Unit 7
(P1)
Potential threats
Malicious damage
To make the work easier for everyone Malicious Software in short
is referenced as Malware, which basically means that the data,
software, security, controls, computers can be over written,
stolen, can be bypassed or harmed. Peoples often confuse “Malware”
for being just one type of “Virus” but there are indeed several
type of malwares which some of the most common ones being:
· Bugs
· Bots
· Trojan Horses
· Spyware
· Adware
Ransomware
This type of malware can be very annoying as the computers users
are held hostage whilst demanding for a ransom. This simply denies
the user access to any sort of command and files by either
locking/freezing the screen or showing them the visuals that the
hackers intend to put so that they can force the users to pay them
to access their valuable information. It creates problems
internally and this can be the result of downloading any sort of
risky files or simply through the internet connection which is
vulnerable.
“In May 2017, the ‘WannaCry’ malware spread through computer
networks across the globe. Exploiting a vulnerability in
Microsoft Window’s operating system, it enabled hackers to encrypt
organisations’ files.Victims were then sent a note demanding $300
(£228) worth of Bitcoins in exchange for the decryption key.”
https://www.pensar.co.uk/blog/3-stories-about-ransomware-attacks-that-will-blow-your-mind
Counterfeit Goods:
Main goal for the counterfeit goods are to mirror the main
popular brand and change it up by a little bit so that the
customers do not see the difference initially and buy the product
thinking they bought something from a good brand. They also put the
prices low so that many peoples can afford it. And from a
customer’s perspective they will be thinking why not get an item
from a good brand and also in a cheap price. So it is kind of a
manipulation game from the counterfeit departments to the
customers. One of the most counterfeit products producers are China
as even stated by the reports after being researched says that 1
out of 5 products on E-commerce websites are counterfeit websites
like Alibaba.com, wish.com etc. A prime example might be if a
person types in Mike.com by mistake with the intention of typing
Nike.com the site will be directed to Mike.com where they will be
selling similar stuffs as Nike but obviously with a little
change.
“(CNN)A large shipment of popular retro Nike shoes turned out to
be counterfeits.
US Customs and Border Protection officers seized 14,806 pairs of
fake Nike shoes that, if genuine, would've been worth a total of
more than $2 million.”
https://edition.cnn.com/2019/10/09/us/counterfeit-nike-shoes-trnd/index.html
Technical Failures:
Any malfunctioning of hardware, software or computer system or
any other facilities that does not let the user to use the device
without error are known as technical failures.
Example of Technical Failures:
Human Errors:
This error simply occurs as if the humans lack knowledge of
anything technical related, misconception, inexperienced,
ignorance, forgetfulness. This will definitely lead to security
being weak (security breach) and chances of more system errors and
failures.
Some of the other errors might be caused due to:
· Not backing up the data
· Using personal drive, files or emails which may be carrying
the data
· Simple mistakes like losing the hard drive which may be
carrying important information
“When VeriSign Inc. revealed late last month that it had issued
two digital certificates to an individual fraudulently claiming to
be a Microsoft Corp. employee, the incident put users on notice
about their own preventive and reactive processes for handling
security lapses due to human error.”
https://www.computerworld.com/article/2591600/human-error-may-be-no--1---threat-to-online-security.html
Theft of Equipment:
When talking about technical failures it is not just software or
files that can be stolen but also the equipment or data which can
have a huge impact on the user or a given company. But theft can
happen in both sense which is either a physically or through cyber.
Stolen or misused data from the users are the result of cyber theft
(hacking). Stolen hard drive, CDs or any hardware is the result of
physical theft. Both have similar impact on the user but physical
theft can be noticed easily if taken care of the item. But cyber
theft is still hard to prevent and requires coding skills to just
be kind of safe but still risk on being theft.
“An IT engineer who sold his employer’s brand new NHS laptops on
E-bay has today been sentenced to 20 months at Mold Crown
Court.”
https://www.itv.com/news/wales/2019-07-24/nhs-employee-jailed-for-selling-stolen-work-laptops-worth-18-000-online/
Malicious Damage
Internal Damage:
The word “Internal” means inside which means that Internal
damage is the damage done inside of the computer, hardware,
software or any sort of data. This damages the inside of the system
and slowly takes the control over its data and privacy.
