Fairfield Institute of Management and Technology

SECURITY ISSUES OF IT

Subject Name: IT FOR COMMERCE

Subject Code:111

Submitted to: Submitted by:

Name of the Faculty Name: ANURAG SINGH

MS. HARSHITA SHARMA Enrollment no:05090188821

Course: BCOM(HONS.)
Semester: FIRST SEMESTER
 CONTENT

• INTRODUCTION
• OBJECTIVE
• SECURITY ISSUES IN IT
1. RANSOMWARE
2. PHISHING
3. MALVERTISING
4. BRUTE FORCE ATTACKS
5. SOCIAL ENGINEERING
6. DRIVE-BY DOWNLOADS
• RECOMMENDED SOLUTIONS FOR SECURITY ISSUES
• CONCLUSION
• BIBLOGRAPHY
 INTRODUCTION

A security issue is any unmitigated risk or vulnerability in your system that hackers can use
to do damage to systems or data. This includes vulnerabilities in the servers and software
connecting your business to customers, as well as your business processes and people.
 OBJECTIVE

The proliferation and the increasing complexity of computer networks and systems have
made security an important issue for modern societies. Security of computer networks and
systems is almost always discussed within information security that has three fundamental
objectives, namely confidentiality, integrity, and availability.
 SECURITY ISSUES OF IT

1. RANSOMWARE ATTACKS

Few cyber threats are as common and as destructive as ransomware. Over the years,
ransomware has swept across the world, taking business and personal data and plundering
companies’ bank accounts.

So, what does ransomware do? Well, this special malware reaches into a company’s system,
encrypts important data, and then forces the company to pay for the decryption code.
Ransomware can cripple your business financially, cause downtime, and severely hurt your
professional reputation.

2. PHISHING ATTACKS

Phishing is one of the most common cybercrimes. Phishing attacks are unassuming.
However, they can devastate your company.

Typically, a phishing attack comes in the form of a malicious email. The sender pretends to
be a co-worker, a business partner, a friend, or an acquittance and asks for something.
Because the sender seems like someone you know, you probably won’t suspect anything and
will hand over what they asked on a silver platter.

3. MALVERTISING ATTACKS

In malvertising, the perpetrator injects malicious code into an otherwise legitimate

advertising network. Once you click on the website, the code automatically redirects you to
malicious websites.

Malvertising typically targets highly reputable websites, such as The New York Times.
 4. BRUTE FORCE ATTACKS

A brute force is a simple yet effective attack that hackers use to get your login credentials.
Also known as an exhaustive search, this attack relies on the perpetrator guessing possible
combinations of your password until they discover the correct one. The longer your
password, the more the combinations the hacker will need to test.

It’s the reason you need to be careful when creating your passwords. Creating a password
like ‘password12345’ is putting yourself at risk of a brute force attack. With a simple online
tool and some time to spare, an attacker can run through a few thousand possible
combinations and probably crack your password.

5. SOCIAL ENGINEERING ATTACKS

It involves the psychological manipulation of people in your company into divulging

confidential actions or performing certain actions. Whether it happens over the phone or in
person, the ultimate goal is to trick you or one of your staff into dropping standard security
protocols. To put it simply, social engineering is like a phishing email playing out in real life.

6. DRIVE BY DOWNLOADS ATTACKS

Drive-by downloads hideout on other websites, waiting for unsuspecting users to click on by.
Once a user clicks on these downloads, they immediately execute a code-driven attack on
their system.

Just like in malvertising, the websites where these downloads hide don’t have to be
malicious. Drive-by downloads can hijack any site because no software is flawless. And
once you get infected, you’re infected.
 RECOMMENDED SOLUTIONS FOR SECURITY ISSUES

▪ How to Avoid Ransomware

The best defence against this malware is to have a comprehensive data backup solution. You
can back up your business data in one of the reliable cloud service options. This way, in case
your data is encrypted and stolen from you, you can restore it quickly from the cloud
backups and get your operations up and running in no time.

You should also always keep your software and systems up-to-date. Another effective way to
prevent ransomware attacks is by using a professional, multi-layered security solution.

▪ How to Avoid Phishing Attacks

Interestingly, phishing attacks are easy to spot and avoid. All you need is to know what to
look for in an email before trusting it. Here are some best practices to remember:

Keenly review a sender’s email address

Never download any attachments from an unknown source

Examine the nature and timing of the email request

Be careful when opening any links contained in an email

As long as you observe these practices, you’re less likely to become a phishing victim.

▪ How to Avoid Malvertising

The primary objective of malvertising is to inject ransomware into your system. The
malicious ad thus relies on vulnerabilities in your system to achieve the perpetrator’s goal. If
your components are outdated, then you are particularly at risk of this attack.

The best solution is to continually install updates and patches. You can also layer on your
security.
 ▪ How to Avoid Brute Force Attacks

To overcome password-hacking tools, you need to enforce a strong password policy across
all systems and users in your organizations. Here are some password creation best-practices:

Always use a combination of numbers and characters.

Use phrases or sentences, but not common ones.

Avoid using the same password for different accounts.

Discourage the sharing of passwords.

Make the life of a hacker difficult by securing your system with strong passwords.

▪ How to Avoid Social Engineering Attacks

Address social engineering threats as you would phishing emails. Always analyse all
situations carefully before you hand over any personal or business information. For instance,
if someone comes to your company claiming to be from your internet company, verify their
credentials and employment before believing them.

Train your staff on how to handle social engineering. Everyone in your organization needs to
remain suspicious. It’s the best defence against social engineering.

▪ How to Avoid Drive-By Download Attacks

Drive-by download attacks rely on vulnerabilities in your system to be successful. That’s

why you should stop relying on those free versions of antivirus solutions you download off
the internet. What you need are multiple layers of protection.

Be sure to keep all your systems up-to-date. Avoid allowing any vulnerabilities to exist. If an
update needs to be performed, never postpone it.

We’ve already mentioned that malicious code can exist in any site, but it’s best to always
perform your browsing activity on protected sites. Always look for the lock while opening a
site.
 CONCLUSION

Though not all people are victims to cyber-crimes, they are still at risk. Crimes by computer
vary, and they don't always occur behind the computer, but they executed by computer. The
hacker's identity is ranged between 12 years young to 67years old.

Information security is designed to protect the confidentiality, integrity and availability of

computer system and physical data from unauthorized access whether with malicious intent
or not.
 BIBLOGRAPHY

BOOK: COMPUTER FUNDAMENTALS (FOURTH EDITION)

AUTHOR: PRADEEP K. SINHA, PRITI SINHA

https://netdepot.com/8-common-it-security-issues-and-how-to-avoid-them/