Information security threats
And nformatsionnaya security in the broadest sense - is a set of information security solutions from accidental or intentional exposure. Regardless of what is the basis of the impact: natural factors or artificial reasons - the owner of the information incurs losses.
Information security principles
- The integrity of information data means the ability of information to maintain its original appearance and structure, both during storage and after repeated transmission. Only the owner or user with legal access to the data has the right to make changes, delete or supplement information.
- Confidentiality is a characteristic that indicates the need to restrict access to information resources for a certain circle of people. In the course of actions and operations, information becomes available only to users who are included in information systems and have successfully passed identification.
- The availability of information resources means that information that is freely available must be provided to full users of the resources in a timely and unimpeded manner.
- Reliability indicates that the information belongs to a trusted person or owner, who simultaneously acts as a source of information.
Provision and support of information security include a complex of multifaceted measures that prevent, monitor and eliminate unauthorized access by third parties. Information security measures are also aimed at protecting against damage, distortion, blocking or copying of information. It is essential that all tasks be solved simultaneously, only then full-fledged, reliable protection is provided.
A comprehensive solution to information security problems is provided by a DLP system. SearchInform DLP controls the maximum number of data transmission channels and provides the company's information security service with a wide range of tools for internal investigations .
The main questions about the information method of protection are especially acute, when hacking or theft with distortion of information will lead to a number of serious consequences and financial losses.
The logical chain of information transformation created using modeling looks as follows:
Types of information security threats
Information threat refers to the potential impact or impact on an automated system with the subsequent infliction of damage on someone's needs.
Today there are more than 100 positions and varieties of threats to the information system. It is important to analyze all risks using different diagnostic techniques. Based on the analyzed indicators with their details, you can competently build a system of protection against threats in the information space.
Classification of security vulnerabilities
Information security threats do not manifest themselves independently, but through possible interaction with the weakest links of the protection system, that is, through vulnerability factors. The threat leads to the disruption of the systems on a specific carrier object.
The main vulnerabilities arise due to the following factors:
- imperfection of software, hardware platform;
- different characteristics of the structure of automated systems in the information flow;
- some of the systems functioning processes are defective;
- inaccuracy of information exchange protocols and interface;
- difficult operating conditions and location of information.
More often than not, threat sources are launched with the aim of obtaining illegal benefits due to damage to information. But the accidental action of threats is also possible due to the insufficient degree of protection and the massive action of the threatening factor.
There is a division of vulnerabilities by classes, they can be:
If you eliminate or at least mitigate the impact of vulnerabilities, you can avoid a full-fledged threat aimed at the information storage system.
This type directly depends on the technical design of the equipment at the facility requiring protection and its characteristics. Complete disposal of these factors is impossible, but their partial elimination is achieved with the help of engineering and technical methods, in the following ways:
1. Related to technical means of radiation:
- electromagnetic techniques (side variants of radiation and signals from cable lines, elements of technical equipment);
- sound options (acoustic or with the addition of vibration signals);
- electrical (slippage of signals in the circuits of the electrical network, on pickups on lines and conductors, on uneven current distribution).
- malware, illegal programs, technological exits from programs, which are collectively referred to as "software bookmarks";
- equipment bookmarks are factors that are introduced directly into telephone lines, into electrical networks, or simply into premises.
3. Those that are created by the characteristics of the object under protection:
- location of the object (visibility and absence of a controlled area around the information object, the presence of vibration or sound-reflecting elements around the object, the presence of remote elements of the object);
- organization of information exchange channels (use of radio channels, lease of frequencies or use of general networks).
4. Those that depend on the characteristics of the carrier elements:
- parts with electro-acoustic modifications (transformers, telephone devices, microphones and loudspeakers, inductors);
- things that are influenced by the electromagnetic field (media, microcircuits and other elements).
These factors depend on the contingencies and characteristics of the environment of the information environment. It is almost impossible to predict them in the information space, but it is important to be prepared for their quick elimination. Such problems can be eliminated by conducting an engineering investigation and a retaliatory strike inflicted on an information security threat:
1. Crashes and failures of systems:
- due to a malfunction of technical means at different levels of information processing and storage (including those responsible for the system's performance and for controlling access to it);
- malfunctions and obsolescence of individual elements (demagnetization of data carriers such as floppy disks, cables, connecting lines and microcircuits);
- failures of various software that supports all links in the chain of information storage and processing (antiviruses, applications and service programs);
- interruptions in the operation of auxiliary equipment of information systems (problems at the power transmission level).
