Explain the Impact of Different Types of Threat on an Organisation
Explain the impact of different types of threats on an organisation?
When operating an enterprise a high level of risk management is needed. This is due to the nature of so many existing threats within Information Technology.
By performing risk management. High risk threats can be mitigated best to their abilities. However, threats can come in all forms i.e. physical, remote, internal, external which requires a strong level of security and risk management.
An internal threat is from within the enterprise, such as a rogue employee trying to steal data. (Which can also be an external attack) another type of internal threat would be physical damage either to hardware of software.
Malicious damage is the intent to destroy and damage computers intentionally. This means a high security risk to the computer systems. These types of threats, that can be used to cause malicious damage, are both internal and external threats. Internal threats; a type of virus or other possible malware set to destroy your system unit from the inside and external threats such as physical damage/theft to the computer system by a thief or somebody with access who has sabotaged the system(s).
Advanced internal threats can be more sophisticated and direct. This could include an employee performing social engineering to gain access within the enterprise to steal data as well as strategic planning to bypass encryption/security clearance to access data.
External threats are threats that exist from outside the enterprise. This may not just include the internet but also outside the physical enterprise itself. Such as dumpster diving, although uncommon, can still protected against in the right methods.
Remote based external threats can exist in a numerous of ways, a common would be employees accidentally getting phished or downloading a virus. Awareness training can be greatly beneficial as the enterprise security is only as good as the weakest entry point and human error may often be an enterprise vulnerability.
Viruses only server one purpose, and that is to destroy and corrupt the victim's system unit i.e. computer, phone, tablet etc. Virus threats aren't as common today as they used to be when systems were older and lacked security. Threats today are more commonly used for money gaining purposes.
Similar to the virus threat, the macro virus is a virus that is implemented inside of a program and then activated by the user, these are common forms of virus threats as they can be discreetly hidden and opened with other programs. The victims usually unaware that macro viruses can be attached from .exe files to even .doc format files.
A Trojan horse will attach itself to a file which can make it very hard to detect by antiviruses. Trojan horses can steal data information and take over the college computer security which can create future problems making sure the virus is gone and that no data has been leake
Viruses only serve one purpose, and that is to destroy and corrupt the victim’s system unit. Virus threats today aren’t as common as they used to be as threats today are usually aimed for money gaining purposes instead of damaging and corrupting computers.
Worm Viruses are very low risk and would do no damage at all to the college computer systems. However, the risk being low on a worm, the distribution side of the threat is extremely high as it spreads itself very fast. The only threat is that the worm will consume network bandwidth and space on the hard drives.
Effect on enterprises:
By
causing malicious damage to the computer system(s) or servers it could destroy
the files and databases making it difficult to recover for the users. This
could have a huge impact on bigger business organisations and can cause
thousands of pounds’ worth of damage or even millions as not only would this
cause hardware costs with external damage, but internally the damage could be
millions.
Malicious
damage can also occur from the inside of the computers, if the computer systems
were infected with a virus then a virus is set out to destroy the computer
system internally as much as possible corrupting files and making it unusable.
Trojan horses can sneak in undetected and are usually used to leak/steal data,
even if the college received the worm virus, it’s harmless but the distribution
speed makes the virus more of a threat as it can spread across the networks at
a fast rate taking up bandwidth and space on the hard drives/servers.
Malicious
damage that has been done could be anywhere from deleting a file to completely
corrupting the systems, it is best to make sure that you have taken all your
physical and software measures to ensure complete security and to bring the
chances of any malicious damage happening down in advance, the best preventions
methods to protect your systems from malicious damage are too;
·
Invest in the most up to date
surveillance and locks to stop any intruders from breaking into the classrooms.
·
Invest and update to the best
possible antivirus software’s to protect yourself internally from viruses and
other malicious programs.
Hardware Threats
There
can always be threats towards the general hardware of IT systems within an
organisation at any time, this could range from internal threats like hardware
failure or damage or errors during installations due to a faulty or damaged
internal component, and the same external threats listed in malicious damage
above like theft or sabotage by an employer/student of the college and in very
rare occasions a natural disaster like a fire or flood could strike at any time
causing damage towards the college systems hardware.
