.

The loss is computed on the basis of productivity lost owing to downtime of computers, the costs for cleaning up and replacing data, the costs for additional security measures and the costs from direct loss of business. Commercial firms lose data if malware enters their premises, and it costs them much to clean up, but they also lose reputation as a firm among their clients and partners. Managing security is thus a very high priority for organisations.

Cracking and Espionage

The words cracking and hacking are often used interchangeably. Cracking is the act of breaking into computers or computer networks illegally. This is usually done by expert programmers who find ways to break into networks by identifying weaknesses in their security or by uncovering passwords or some such method that is not strictly legal. The programmers’ intention of doing so is often mischief to show how clever they are at breaking secure systems. Sometimes their objective is to steal information, digital resources or money.

Hacking also refers to the same act, but sometimes hacking is also done for useful reasons, known as ethical hacking, where expert programmers break into systems to expose weaknesses rather than to do any harm. Although the two terms are now confused, technically, many people believe hackers are always ethical and are the most competent at programming.

Phishing and Identity Theft

Phishing is another cyber crime that is perpetrated through social engineering. Phishing is done with fake websites that masquerade as real ones. A typical scenario for phishing is as follows: Person A receives an email message from his/her bank, saying that he/she has to upgrade his/her login and password details for security reasons. The email also provides a link on which A can click and be directly transferred to the bank’s website.

A does click on the link and is taken to a web page that looks entirely like his/her bank’s page. He/she types in his/her login and password and finds that he/she is not able to enter the page and only gets an error message. What has happened is that A has been directed to a fake website that has a similar appearance to that of the bank. When A types in his login name and password into the space provided on the web page, he/she has inadvertently given away vital personal information to somebody.

Phishing is another cyber crime that is perpetrated through social engineering. Phishing is done with fake websites that masquerade as real ones. A typical scenario for phishing is as follows: Person A receives an email message from his/her bank, saying that he/she has to upgrade his/her login and password details for security reasons. The email also provides a link on which A can click and be directly transferred to the bank’s website. A does click on the link and is taken to a web page that looks entirely like his/her bank’s page.

He/she types in his/her login and password and finds that he/she is not able to enter the page and only gets an error message. What has happened is that A has been directed to a fake website that has a similar appearance to that of the bank. When A types in his login name and password into the space provided on the web page, he/she has inadvertently given away vital personal information to somebody.

Denial-of-Service (DoS) Attack

A denial-of-service (DoS) attack is a method by which crackers pull down or slow down the services of a website. Attacks of this sort make the website appear to be slow and unresponsive to normal users. DoS attacks are typically targeted at famous websites such as Amazon.com or Yahoo.com, as also against government and institutional websites.

One type of DoS attack relies on the three-step handshake of connection-oriented protocols. A connection-oriented protocol, such as Hypertext Transfer Protocol (HTTP, the protocol used for reading web pages), requires that the sender first send a connection request, the server responds to this with an acknowledgement and then the sender sends a specific request for a page.

After the second step, the server waits a specified amount of time for the third-step request from the sender, and then times out (which means it stops waiting). Web servers that deal with a very large number of clients, such as those of Amazon.com or Google.com, are capable of handling a few thousand requests per second. For each request they follow the three-step handshake and then continue with providing the information. Crackers exploit this handshake by sending out a request – the first step – to which the server responds, and then the cracker client does nothing, letting the server time out the connection request.

During a DoS attack, such requests are sent by the thousand and for each of them the server waits a few seconds and times out, effectively doing nothing (see Figure). However, legitimate users seeking information from these sites have to wait in a queue to be served.