2. Factors weakening information security:
- damage to communications such as water supply or electricity, as well as ventilation, sewerage;
- malfunctions in the operation of enclosing devices (fences, floors in a building, equipment cases where information is stored).
In most cases, this subspecies is the result of incorrect actions of employees at the level of development of information storage and protection systems. Therefore, the elimination of such factors is possible using techniques using hardware and software:
1. Inaccuracies and gross errors that violate information security:
- at the stage of loading ready-made software or preliminary development of algorithms, as well as at the time of its use (possibly during daily operation, during data entry);
- at the stage of managing programs and information systems (difficulties in the process of learning how to work with the system, setting up services on an individual basis, while manipulating information flows);
- while using technical equipment (at the stage of switching on or off, operating devices for transmitting or receiving information).
2. Disruption of systems in the information space:
- personal data protection regime (the problem is created by dismissed employees or existing employees outside of working hours, they get unauthorized access to the system);
- safety and security mode (while gaining access to the facility or to technical devices);
- while working with technical devices (there may be violations in energy conservation or equipment provision);
- while working with data (transformation of information, its preservation, search and destruction of data, elimination of defects and inaccuracies).
Each vulnerability must be considered and evaluated by specialists. Therefore, it is important to determine the criteria for assessing the risk of a threat and the likelihood of damage or bypassing information protection. Metrics are calculated using a ranking application. Among all the criteria, there are three main ones:
- Availability is a criterion that takes into account how convenient it is for a threat source to exploit a certain type of vulnerability in order to breach information security. The indicator includes the technical data of the information carrier (such as the size of the equipment, its complexity and cost, as well as the possibility of using non-specialized systems and devices for hacking information systems).
- Fatality is a characteristic that assesses the depth of the impact of vulnerability on the ability of programmers to cope with the consequences of the created threat for information systems. If we evaluate only objective vulnerabilities, then their information content is determined - the ability to transmit a useful signal with confidential data to another place without deforming it.
- Quantity - a characteristic of counting the details of the storage system and the implementation of information, which are inherent in any kind of vulnerability in the system.
Each indicator can be calculated as the arithmetic mean of the coefficients of individual vulnerabilities. A formula is used to assess the degree of danger. The maximum estimate of the set of vulnerabilities is 125, this number is in the denominator. And in the numerator appears the product from KD, KF and KK.
To find out information about the degree of protection of the system accurately, you need to involve the analytical department with experts. They will assess all vulnerabilities and draw up an information map on a five-point scale. One corresponds to the minimum possibility of influencing information protection and bypassing it, and five corresponds to the maximum level of influence and, accordingly, danger. The results of all analyzes are summarized in one table, the degree of influence is divided into classes for the convenience of calculating the system vulnerability coefficient.
What sources threaten information security?
If we describe the classification of threats that bypass information security protection, then we can distinguish several classes. The concept of classes is necessary, because it simplifies and systematizes all factors without exception. The basis includes such parameters as:
1. The rank of intentional intervention in the information security system:
- the threat posed by personnel negligence in the information dimension;
- a threat, initiated by fraudsters, and they do it for personal gain.
2. Appearance characteristics:
- the threat to information security, which is provoked by human hands and is artificial;
- natural threats that are beyond the control of information protection systems and are caused by natural disasters.
3. Classification of the immediate cause of the threat. The culprit could be:
- a person who divulges confidential information by bribing company employees;
- a natural factor that comes in the form of a catastrophe or local disaster;
- software with the use of specialized devices or the introduction of malicious code into technical equipment, which disrupts the functioning of the system;
- accidental deletion of data, authorized hardware and software funds, failure of the operating system.
4. Degree of activity of threats on information resources:
- at the time of data processing in the information space (the action of mailings from virus utilities);
- at the moment of receiving new information;
- regardless of the activity of the information storage system (in the case of opening ciphers or crypto protection of information data).
There is another classification of sources of information security threats. It is based on other parameters and is also taken into account when analyzing a system malfunction or hacking. Several indicators are taken into account.
Classification of threats
|Threat source status||
|The degree of influence||
|The ability of employees to access the system of programs or resources||
|Method of access to basic system resources||
|Placing information in the system||
However, one should not forget about such threats as accidental and deliberate. Studies have shown that data in systems regularly undergo different reactions at all stages of the information processing and storage cycle, as well as during the operation of the system.
The sources of random reactions are factors such as:
- equipment malfunctions;
- periodic noises and backgrounds in communication channels due to the influence of external factors (the channel bandwidth, bandwidth are taken into account);
- inaccuracies in software;
- errors in the work of employees or other employees in the system;
- specifics of the Ethernet environment;
- force majeure during natural disasters or frequent power outages.
