SECURITY THREATS OF

INFORMATION SYSTEMS IN
BUSINESS
 What does Threat mean?
 A threat refers to anything that has the potential to cause serious harm to a
computer system. A threat is something that may or may not happen, but has the
potential to cause serious damage. Threats can lead to attacks on computer
systems, networks and more.
 Threats are potentials for vulnerabilities to turn into attacks on computer
systems, networks, and more. They can put individuals’ computer systems and
business computers at risk, so vulnerabilities have to be fixed so that attackers
cannot infiltrate the system and cause damage.
 Threats can include everything from viruses, trojans, back doors to outright
attacks from hackers. Often, the term blended threat is more accurate, as the
majority of threats involve multiple exploits. For example, a hacker might use a
phishing attack to gain information about a network and break into a network.
 Types of Computer Security Threats

 1. Computer virus
We’ve all heard about them, and we all have our fears. For everyday Internet
users, computer viruses are one of the most common threats to
cybersecurity.

Computer viruses are pieces of software that are designed to be spread from
one computer to another. They’re often sent as email attachments or
downloaded from specific websites with the intent to infect your computer
— and other computers on your contact list — by using systems on your
network. Viruses are known to send spam, disable your security settings,
corrupt and steal data from your computer including personal information
such as passwords, even going as far as to delete everything on your hard
drive.
Leveraging the fear of computer viruses, scammers have a found a new
way to commit Internet fraud.
Rogue security software is malicious software that mislead users to
believe there is a computer virus installed on their computer or that
their security measures are not up to date. Then they offer to install
or update users’ security settings. They’ll either ask you to download
their program to remove the alleged viruses, or to pay for a tool.
Both cases lead to actual malware being installed on your computer.
 3. Trojan horse
Metaphorically, a “Trojan horse” refers to tricking someone into inviting
an attacker into a securely protected area. In computing, it holds a
very similar meaning — a Trojan horse, or “Trojan,” is a malicious
bit of attacking code or software that tricks users into running it
willingly, by hiding behind a legitimate program.
They spread often by email; it may appear as an email from someone you
know, and when you click on the email and its included attachment,
you’ve immediately downloaded malware to your computer. Trojans
also spread when you click on a false advertisement.
Once inside your computer, a Trojan horse can record your passwords by
logging keystrokes, hijacking your webcam, and stealing any sensitive
data you may have on your computer.
 4. Rootkit

Rootkit is a collection of software tools that enables remote control and

administration-level access over a computer or computer networks.
Once remote access is obtained, the rootkit can perform a number of
malicious actions; they come equipped with keyloggers, password
stealers and antivirus disablers.

Rootkits are installed by hiding in legitimate software: when you give

permission to that software to make changes to your OS, the rootkit
installs itself in your computer and waits for the hacker to activate it.
Other ways of rootkit distribution include phishing emails, malicious
links, files, and downloading software from suspicious websites.
 5. DOS and DDOS attack
Have you ever found yourself waiting impatiently for
the online release of a product, one that you’re
eagerly waiting to purchase? You keep refreshing
the page, the page shows an error: “Service
Unavailable.” The server must be overloaded!
There are indeed cases like these where a website’s
server gets overloaded with traffic and simply
crashes, sometimes when a news story breaks.
But more commonly, this is what happens to a
website during a DoS attack, or denial-of-service,
a malicious traffic overload that occurs when
attackers overflood a website with traffic. When
a website has too much traffic, it’s unable to
serve its content to visitors.
A DoS attack is performed by one machine and its
internet connection, by flooding a website with
packets and making it impossible for legitimate
users to access the content of flooded website.
A DDoS attack, or distributed denial-of-service attack,
is similar to DoS, but is more forceful. It’s harder
to overcome a DDoS attack. It’s launched from
several computers, and the number of computers
involved can range from just a couple of them to
thousands or even more.
These computers can be distributed around the entire
globe, and that network of compromised
computers is called botnet.
A DDoS attack is much more difficult for the victim to
locate and defend against.
 6. Phishing
Phishing is a method of a social engineering with the goal of obtaining sensitive data
such as passwords, usernames, credit card numbers.
The attacks often come in the form of instant messages or phishing emails designed
to appear legitimate. The recipient of the email is then tricked into opening a
malicious link, which leads to the installation of malware on the recipient’s
computer. It can also obtain personal information by sending an email that
appears to be sent from a bank, asking to verify your identity by giving away
your private information.
 Why is Cyber Security Important?

 Cyber attacks creates extremely high financial burden to corporates.

 Data breach can always destroy corporates’ brand image and
reputation.
 Company data and customer information are always the valuable
assets for corporates.
 Advanced hacking tools can attack your business more easily.
 Hackers are becoming more skillful and strategic.
Solutions to Security
Threats
 1 Security Policy First
.

