Task 1:

Example of existing or potential treats to the company: malicious damage; threats related to e-

commerce; counterfeit goods; technical failures; other eg human error, theft of equipment.

Malicious damage:

What is malicious damage?

Causing an act of damaging to an area which is ‘public, commercial or private property', a malicious act is something you know is wrong to do and you are doing it on purpose to cause damage to something which isn’t yours.

Computer hackers can cause malicious acts for example they could use malware in order to get into your devices so that he can delete or steal data from your device.

https://www.umass.edu/it/security/malware-viruses-spyware-adware-other-malicious-software

Internal

An example of an internal malicious damage would be for example if an employee were to press a link which would then cause damages towards the company or even allow for the hacker to invade private information from the company because it was done by the employee it would be internal as it was done from the inside. However, in this case it would be an accident caused by the employee that received a email with a link and maybe he forgot not to press links from unknown sources which then created the argument if it was a malicious act or not as you never know if he actually did it by accident or if he did it on purpose because he might be in scheme.

https://www.elimity.com/post/7-examples-of-breaches-caused-by-insider-threats

External

External is in some way the opposite of internal for example it could be a hacker that tries to exploit the system from the outside in order to penetrate into a company in order to cause malicious damage. An example of this is when someone hacked YouTube from the outside and made YouTube keep playing this same video over and over again however the video wasn’t anything bad there for was his actions malicious of should he have gotten any punishment for hacking into someone else’s business and controlling it which is like theft, in my opinion I believe that because he didn’t really do anything bad upset making a video play there for he didn’t cause any major damage to the company

upset losing clients that day as people would have been irritated from not being able to watch whatever they wanted on YouTube which could of lost the company a bit of money. However, YouTube hired him because he did something unexpected and no one was able to really stop him there for YouTube invited him to work for them. The reason for this was because he was able to access and hack into it however didn’t do anything bad that caused damage such as inserting viruses.

An example of phishing would be pretending to be someone you’re not and tricking the public to do something so that you can hack them and access their PC, there for there details and much more.

Hackers could use identity theft in order to buy items from stores for free using someone else’s bankcard money.

However there are many more types of identity theft such as pretending to be someone else, so that you can do a job that you wouldn’t be able to do with the qualification that you have, this is really bad and could be dangerous as the person who stole your identity could do a job which they don’t know how to do such as being a doctor which could put life’s in danger.

https://en.wikipedia.org/wiki/Identity_theft

They could even work as a firefighter which would be dangerous for both the people who they are meant to be saving and also putting him self’s in danger.

https://www.businessblogshub.com/2012/10/natural-disasters-and-data-loss/

https://invenioit.com/continuity/data-loss-from-natural-disaster/

Piggybacking could be used in many ways for example someone who accesses someone else’s internet is piggybacking because he is using something which isn’t there in order to get free access to the internet without paying, however this could also transition to hacking because with the access to someone else’s internet you are able cause malicious acts, by hacking which could cause damage towards that certain person or company such as accessing details or stealing.

An example of hackers stealing from a company is in 2018 a few “hacker stole half a billion personal records”, these hackers were able to take sensitive and personal information from the public which have put details into the company, it was taken from Identity Theft Resource Centre.

In addition stealing data is a common thing now days and with data from random users you can sell that and make money or even use it in order to cause illegal actions, data/ information is power especially for people with a lot of power which don’t want some information to get out into the world.

https://news.sky.com/story/grant-west-hacker-ordered-to-pay-back-almost-1m-in-cryptocurrency-11791978

Grank West Hacker is an example which used this in an illegal way he would blackmail and steal customer’s data from lots of popular company’s such as Argos, Asda, Sainsbury's and many other big UK companies.

After he stole personal data from many users in all does company’s he proceeded to sell them in the black-market, he used phishing scamming technique in order to manage to steal this data.

How this scam works is he would try send things to these companies’ such as emails and would then would try trick them into believing that they would lose something for example there bank account, tricking the workers into clicking the email which he created as a bait allowing him to get access and steal from them.

Threats related to e-commerce:

E-commerce defacement is for example when a person attacks a website, so that they can make changes to the website’s visuals or so they can make the website run really slow and even crash it so that anyone can use the website this is called Denial of Service (DOS). Hackers would do this in order to drop market sales and to stop sales from going ahead. This could cost the company money and also have effects on the customers.

This makes life for business that make most there money though websites hard because if they don’t have really good defensive system, they could lose lots of money making the company suffer.

