Page 31 - DCAP309_INFORMATION_SECURITY_AND_PRIVACY
P. 31

Unit 2: Threats




             As most sophisticated cyber criminals prefer targeting banks and government organisations,  Notes
             there is an urgent need to revamp the security system for Internet activities and to put in
             place effective internal controls. As the hackers’ prime objective is to find secure IDs for
             accessing networks for cyber burglary, authentication procedures should be made secure
             and foolproof from hacking.
             The rapidly-increasing use of mobile-banking technologies augments risks and increases
             vulnerability. When a large number of customers prefer using wireless technology, iPhones,
             iPads, and Android-enabled smart phones for financial services, the cyber criminal may
             use the opportunity to phish with an application, and gain access to their secure credentials.

             Ethical hackers are in greater demand to counter cyber crimes which are growing at an
             alarming speed.
             Experts specialised in different aspects of cyber  policing, ranging  from the relatively
             inexperienced greenhorns to seasoned cyber security greybeards need to visualise the big
             picture,  anticipate potential  attacks to the organisation and mitigate  risks from cyber
             hacking.
             An ethical hacker is not a cyber criminal though he knows well the art  and science of
             hacking. He exercises his hacking expertise prudently for ethical concerns and deploys the
             cyber tools effectively to counter hacking and to identify the loopholes in order to safeguard
             the system from lethal cyber criminals.
             Cyber Security
             Ethical hacking must be encouraged for detection and prevention of automated application
             attacks, because  hackers are  becoming adept  at automating  attacks by  intensifying
             computerised attacks at smaller, vulnerable and largely homogenous targets.
             For this, IT security professionals should monitor and analyse attack data, extract relevant
             information, share information for enlarging the knowledge base for identifying attacks
             and select appropriate mitigation tools.

             They must ensure that controls are in place at all times to deter automated attacks. Securing
             data confidentiality, and availability in  the cyber realm is  becoming an  increasingly
             challenging objective for the government and private sectors. Organisations must engage
             competent,  well-trained, skilled,  information security  professionals  to  continuously
             monitor and manage cyber threats and secure sensitive organisational information assets.
          Source:  http://www.thehindubusinessline.com/features/mentor/article2356616.ece

          2.5 Summary

              Any person, act, or object that poses a danger to computer security is called a threat.
              Any kind of asset that is not working optimally and is mission-critical or essential to the
               organization, such as data that are not backed-up, is called a vulnerability, while anything
               imperfect is called a weakness.
              Threats  from  outside  the  organization  must  be  addressed,  since  the  damages
               from non-secured  information system  can effect  in  disastrous  consequences  for  the
               organization.

              By network-based threats we signify that to be effective, latent attackers need network
               access to corporate computer systems or to networks accessed by corporate  computer
               systems.





                                           LOVELY PROFESSIONAL UNIVERSITY                                   25
   26   27   28   29   30   31   32   33   34   35   36