Threats to security & privacy of information

To quote Steve Durbin, MD, Information Security Forum, There's not a huge amount that's
spectacularly new, what is new is the increase in complexity and sophistication. He is of
course referring to the threats to security and privacy of information that is stored on our
computers. He is talking about the people behind the threats and their skill in retrieving data
that in the first place does not belong in their hand but more important the damage they can
do with extremely sensitive data. Yes, that includes data that is meant only for the very top in
a Governments hierarchy or data that can do one personal harm i.e. bank account details,
social security number and the like. In this day and age it is of the utmost importance that
both an individual and an organization are abreast of the various threats to their data on
various database. It is of even greater importance that they are aware of the different means to
protect themselves! This article will look to touch upon what one needs to look out for, how
one can prevent data being stolen and the maintenance of privacy. Several instance of the
same will also be touched upon.

Types of Threats

1) Virus Threats: Threat, a computer virus is a program written to alter the way a
computer operates, without the permission or knowledge of the user. A virus
replicates and executes itself, usually doing damage to your computer in the
process.
2) Spyware Threats: A serious computer security threat, spyware is any program that
monitors your online activities or installs programs without your consent for profit
or to capture personal information. Weve amassed a wealth of knowledge that will
help you combat spyware threats and stay safe online.
3) Hackers: Hackers not computers, create computer security threats and malware.
Hackers are programmers who victimize others for their own gain by breaking into
computer systems to steal, change or destroy information as a form of cyberterrorism. What scams are they using lately? Learn how to combat dangerous
malware and stay safe online.
4) Phishing Threats: Masquerading as a trustworthy person or business, phishers
attempt to steal sensitive financial or personal information through fraudulent email
or instant messages. Internet Based Attacks While your computer is connected to
the Internet it can be subject to attack through your network communications.
5) Viral Web Sites: Users can be enticed, often by email messages, to visit web sites
that contain viruses or Trojans. These sites are known as viral web sites and are
often made to look like well-known web sites and can have similar web addresses
to the sites they are imitating. Users who visit these sites often inadvertently
download and run a virus or Trojan and can then become infected or the subject of
hacker attacks.

6) Spyware, Adware and Advertising Trojans: Spyware, Adware and Advertising

Trojans are often installed with other programs, usually without your knowledge.
They record your behaviors on the Internet, display targeted ads to you and can
even download other malicious software on to your computer. They are often
included within programs that you can download free from the Internet. Some
Spyware can download more serious threats on to your computer, such as Trojan
Horses.
7) Unsecured Wireless Access Points: If a wireless access point, e.g. an ADSL
(Broadband) Router, hasn't been secured then anyone with a wireless device
(laptop, PDA, etc) will be able to connect to it and thereby access the Internet and
all the other computers on the wireless network.
8) Bluesnarfing: The act of stealing personal data, specifically calendar and contact
information, from a Bluetooth enabled device.
9) Social Engineering: Tricking computer users into revealing computer security or
private information, e.g. passwords, email addresses, etc, by exploiting the natural
tendency of a person to trust and/or by exploiting a person's emotional response.

12 ways to protect your online privacy:

1) Do not reveal personal information inadvertently

2) Turn on cookie notices in your Web browser, and/or use cookie management software
or infomediaries.
3) Keep a "clean" e-mail address.(keep a side account).
4) Dont reveal personal details to strangers or just-met friends.
5) Realize you may be monitored at work, avoid sending highly personal e-mail to
mailing lists, and keep sensitive files on your home computer.
6) Beware sites that offer some sort of reward or prize in exchange for your card details
etc.
7) Do not reply to spammers for any reason
8) Be conscious of web security (dont give out card details and personal information).
9) Be conscious of home computer security (System crackers search for vulnerable,
unattended DSL-connected home computers, and can invade them with surprising
ease, rifling through files looking for credit card numbers or other sensitive data ,or
even "taking over" the computer and quietly using it for their own purposes, such as
launching attacks on other computers elsewhere -attacks you could initially be blamed
for.)
10) Examine privacy policies and seals.
11) Remember that YOU decide what information about yourself to reveal, when, why
and to whom.
12) Use encryption!

