2513home.files.wordpress.com€¦ · web view2019. 10. 18. · the word “internal” means...
TRANSCRIPT
Unit 7
(P1)
Potential threats
Malicious damage
To make the work easier for everyone Malicious Software in short is referenced as Malware, which basically means that the data, software, security, controls, computers can be over written, stolen, can be bypassed or harmed. Peoples often confuse “Malware” for being just one type of “Virus” but there are indeed several type of malwares which some of the most common ones being:
· Bugs
· Bots
· Trojan Horses
· Spyware
· Adware
Ransomware
This type of malware can be very annoying as the computers users are held hostage whilst demanding for a ransom. This simply denies the user access to any sort of command and files by either locking/freezing the screen or showing them the visuals that the hackers intend to put so that they can force the users to pay them to access their valuable information. It creates problems internally and this can be the result of downloading any sort of risky files or simply through the internet connection which is vulnerable.
“In May 2017, the ‘WannaCry’ malware spread through computer networks across the globe. Exploiting a vulnerability in Microsoft Window’s operating system, it enabled hackers to encrypt organisations’ files.Victims were then sent a note demanding $300 (£228) worth of Bitcoins in exchange for the decryption key.”
https://www.pensar.co.uk/blog/3-stories-about-ransomware-attacks-that-will-blow-your-mind
Counterfeit Goods:
Main goal for the counterfeit goods are to mirror the main popular brand and change it up by a little bit so that the customers do not see the difference initially and buy the product thinking they bought something from a good brand. They also put the prices low so that many peoples can afford it. And from a customer’s perspective they will be thinking why not get an item from a good brand and also in a cheap price. So it is kind of a manipulation game from the counterfeit departments to the customers. One of the most counterfeit products producers are China as even stated by the reports after being researched says that 1 out of 5 products on E-commerce websites are counterfeit websites like Alibaba.com, wish.com etc. A prime example might be if a person types in Mike.com by mistake with the intention of typing Nike.com the site will be directed to Mike.com where they will be selling similar stuffs as Nike but obviously with a little change.
“(CNN)A large shipment of popular retro Nike shoes turned out to be counterfeits.
US Customs and Border Protection officers seized 14,806 pairs of fake Nike shoes that, if genuine, would've been worth a total of more than $2 million.”
https://edition.cnn.com/2019/10/09/us/counterfeit-nike-shoes-trnd/index.html
Technical Failures:
Any malfunctioning of hardware, software or computer system or any other facilities that does not let the user to use the device without error are known as technical failures.
Example of Technical Failures:
Human Errors:
This error simply occurs as if the humans lack knowledge of anything technical related, misconception, inexperienced, ignorance, forgetfulness. This will definitely lead to security being weak (security breach) and chances of more system errors and failures.
Some of the other errors might be caused due to:
· Not backing up the data
· Using personal drive, files or emails which may be carrying the data
· Simple mistakes like losing the hard drive which may be carrying important information
“When VeriSign Inc. revealed late last month that it had issued two digital certificates to an individual fraudulently claiming to be a Microsoft Corp. employee, the incident put users on notice about their own preventive and reactive processes for handling security lapses due to human error.”
https://www.computerworld.com/article/2591600/human-error-may-be-no--1---threat-to-online-security.html
Theft of Equipment:
When talking about technical failures it is not just software or files that can be stolen but also the equipment or data which can have a huge impact on the user or a given company. But theft can happen in both sense which is either a physically or through cyber. Stolen or misused data from the users are the result of cyber theft (hacking). Stolen hard drive, CDs or any hardware is the result of physical theft. Both have similar impact on the user but physical theft can be noticed easily if taken care of the item. But cyber theft is still hard to prevent and requires coding skills to just be kind of safe but still risk on being theft.
“An IT engineer who sold his employer’s brand new NHS laptops on E-bay has today been sentenced to 20 months at Mold Crown Court.”
https://www.itv.com/news/wales/2019-07-24/nhs-employee-jailed-for-selling-stolen-work-laptops-worth-18-000-online/
Malicious Damage
Internal Damage:
The word “Internal” means inside which means that Internal damage is the damage done inside of the computer, hardware, software or any sort of data. This damages the inside of the system and slowly takes the control over its data and privacy.