At a minimum, your security policy should include procedures to prevent and detect misuse,

as well as guidelines for conducting insider investigations. It should spell out the
potential consequences of misuse.
Start by reading through your existing security policies, especially those regarding incident
handling. Rework sections that rely on trusting insiders. For example, your incident-
handling plan shouldn't require your team to contact the administrator of a suspect
system to gain access -- he or she may be the culprit.
Next, make sure that your policy details the limits on access to and dissemination of personal
data about your employees, temps and others who might be targets of investigations.
Mishandling this data can have severe consequences, including legal action. Specify who
is allowed to access what data, under which circumstances, and with whom they are
allowed to share this information.
Finally, to protect the organization from allegations of unfair or unequally applied penalties,
make sure your security policy spells out the consequences of misusing company
resources.
 2. Use Strong Authentication

Passwords are passé. Password-cracking technology is quite advanced, and stronger

passwords spawn forests of Post-it notes on monitors. And many employees
share passwords.
The alternatives are expensive, and general deployment is beyond the means of
most organizations. For example, fingerprint scanners cost 100-250 bucks per
station. A more cost-effective compromise is to apply strong multifactor
authentication only to particularly sensitive applications or systems, such as HR
or accounting.
If you do deploy multifactor authentication-combining user ID/password with
tokens, smart cards or fingerprint readers, etc. -- be aware that these methods
may not plug all the holes. Once your session is established, a knowledgeable
insider may be able to spoof new transactions under your name, or simply use
your computer while you've stepped away. Windows stations can be set to lock
out users after a fixed period of inactivity and require re-authentication.
 3. Secure Your Desktops

You can't depend on users to be responsible for all their configurations, but if
you're using Microsoft's Active Directory service, you can use group policies
to lock down desktops across your enterprise.
Group policies allow a security manager to set configuration details for the OS
and its components (Internet Explorer, Windows Media Player, etc), as well
as other apps. For example, you can change the settings for each of IE's
security zones, enforce the use of your organization's content filtering
Internet proxy, and even forbid the use of unsigned third-party macros in MS
Office apps. Windows itself comes with a number of sample template files,
and more are available from Microsoft's Web site or from the Windows or
Office Resource Kits. In addition, make sure access rights to network folders
are applied on a strict need-only basis.
 4. Segment LANs

Host- or network-based intrusion detection systems deserve a prominent

place on the roster of your internal defenses, but finding good
monitoring points can be challenging.
Host-based systems usually deploy agents, but network-based systems
rely on LAN sniffers. Monitoring a single Internet connection is easy,
but finding good locations "choke points" inside often-chaotic LANs
can be more difficult. Ideally, you'd have one sniffer for each LAN
segment. In a large network, this is unwieldy, impractical and will
probably overwhelm you with worthless alerts.
A better tack is to treat your LAN as a series of enclaves, each of which
comprises its own zone of trust, segregated by firewalls at the point
where each connects with the corporate backbone.
 5. Plug Information Leaks

Sensitive information can flow out of your organization through e-mail, printed
copies, instant messaging or by people simply talking about things they should
keep to themselves. Combine security policy and technology to stanch the
bleeding.
First, make sure your policy details restrictions on disseminating confidential data.
Technology can help, starting with the IDSes. Scan your business plan for unique
phrases that you wouldn't expect to find anywhere else and configure your IDS
to alert you whenever it sees these telltale snippets on the network.
E-mail firewalls, such as CipherTrust's IronMail and Tumbleweed Communication
's MMS, can scan the full text of all outgoing e-mail.
Vidius' PortAuthority, applys a digital signature to each protected document and
blocks access based on user-generated policy.
Digital rights management tools, such as SealedMedia and Authentica's Recall
series of products, restrict distribution of documents by assigning access rights
and permissions.
 6. Monitor for Misuse

Your security may require direct employee monitoring -- from video cameras to

keystroke logging. Research suggests that as many as one-third of all
employers perform such monitoring to some degree.
Before jumping on the bandwagon, though, make sure you know what tools are
available to you and what constitutes legal monitoring in your jurisdiction.
Webcontent filters are useful tools, since they can be set to block pornography,
competitors' Web sites and hacker tool repositories, all of which figure
prominently in common insider incidents. In general, you can safely employ
these as a matter of policy for all your workers.
If you need more detailed information about what specific employees are doing,
you must exercise a bit more discretion, but you still have plenty of options.
Two products that are best-suited to enterprise security are Webroot
Software's WinGuardian and Enigma Spyware Group's iSpyNOW. They
offer keystroke recording, application activity and window title logging, URL
visit history and more. WinGuardian can schedule regular screen shots, and
iSpyNOW can log file system events.
 Summary

It can seem a difficult task to keep track of all the network security threats
that are out there, and the new ones that just keep emerging. Whether the
media is creating a culture of fear out of being online and placing trust in
leaving our information out for all to see, or whether the threats that wait in
the dark corners of the Internet are truly serious and can happen to anyone,
the best thing we can all do is to be prepared. There is no way to be
completely sure that a system is impenetrable by cybersecurity threat. We
need to ensure that our systems are as secure as possible.
THANK YOU AND BE SAFE !