What is Security Threats?
Security threats refer to any potential danger or risk that can compromise the confidentiality, integrity, or availability of computer systems, networks, or data. These threats can come from a variety of sources, including malicious actors, software vulnerabilities, natural disasters, and human errors.
Table of Content
Due to its high usage, the Internet has become a highly vulnerable medium to cyber threats. It is an open and unsecured frontier to a large extent mainly due to the existence of strict rules about what is personal and private. Each time an individual visits a website, the information exchanged is legitimately and automatically captured and recorded as a ‘cookie’ file on the computer’s hard disk.
An organization conducting business through the Internet needs to be concerned about network security. To protect against security threats over the Internet, e-businesses must implement rigorous security measures.
The objectives of these measures should be to:
- Maintain the integrity of exchanged information
- Sustain confidentiality of the exchanged data
- Create the authorization for users accessing the data
Types of Security Threats
Typical threats to online security include theft of services and software and destruction of data and software, primarily through malicious access or hacking, or computer viruses. Let us discuss these threats to online security in detail.
- Viruses and Worms
- Spam
- Cyber Vandalism
- Spoofing
- Cybersquatting
- Phishing
- Sniffing
- Denial-of-service (DoS) Attacks
Viruses and Worms
Viruses and worms are major threats to online security. They harm data and software by either corrupting them completely or partially. They attach themselves to host computers and destroy important files and software needed for the proper functioning of the system.
Viruses have been around since the 1980s. They are computer programs that replicate by attaching themselves to executable files. They might infect every application on an individual computer quickly or infect the documents on that computer very slowly. However, viruses cannot spread from an infected computer to other computers without human intervention.
Viruses spread when users send e-mails or copy data from an infected computer to a new system by using external drives, such as pen drives, floppies, or discs, or visit malicious websites or download data from the Internet.
On receiving infected emails or files, the new system gets infected with the virus and this process may continue to affect many systems. Computers connected to the Internet are especially vulnerable as many computers are connected to a single server that can spread the virus rapidly.
Worms are more sinister than viruses, as they do not rely on individuals to spread themselves from one computer to another. A worm is a computer program that is designed to copy itself from one computer to another over a network. It spreads using e-mails, newsletters, or websites. As worms spread over computers and networks, they slow down IT resources by using up bandwidth and decreasing the response time, making it difficult for users to access resources.
There is yet another type of security threat known as spyware. This is a new type of program that works by getting into a computer system and acquiring partial control over the system or collecting personnel information without an individual’s knowledge. Spyware often infects a computer during free software downloads.
Spam
Spams are messages containing bogus links to various users, which when clicked may cause harm to computers. These are nearly identical messages sent to numerous recipients by e-mail. Spams can be defined as:
- Anonymous: The identity and e-mail address of the sender are hidden.
- Mass Mailed: The e-mail is mailed to a large group of Internet users.
- Unsolicited: The e-mail is not requested by the users.
Thus, spamming can be defined as an act of sending numerous copies of the same message through the Internet. Generally, this activity is used for marketing and advertising for uncertain products and schemes. To send spam, either Internet mailing lists are stolen or addresses are searched over the Web.
Spam is a threat to online security as it not only acquires the e-mail addresses of users but also wastes their time in sorting relevant mail from unwanted mail and consumes a lot of network bandwidth. Sometimes users may confuse spam for authentic mail and reply with personal information and details that can be misused in the future. Often, spam e-mails can have attachments that may be a virus or worms and might harm system files and functionality if they are downloaded.
The attached file ‘UPSInvoice_019002.zip’ is a Trojan virus that will infect the user’s system once it is downloaded. On December 16, 2003, the US formulated the CAN-SPAM Act of the Chaptered States of America. This Act lays down the standards for sending commercial e-mails.
In India, although the IT Act is considered to be an umbrella law for Internet crimes, such as misuse of personal data, cyber terrorism, cyber security, etc., it lacks concrete provisions against unsolicited e-mails. The IT Act of India should follow the CAN-SPAM Act of the US to cover aspects such as content compliance and penalties for sending unsolicited spam.
Cyber Vandalism
Cyber vandalism involves damaging or destroying data. It can create a situation where network services are disrupted or stopped, leading to the discontinuation of network services, data, or information to the entitled users. Cyber vandals threaten network security in the following ways:
- They access a network without authorization and damage, destroy or delete data or files.
