Types of information leakage threats

 
Apply for SearchInform DLP TRY NOW

In an information security thunderstorm, these are processes that are theoretically capable of harming a company or production, as well as declassifying confidential data. In the event of a threat to information security, material damage is caused to the company. The threats themselves can be direct or indirect, and the list of potential threats consists of hundreds of items. To choose a data protection strategy and draw up a list of requirements for a protection system, it is enough to familiarize yourself with the most common types of information threats.

How are information security threats classified?

Information security specialists classify threats according to two groups of parameters: possible threats to information and risks of the likelihood of threat implementation.

Based on these factors, a risk assessment methodology is developed and the most effective and high-quality data protection system is built. After possible threats have been identified, it is recommended not only to assess the degree of possible damage, but also to classify threats according to a number of parameters for further fight and elimination. All parameters are further taken into account and allow you to detail the requirements for information security systems. The main parameters of the classification of types of information security threats:

FORETHOUGHT

  • threats of information leakage that arise spontaneously due to the negligence of employees, for example, accidental disclosure of data, incorrect entry of information, incorrect use of protection methods;
  • information leakage threats deliberately designed or implemented by attackers.

CHARACTER OF MANIFESTATION

  • artificially created security threats;
  • natural security threats that arise from natural factors.

CAUSE

  • deletion of data, failures in the correct functioning of the OS, authorized hardware funds;
  • the action of natural elements;
  • human activity: a fraudster or insider in the company, employee actions, disclosure of information;
  • the action of viruses and other unauthorized programs on PCs or servers with information.

ACTIVITY
AND DEPENDENCE ON THE AC

  • information leakage threats appear only at the time of data transmission or processing, for example, distribution of virus software;
  • threats are implemented regardless of the activity of the AU, for example, ciphers and other types of protection are opened.

Sources of threats to information systems

Sources of data leakage threats are also classified according to several parameters, which makes it easy to design a protection system.

STATE OF SOURCE

  • the source is located directly in the information system itself;
  • the source is located within the influence of the information system;
  • the source is located outside the perimeter of the information system, in which case the data is intercepted by reading radiation.

DEGREE OF IMPACT
FOR INFORMATION

  • active threats that not only affect the system, but also change a number of its information, such properties are possessed, for example, by virus and malware;
  • passive threats that do not affect the information systems themselves, but quietly read information. These types of threats affect the system for a longer time, until the company's information security specialists detect data leaks.

METHOD OF ACCESS

  • the access channel is unauthorized, disguised with the use of hidden paths to the software and work with the OS for the purpose of fraudsters;
  • the access channel is licensed and authorized. In this case, incorrect data is entered into the system and then the activity is disguised as the activity of an ordinary employee of the company, for example, fraudsters find passwords for accounts and use standard channels to obtain data.

DATA STORAGE LOCATION
AS AND METHOD OF PASSING THREATS

  • passage of threats from application programs, as well as access to the system part of information storage sites;
  • access to special external storage media, most often means copying data from a hard external drive;
  • receiving information from terminals while recording on video cameras;
  • obtaining information and implementing threats through communication channels, for example, connecting to communication channels, introducing false data, modifying and transmitting data.

Threats to influence information and read data are implemented through intentional and unintentional mechanisms. At each stage of information transfer, data can be affected by different factors, sometimes several types of threats simultaneously. Therefore, the degree of protection should be multitasking. Accidental threats of reading information can be realized under different circumstances:

  • disconnection of electrical power in the company due to natural disasters or power failures;
  • inaccuracies and irregularities in the work of employees with information storage systems;
  • malfunctions of equipment with information at the enterprise;
  • inaccuracies in software or use of old software;
  • background and noise interference in communication channels due to the influence of external and internal factors such as channel capacity;
  • the specifics of the Internet cables.

The main thing is to avoid problems in protecting information on the network. Every company must deal with data protection. Also, software errors are a common cause of security threats. It is software that can become obsolete over time. All software with information needs to be updated regularly.

Implementation of threats

Most of the programs are developed by people and initially contain a large number of inaccuracies. The higher the complexity of the program, the greater the likelihood of errors in it and the easier it is to crack to obtain unauthorized data. Some programs cannot harm information storage systems, and some types of threats can cause the server to become inoperable, use a personal computer as a source for further attacks on the system.

