Inter-connectivity has brought about business opportunities that never existed before. In the same breath, weaknesses in these networks have enabled cyber criminals to exploit networks that are vulnerable and provide reasonable returns. Business data which is confidential and valuable is the most targeted of the kind of information found in the cloud. The chief information officer of a given organization must identify and evaluate the threats present to the organization (Engebretson, 2013).
Information Security Threats
There are numerous threats to business data and awareness of these kinds of threats is paramount to defending against them. The following are the most important kinds of threats in the current environment.
New technology emerges all the time but plans for their security are a secondary consideration or a non-issue. It is well known that the innovation of new technology is not matched with the kind of security required to secure the new technology. Development is too rapid for security researchers to keep up (Engebretson, 2013).
Social Media Attacks
Criminals in the cyber world are aware of the kind of leverage that organizations try to engage in social media such as Facebook. Consequently, they have developed complex geographical attacks such as ‘water holing’. An instance of this involves identifying and infecting websites that members of the target organization are expected to visit (Engebretson, 2013).
Mobile devices are among the most vulnerable in the cyber world since they were enabled to communicate through the internet. Awareness among mobile users is one of the reasons that users imagine that the threat to mobile devices is minimal. This is exacerbated by the fact that the majority of attacks do not appear to be directed towards mobile devices. It is also instructive that the reliance of the majority of a given population is on mobile technology makes them ignore the pitfalls that make the situation worse (Engebretson, 2013).
Hackers have known for a long time that there is no better method to access a target system than social engineering. It is the most reliable non-technical method to gain access to a given system. Since this method is unpredictable, guarding and training against it is difficult. Psychological manipulation in this instance almost always ends up being effective for the hacker (Engebretson, 2013).
Inadequate Security Technology
Software that monitors systems and raises alarms in case of intrusions is the latest trend in information systems security. The downside to this kind of defense is the requirement that it requires trained personnel to receive and respond to this kind of attack. Unfortunately, most organizations do not invest as much to these kinds of personnel as they do to the specialized software (Engebretson, 2013).
Organizational Processes that Pose Weaknesses
Due to the nature of the business processes of this organization, the following are the processes that could result in the exploitation of private data.
Hackers could access email addresses used to communicate with customers and use them to conduct nefarious activities including fleecing innocent customers (Engebretson, 2013).
The use of various tools by black hat hackers could result in the discovery of services used by the target system to satisfy the requirements of its customers. This could then be exploited for nefarious activities (Engebretson, 2013).
Maintenance of Payroll
Scanning and evaluation of a target system can provide employee information which is valuable to cybercriminals in terms of tradeable information (Engebretson, 2013).
Workstations provided to the workers of the organization may leave certain ports open for exploitation by hackers (Lazari, 2019).
The target organization may have special applications for its activities which may have special configurations that make them candidates for exploitation.
To avoid the various threats to the business cyber activities, the following recommendations are made (Engebretson, 2013).
- Employees should change their passwords regularly
- Web applications used by the organization should be updated regularly
- Organizational services including emails should be configured properly.
- The network architecture of the organization should be well designed including exposing only useful ports
- All software used by the organization should be regularly updated.
Lazari, C. (2019). Ethical hacking reconnaissance plan: Port scanning with nmap. Chris Lazari. https://chrislazari.com/ethical-hacking-reconnaissance-plan-port-scanning-with-nmap/
Engebretson, P. (2013). The basics of hacking and penetration testing: ethical hacking and penetration testing made easy. Elsevier.