Everybody knows the phrase “Who possesses information – that possesses the world”. And whoever possesses information about competitors gets unprecedented advantages in the fight against them. Progress has made companies dependent on information systems, and at the same time – vulnerable to hacker attacks, computer viruses, human and state factors to such an extent that many business owners can no longer feel safe. The issue of information security is becoming dangerous for organizations, but the same progress offers solutions that can protect data from external attacks.
What is an information security and why it is so important
Information security means the security of the information and all company from deliberate or casual actions leading to damage to its owners or users. Information security should be aimed primarily at preventing risks rather than dealing with their consequences. It is the adoption of preventive measures to ensure the confidentiality, integrity, and availability of information that is the most appropriate approach in establishing an information security system.
Any information leak can lead to serious problems for the company – from significant financial losses to complete liquidation. Certainly, the problem of leaks has appeared not today, industrial espionage and enticement of qualified experts existed also up to an epoch of computerization. The new methods of obtaining information appeared with the advent of the PC and the Internet. If earlier for this purpose it was necessary to steal and take out from firm the whole piles of paper documents now huge volumes of the important data can be easily merged on a flash drive. Moreover, this information can be sent on a network, using trojans, backdoors, keyloggers, and botnets, or simply to destroy by means of viruses, having arranged a diversion.
More often financial documents, technological and design developments, logins and passwords for entering the network of other organizations appear stolen. But the leakage of employees’ personal data can also cause serious damage. This is especially true in Western countries, where lawsuits for such leaks often lead to huge fines, after the payment of which companies suffer serious losses.
In July 2017, one of the largest personal data leaks in the Equifax credit history office in the United States took place. More than 143 million consumers and 209,000 credit card numbers were compromised. As a result, as of September 8, 2017, the shares of the bureau fell by 13%.
It also happens that the leak brings harm to the company a few months or years after it occurred when it fell into the hands of competitors or journalists. That is why protection should be comprehensive. You should not divide information into very important and less important. Anything that is not intended to be published should remain within the company and be protected from threats.
Actual types of threats to information security
1. Negligence and negligence of employees
Strange as it may seem, the threat to the company’s information security may be posed by quite loyal employees who do not think about stealing important data. Unintentional damage to confidential information is caused by the simple negligence or ignorance of employees. It is always possible that someone will open a phishing email and inject a virus from a personal laptop into a company server. Or, for example, copy a file with confidential information to a tablet, flash drive or PDA to work on a business trip. No one company is insured against sending important files to the wrong address by a careless employee. In this situation, information is very easy prey.
In 2010, a prototype of the iPhone 4 smartphone was left in a bar by one of Apple employees, Gray Powell. Before the official presentation of the gadget had a few months left, but a student who found a smartphone sold it for $ 5000 to Gizmodo journalists, who made an exclusive review of the novelty.
2. Using pirated software
Sometimes company executives try to save money on purchasing licensed software. You should know that unlicensed software does not provide protection against fraudsters interested in stealing information through viruses. The owner of unlicensed software does not receive technical support or timely updates from the developer companies. Along with it, it receives viruses that can harm the computer security system. According to Microsoft research, special software for stealing passwords and personal data was found in 7% of the examined unlicensed software.
Distributed-Denial-of-Service is a flow of false requests from hundreds of thousands of geographically distributed hosts that block a selected resource in one of two ways. The first path is a direct attack on the communication channel, which is completely blocked by a huge amount of useless data. The second is an attack directly on the resource server. The inaccessibility or degradation of public web services as a result of an attack can last for quite a long time, from several hours to several days. Usually, such attacks are used in the course of the competition, blackmailing companies or to distract the attention of system administrators from some illegal actions such as stealing money from accounts. According to experts, theft is the main motive for DDoS attacks. The target of attackers is more often the sites of banks, in half of the cases (49%) banks were affected by them.
In 2016 DDoS attacks were recorded in every fourth bank (26%). Among other financial structures, 22% were affected by DDoS attacks. The average damage for credit institutions was $1,172,000 per bank.
One of the most dangerous threats to information security today is computer viruses. This is confirmed by the multimillion-dollar damage that companies suffer as a result of virus attacks. In recent years, their frequency and level of damage have increased significantly. According to experts, this can be explained by the emergence of new channels of virus penetration. Mail is still in the first place, but as practice shows, viruses are also capable of penetrating through messaging programs such as ICQ and others. The number of objects for possible virus attacks has also increased. Whereas in the past, attacks were mainly on servers of standard web services, today viruses can also affect firewalls, switches, mobile devices, and routers.
In 2017 millions of users have suffered from attacks of viruses WannaCry, Petya, Misha. It showed that you can become a victim of a virus attack even if you do not open suspicious emails. According to Intel, 530,000 computers were infected with the WannaCry virus, and the total damage to companies was more than $1 billion.
So, information protection should be carried out comprehensively, in several directions at once. The more methods will be involved, the less probability of occurrence of threats and leaks, the steadier position of the company in the market.
The toolkit of cybercriminals is so wide that the issue of ensuring information security can be solved only in a comprehensive manner. The optimum set of measures includes both work inside the company, forces of own experts, and delegation of the most expensive and specific directions of safety to the foreign agents specializing in complex protection. Possibility inexpensively, reliably and confidentially to store the big arrays of the information in a cloud, practically instantly to restore it in case of need, to have guaranteed protection against viruses and DDoS-attacks is that necessary minimum which today is capable to provide not only competitiveness but at times also business existence.