This week we looked at information and system security and the importance of understanding the types of security incidents and the risks. Cyber data is highly valuable because it contains data that can be leveraged for financial gain. Whether it be hacking into financial systems or selling personal identification data to criminals, cyber data needs to be protected from malicious agents.
Safeguarding Data from Cyber Threats
Every organization has invested in security technology to safeguard their data and productivity systems from malicious agents that may want to compromise the data or system. For instance, a malicious agent can use the ping command to find the IPs of servers to scan for vulnerabilities. Once a vulnerability is identified, the agent can hack through the firewall and into the organizations data and systems.
Ping can also be used to hide virus or malicious data within the Echo data packet. The Echo packet is created when ping is executed and contains information for the destination to echo back to the "pinger". Hackers can load the echo packet with malicious data exposing the server to cyber attacks.
Firewall and Authentication technologies are recommended to address these types of vulnerabilities and are effective on many types of security attacks. There are other types of attacks that target system users to expose the protected information that cannot easily be mitigated through firewall and authentication tools. These user vulnerabilities are typically referred to as Human Factors and require a different strategy. To address human factors, organizations implement employee training to promote awareness and provide guidelines on how to respond to these types of security attacks. Addressing human factors in Phishing and Social Engineering have proven effective at curbing the number of incidents of successful data breaches.
Phishing
According to Desolda, et. al. (2022), “Phishing is the fraudulent attempt to obtain sensitive information by disguising oneself as a trustworthy entity in digital communication”. In a Phishing attack, the victim receives a message from someone posing as a credible identity and asks for information used to access exploitable data. These messages are typically sent through email, chat or text.
Social Engineering
Similar to Phishing, social engineering is defined by to Aldawood & Skinner (2019), as “a method that seeks to exploit a weakness in human nature and take advantage of the naivety of the average person”. This is typically done by using a false and cloned profiles on social media platforms to threaten, entice or manipulate a victim to provide gift cards, money transfers, account information or other financial information. Aldawood & Skinner (2019) go on to provide strategies to implement an effective training program addressing Social Engineering tactics.
Summary
Cyber security has become an area of focus in the technology industry because of the value of data contained within the systems and databases. Cyber technology needs to advance in lockstep with other technologies to keep data safe as hackers and malicious agents advance along with technology as well.
References
Vahid, F., & Lysecky, S. (2019). Computing technology for all. zyBooks.
Desolda, G., Ferro, L. S., Marrella, A., Catarci, T., & Costabile, M. F. (2022). Human Factors in Phishing Attacks: A Systematic Literature Review. ACM Computing Surveys, 54(8), 1–35. https://doi.org/10.1145/3469886
Aldawood, H., & Skinner, G. (2019). Reviewing Cyber Security Social Engineering Training and Awareness Programs—Pitfalls and Ongoing Issues. Future Internet, 11(3), 73. https://doi.org/10.3390/fi11030073
Comments
Post a Comment