This means that companies would have to spend more money in updating there hosting servers and even use more affective techniques in order to be more protected from a system hacker so that their company’s reputation does get damaged by the hackers which can add false information on the website and even add inappropriate images.

A system hacker could break into some else’s system devices. There for breaching their computers security getting though firewalls and security passwords.

https://www.javatpoint.com/security-threat-to-e-commerce

https://www.section.io/blog/website-security-for-ecommerce-websites/

E-commerce also is about breaching into security of software’s and systems in order to be able to get access to user’s PC’s and to be able to steal from them. These hackers would also try port scanning which means looking for any vulnerabilities in the company that they would be able to use in order to access that company’s details or websites.

An example of someone who managed to do this to a big company was Rick Astley was a figure who managed to do something which seemed impossible which made people feel powerless, he managed to get full control of YouTube for a hole 24 hours and every time you would try using YouTube the only thing that would play was the video he inserted.

No one was able to stop him from doing what he was doing however, what he was doing was evil as he wasn’t causing any harm to the company but instead just showing YouTube that they have vulnerabilities in their website. He ended up turning himself in and google where amazed by his talent and ended up giving him a job in YouTube.

https://www.wired.com/2014/07/rickroll-innocent-televisions-with-this-google-chromecast-hack/

Control of access to data via third party suppliers

A third party supplier will be provided access to customer’s information. An example of how company’s might get your information is for example if there is a free internet it might ask for you for your email and a few questions. The reason why company’s do this is so that they can then advertise something that they have for example if they create a new product they can send an email to everyone talking about the product and to send special offers.

However, people can also use this data illegal not just to advertise a product or deals. For example, if a hacker got access to the user’s data such as e-mail and a phone number, they would be able to sell their information for lots of money. Hackers would use your money to send them self’s free thing and even to pay for their costs such as holidays and what else.

Threats related to ecommerce would be doing things such as using the internet in order to steal from others, fraud and even to break into breaches such as websites so that you can add malicious hacks which could then be used to gain details and even control of others peoples computers, just by having them going on a website for example a fake shopping website in order to steal your bank card details so that they can use your money to buy things and steal from you.

The most popular threats are phishing attacks, money thefts, data misuse, hacking, unprotected services and credit card frauds this can also be done over the phone by having people trying to trick/ mislead you to send them money by pretending to be someone or something they are not for example your internet provider or your bank in order to scam you.

There was a person who managed to steal from a company by tricking them, they created a voice which sounded like the boss of the company, they called someone pretending to be the boss of the company and told them to transfer money to a back account somewhere in Africa. They managed to scamm this company and after they pressed send the transaftion was made and they where to late to do anything and had lost lots of money.

Distributed denial-of-service (DDOS)

A distributed denial-of-service (DDOS) which means taking down a server by using attacks this can be used in the gaming community so that you can get an advantage over someone else, for example a competitive game if you take down someone’s internet making them unable to play making it super easy for you to take advantage and win your games easily as other users would be having lots of lag and your attacks making them net go down. However, you are able to make attacks to machines/ devices too not just networks allow you to temporarily take down it out there hosting connected to their internet.

https://www.akamai.com/uk/en/resources/ddos-attacks.jsp?

gclid=EAIaIQobChMIitqCnbDY5QIVBLTtCh1p5gtBEAAYASAAEgLBofD_BwE&ef_id=EAIaIQobChMIitqCnbDY5QIVBLTtCh1p5gtBEAAYASAAEgLBofD_BwE:G:s&utm_source=google&utm_medium=cpc

Counterfeit goods

You can get counterfeit products however, you might not know if they are real or not that is the issues with this. What this could cause is people to buy products that don’t even works making you waste your money on fake DVDS, software, games and music.

https://www.wrexham.gov.uk/english/env_services/tradingstandards/fake_goods/fake_goods.htm

You are also able to download software over a torrent, allows you to download illegal files over the net. Someone who has it already shares it on the internet which then allows users on the internet to use a torrent and get these things for free the most common one is people pirating music and films which just means they get these free products without paying for them which means the creators of the product won’t get any of the money because you aren’t actually buying it like you usually do.

If you are the one that’s is distributing these files of the films or music, this can have consciences such as fines and also for the other hand the people doing the downloading of the product as it is illegal to download something for free because it’s like stealing something. They could be shared from your friends and sent to you or you could just download it from a website which has it for free.