“According to data security company CODE42, 78% of security professionals state that negligent and careless staff are the biggest threat.”
https://www.itgovernance.co.uk/blog/accidental-or-malicious-insider-threat-staff-awareness-makes-the-difference
External Damage:
The word “External” means outside which means that External damage is the damage done externally to the system with the main goal being not to get caught and also damaging any sort of data, that the hackers would try their best to hack and bypass the systems security and infecting it using either a virus or malware.
Access causing damage:
Viruses:
Virus known generally known to public as a dangerous thing occurs in a system when hackers or some dangerous codes gain access to a system. The virus might act immediately or might even hide itself and act as normal.
Virus attacks in the system can override the data, can duplicate itself without being known to the user and still staying hidden inside the system for future easier access it has in it.
Virus attacks can also cause serious damage to the data inside the system and cause problems such as data loss in the system had drive.
“NHS Wales 'one step ahead' of cyber virus attack”
https://www.bbc.co.uk/news/av/uk-wales-39937712/nhs-wales-one-step-ahead-of-cyber-virus-attack
Access without any damage:
For a hacker, it is best for them if they are not detected by the user or anything that stands in their way so that their job will be easier for them. Skilled hackers can gain access to any sort of system and leave no trace behind.
As mentioned above their goal might be to steal data in smaller amount so that it goes unnoticed and they can keep on repeating it until they are done with it.
“Worm steals 45,000 Facebook passwords, researchers say”
https://www.bbc.co.uk/news/technology-16426824
Phishing and Identity theft:
One of the most common form of hacking is phishing or ID theft, this happens when a hacker gains access to a user and steals their private information. After stealing the information from the user they simply use the fake persona to spam emails and websites or even use it for other various purposes.
One of the way the hackers might have success is via email as saying it is from their work place, bank or lottery companies and asking the user to give their personal information.
“Newcastle school targeted in fees phishing scam”
https://www.bbc.co.uk/news/uk-england-tyne-46920810
Piggybacking:
The main goal for a hacker in this case is to gain an unauthorized access to a wired or wireless network. It is simply used to gain a free access to the network and not for malicious activity but if a network is vulnerable to piggybacking then the chances are that the network itself is very easy to gain an access to and can be easy for virus distribution or data theft.
“More than half of computer users steal Wi-Fi - but ONLY 11 have been arrested”
https://www.dailymail.co.uk/sciencetech/article-494961/More-half-users-steal-Wi-Fi--ONLY-11-arrested.html
Hacking:
Hacking, generally known to public to stay away from is a way of finding a weakness in network or system in order to exploit and gain access over the data for illegal use. Hacking is known to be illegal in almost every nations and is covered by the law of “Computer Misuse Act”.
People’s who are into hacking are known as hackers which has different types:
Ethical Hacker (White Hat): Not every hacker are bad ones as this type of hacker gains authorized access to the system and software and helps the user or company find its weaknesses so that it could prevent from other hackers to gain access into it. Some tests such as for penetration or vulnerability can be taken for system security.
Cracker (Black Hat): Hackers which gains unauthorized access to the system or software with their main goal of stealing data or personal information and thus transfer money or funds from their personal bank accounts etc.
Grey Hat: Hackers with the intention to do good thing(White Hat) but by using a bad approach(Black Hat) are known as Grey hat hackers. The person gains access to the system without being authorized, finds weaknesses and then reports it to the company or user so that they can fix it.
“Teen hacked Apple hoping the company would offer him a job”
https://www.engadget.com/2019/05/27/australian-teen-hacked-apple-for-job-offer/?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvLnVrLw&guce_referrer_sig=AQAAAAEb6pxRsV020ufSPVG3GouTOZrcwGEzreAuTAcgYuCZliIjNxNk_dgI9xGCeG_I_pGiULvpr4x_Gz7YJ_7cfTFist5N59Y2BXoJzTIAqQeoJmFRQkukTKsoRuH3izCFknKkVNTpcpbkCY6c4Q2owM6SEnggfGYPgscxR72TshXk
Threats related to e-commerce:
Website Defacement: This sort of hackers can be very annoying to face as the hackers gain access to the users website to send a message or change the appearance of the website. They are usually system crackers as they break into a web server and mess with the host website by replacing it with their own.