Intentional threats can only be implemented with the assistance of a fraudster or a group of criminals. Such threats are implemented purposefully, and both an ordinary visitor to the company and an ordinary employee who works for competitors can act as a criminal. People are then called insiders, and they pose a constant latent threat to data security. Material values, competition between companies and career growth can serve as motives for action. The conditional model of the attacker's persona has a number of features:

  • a person has access to certain data and information, knows how the information protection system works;
  • the actions of a fraudster can be performed at the developer's level, or his knowledge is sufficient to hack or penetrate the information security system;
  • a fraudster can independently choose the weakest point of information protection;
  • any person who understands data protection systems can be the attacker.
EG
Information banking systems can carry a number of the following threats:
  • the opening of the UAN of persons who are not among the ordinary workers;
  • detection of program bookmarks with recorded information;
  • unauthorized copying of data;
  • theft of protected bank files;
  • obtaining information by employees who do not have access to data;
  • theft of digital media that contain important information;
  • deliberate modification and erasure of information;
  • local attacks on servers;
  • substitution of the content of messages that come to the mail;
  • illegal changes in the reporting of banks by employees;
  • destruction of information that has been moved to the archive or stored on media;
  • destruction of information that appeared after the activity of viruses;
  • refusals to receive data, as well as refusals to control remote access.

This is not the entire list of threats that banking systems and a number of large enterprises deal with on a daily basis. Some of them cannot be stopped at an early stage, so they turn into full-fledged unauthorized access to data. It is he who is considered the most versatile type of crime at the computer level.

Unauthorized access is possible only after hacking of the security system or failure in it. It can be done using special hardware or software. It is also possible by improper installation or configuration of the protection system, or the use of additional hardware settings. Ways and ways of possible access to unauthorized items of information:

  • methods for displaying and recording data, methods for detecting errors;
  • using a firewall;
  • use of technological control panels;
  • the use of local data access lines;
  • interception of indirect radiation from communication channels, equipment, grounding and power supply networks;
  • use of technological control panels;
  • access to communication channels between the hardware components of the speaker.

Types of information leakage threats most often end with the implementation of one of several schemes: "Masquerade"; illegal acquisition of privileges or passwords.

Retrieving passwords - unauthorized access to information at the minimum level using interceptor programs. To get rid of such a threat, it is enough to regularly change passwords and use programs to protect them. The Masquerade system is based on the previous method and makes it possible to perform actions with classified information on behalf of another employee.

Threats of information theft can translate into illegal use of privileges to manipulate information. For example, certain employees have a number of privileges that are implemented in the company by different technological methods to quickly achieve the set goals. Most often, administrators have the maximum number of privileges, while ordinary system users have a minimum list of options. Through the implementation of various threats and unauthorized access, attackers have the opportunity to use privileges, make changes both in the information storage system and in the protection system. If the information security system has already had a number of errors, then unauthorized access will be carried out faster, this will require a minimum number of threats.

There are also a number of threats that directly affect the integrity of information. They not only read it, but also modify it, as a result of which the data is distorted. More often, such threats are realized by affecting communication lines or during data transportation at different stages. Influences can not only violate the integrity, but also delete information completely, modify it beyond recognition. Only a number of authorized persons can carry out authorized modification of data during their transmission over communication channels.

There are also threats that are aimed at disclosing confidential information. For example, the result of such threats is the receipt of information by persons who previously did not have access to it. In any case, the realization of the threat of violation of confidentiality is constantly accompanied by unauthorized access.

Some of the threats are aimed at reducing the efficiency of employees, as well as disrupting the functioning of the PC with information. All threats and their products of activity are aimed at reducing the performance of the AU, they suspend access to servers and other data storage resources. Blocking can be permanent or temporary, most often there is a failure of circuit switching and data transmission packets.

All of the above threats belong to a number of primary ones. Their implementation leads directly to access to classified information and other methods of influencing it.

Secondary threats to information security

Each information system must have an appropriate degree of protection. This is due to the constant flow of threats to servers or other sources of company information. Attackers will initially have to overcome the security system in order to further implement their threat and steal information. Only after bypassing or breaking the protection system begins the violation of the integrity of the AU. The more complex the protection system, the longer it will take for an attacker to get to the classified data.

But it is worth remembering that the protection system itself can pose a threat to the activities of information systems. Even for systems that are already protected, there is a variant of the threat, which is called the threat of scanning the parameters of the subprotection system. Even network adapters can act as a threat source. There are several algorithms for organizing protection that can be launched against the information storage and processing system itself. The threat from the defense system is realized only through scouts. This type of interference is considered indirect; it will not itself affect the system, but it will be able to open access routes for the implementation of primary threats and reading classified information.

16.12.2020