Assignment (Paper 2)
In Paper 1 you discussed information security issues faced by organizations and described threats to information assets. Your assignment for Paper 2 is to analyze specific countermeasures for each of the threats you described in your Paper 1.
The requirements for the paper are as follows:
The paper should include a minimum of five peer-reviewed scholarly references published since 2015
Citations and references should be in APA format
The paper should be a minimum of 2000 words
The SafeAssign score of the paper should be less than 20%
Comment – Added Paper-1 for reference.
Running Head: INFORMATION SECURITY ISSUES 1
Information Security Issues Faced by Organizations 6
Information Security Issues Faced by Organization
Bindu Priyanka Ganta
Professor Dr.Shoraka
University of the Cumberlands
ITS 834 Emerging Threats and Countermeasures
07/26/2020
Abstract
In todays world, Internet is playing a major role in any organization. The Internet is an immense system with incredible potential for information security breaches. Hackers use new and different ways to hack information pertaining to organizations or any form of personal data. Employees or Users negligence sometimes make way to the insider threats in an organization. Nowadays, many organizations involve their employees in Information Security awareness programs to learn and adapt the techniques to safeguard the information. In this paper we are going to discuss about the information security issues faced by organizations and the specific threats to information assets.
The word ‘threat’ in information security means anyone or anything that poses danger to the information, the computing resources, users, or data. In the information technology world, threat is defined as an event that poses danger to the technological assets of the organization. Assets can be users, employees, computing resources, organization assets or any data that is of value to the organization. Threats are grouped mainly internal or external depending on the origin of the threat.
External threats are the threats that originate outside of the organization. External threat is a broad category which includes a wide variety of threats. Common external threats include environmental issues, threats from economic situations, physical attacks from humans, network attacks, software attacks and legal threats. Threats can be targeted like network threats and software attacks by a hacker to steal confidential data of the organization. These days threats like these which are also called cyber-attacks became very common for companies that use confidential data like customer details, payment information etc. Other external threats that occur due to natural disasters like storms, tsunami etc. Usually threats from nature cannot be avoided in most cases but organizations are prepared to mitigate this risk by maintaining a disaster recovery server which acts as the exact replica of the production server. In case of natural disaster at production server location, services can be brought up by using replica servers. It became common that companies are maintaining two disaster recovery servers in different regions. For example, organizations operating in North America usually maintain recovery servers in Europe and India regions.
Internal threats are the ones that originate inside the organization. These were very common back in the days due to lack of proper screening methods. Employees and users are the most common cause of internal threats. These threats are mainly targeted to leak sensitive information to outside entities that can be used against the organization or for personal benefit. For example, it is not allowed by law to leak any information that can affect the stock price of the company or any inside information about the growth of the company that directly affects the stock price. Another common internal threat is unauthorized use of resources and access to sensitive data. Major reasons for internal threat are:
1) Weak screening process during recruiting
2) Weak passwords
3) Not having good information governance policy
4) Misconfigured systems
5) Lack of security awareness
6) Lack of good internet usage security policy and email access policy.
Vulnerabilities consist of weaknesses in a system which can be exploited by the attackers that may lead to dangerous impact. When vulnerabilities exist in a system, a threat may be manifested via a threat agent using a particular penetration technique to cause undesired effects [Classification of security threats in information systems]. As per classification of security threats in information systems], Proposed threat classification model considers below list for threat classification:
1) Source of Security threat: Origin of the security threat.
2) Threat agents: Agent who caused the threat. Agents are mainly 3 types, humans, environmental and technological.
3) Threat motivation: Goal of the security threat.
4) Security threat intention: Intention of the threat. This is used to reconstruct attacker behavior.
