Summary
There are several types of security threats: computer virus threat, spyware threat, hackers and phishing scammers. Information security threats has become a priority for organizations and enterprises across the world. According to the Computer Security Institute, 90% of US enterprises suffered security breaches and 75% experienced business difficulties resulting in the loss of $201 million in 2002 (Yeh and Chang 2007) and the figured as risen dramatically since that time. Computer systems are vulnerable to many threats that can afflict various types of damage resulting in significant losses. Losses can stem from actions of trusted employees defrauding the system, from outside hackers or from careless date entry clerks. The various threats vary considerably; some affect the confidentiality or integrity of data while others affect the availability of a system (Essay 2013).
Description
Criminals can breach security by theft of equipment, physical damage, introducing malicious programs to damage software, gain illegal access to computer systems, and the interception of data between computers. This module will teach students the types of threats, examples of attacks, and practical ways that novice can make their organizations more secure. The table below illustrates the 12 categories of threats and an example of each.
Risk
For the subject matter of information security and countermeasures, the term risk refers to the likelihood of being targeted by a given attack, of an attack being successful, and the general exposure to a given threat. A risk assessment is performed to determine the most important potential security breaches to be addressed (Perrin 2009).
Cybercrime has become so regular that people and some organizations have become desensitized with the news of a data breach. Every now and then, companies announce that their systems were breached, followed by the extent of the damage, and what they’re doing about it. Compromised data is a subject that needs the public’s full attention. Data breaches can result in millions of private records and sensitive data stolen, affecting not just the breached organization, but also everyone whose personal information may have been stolen. Based on the data stolen, there are specific types of information that are of value to cybercriminals. Hackers search for these data because they can be used to make money by duplicating credit cards, and using personal information for fraud, identity theft, and even blackmail. They can also be sold in bulk in deep web marketplaces.
In addition, this link to a video article provides an insight to the what happens when security threats become reality:
https://www.csoonline.com/article/3220504/malware/famous-malware-threats-where-are-they-now.html
Real Life Examples
Example 1: For more than a year, a contract janitor stole customer account and personally identifiable information from hard-copy documents at a major U.S. bank. The janitor and two co-conspirators used this information to steal the identities of more than 250 people. They were able to open credit cards and then submit online change-of-address requests so the victims would not receive bank statements or other notifications of fraudulent activity. The insiders drained customers’ accounts, and the loss to the organization exceeded $200,000.
Example 2: A contract programmer tricked a janitor into unlocking another employee’s office after hours. He switched the door’s name plate and requested that the janitor let him into “his” office. The programmer, who had already obtained employment with a competitor, was able to download sensitive source code onto removable media.
Example 3: A hospital security guard accessed and stole personally identifiable information regarding the organization’s patients. The guard and three co-conspirators opened fraudulent cell phone plans and credit card accounts. As part of the scheme, they changed the account addresses of the victims so the bills would never reach the account owners. After being caught, the insider was ordered to pay $18,000 for the crime.
Example 4: A communications director showed an expired ID badge to a security guard to gain unauthorized access to a data backup facility. Once inside, the director unplugged security cameras and stole backup tapes containing records for up to 80,000 employees.
Example 5: A contract security guard used a key to obtain physical access to a hospital’s heating, ventilating, and air conditioning (HVAC) computer and another workstation. The guard used password-cracking software to obtain access and install malicious software on the machines. The incident could have affected temperature-sensitive patients, drugs, and supplies.
Example 6: An insider stole an organization’s trade-secret drawings that were marked for destruction and sold them to a competing organization. The victim organization estimated its losses at $100 million. The competing organization that received the stolen documents were forced to declare bankruptcy after a lawsuit.