Peoples working with e-commerce system might face this issue often and apart from that it will cost them their time and money whilst it is being recovered and along with it a large amount of loss of customers.
Control of access to data via third party suppliers:
As the topic states, it is simply a person or hacker providing the personal information of the user to the third parties such as companies or organizations so that they can advertise accordingly to the given user. This process is done without the knowledge of the user and also done in a wrong way.
In can be one of the biggest threats to businesses as their personal information, customer and company data; everything can be stolen from them and be provided to other companies which are in competition.
“Huawei to come under increased scrutiny from GCHQ”
https://www.bbc.co.uk/news/technology-25417332
Denial of service attacks:
This type of attack can lead to networks or systems shutdowns which will not allow any user to gain access to it. By flooding the network or system with loads of traffic or sending information, this can be achieved.
It is usually targeted towards big companies and organizations such as banks, government sites or social media companies.
It can bring a huge threat to e-commerce systems as the restriction of access to their companies websites can result in huge amount of loss of information leaks, data stolen and huge loss of money as there will be no one accessing it.
“Three network down – Thousands of 3 mobile users vent fury after being unable to make calls or go online for hours”
https://www.thesun.co.uk/news/uknews/10153532/three-down-thousands-of-3-mobile-network/
Counterfeit Goods:
Products at risk, Distribution Mechanisms:
With this advanced technology many peoples find it easy to view movies, series, videos and also listening to songs online. That alone has resulted in fewer DVDs being sold but however companies still seem to make that money online via their software as to pay monthly and gain access to various movies,series etc. Or listen to songs when released. And the key word from this is pay.
This is how it effects the E-commerce companies, now people’s mind obviously work in the same way, which is if the product is free itself and can be accessed for free then why pay tons of money for the same exact thing? So obviously they will find many software online which is distributing the same movies, song contents for free without them knowing that it is illegal. These types of things can be achieved via torrents,pirating etc. It is illegal as it does not have the copyright license from the industry and is distributing for free.
PirateBay Proxy List 2019 - Download Torrents via ...
https://piratebay.ink
This will result in fewer people’s actually paying for the correct and licensed movies and songs etc. And more people’s going for free content.
Organizational Impacts:
Loss of Service
Losing a service can be really frustrating and difficult in general. Now we can see how it will have a huge impact on the company; even if it is for a smaller time. People’s will have no sort of communication at all as there is no service and with that the customers cannot call or read for inquiries, not know about products,cannot return and exchange, etc.which will lead to huge amount of money being lost.
Loss of customer records (Impacts)
One of the main things a company values is its customer records. With it a company can resell, re-advertise and know about the customer. So without no customer records, the business will be completely down, there will definitely be a huge loss of money and income as they even loose their loyal customers. This is also where customers also might change companies or business for their safety or by getting annoyed of that business, so it is very important for a company or business to keep its customer records.
“Apple expects to lose $9 billion in Q1 revenue over slowing iPhone sales”
https://thenextweb.com/apple/2019/01/03/apple-expects-to-lose-9-billion-in-q1-revenue-over-slowing-iphone-sales/
Increased Cost
As I talked about how human mind works, obviously they cannot buy free clothes so they go for items which are cheaper.Not only that but many people’s who shop online are middle to lower classed. So if the cost of the items are expensive then One: a customer cannot afford it. Two: they will find something similar for a cheaper price from a different site or company which will lead to loss of customers too.
“Apple's price hikes have gone way too far”
https://www.businessinsider.com/apple-price-hikes-2018-2018-12?r=US&IR=T
Poor Image:
No one will trust a company or an organization with a poor image as poor image is formed by the lack of company maintainance, bad customer service, slow system, bad quality etc. So with a poor image, a company will not have a good reputation and will not have anyone’s interest leading to loss of income and marketing.