It is convenient to use a SIEM system to control events in software and hardware sources. SearchInform SIEM processes the flow of events, identifies threats and collects the results in a single interface, which speeds up internal investigations.
Errors in the functioning of software are most common, and the result is a threat. All programs are developed by people, so the human factor and errors cannot be eliminated. Workstations, routers, servers are built on the work of people. The higher the complexity of the program, the greater the possibility of disclosing errors in it and detecting vulnerabilities that lead to information security threats.
Some of these errors do not lead to undesirable results, for example, to shutdown of the server, unauthorized use of resources, system inoperability. Such platforms, on which information was stolen, can become a platform for further attacks and pose a threat to information security.
To ensure the security of information in this case, you need to take advantage of updates. You can install them using packs released by developers. Placing unauthorized or unlicensed software can only make matters worse. Also, problems are likely not only at the software level, but also generally related to the protection of information security in the network.
An intentional threat to information security is associated with criminal misconduct. An employee of a company, a visitor to an information resource, competitors or hired persons can act as an information criminals. There can be several reasons for committing a crime: monetary motives, dissatisfaction with the work of the system and its safety, a desire to assert itself.
It is possible to simulate the actions of an attacker in advance, especially if you know his purpose and motives of actions:
- A person has information about the functioning of the system, its data and parameters.
- The skill and knowledge of the fraudster allows him to act at the developer level.
- The criminal is able to choose the most vulnerable spot in the system and freely penetrate the information, become a threat to it.
- An interested person can be any person, both an employee and an outside intruder.
For example, for bank employees, such intentional threats can be identified that can be implemented during activity in the institution:
- Familiarization of employees of the enterprise with information inaccessible to them.
- Personal data of people who do not work in this bank.
- Software bookmarks with threats to the information system.
- Copying software and data without prior permission for personal use.
- Stealing printed information.
- Theft of electronic media.
- Deliberate removal of information in order to hide facts.
- Making a local attack on an information system.
- Refusal of possible control of remote access or denial of the fact of receiving data.
- Removing bank data from the archive without permission.
- Unauthorized correction of bank statements by a non-reporting person.
- Modification of messages that pass along the paths of links.
- Unauthorized destruction of data damaged by a virus attack.
Specific examples of information security and data access violations
Unauthorized access is one of the most "popular" methods of computer offenses. That is, a person who makes unauthorized access to a person's information violates the rules that are fixed by the security policy. With such access, they openly exploit errors in the security system and penetrate the core of information. Incorrect settings and settings of protection methods also increase the possibility of unauthorized access. Access and threats to information security are made both by local methods and by special hardware installations.
With the help of access, a fraudster can not only gain access to information and copy it, but also make changes, delete data. This is done using:
- interception of indirect electromagnetic cures from equipment or its elements, from communication channels, power supply or grounding grids;
- technological control panels;
- local data access lines (terminals of system administrators or employees);
- error detection methods.
Of the whole variety of methods of access and threats to information, one can conditionally single out the main crimes:
- Interception of passwords;
- Illegal use of privileges.
Interception of passwords Is a common access technique encountered by most employees and those involved in information security. This fraud is possible with the participation of special programs that simulate a window for entering a name and password on the monitor screen. The entered data falls into the hands of an intruder, and then a message appears on the display about the incorrect operation of the system. Then the authorization window may pop up again, after which the data again fall into the hands of the information interceptor, and this provides full access to the system, it is possible to make your own changes. There are other methods of intercepting a password, so it is worth using encryption of passwords during transmission, and this can be done using special programs or RSA.
Information threat method "Masquerade" is in many ways a continuation of the previous method. The essence lies in the actions in the information system on behalf of another person in the company's network. There are such possibilities for implementing the plans of attackers in the system:
- Transfer of false data in the system on behalf of another person.
- Getting into the information system under the data of another employee and further actions (with preliminary interception of the password).
The "Masquerade" is especially dangerous in banking systems, where manipulations with payments lead the company to a loss, and the guilt and responsibility are imposed on another person. In addition, the bank's clients suffer.
Illegal use of privileges - the name of the type of information theft and undermining the security of the information system speaks for itself. It is the administrators who are endowed with the maximum list of actions; these people become victims of intruders. When using this tactic, the "masquerade" continues, when an employee or a third party gains access to the system on behalf of an administrator and performs illegal manipulations bypassing the information security system.
But there is a nuance: in this type of crime, you need to intercept the list of privileges from the system in advance. This can happen through the fault of the administrator himself. To do this, you need to find an error in the protection system and enter it unauthorized.