“According to data security company CODE42, 78% of security
professionals state that negligent and careless staff are the
biggest threat.”
https://www.itgovernance.co.uk/blog/accidental-or-malicious-insider-threat-staff-awareness-makes-the-difference
External Damage:
The word “External” means outside which means that External
damage is the damage done externally to the system with the main
goal being not to get caught and also damaging any sort of data,
that the hackers would try their best to hack and bypass the
systems security and infecting it using either a virus or
malware.
Access causing damage:
Viruses:
Virus known generally known to public as a dangerous thing
occurs in a system when hackers or some dangerous codes gain access
to a system. The virus might act immediately or might even hide
itself and act as normal.
Virus attacks in the system can override the data, can duplicate
itself without being known to the user and still staying hidden
inside the system for future easier access it has in it.
Virus attacks can also cause serious damage to the data inside
the system and cause problems such as data loss in the system had
drive.
“NHS Wales 'one step ahead' of cyber virus attack”
https://www.bbc.co.uk/news/av/uk-wales-39937712/nhs-wales-one-step-ahead-of-cyber-virus-attack
Access without any damage:
For a hacker, it is best for them if they are not detected by
the user or anything that stands in their way so that their job
will be easier for them. Skilled hackers can gain access to any
sort of system and leave no trace behind.
As mentioned above their goal might be to steal data in smaller
amount so that it goes unnoticed and they can keep on repeating it
until they are done with it.
“Worm steals 45,000 Facebook passwords, researchers say”
https://www.bbc.co.uk/news/technology-16426824
Phishing and Identity theft:
One of the most common form of hacking is phishing or ID theft,
this happens when a hacker gains access to a user and steals their
private information. After stealing the information from the user
they simply use the fake persona to spam emails and websites or
even use it for other various purposes.
One of the way the hackers might have success is via email as
saying it is from their work place, bank or lottery companies and
asking the user to give their personal information.
“Newcastle school targeted in fees phishing scam”
https://www.bbc.co.uk/news/uk-england-tyne-46920810
Piggybacking:
The main goal for a hacker in this case is to gain an
unauthorized access to a wired or wireless network. It is simply
used to gain a free access to the network and not for malicious
activity but if a network is vulnerable to piggybacking then the
chances are that the network itself is very easy to gain an access
to and can be easy for virus distribution or data theft.
“More than half of computer users steal Wi-Fi - but ONLY 11 have
been arrested”
https://www.dailymail.co.uk/sciencetech/article-494961/More-half-users-steal-Wi-Fi--ONLY-11-arrested.html
Hacking:
Hacking, generally known to public to stay away from is a way of
finding a weakness in network or system in order to exploit and
gain access over the data for illegal use. Hacking is known to be
illegal in almost every nations and is covered by the law of
“Computer Misuse Act”.
People’s who are into hacking are known as hackers which has
different types:
Ethical Hacker (White Hat): Not every hacker are bad ones as
this type of hacker gains authorized access to the system and
software and helps the user or company find its weaknesses so that
it could prevent from other hackers to gain access into it. Some
tests such as for penetration or vulnerability can be taken for
system security.
Cracker (Black Hat): Hackers which gains unauthorized access to
the system or software with their main goal of stealing data or
personal information and thus transfer money or funds from their
personal bank accounts etc.
Grey Hat: Hackers with the intention to do good thing(White Hat)
but by using a bad approach(Black Hat) are known as Grey hat
hackers. The person gains access to the system without being
authorized, finds weaknesses and then reports it to the company or
user so that they can fix it.
“Teen hacked Apple hoping the company would offer him a job”
https://www.engadget.com/2019/05/27/australian-teen-hacked-apple-for-job-offer/?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvLnVrLw&guce_referrer_sig=AQAAAAEb6pxRsV020ufSPVG3GouTOZrcwGEzreAuTAcgYuCZliIjNxNk_dgI9xGCeG_I_pGiULvpr4x_Gz7YJ_7cfTFist5N59Y2BXoJzTIAqQeoJmFRQkukTKsoRuH3izCFknKkVNTpcpbkCY6c4Q2owM6SEnggfGYPgscxR72TshXk
Threats related to e-commerce:
Website Defacement: This sort of hackers can be very annoying to
face as the hackers gain access to the users website to send a
message or change the appearance of the website. They are usually
system crackers as they break into a web server and mess with the
host website by replacing it with their own.
