10 common Data security threat in your workplace.
Why data security?
Data or information are central part of our daily life. Companies and authorities need reliable data to be able to work with. The higher the quality of the data, the more noteworthy the potential for revelation. Therefore, if the data protection is missing, there is a high risk of system failure and catastrophe.
There are several potential harm with respect to data:
- Loss of availability
- Loss of confidentiality
- Loss of integrity
There are several situation in which our data can be in risk. Here we will talk about some of the common situation where our data can have a potential risk.
Fire can be caused by broken devices, storage of stock of waste paper, or broken or missing smoke detector. Fire can lead to loss of availability of the data. It can do immediate damage due to the fire. There can be a situation where storage devices of data such as hard drive or computer is yet not damaged due to fire, however in order to extinguish the fire, a firefighter can cause damage by firefighting the data with the water. Also there is a possibility that electrical devices are damaged due to presence of chloride gas.
Failure or disturbance of power supply can be caused by disturbance in power network, broken electronics or the catastrophe in the construction sites. The disturbance in power supply can lead to loss of availability of data, destruction of data due to voltage fluctuation.
Spy out of information When a hacker or a spy steals the data from the user, it losses information confidentiality. For example, bank account number of a user. This usually happens when the data is transmitted through unsecured channel, missing visual protection such as — passphrase, thin walls of firewall and Trojans sent by an email that spy out information from the computer.
Wiretapping is the monitoring of telephone and Internet-based conversations by a third party, often by covert means [Wikipedia]. Example of wiretapping is email that are usually sent without encryption. The data which are not encrypted are easily intercepted by the third party listener.
Wiretapping can lead to loss of data availability, integrity and confidentiality.
Wiretapping is mainly caused by transmission of data without encryption, unprotected password, easy password or following weak security protocol for the transmission of the data.
Theft, loss of device, storage device or documents leads to loss of data availability, integrity and confidentiality. This can happen if a user has no backup of their data. Therefore, the data is no longer available to the user. If user has not protected data with credentials, the integrity and the confidentiality of the data is lost.
Unauthorised access to IT system — this leads to loss of data availability, integrity and confidentiality. For example, breakdown of production of industry plant(Stuxnet), theft of personalised data
Coercion, blackmail, corruption — The person who has regular access to your IT system can steal your data. Consequently, the data can be used for blackmail, corruption. Also, someone with bad intention can pay the intruder to get the information from your IT system. This can lead to loss of data availability, confidentiality and integrity. Also, note that if you come across this situation, no IT based system can protect you from the catastrophe.
Malware — There are different types of malware that can lead to loss of data availability, confidentiality and integrity.
Virus — are the software developed to intrude computer. It can harm the files, modify them and delete them. The virus are distributed by replication of itself into other user-owned files.
Worm — they are similar to viruses, they can replicate itself, but they do not infect files. Worms are used to open communication interfaces to transfer file from the user computer.
Trojan Horse — these are the software which will promise you of some functionality. For example, official-looking email with an attachment. The attachment contains malicious code that is executed as soon as the victim clicks on the attachment. This software comes in disguise to give malicious users remote access over the infected computers.
Denial of Service (DoS) — it is a type of attack on a service that stops the normal functioning of the website. For example, breakdown of the web pages for political reasons. This type of attack is usually performed by the large distributed networks of computer. It is also sometimes used to cover attacks and fool security systems.
Social Engineering — This type of attack is caused by playing the emotion of the victim by using curiosity, time pressure and emotional needs. For example, if you get a call by someone to be a from IT company asking for your password. Email pretending to be sent by a bank to access your bank account, or email from your relative pretending to be sick in a foreign country and asking for money. There are some even more severe setup where a person set up a long term relationship by phone, gaining trust and then attacking the victim by stealing their data for malicious purposes. This kind of attack leads to loss of confidentiality, integrity and availability.
Follow me in the next story. There we will learn about the classical cryptography methods to secure our data from the malicious user.