Napster is a prime example which used peer to peer service which means on the site you would be able to share files and digital audio files, typically songs though the format of MP3 between users for free, however this company ran into many issues due to copyright. This created the same issues as being able to freely download music of the internet as you where still being able to get free music and videos etc by just sharing between others, causing music business to lose out of money to prevent this from happening fines get issues to does owning these illegal free DVD’s and music sites.

https://en.wikipedia.org/wiki/Napster

Products at risk of counterfeit are for example software which can be sold in CD or installed of the net (pirated), DVD’s, music and video games are the most common. There distribution mechanism are stores, markets, online sale shops such as eBay and lastly online sites which do P2P or torrents which allow you to install things illegal.

Organisational impact:

Some ways organisations may suffer is for example if they are unable to function due to losing connection of internet/ service though the hole building making it impossible for them to complete their job for the customer which means that the business may lose clients due to not completing things and there for losing them money, plus whilst the sites are down it also means that there

website will be too which means that the company won’t be able to make changed and their clients won’t be able to access there website. Another way business may lose customers is for example if they can’t hold customers information safely meaning if someone hacks the company and steals private data from customers which had data in their company the customer would be annoying and may never trust your company again making the business lose money.

In addition, it will create a poor image on the company because people would then spread the bad reputation making you have a bad name in your company there for others would then have second thoughts if they should use your business too there for costing them even more money.

Another simple way organisations may impact customers is for example if they increase there price on something which is commonly bought by them making them second think if its still a good investment to stick with the organisation that they are with, reasons why company’s may increase there prices are for example if there is a new product or if they need money in order to upgrade their company in some way. If the company lost customers records which caused them to stop making profit, they would then need to take action and increase the pricing of things so that they can improve their security systems so that they don’t go thought treats again.

https://en.wikipedia.org/wiki/Information_security

Information security:

Now days there are many types of security such as finger prints to unlock your phone or even more advanced retinal scans which is when you use your eye as the code/ password to unlock something and lastly you can use voice recognition in order to unluck things these are physical and logical systems which are used to stop unauthorized access to a person’s private data.

Other types of security’s are cameras which will spot if something is going on and also will scare people from doing anything because they know they would be on film, there is body scans which can detect what you have on you this is commonly used in things such as airports as they have to ensure that you don’t have any weapons ect.

Another example of security is having backups of things for example if you have a company you may have all your data in more than one location in order to be fully safe just in case of an accident such as a fire.

Firewall which will prevent viruses from accessing your PC, another commonly seen security action which you may see is if you ever get your password wrong it may lock your account and make you type in a code which they send you to your phone to ensure that someone isn’t trying to connect to your account. Another example is if someone from a different counter accesses your account on anything for example video game or Facebook, they would send you an email saying that one tried accessing your account from this country to confirm that it was you.

Confidentiality is about protecting data from being accessed by unauthorized audience for their client’s safety and privacy. The problem now days is that even big companies have issues with safety meaning someone is able to data breach which means that someone managed to steal client’s information from the company. It would depends on your job role in order to have the power to see clients private information as there may be a reason why you might need access them in order to do your job e.g. if you go to a bank the worker at the bank can check your information balance however no one else should be able to get access to clients information apart from the worker and him.

Grank West Hacker is an example which managed to do just that, he would blackmail and steal customer’s data from lots of popular company’s such as Argos, Asda, Sainsbury's and many other big UK companies which made it so the client’s private data are no longer safe as it fell into bad peoples hands, clients may lose confidence with all these big companies as they believed that they could keep their data safe.

https://news.sky.com/story/grant-west-hacker-ordered-to-pay-back-almost-1m-in-cryptocurrency-11791978

Facebook is a big one which exposed user’s private information such as phone numbers account user names and more. There where more than a total of 419 million records of users which were discovered online which could be accessed without any security.

For a big company such as Facebook to have data breaches in their company is really bad as they will lose trust with there users and many clients will never feel safe to talk and to freely use Facebook.

https://www.independent.co.uk/life-style/gadgets-and-tech/news/facebook-phone-numbers-data-breach-privacy-a9092641.html

Data integrity means how accurate the information is and what the validity of the information is. Data completeness this references to filling in papers or data for example when registering for an account in anything if you forget to write your password it will not be able to submit your sign up until everything gets filled in however, when filling in papers there is a higher chance of mistakes happening as humans can make errors and not see them there for it would go though with a error this is a problems with things such as phone numbers as if you don’t have the right number of numbers it usually wouldn’t let you confirm and when done in paper you shouldn’t of noticed unless you double checked it.