This is from my personal experience as I have seen no one got to one shop near me because the quality of the haircut was very bad, the customer service was very poor and they were very ignorant so no one liked the place and the business went down after a year.
M1
(Discuss Information Security)
Confidentiality
Every company has got its own confidentiality which states that there certain information that can be discussed openly and certain information that is to be no spoken about. This helps with the company’s privacy as the information is kept hidden that might cost them a lot. Information such as customer records, sales,strategies etc. Every company needs to apply confidentiality as it may put their company at risk of information distribution to various competitors or different parties.
Data Integrity
Every data stored in the company’s system needs to be accurate, not only helps them with good service but also for future advertisements to different users. It is also maintaining where the data is being stored and at the same time making sure that those data stay accurate till he date. It plays an important role for designing, implementing and usage of any sort of system which stores receives or processes data.
Data Completeness
As long as the data meets its requirements it is considered as a complete data. Now lets say the data had to consist of Employee Name and Employee ID but the data provided to the system is only Employee Name, in this case the data provided is not complete hence the person cannot access to the company furthermore helping the company keep its information and data safe, specially for those who are trying to steal something.
Access to Data:
Data should not be accessed by everyone, specially those who are not working for the company or the organization. Because as mentioned above,it can easily be distributed to other parties or competitors. Access to Data should only be given to those who the company or the organization trusts.Such data can be the downfall of the company if it is distributed along with all the customers or users who has trusted the brand.
Conclusion:
So coming to conclusion, there are various things we discussed above as up to how the company should be working for data protection and information security because it can be the start and the end of a company. Customer information is very crucial to companies making hackers more interested to it. So it is very important to know on what sites and companies you can trust and doing their background research before giving the personal details. Companies should also be very active in maintaining the security of the site and company as it is their job to handle the information with care after the user or person has trusted them enough to give their valuable information. Hacking is illegal and if anyone is trying to do it; an action should be taken care of immediately. If the network or system is hacked then a large amount of information can be leaked. Those information may either be the company’s,organization’s or the customer’s or user’s information, so nothing should be taken lightly. All the personal and company’s important information should be kept private for security purposes and the only one’s allowed should be the trusted ones.
-Siddhant Shrestha
Bibliography:
https://www.pensar.co.uk/blog/3-stories-about-ransomware-attacks-that-will-blow-your-mind
https://edition.cnn.com/2019/10/09/us/counterfeit-nike-shoes-trnd/index.html
https://www.computerworld.com/article/2591600/human-error-may-be-no--1---threat-to-online-security.html
https://www.itv.com/news/wales/2019-07-24/nhs-employee-jailed-for-selling-stolen-work-laptops-worth-18-000-online/
https://www.itgovernance.co.uk/blog/accidental-or-malicious-insider-threat-staff-awareness-makes-the-difference
https://www.bbc.co.uk/news/av/uk-wales-39937712/nhs-wales-one-step-ahead-of-cyber-virus-attack
https://www.bbc.co.uk/news/technology-16426824
https://www.bbc.co.uk/news/uk-england-tyne-46920810
https://www.dailymail.co.uk/sciencetech/article-494961/More-half-users-steal-Wi-Fi--ONLY-11-arrested.html
https://www.engadget.com/2019/05/27/australian-teen-hacked-apple-for-job-offer/?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvLnVrLw&guce_referrer_sig=AQAAAAEb6pxRsV020ufSPVG3GouTOZrcwGEzreAuTAcgYuCZliIjNxNk_dgI9xGCeG_I_pGiULvpr4x_Gz7YJ_7cfTFist5N59Y2BXoJzTIAqQeoJmFRQkukTKsoRuH3izCFknKkVNTpcpbkCY6c4Q2owM6SEnggfGYPgscxR72TshXk
https://www.bbc.co.uk/news/technology-25417332
https://www.thesun.co.uk/news/uknews/10153532/three-down-thousands-of-3-mobile-network/
https://piratebay.ink
https://thenextweb.com/apple/2019/01/03/apple-expects-to-lose-9-billion-in-q1-revenue-over-slowing-iphone-sales/
https://www.businessinsider.com/apple-price-hikes-2018-2018-12?r=US&IR=T