5) Threat impact: Destruction of property, theft/leak of sensitive information
Below are some of the common threats that organizations are facing:
Insider Threats in Information Security:
Organizations are moving more towards information technology these days. With this organizations are using computers for almost all purposes. In the recent days organizations are moving to cloud servers to minimize infrastructure cost, but this comes at an expense. With data being stored at a central location on cloud servers, it became easy for data theft. Companies are spending a lot of money to mitigate and avert cyber-attacks targeted to stealing data. However, new evidence shows that both external attacks and insider threats are significant, while the damage caused by insider attack is more damaging than that of outsider attacks. This means that anyone who has access to an organizations sensitive data assets is more dangerous than any other security threat (C. Potter and A.Miller, 2013).
Insider attacks are the most expensive attacks of information security breach, in that the average cost per insider incident is 250,000 according to a recent report by the INSA a preliminary examination of insider threat programs in the U.S. private sector. This is mainly because the insider has knowledge and access to assets that others do not have. An insider can be defined as “employee or user who is authorized to access information and assets of the company”.
Insider threat is defined as “malicious activity by an insider that can cause damage to organization infrastructure or can lead to data leak”. The major common insider attacks are:
1) Leak of sensitive information.
2) Infecting internal systems with malware
3) Stealing intellectual property.
Leak of sensitive information: This is one of the common threats faced by many organizations. Companies like amazon, Facebook and google collect a lot of PII (personally identifiable information) including customer information, SSN information, address and payment information. Usually organizations implement strict guidelines and access policy for accessing this data. Data is encrypted at all times both at rest and in-transit to avoid external security threats. Because cyber-attacks are not very fruitful for encrypted data, attackers are using insider attack to leak the information. Insiders like employees or temp users who have access often leak this information to external entities.
Infecting internal systems with malware: Another type of attack is installing malicious software in internal systems and computers. We have seen cases where malware is installed into organization systems like network routers or servers. This type of attack is very harmful as organizations have no idea about the malware installed. The installed malware keeps on leaking data until it is found.
Stealing intellectual property: Organizations that work on new inventions are often faced with this risk. Organizations ask employees to sign NDA (Non-disclosure agreement) which states that employees should not share any information on the project they are working on. Some employees are contacted by external organizations to leak information on the new product like designs and blueprints. With design leaked, counterfeits can be produced with minimal cost which is a very big loss to the parent organization.
Malware as an attack tool:
Malware was invented for organizations to identify security vulnerabilities in applications. Attackers started abusing this feature by intentionally using malware to steal information. We have seen numerous cases where attackers target government and financial organizations to steal or disrupt operations. Most common attack hackers are using is email spam. This is also called phishing. Hackers send email with attachments which look like PDF or word files. Once opening these files, without user knowledge hackers install a software which leaks information. Common malware is a key logger which once installed on a computer records every keystroke including passwords and credit card numbers. This information is sent to the server over the internet. This became the most common attack targeting companies by sending spam emails. Organizations are implementing strict email policy and email filtering which blocks known phishing attacks.
Phishing is a way of attempting to acquire sensitive information such as username, password or credit card details by masquerading as a trustworthy entity. Most phishing scams rely on deceiving a user into visiting a malicious web site claiming to be from legitimate businesses and agencies. (Jang-Jaccard & Nepal, 2014).
Hardware Threats:
Hardware is where applications are executed. Computers, servers, routers are major types of hardware. At hardware level, attackers will have flexibility to run malicious software. Compared to software attacks which can be patched by an update, hardware threats are very hard to detect. Since an attacker has access to hardware, an attacker can run applications that can run without detection by antivirus. Often attackers run malicious code at kernel level and often with root access. Among different types of hardware misuse, hardware Trojan is the most hideous and common hardware exploits. Hardware trojans are run at circuit level in the hardware. One example of a hardware trojan is installing code that runs at circuit level which can make devices consuming more power to drain battery much faster. Companies are spending more money to buy tamper proof hardware which makes it very hard to taper or attack at hardware level. (Jang-Jaccard & Nepal, 2014).