Effects of security breach:

I.

II.

III.
IV.

Privacy and security issues can affect user confidence: Users can trust a product if
it functions right and doesnt fail. The efficiency and effectiveness of a product can
decide the fate of a company. Internet usage is directly proportionate to the level of
security and privacy provided.
Privacy and security issues often elicit emotional reactions: People feel betrayed if
the product doesnt respect the security and privacy needs of the user. A banks
customers are loyal only if the payment gateway provided by the bank is secure. Also,
E-banking safety is top priority for the customers.
Dilemma of tradeoffs between home versus business use : Increase in security
and privacy by a product can also hamper the convenience of usage. For example
allowing Christuniversity.in, use cookies via browser can decrease security.
Effects social system of sharing : If a network or a product is breached , the user will
start minimizing information sharing.
SOCIAL INFORMATION SHARING

Cloud computing security

Cloud computing security or , more simply ,cloud security is an evolving sub-domain
of computer security ,network security, and, more broadly, information security .It
refers to a broad set of policies, technologies , and controls deployed to protect data
,applications, and the associated infrastructure of cloud computing.

Measures to be adopted to secure cloud:

Physical security: Cloud service providers physically secure the IT hardware (servers, routers,
cables etc.) against unauthorized access, interference, theft, fires, floods etc. and ensure that
essential supplies (such as electricity) are sufficiently robust to minimize the possibility of
disruption. This is normally achieved by serving cloud applications from 'world-class' (i.e.

professionally specified, designed, constructed, managed, monitored and maintained) data

centers.
Personnel security :Various information security concerns relating to the IT and other
professionals associated with cloud services are typically handled through pre-, para- and
post-employment activities such as security screening potential recruits, security awareness
and training programs, proactive security monitoring and supervision, disciplinary procedures
and contractual obligations embedded in employment contracts, service level agreements,
codes of conduct, policies etc.
Availability: Cloud providers help ensure that customers can rely on access to their data and
applications; at least in part (failures at any point - not just within the cloud service providers'
domains - may disrupt the communications chains between users and applications).
Application security: Cloud providers ensure that applications available as a service via the
cloud * (SaaS) are secure by specifying, designing, implementing, testing and maintaining
appropriate application measures in the production environment. Note that - as with any
commercial software - the controls they implement may not necessarily fully mitigate all the
risks they have identified, and that they may not necessarily have identified all the risks that
are of concern to customers. Consequently, customers may also need to assure themselves
that cloud applications are adequately secured for their specific purposes, including their
compliance obligations.
Privacy: Providers ensure that all critical data (credit card numbers, for example)
are masked or encrypted and that only authorized users have access to data in its entirety.
Moreover, digital identities and credentials must be protected as should any data that the
provider collects or produces about customer activity in the cloud.
Identity management: Every enterprise will have its own identity management system to
control access to information and computing resources. Cloud providers either integrate the
customers identity management system into their own infrastructure, using federation or *
SSO technology, or provide an identity management solution of their own.
* SaaS Software as a Service (SaaS) is a software distribution model in which applications
are hosted by a vendor or service provider and made available to customers over a network,
typically the Internet.
*SSO - Single sign-on is a property of access control of multiple related, but independent
software systems. With this property a user logs in once and gains access to all systems
without being prompted to log in again at each of them.

