Challenges Of Information Technology Security
As companies become progressively modern and advance in terms of utilizing information technology, they recognize the need to manage, control, upgrade, protect and secure the use of technology in righteous way. In this paper, detailed discussion is rationalized in terms of what are the threats, how to tackle the threats and finally how to prevent them from happening. This paper also provides solutions to certain extent and gives proposal for employees in large business settings to how to conduct themselves while using the technology in such way that the yield for any security breach is minimal. The suggestions and recommendations discussed for security breach prevention within this project papers also apply to the small scale industry, college and university security system and other enterprises where IT is being used.
Main Points and Sub Points
This section is primarily divided into three major sub-sections, which are: (1) Identifying the IT security threats and issues (2) Solution of the security issues. (3) Prevent security violations from happening. 1. Identifying the IT security threats and issues: Data privacy and security is tremendously crucial in any firm to carry out business. Along with this, confidentiality and protection of certain business operational details is also very critical for a company. When attempts are being made for intrusion, it should alarm the security (cyber and ground) to investigate the attempts and act promptly. There can be multiple ways of breaching most of them are online through various faulty software and other few attacks could be from physical attacks and stealing of data by robbery and other means. Hackers are expert in deploying Trojans, worms, and other malicious software (malware) remotely to victims’ computers.
Common practices in hacking mentioned in Computer Security: Principles and Practice (2014) are:
- Backdoor - Avenues that can be used to access a system while circumventing normal security mechanisms.
- Dumpster diving - The process of going through a target’s trash searching for information that can be used in an attack, or to gain knowledge about a system or network.
- Phishing - A scam wherein an e-mail user is duped into revealing personal or confidential information that the scammer can use illicitly.
- Piggybacking - The simple tactic of following closely behind a person who has just used their own access card or PIN to gain physical access to a room or building.
- Reverse social engineering - This technique is similar to social engineering in that attackers are attempting to obtain information that can be used in an attack, but in this case, the attacker uses techniques to convince the target to initiate the communication.
- Shoulder surfing - A procedure in which attackers position themselves in such a way as to be able to observe the authorized user entering the correct access code.
- Social engineering - The art of deceiving another individual so that they reveal confidential information. This is often achieved by posing as an individual who should be entitled to have access to the information.
- Vishing - An electronic fraud tactic in which individuals are tricked into revealing critical financial or personal information to unauthorized entities using voice technology.
Above are the most serious methods of cybercrime through which hackers can get access to passwords, bank account information, social security numbers, addresses, phone numbers and many more other confidential information which otherwise would be secret to individual and company. It is estimated that cyber crime costs around $113 billion US dollars annually according to a Symantec report.
Solution of the security issues
About opening emails, proper anti-virus firewall must be established to filter out such emails. Employees must be trained to tackle any phishing, malware and worm containing emails etc. Malicious software or simply malware has nefarious purpose to cause problems in software such as identity theft. Profiling should be done for any incoming email accounts, which are from outside of the company.
On ground security must be cautious and tightened up for any attempts of breaking in. Trash dumpster for physical waster and digital trash must be properly get ridden from company premises. Again, employees must use their best judgment to tackle with any suspicious activities taking place around company campus and report immediately to authority. Use of finger printing to access dumpster area can be regulated if dealing with potentially confidential waste.
Regardless of tight security and antivirus programs, there are no safety precautions, which work one hundred percent. So at times, many organizations end up facing serious virus attack and hackers can penetrate deep into the system. In such situation cleansing and rinsing the whole system end to end is inevitable. Below are few examples which can be followed to post attack to bring system back to normal:
- Work with regulation enforcement officials on an investigation of the thievery and address the concern on the technical and political obverse if it applies to the company.
- Deal with all the legal issues and complaints through this breach.
- Thoroughly reassess the impact of the breach, prioritize, isolate and compartmentalize the high security data and work with redesigning the facilities.
- Address and re-gain the trust of the existing and new consumers.
- Create a continuous security model, perform regular audits and invest in the right tools to prevent, detect and monitor insider threats.
Prevent security violations from happening
“Cyber security is the protection of data that is located in electronic form and also in defining the most important data, where they are located, and what technologies should be used to protect them”. Computer security specialists are in most large companies. They identify possible susceptibilities in information systems, eliminate them and protect data against possible attacks. Cyber investigators disclose crimes committed in the network (theft, illegal sales). Their duties may include searching for information about suspects, analyzing their personal data, and sometimes carrying out authorized cyber-attacks. There is a growing need for other information security specialists, for example, personal security consultants.
An important first step towards reducing risks from cyber-attacks is the establishment of an information risk management department that would determine the level of cyber security risks that an object may encounter and develop a policy to combat them. The facility must protect the information and information technology used while taking new cyber security measures and is guided by how the system is configured and used. Today’s fast changing technology requires encryption and protection of communication of data from multiple facets. Security in cloud, storage, communication, as well as securing hardware is also necessary. Recently, hardware manufacturers have started to produce secure WAP servers which will convey immediate security. For example, HP has announced its HP Praesidium Virtual Vault, which is aimed at the financial domain. More recent examples we can find are Apple pay, Google pay, Samsung pay using thumbprints and face recognition. These virtual transactions require multi-dimensional security for processing payment and maintaining privacy as well as from being prevented from getting attacked by malwares. These latest measures are extremely useful in protecting privacy and data theft of individual to enterprise level.
Summary and Conclusion
Information technology security in the modern world is of great importance. Though technology also increases the level of computer security, one ought not forget about caution, for example, when receiving letters by e-mail. Hackers often hide behind messages from travel booking websites such as Airbnb, Booking. com, hotels. com, restaurant. com and write on behalf of airlines or hotels to inform the user that their credit card has been paid for a plane ticket or a restaurant meal and offer a link to a phishing site where it is allegedly possible to find out information about the upcoming flight. The computer network from the day it was created was susceptible to attacks by cybercriminals, and it seems that the threat of cyber-attacks will only grow as the network grows. But with the necessary level of preparation of equipment and specialists it is quite possible to control the damage, and restore losses from cyber-attacks. As the old saying goes, every coin has two sides; it is truly astonishing to see the new ways the hackers are able to take advantage of technology but at the same time we need to be more cautious and educated in dealing with such cyber crimes and threats. To avoid malware effects in a personal system it is always better to use an antivirus in the machine and make sure the antivirus is always up to date to make sure the anti-virus firewall can protect the machine from any potential advanced technology threats to the machine. Some precautions that can be taken to avoid any risks are:
- Do not open the Spam emails which might possibly have any virus that can attack the machine.
- Do not open any untrusted websites.
- Make sure to scan any external device that is connected to a machine before transferring files into the machine or from the machine.
- Keep the machine updated with the latest operating systems which might help in fighting with the malwares.
- Do not connect to any untrusted networks which can easily help in spreading some virus into the machine.
- Keeping all this in mind we can prevent most of the malware effects on a machine.
Examining the knowledge needed to design and implement a comprehensive information system security for an organization are some of the most primitive steps to protect your company from falling into evil cyber criminals. Preventing your system from Trojans, worms and other malwares should be the top priority for your information system security. Enterprise-Wide.