Ironically, as the society becomes more and more technologically savvy, the risks of infringement of confidentiality and security of data increase as well. With internet being a medium which connects people from every nook and cranny of the world, it poses a great threat that jeopardizes the online security of data.
Cyber attacks fall under several categories: (1) Accidental Actions; (2) Malicious Attacks; (3) Natural disasters.
(1) Accidental Actions
Accidental actions includes matters such as setting poor passwords, accidental or incorrect business transactions, accidental disclosure of confidential information, outdated software which is easily trespassed by intruders as well as theft or misplace of notebooks which give rise to intruders to access to company’s data.
The root of causing these unintentional acts is attributed to the deficiency of basic knowledge about online security concepts which then result in using security products which are not configured properly. An incorrectly configured web server can allow even an unsophisticated hacker to access files and directories on the web server that should not be accessible. Ultimately, it leads to leakage of important information to outsiders due to insecure information transfers.
(2) Malicious Attacks
These are attacks which are aimed to do harm by breaking through the security defense created by the organization or individuals. The most common threats which internet users face nowadays are cybercrime, hacking, phishing and network attacks.
(a)Cybercrime & Hacking
Cybercrime is the use of online computers as an instrument to conduct illegal acts. Since the internet is inherently open, computer and network experts such as crackers, hackers and corporate spies are “hired” to gain access to competitors’ server to destroy data, change or steal important information without proper authorization given. It involves the violation of privacy of others and it typically attacks computer-based property such as files or web pages.Hackers can easily learn about the targeted company’s web-based applications and discover its
vulnerabilities in order to disguise as genuine users who are able to connect to the company’s web server and do whatever a user could do. For instance, hackers can attack by using SQL injection by circumventing the username and password required to gain access to the database and easily alter the stored data such as ledgers.(b)Phishing
Internet scam that is designed to trick the recipient into revealing credit card details, usernames, passwords, and other personal information to individuals who intend to use them for fraudulent purposes is known as phishing. The communications are sent in the manner that it looks as if they come from reputable and trustworthy companies. Very often, a phishing attempt requests the recipient to verify their bank account by asking them to click on a link provided in the email and giving his/her personal information. The consequences of giving such confidential information to an unknown person could be very severe.(c) Network Attacks
Several forms of malicious-logic program are virus, Trojan Horse, computer worm, Denial of
Service attacks and etc. Virus, being the most common type of malicious code, its attack is pervasive, in which it can damage the operating system, spread throughout the computer and infecting other computer files, rendering files being corrupted or causing data loss or damaged.A Trojan Horse is a program that secretly hides within or looks like a legitimate program giving people the impression that it is harmless. However, one may realize that it actually will do harm to one’s computer and data files when it is triggered with certain conditions satisfied.
Distributed Denial of Service attacks (DDOS) attack a web server by overwhelming
server with overflowing messages which appear to be normal. The DDOS attacker will instruct its key players to simultaneously send data packets against the given IP addresses using false source addresses. Since the attack contains too much information to be processed, the target server has no choice but to disconnect from the internet or by denying service indiscriminately to all clients sending incoming data. Hence, this shows a potential risk of data loss in transit as client may not know whether his/her data sent is received by the web server.(3) Natural disasters
Natural disasters also pose a threat to online security. Natural disasters such as fire, flood, earthquake which occurrence at the place where server and database hardware are located can cause data stored to be destroyed or lost. Hence, a comprehensive disaster recovery plan should be in place before any unpleasing event happens.
Related links:-
Computer Security Ethics and Privacy
Top Online Security Threats for 2009
Computer Security, Viruses and Threats
2 comments:
Hi,
I find your post about threats of online security is quite informative, but I would like to add another form of malicious software, which is “worms”. Worms are actually more powerful than viruses and it is capable of cloning itself without any execution of programs or systems. Generally, the existence of worms in a computer will slow down the computer speed and it brings harmful effects to the files in a computer.
Hence, computer users should also be aware of such attack and actively search for solutions to prevent it.
Cheers.
Thank you for the good point. Sorry that we have overlooked that point in writing our post. =)
Post a Comment