·
The best methods to protect
your hardware from failure and damage is to carry out regular maintenance
checks to make sure that the hardware is of working order and there are no
signs of bottlenecks.
·
By keeping on top of the
security standards and updating to more modern features as time goes on you’ll
be increasing your preventive chances from a thief or saboteur threats.
·
Natural disasters are hard to
predict and are a lot more threatening if one occurs, as if there was a fire
investing in sprinklers may be an option for putting out the fire and ensuring
the college safety. But that will still cause damage to hardware in the
process, the best method for protecting against natural disasters is often
backing up all the server’s data and keeping safe in a location with more
protection and prevention from threats.
Threats Related to E-Commerce
E-commerce
threats are external threats, the threats related to e-commerce can be anywhere
from Denial of Service attacks to complete browser hijacking and website
defacement, these threats affect the professionalism and business aspects towards
Stoneworth college. By putting in security features after testing for internal
threats you are preventing the threats from happening to keep customers
DOS/DDOS
– Denial of Service attacks is a networking threat. If the college website is
DDOS attacked and goes offline, then the visitors who may be wanting to apply
for a course won’t be able to access the college websites information and if
the DDOS attack goes on for a long time then eventually the customers will just
get frustrated and look elsewhere losing the college both customers and money.
Browser
Hijacking – Browser Hijacking is the intent to steal victim’s data by using
Trojan malware to take over browsing sessions. This is a high security risk as anybody
who was using the computer system that is infected is vulnerable to having
their data used/leaked which could be anything from log in details to social
networks and online banking details to even having your identity stolen. This
would play a huge problem for the college if the server networks were hijacked.
Website
defacement – Stoneworth college wants to look professional. If there are any
website defacement breaches due to students doing it for a laugh or a serious
mass hacking attack by a group of people (e.g. when anonymous managed to
website deface twitter not only making users unable to log on but also
displaying an inappropriate webpage that was unrelated to twitters main web
page) then the college will look unprofessional to viewers and won’t just lose
visitors but will once again be losing out on money potentially causing the
website to be closed down for maintenance.
·
By keeping antiviruses and
firewalls running always and regularly scanning for viruses you are
preventing yourself and the college networks from being infected by any
internal viruses, web defacement threats and browser hijacking.
Counterfeit Goods
Counterfeit
goods are another threat that isn’t only against the law but, if used can have
serious problems as the copy is not legit. If using counterfeit computer
systems, then they wouldn’t have any form of warranty if there were any
external problems. As well as running the risk of a faulty hardware components
as it would most likely be cheaply made if it’s counterfeit. As well as
counterfeit systems if you used counterfeit software programs or operating
systems then you’re running the risk of corruptions and work not saving
properly which could create more problems than it’s worth. If there was a
college inspection and the college was found out to be using counterfeit goods,
then the college would be fined and it would lead to other consequences.
·
To avoid coming across buying
counterfeit goods make sure that when you’re purchasing software or equipment
it’s of average price, if it sounds too good to be true then it probably is.
·
Make sure that there are
licenses supplied with every product you purchase and that it’s from a first
party website that is secure and safe.
Technical Failure
If
there are any technical problems causing failure or errors, then this can
create disasters for everyone using that technology in the college. E.g. if the
main server goes offline then every student across that network will be unable
to save any work, resulting in frustrated students/tutors and anyone using this
network. This can result in a loss of work from minutes and hours to days and
weeks until there is a solution or the problem has been fixed.
·
To avoid servers going offline
and saving problems the most recommended option would be for the college to
invest in a backup server, having simultaneous servers running together is
preventing any problems with students saving or losing work and keeping an
active connection.
·
By doing routine maintenance
checks on technical equipment you can monitor the condition of the equipment to
avoid technical failure events from occurring, and even preparing you for a
failure problem that can quickly be fixed.
Human Error
A
human error is one of the worst threats that a company can face, a human
mistake like putting in the wrong detail or adding changing a payment from
hundreds to thousands by the mistake of adding a digit can have a dramatic
consequence. This can also fall into the malicious damage category as only the
person behind the error knows if it was a genuine mistake or it was a planned
error for intentional damage towards a system.