Software defects:
A software bug is the common term used to describe an error, flaw, or fault in a computer program. Cyber-attacks target the software bug to attack the system. Often attackers install backdoor using the software bug to gain access to data and application. One of the most common mistakes that developers make is writing code that is vulnerable to SQL injection. There are numerous cases where code is pushed to production systems with SQL injection vulnerability. With this vulnerability, attackers can perform database actions that can delete the data or sometimes delete system tables or even databases which results in application downtime. It takes a lot of time to recover from this attack. Organizations use database replication to make sure that system can run using replication databases in case of downtime on production databases. In SQL injection attack, attacker runs commands to drop tables, delete records or drop databases on production databases. In the database replication process, commands executed on production databases are executed in the same way on replication databases as well which results in complete data loss with no chance of recovery. Organizations are following a strict code review process to eliminate SQL injection bugs. Also, libraries like PYSQL or PYSCOPG gives options to avoid SQL injection. Organizations like Facebook and Google offers bounty for ethical hackers and developers to find bugs so that they can be patched before attackers use for attacking the system.
Denial-of-service (DDoS) attacks:
DDoS is the common type of attack that hackers are using to attack targeted applications with intent to make the application inoperable. In this attack, multiple compromised machines attack a target such as server, website or application. With increase in traffic often servers go down. Every server has a limit on handling incoming GET/POST requests. Attackers used multiple machines and sent a huge number of requests that a server cannot handle, eventually bringing the server down with an increase in request backlog.
Ransomware:
Ransomware is a type of malware from crypto virology that threatens to block access to user data unless a ransom is paid. A Few years ago, ransomware attacks became very common. Ransomware is a two-step process where in the first step the attacker installs a malicious software using a phishing attack. Once malware is installed, it encrypts the system files using a key. Once files are encrypted, malware displays a message on the home screen to pay money to decrypt files. Without the decryption key that only the attacker knows there is no other way to get the files back. as per cybercrime magazine it is estimated that ransomware damage costs are estimated at 8 Billion dollars.
Conclusion
Users ignorance, negligence, lack of awareness are some of the reasons for the insider threats to take place in any organization. Organizations should increase their awareness in some areas by introducing penalties and laws to safeguard the information. Management should monitor for potential security breaches within the organization.
References
Department for Business Innovation & Skills. (2013).2013 Information Security Breaches Survey Technical Report. Retrieved from https://www.pwc.co.uk/assets/pdf/cyber-security-2013-technical-report.pdf
Elmrabit, N., Yang, S.-H., Yang, L., & Zhou, H. (2020). Insider Threat Risk Prediction based on Bayesian Network.Computers & Security,96, 101908. https://doi.org/10.1016/j.cose.2020.101908
Jang-Jaccard, J., & Nepal, S. (2014). A survey of emerging threats in cybersecurity.Journal of Computer and System Sciences,80(5), 973993.Retrieved form https://doi.org/10.1016/j.jcss.2014.02.005
Jouini, M., Rabai, L. B. A., & Aissa, A. B. (2014). Classification of Security Threats in Information Systems.Procedia Computer Science,32, 489496. https://doi.org/10.1016/j.procs.2014.05.452
Safa, N. S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N. A., & Herawan, T. (2015). Information security conscious care behaviour formation in organizations.Computers & Security,53, 6578. https://doi.org/10.1016/j.cose.2015.05.012
Sengupta, A., Mazumdar, C., & Bagchi, A. (2010). A Formal Methodology for Detecting Managerial Vulnerabilities and Threats in an Enterprise Information System.Journal of Network and Systems Management,19(3), 319342. https://doi.org/10.1007/s10922-010-9180-y
Sohrabi Safa, N., Von Solms, R., & Furnell, S. (2016). Information security policy compliance model in organizations.Computers & Security,56, 7082. https://doi.org/10.1016/j.cose.2015.10.006
The InfoSec Handbook. (2014). Ebrary. Retrieved from https://ebrary.net/26640/computer_science/security_threats