Information security threat can be carried out at a deliberate level during data transport. This is relevant for telecommunication systems and information grids. Intentional violation should not be confused with authorized modification of information. The latter option is carried out by persons who have the authority and justified tasks requiring changes. Violations lead to system breakdown or complete deletion of data.
There is also an information security threat that violates data confidentiality and privacy. All information is received by a third party, that is, an outsider without access rights. Information confidentiality is always violated when unauthorized access to the system is obtained.
A threat to the protection of information security can disrupt the performance of a company or an individual employee. These are situations in which access to information or resources for obtaining it is blocked. One employee creates a blocking situation, either intentionally or accidentally, while the second stumbles upon a blockage and receives a denial of service. For example, a failure is possible during circuit or packet switching, and a threat arises when information is transmitted over satellite systems. They are classified as primary or immediate options, since creation leads to a direct impact on the protected data.
There are the following types of main threats to information security in local sizes:
- Computer viruses that violate information security. They have an impact on the information system of one computer or PC network after entering the program and independent reproduction. Viruses are capable of stopping the system from functioning, but mostly they act locally;
- "Worms" are a modification of virus programs that causes the information system to become blocked and overloaded. The software is activated and replicated independently, during each computer boot. Memory and communication channels are overloaded;
- Trojan horses are programs that are embedded on a computer under the guise of useful software. But in reality, they copy personal files, transfer them to the attacker, and destroy useful information.
Even your computer's security system poses a number of security threats. Therefore, programmers need to take into account the threat of scanning the protection system parameters. Sometimes harmless network adapters can also become a threat. It is important to pre-set the parameters of the protection system, its characteristics and provide for possible bypass paths. After a thorough analysis, you can understand which systems require the greatest degree of security (focus on vulnerabilities).
Disclosure of protection system parameters are classified as indirect security threats. The fact is that the disclosure of parameters will not allow the fraudster to implement his plan and copy the information, make changes to it. An attacker will only understand on what principle to act and how to implement a direct threat to the protection of information security.
In large enterprises, methods that protect information security should be managed by a special security service of the company. Its employees must look for ways to influence information and eliminate all kinds of breakthroughs by intruders. According to local acts, a security policy is being developed, which is important to strictly observe. It is worth paying attention to the exclusion of the human factor, as well as to maintain in good working order all technical means related to the security of information.
The degree and manifestation of damage can be different:
- Moral and material damage caused to individuals whose information was stolen.
- Financial damage caused by a fraudster in connection with the cost of restoring information systems.
- Material costs associated with the inability to perform work due to changes in the information security system.
- Moral damage related to the business reputation of the company or resulting in a breach of relationships at the global level.
A person who has committed an offense (gained unauthorized access to information or hacked security systems) has the possibility of causing damage. Also, damage can be caused regardless of the subject with information, but due to external factors and influences (man-made disasters, natural disasters). In the first case, the blame falls on the subject, and the corpus delicti is determined and punishment is imposed through judicial proceedings.
It is possible to commit an act:
- with criminal intent (direct or indirect);
- through negligence (without intentional harm).
Responsibility for an offense in relation to information systems is selected in accordance with the current legislation of the country, in particular, according to the criminal code in the first case. If the crime was committed by negligence, and the damage was inflicted on a small scale, then the situation is considered by civil, administrative or arbitration law.
Damage to the information space is considered to be unfavorable for the owner (in this case information) consequences associated with the loss of tangible property. The consequences are manifested as a result of the offense. The damage to information systems can be expressed in the form of a decrease in profit or a loss of profit, which is regarded as a lost profit.
The main thing is to go to court in time and find out the corpus delicti. The damage must be classified in accordance with legal acts and proven in court proceedings, and it is also important to identify the extent of the actions of individuals, the amount of their punishment based on legislation. Such crimes and security are most often dealt with by the cyber police or the country's security service, depending on the volume and significance of the interference with information.
The stage of information protection is considered the most relevant today and is required by any enterprise. You need to protect not only your PC, but also all technical devices in contact with information. All data can become a weapon in the hands of intruders, so the confidentiality of modern IT systems must be at the highest level.
The simultaneous use of DLP and SIEM systems solves the problem of data protection more efficiently. You can try the programs in practice during a free 30-day trial. Find out details.
Delays at the attacking information security side are possible only in connection with the passage of the protection system. There are no absolute ways to protect yourself from threats, so the information protection system must always be improved, since fraudsters also improve their methods. A universal method has not yet been invented that suits everyone and gives one hundred percent protection. It is important to stop intruders from infiltrating at an early level.