- They intentionally introduce malicious viruses or worms into a computer network to interrupt, terminate or perform any action without the authorization of the network’s owner.
- They attack a network server to prevent it from performing correctly or legitimate website visitors from gaining access to network resources.
Spoofing
Spoofing is the practice of sending e-mail messages with a forged sender address to fraud, trick or deceive recipients. It intends to misguide recipients about the actual sender of the message. For example, an individual posting on a discussion board may claim to be associated with a certain organization, while in reality, he/she may have no such connections with the organization.
Users may fake their age, gender, and location while chatting online. Such an act may lead to fraudulent practices, taking advantage of the anonymity that spoofing offers. The protocol used to mail spoofing e-mails over the Internet is Simple Mail Transfer Protocol (SMTP). This protocol does not require an authentication mechanism for the users. Hence, e-mail spoofing is quite prevalent and easier to practice
Another method of Internet spoofing is through Internet Protocol (IP) spoofing. IP spoofing involves disguising the IP address of a computer, which makes it difficult for other computers to track the source of data transmission.
It is mainly used in the denial-of-service (DoS) attack, which involves creating the unavailability of a machine or network source for its users. In a DoS attack, a range of compromised systems attacks a single target, discontinuing Web services for the legitimate users of the targeted system.
Cybersquatting
Another threat to online security is cybersquatting, which is also known as domain squatting. It is the practice of registering or using the domain name of a popular brand, trademark, or website belonging to someone else to make a profit from the owner later. A cybersquatter deals with the original owners to sell the domain name at a high price.
However, opportunities for cybersquatting are quickly fading because most businesses now know that registering domain names on the Internet is a necessity. In the past, brick-and-mortar organizations fell prey to cybersquatting as they had not realized the commercial opportunities on the Internet and failed to create their domain names.
Phishing
In phishing, tricksters acquire the e-mail addresses of bank customers and send them e-mails to get their credit card or account information by representing themselves as mailers from banks or financial institutions. Generally, the subject lines of such e-mails may read as ‘official information’, ‘urgent information for all credit card holders, etc.
The e-mails are linked to a bogus website that resembles the websites of banks or financial institutions. Once a customer is led to the website, he or she is asked to enter personal, credit card, or account information. In the year 2003–2004, there was a major outbreak of such activities when tricksters sent e-mails to customers asking for their credit card details by posing as mailers from ICICI Bank, PayPal, or eBay.
Sniffing
Sniffing is another major threat to online security. A packet sniffer is a program or device that monitors data flowing over network links. Sniffing is a technique used by professionals to help diagnose network issues.
However, its capability to capture data flowing over a network allows it to be used by malicious users to capture sensitive information, such as user names or passwords, being exchanged by users over a network. By gaining access to such information, hackers can gain access to the individual’s system or network. Illegal sniffing can be dangerous to a network’s security as it can be used almost anywhere.
Denial-of-service (DoS) Attacks
Certain threats to online security have a much greater impact in terms of affected individuals and systems. One such threat is the Denial-of-service (DoS) attack. It is an effort to create unavailability of a machine or network to its users. DoS consumes resources rendering legitimate users unable to use them.
In a network ecosystem, the main resources are Central Processing Unit (CPU), memory, and bandwidth. DoS can therefore take place in the following ways:
- Consuming CPU resources that prevent a computer from responding to processing requests effectively
- Consuming memory resources that prevent a computer from processing packets
- Consuming bandwidth resources leads to a decrease in the speed and volume of legitimate network traffic
In a DoS attack, there are compromised machines (master zombies and slave zombies) that are created during the scanning process. They are infected by malicious code and serve as hosts for both viruses and worms. The attacker controls master zombies, which, in turn, regulate slave zombies.
Once the attack command is sent to master zombies, it activates the attack process present in dormant zombies. Master zombies transmit the attack directions to slave zombies, commanding them to carry out a DoS attack against the victim system. A large amount of data packets are then sent to the intended computers; thereby exhausting their resources.
Business Analytics Tutorial
(Click on Topic to Read)
- What is Data?
- Big Data Management
- Types of Big Data Technologies
- Big Data Analytics
- What is Business Intelligence?
