Potential threats to information security
Information security threats are all kinds of actions aimed at distorting, leaking or destroying data that is stored electronically in the information system of an enterprise. In other words, these are any processes that harm computer systems. They are aimed at unauthorized access to the intellectual property of a company or an individual user.
Attempts to implement a threat are called attacks, and the person who commits this action is called an intruder. In most cases, attacks are associated with security vulnerabilities in the information system.
Types of information security threats
It is customary to divide information security threats into two types: natural and human-caused threats. Natural (natural) threats are those that arise due to force majeure, such as a thunderstorm, flood, fire, hostilities. The second are related to the human factor. They are divided into intentional and unintentional.
Inadvertent threats include all dangerous situations arising by mistake, ignorance or inexperience of the user. For example, illegal software carries the danger. It can disrupt the operation of the IT system, cause the loss or distortion of important information.
On the contrary, all dangerous situations that have arisen by chance are called deliberate threats. Whole teams of hackers develop malicious software on purpose in order to steal valuable information or steal money from company accounts. It is important to remember that attackers can be both external and internal.
Based on different methods of systematization, there is a division of all existing threats to information security protection into the following groups:
- illegal content;
- illegal access;
- information leak;
- distortion or loss of information;
- cyber warfare and cyber terrorism.
Illegal content is any information that does not comply with legal requirements. Malware accounts for over 50% of this group of probable threats. The rest are cyberattacks.
Illegal access - downloading of information resources by an employee who does not have permission to do this. This leads to an electronic data leak. Different methods of data theft are used depending on what kind of information it is and where it is stored. These can be hacker attacks, hacking, information interception and deliberate use of unauthorized software.
Information leakage can be natural and deliberate. Natural data loss occurs due to hardware, personnel, or software errors. Intentional, by contrast, is deliberately organized in order to gain access to information and cause damage.
Distortion or loss of information is one of the primary threats to the protection of information resources. Distortion of information integrity is caused by hardware failure or deliberate actions of cybercriminals.
Digital fraud is an equally serious problem. Fraud is a fraud with bank cards (carding), online banking hacking, internal scams (fraud). The purpose of fraud is to violate laws, basic security principles and standards, and misappropriate information.
Every year the terrorist threat is growing and is steadily spreading in the virtual space. Today, no one is surprised at the likelihood of DDoS attacks on electronic process control systems (ACS TP) of various companies. Such attacks are carried out after initial reconnaissance, using industrial espionage techniques to gather the necessary information. Recently, the concept of information war has appeared, when opponents use information instead of weapons and with its help act in their own interests.
Violation of integrity, availability and confidentiality
Threats applicable to web servers, which must be considered by the server system administrator, pose threats to data availability, confidentiality, and information integrity. The system administrator bears full responsibility for the likelihood of threats aimed at violating the integrity and confidentiality of information and not related to equipment breakdown. This also applies to the use of important protective measures, since they are included in the list of his immediate duties.
All confidential information is divided into personal and business data. Service information (logins and passwords of employees) do not relate to a specific subject section, since it performs technical functions in the IT system. But it is very dangerous to publish it in the public domain, since it can become a reason for illegal access to all assets, including classified information.
A system administrator cannot always prevent attacks on an IT system aimed at finding vulnerabilities in the programs used. So, for example, if a company employs a person who also has access from service information, the probability of data leakage and hacking of the IT system increases. In this case, all the system administrator can do is install software that monitors and logs the actions of all users.
If the information security of an organization was exposed to a threat from one of the employees of the enterprise, and the system administrator made every effort to prevent it, then the responsibility for what happened lies entirely with the employee who created the threat. An example of such a situation is the distribution of corporate documents through unprotected channels, the disclosure of official information to outsiders or employees who do not have access to it, the installation of unlicensed software without the knowledge of the system administrator, the use of personal drives with malware.
Sources of security threats
The sources of problems can be both the planned actions of the fraudsters and the lack of the necessary experience of the company's employees. The employee must have an understanding of information security rules and malware. Undesirable events such as distortion or loss of information also occur due to the deliberate actions of the company's employees interested in receiving remuneration in exchange for important information about the company.
First of all, the sources of danger are individual cyber fraudsters or hackers, groups of IT criminals, government intelligence agencies (cyber units), which use the entire stock of available cyber weapons. To hack access to data, they use flaws and vulnerabilities in the operation of software and virtual applications, failures in firewall settings and access rights, do not neglect wiretapping of communication channels and the use of spyware.
The attack method depends on the type of digital data, its location, the method of access to it and the degree of protection. Spam messages are often used in attacks.
One of the dangerous situations is abuse of authority by employees of the organization who have access to important information. Privileged users of IT systems (for example, sysadmin, software engineer) can open any unencoded file, enter the email of any employee. Another example is damage during service. Typically, the service technician has unrestricted access to the system and is able to bypass the security mechanisms in the software.
The information security service needs to comprehensively assess the weaknesses of the data protection system in order to ensure the information security of the enterprise. In order to eliminate information leakage due to equipment failure, it is necessary to introduce high-quality components, maintain constant maintenance and install voltage normalizers. You also need to systematically install and maintain software updates. Information security software deserves special attention, it must be constantly updated.
Methods of dealing with threats
To choose effective methods of struggle, it is necessary to assess not only the probable dangers, but also the possible damage, permissible and unacceptable.
Key questions for analysis:
- What is the purpose of protection?
- What types of security threats prevail?
- What are the sources of problems?
- What protections will provide maximum security?
Taking into account all these points, it is possible to best determine the danger, likelihood and consequences of information security incidents. After that, you can start choosing information security tools.
Training of employees of the enterprise in the basics of data protection and methods of working with malware helps prevent information loss, avoid accidental installation of dangerous programs on the company's electronic equipment. In addition, to hedge against data leakage, you need to back up especially valuable information.
You can create an information protection system using special software, the functions of which include:
- protection against illegal content - antivirus software, antispam, web protection, blocking active data of browsers, cleaning the cache;
- Firewalls and Attack Disclosure Systems (IPS);
- control of electronic assets of the enterprise;
- privileged user control (PUM);
- protection of source code from DDoS attacks;
- protection against targeted attacks;
- analysis of suspicious user activity (UEBA);
- information security event monitoring (SIEM);
- control over technological processes;
- information loss protection (DLP);
- cryptographic protection;
- portable electronics safety;
- fault-tolerant systems.
The choice of methods and means of protection depends on the type of activity of the organization, the equipment used, vulnerabilities and other nuances. For example, some state-owned enterprises are not afraid of the danger of violation of secrecy, since all the necessary information is in the public domain. But in such enterprises, the danger is the possibility of deleting important data from the server. Therefore, in most cases, illegal intrusion is a serious threat. The key is to understand what can do the most harm to your organization and protect your most important data.
The potential danger for IT systems and important data in general is borne by all employees of the organization without exception. Statistics for 2019 show that more than 60% of corporate data leaks in Russia are due to the negligence of ordinary employees of enterprises. This suggests that in addition to protecting the IT system, it is necessary to protect the information itself by instructing employees. At the same time, it is important to understand that this will not give a 100% guarantee of protection, but will only reduce the existing risks.
Employees of an enterprise are not always able to fully ensure data security. Therefore, in order to obtain the necessary means of protection against dangers aimed at damaging equipment, infrastructure, enterprise managers often turn to specialized firms that professionally ensure information security. In this case, a careful approach to the choice of a company is required, which at the highest level organizes comprehensive protection of the information assets of the enterprise.