Peoples working with e-commerce system might face this issue
often and apart from that it will cost them their time and money
whilst it is being recovered and along with it a large amount of
loss of customers.
Control of access to data via third party suppliers:
As the topic states, it is simply a person or hacker providing
the personal information of the user to the third parties such as
companies or organizations so that they can advertise accordingly
to the given user. This process is done without the knowledge of
the user and also done in a wrong way.
In can be one of the biggest threats to businesses as their
personal information, customer and company data; everything can be
stolen from them and be provided to other companies which are in
competition.
“Huawei to come under increased scrutiny from GCHQ”
https://www.bbc.co.uk/news/technology-25417332
Denial of service attacks:
This type of attack can lead to networks or systems shutdowns
which will not allow any user to gain access to it. By flooding the
network or system with loads of traffic or sending information,
this can be achieved.
It is usually targeted towards big companies and organizations
such as banks, government sites or social media companies.
It can bring a huge threat to e-commerce systems as the
restriction of access to their companies websites can result in
huge amount of loss of information leaks, data stolen and huge loss
of money as there will be no one accessing it.
“Three network down – Thousands of 3 mobile users vent fury
after being unable to make calls or go online for hours”
https://www.thesun.co.uk/news/uknews/10153532/three-down-thousands-of-3-mobile-network/
Counterfeit Goods:
Products at risk, Distribution Mechanisms:
With this advanced technology many peoples find it easy to view
movies, series, videos and also listening to songs online. That
alone has resulted in fewer DVDs being sold but however companies
still seem to make that money online via their software as to pay
monthly and gain access to various movies,series etc. Or listen to
songs when released. And the key word from this is pay.
This is how it effects the E-commerce companies, now people’s
mind obviously work in the same way, which is if the product is
free itself and can be accessed for free then why pay tons of money
for the same exact thing? So obviously they will find many software
online which is distributing the same movies, song contents for
free without them knowing that it is illegal. These types of things
can be achieved via torrents,pirating etc. It is illegal as it does
not have the copyright license from the industry and is
distributing for free.
PirateBay Proxy List 2019 - Download Torrents via ...
https://piratebay.ink
This will result in fewer people’s actually paying for the
correct and licensed movies and songs etc. And more people’s going
for free content.
Organizational Impacts:
Loss of Service
Losing a service can be really frustrating and difficult in
general. Now we can see how it will have a huge impact on the
company; even if it is for a smaller time. People’s will have no
sort of communication at all as there is no service and with that
the customers cannot call or read for inquiries, not know about
products,cannot return and exchange, etc.which will lead to huge
amount of money being lost.
Loss of customer records (Impacts)
One of the main things a company values is its customer records.
With it a company can resell, re-advertise and know about the
customer. So without no customer records, the business will be
completely down, there will definitely be a huge loss of money and
income as they even loose their loyal customers. This is also where
customers also might change companies or business for their safety
or by getting annoyed of that business, so it is very important for
a company or business to keep its customer records.
“Apple expects to lose $9 billion in Q1 revenue over slowing
iPhone sales”
https://thenextweb.com/apple/2019/01/03/apple-expects-to-lose-9-billion-in-q1-revenue-over-slowing-iphone-sales/
Increased Cost
As I talked about how human mind works, obviously they cannot
buy free clothes so they go for items which are cheaper.Not only
that but many people’s who shop online are middle to lower classed.
So if the cost of the items are expensive then One: a customer
cannot afford it. Two: they will find something similar for a
cheaper price from a different site or company which will lead to
loss of customers too.
“Apple's price hikes have gone way too far”
https://www.businessinsider.com/apple-price-hikes-2018-2018-12?r=US&IR=T
Poor Image:
No one will trust a company or an organization with a poor image
as poor image is formed by the lack of company maintainance, bad
customer service, slow system, bad quality etc. So with a poor
image, a company will not have a good reputation and will not have
anyone’s interest leading to loss of income and marketing.