- Business Intelligence Challenges in Organisation
- Essential Skills for Business Analytics Professionals
- Data Analytics Challenges
- What is Descriptive Analytics?
- What is Descriptive Statistics?
- What is Predictive Analytics?
- What is Predictive Modelling?
- What is Data Mining?
- What is Prescriptive Analytics?
- What is Diagnostic Analytics?
- Implementing Business Analytics in Medium Sized Organisations
- Cincinnati Zoo Used Business Analytics for Improving Performance
- Dundas Bi Solution Helped Medidata and Its Clients in Getting Better Data Visualisation
- What is Data Visualisation?
- Tools for Data Visualisation
- Open Source Data Visualisation Tools
- Advantages and Disadvantages of Data Visualisation
- What is Social Media?
- What is Text Mining?
- What is Sentiment Analysis?
- What is Mobile Analytics?
- Types of Results From Mobile Analytics
- Mobile Analytics Tools
- Performing Mobile Analytics
- Financial Fraud Analytics
- What is HR Analytics?
- What is Healthcare Analytics?
- What is Supply Chain Analytics?
- What is Marketing Analytics?
- What is Web Analytics?
- What is Sports Analytics?
- Data Analytics for Government and NGO
E-Business
Enterprise Resource Planning
- What is Enterprise Resource Planning?
- Benefits and Advantages of ERP & Reasons for Growth
- Success Factors of ERP Implementation
- ERP Implementation Life Cycle
- Risk in ERP Implementation, Cross Function, ERP Technology
- Maintenance of ERP
- What is Business Model?
- Business Process Reengineering (BPR)
- Types of Information Systems: TPS, MIS, DSS, EIS
- What is SAP?
- Modules of ERP Software
- SAP Application Modules
- SAP R/3 System
- ERP Modules
- ERP in Manufacturing
- ERP Purchasing Module
- What is SAP Sales and Distribution (SAP SD)?
- ERP Inventory Management Module
- ERP Implementation
- ERP Vendors, Consultants and Users
- BaaN ERP
- Oracle Corporation
- PeopleSoft ERP
- Edwards & Company ERP
- Systems Software Associates ERP
- QAD ERP
- What is ERP II?
- ERP Implementation at Rolls-royce
Management Information Systems
- What is MIS?
- Requirements of Management Information System
- What is Risk Management?
- Nolan Six Stage Model
- What is Cloud Computing?
- Types of Information Systems: TPS, MIS, DSS, EIS
- Information Systems in Organisations
- Challenges Faced by Manager in Managing Information Systems
- Decision Making With MIS
- What is E-Governance?
- What is Green IT?
- What is Smart Cities?
- What is IT Infrastructure?
- What is Cloud Computing?
- Cloud Service Models
- Cloud Migration Challenges
- Security Threats Faced by Organization
- Managing Security of Information Systems
- Software Project Management Challenges
- What is Data Management?
- What is Database?
- What is Data Warehouses?
- Enterprise Resource Planning Systems
Project Management
- What is Project Management?
- Functions of Project Management
- What is Project?
- Project Managers
- What is Project Life Cycle?
- Project Feasibility Study
- What is Project Analysis?
- What is Project Planning?
- What is Project Selection?
- What is Project Schedule?
- What is Project Budget?
- What is Project Risk Management?
- What is Project Control?
- Project Management Body of Knowledge (PMBOK)
- Best Project Management Tools
- What is Project Organisation?
- What is Project Contract?
- Types of Cost Estimates
- What is Project Execution Plan?
- Work Breakdown Structure (WBS)
- Project Scope Management
- Project Scheduling Tools and Techniques
- Project Risk Identification
- Risk Monitoring
- Allocating Scarce Resources in IT Project
- Goldratt’s Critical Chain
- Communication in Project Management | Case Study
- Plan Monitor Control Cycle in Project Management
- Reporting in Project Management
- IT Project Quality Plan
- Project Outsourcing of Software Development
- Implementation Plan of Software Project
- What is Project Implementation?
- What is Project Closure?
- What is Project Evaluation?
- Software Project Management Challenges
- What is Project Management Office (PMO)?
- IT Project Team
- Business Case in IT Project Life Cycle
- PMP Study Guide
Emerging Technologies