Important trends to look out for in 2015

Based on an interview with Steve Durbins interview with CIO.com, an essential outlook on
the important trends in security and privacy of information has been narrowed down to five
major points.
1) Cybercrime: Durbin has outlined that there will be a significant increase in
cybercrime as we improve technology. His most startling input is his belief that the
various groups around the world particularly those operating out of east European
nations are using what he calls 21st century tools to take on 20th century systems. He
attributes the struggle to main security of information to hactivism, a constant increase
in the cost to manage and control cyber threats and the nominal budgets allocated to
the effort of protecting ones data.
2) Privacy and regulation: The threat to security and privacy of information available
online and on computer systems is so severe that even government across the world
are legislating to protect the use of PII (Personally Identifiable Information). This has
led to members at various levels in various departments of an organization working
on the ways that confidential data be kept safe. This includes HR, lawyers of an
organization and even the boards of organization. It is essential that organization are
able to maintain their image and that of their clients and stakeholders.
3) Threats for Third-party providers: The article points out that a weak link in a security
system may not even be in the organization. The fact is a flaw in the manner in which
data is shared through a supply chain can also prove a major weakness. The article
cites the example of information being accessed from Target without their knowledge.
The leak was a web app used by Targets vendors to submit invoices for transactions!
It is therefore essential that one be aware of the risks that third parties related to an
organization be handled with care and careful scrutiny.
4) BYOx trends in the workplace: BYO or Bring-Your-Own refers to various member of
an organization bringing their own technology devices to the workplace. These
devices include mobile phones, laptops, storage devices etc. The problem with this
trend is the fact that it leaves many an opening for a hacker to access an organizations
data. This is especially true when a user loses track of the divide between the device
being personal and the device being the property and storage/access point to an
organizations data!
5) Engagement with your people: Durbin points out the fact that an organizations
greatest assets may also be its greatest liability in terms of protecting data. He point
out that it is very difficult to regulate employee behaviour such that they are conscious
of the threats that are around them and the information they either handle or have
access to. He says it is essential that security awareness is of the utmost importance
so that people are not a liability to the efforts an organization makes to keep its
information secure.
Real Life Instances of Cyber Crimes

1) Making millions: 100 euros at a time: Eleven members of a criminal gang arrested in
Spain this February had been earning about 1 million euros a year by spreading the
Police Virus. This is a cyber-extortion tool, accusing the victim of committing some
offense and blocking his computer until a fine of 100 euros is handed over. The
malware also steals the victims personal data. A final sentence has not yet been
handed down in this case, but in recent years Spain has jailed a number of hi-tech
offenders.

2) Ali-Baba and the 4 thieves: Just a week ago, four cybercriminals were arrested in
Dubai after allegedly stealing $2 million from companies in the Emirates. Using a few
scams and hacker techniques, the attackers were siphoning funds into their bank
accounts as well as overseas. Some members of the gang, which includes people of
Asian and African origin, have fled the country a warrant for their arrest has been
issued by Interpol.
3) Student Loan Phishing scam: Six people have been arrested over a 1m online
phishing scam in which money was stolen from the hacked bank accounts of hundreds
of students. Scotland Yard said a criminal network targeted students on government
loan schemes, conning them into revealing their bank account details, which were
then used to withdraw amounts of between 1,000 and 5,000 at a time. The victims
received emails asking them to update details on their student bank account via a link
to a bogus website.
4) The Fabulous Five: Five hackers have been charged in whats being called the biggest
data breach in U.S. history.
Federal prosecutors announced that theyve indicted five cyber criminals responsible
for a hack that cost targeted companies more than $300 million. Prosecutors say the
five men, who are from Russia and Ukraine, stole and sold at least 160 credit card
numbers. Two of the suspects are in custody. The hacked companies include Nasdaq,
Visa Inc., J.C. Penney Co., JetBlue Airways Corp. and Carrefour SA. According to
authorities, each of the men had specialized taskstwo hacked into networks, another
mined them for data, another provided anonymous web-hosting services to hide the
groups activities, and another sold the stolen data and distributed the profits.

Bibliography
Benson, & Christopher. (n.d.). Retrieved from https://msdn.microsoft.com/enus/library/cc723507.aspx

Olavsrud, T. (2014, December 10). Security: CIO. Retrieved from CIO Web site:
http://www.cio.com/article/2857673/security0/5-information-securitytrends-that-will-dominate-2015.html