This is from my personal experience as I have seen no one got to
one shop near me because the quality of the haircut was very bad,
the customer service was very poor and they were very ignorant so
no one liked the place and the business went down after a year.
M1
(Discuss Information Security)
Confidentiality
Every company has got its own confidentiality which states that
there certain information that can be discussed openly and certain
information that is to be no spoken about. This helps with the
company’s privacy as the information is kept hidden that might cost
them a lot. Information such as customer records, sales,strategies
etc. Every company needs to apply confidentiality as it may put
their company at risk of information distribution to various
competitors or different parties.
Data Integrity
Every data stored in the company’s system needs to be accurate,
not only helps them with good service but also for future
advertisements to different users. It is also maintaining where the
data is being stored and at the same time making sure that those
data stay accurate till he date. It plays an important role for
designing, implementing and usage of any sort of system which
stores receives or processes data.
Data Completeness
As long as the data meets its requirements it is considered as a
complete data. Now lets say the data had to consist of Employee
Name and Employee ID but the data provided to the system is only
Employee Name, in this case the data provided is not complete hence
the person cannot access to the company furthermore helping the
company keep its information and data safe, specially for those who
are trying to steal something.
Access to Data:
Data should not be accessed by everyone, specially those who are
not working for the company or the organization. Because as
mentioned above,it can easily be distributed to other parties or
competitors. Access to Data should only be given to those who the
company or the organization trusts.Such data can be the downfall of
the company if it is distributed along with all the customers or
users who has trusted the brand.
Conclusion:
So coming to conclusion, there are various things we discussed
above as up to how the company should be working for data
protection and information security because it can be the start and
the end of a company. Customer information is very crucial to
companies making hackers more interested to it. So it is very
important to know on what sites and companies you can trust and
doing their background research before giving the personal details.
Companies should also be very active in maintaining the security of
the site and company as it is their job to handle the information
with care after the user or person has trusted them enough to give
their valuable information. Hacking is illegal and if anyone is
trying to do it; an action should be taken care of immediately. If
the network or system is hacked then a large amount of information
can be leaked. Those information may either be the
company’s,organization’s or the customer’s or user’s information,
so nothing should be taken lightly. All the personal and company’s
important information should be kept private for security purposes
and the only one’s allowed should be the trusted ones.
-Siddhant Shrestha
Bibliography:
https://www.pensar.co.uk/blog/3-stories-about-ransomware-attacks-that-will-blow-your-mind
https://edition.cnn.com/2019/10/09/us/counterfeit-nike-shoes-trnd/index.html
https://www.computerworld.com/article/2591600/human-error-may-be-no--1---threat-to-online-security.html
https://www.itv.com/news/wales/2019-07-24/nhs-employee-jailed-for-selling-stolen-work-laptops-worth-18-000-online/
https://www.itgovernance.co.uk/blog/accidental-or-malicious-insider-threat-staff-awareness-makes-the-difference
https://www.bbc.co.uk/news/av/uk-wales-39937712/nhs-wales-one-step-ahead-of-cyber-virus-attack
https://www.bbc.co.uk/news/technology-16426824
https://www.bbc.co.uk/news/uk-england-tyne-46920810
https://www.dailymail.co.uk/sciencetech/article-494961/More-half-users-steal-Wi-Fi--ONLY-11-arrested.html
https://www.engadget.com/2019/05/27/australian-teen-hacked-apple-for-job-offer/?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvLnVrLw&guce_referrer_sig=AQAAAAEb6pxRsV020ufSPVG3GouTOZrcwGEzreAuTAcgYuCZliIjNxNk_dgI9xGCeG_I_pGiULvpr4x_Gz7YJ_7cfTFist5N59Y2BXoJzTIAqQeoJmFRQkukTKsoRuH3izCFknKkVNTpcpbkCY6c4Q2owM6SEnggfGYPgscxR72TshXk
https://www.bbc.co.uk/news/technology-25417332
https://www.thesun.co.uk/news/uknews/10153532/three-down-thousands-of-3-mobile-network/
https://piratebay.ink
https://thenextweb.com/apple/2019/01/03/apple-expects-to-lose-9-billion-in-q1-revenue-over-slowing-iphone-sales/
https://www.businessinsider.com/apple-price-hikes-2018-2018-12?r=US&IR=T