Information and system security are important in both individual and organizational settings. A breach in security can cause emotional, political, and/or monetary damage, since a breach can allow sensitive information to get into the hands of others. Once information is breached, the owner of the information has little control over where the information ends up or how it is used (Vahid, 2017). For example, most offices in the healthcare industry now use electronic medical records. Healthcare facilities are very diligent about the security of their systems, since patient information is confidential, and a breach of security would violate HIPPA laws. In a different scenario, an individual would not want to accidentally download malware onto their system, which could scrape their computer for personal information.
One type of attack against a system is called a Denial of Service (DoS). A DoS can occur when a destination server becomes overloaded with access requests. One way that hackers achieve this overload is through a botnet. A botnet is a group of computers that have acquired malware. Once the botnet is established, the hacker can command the devices to simultaneously send large quantities of access requests to a destination on the web (Vahid, 2017). Normally, a ping is a tool used to diagnose network and connection problems by sending test packets of data to determine the roundtrip time and whether or not the packets successfully arrive at their destination. However, in this scenario, hackers may use the ping command maliciously to send access requests. When there are too many access requests received at once, the server becomes overloaded and cannot respond to valid access requests from real users. Therefore, the user experiences a “denial of service.” Their access request cannot be granted, and they cannot access the destination. In some cases, the overload can even cause a server to crash.
One of the biggest issues related to information and system security right now are security holes, or vulnerabilities. Hackers target these vulnerabilities to gain access to a system and steal information or disrupt the functioning of an organization. According to Vahid (2017), “Security holes commonly exist in operating systems. Once discovered, OS makers update the OS to close such holes. Thus, computer users are advised to keep their OS'es up-to-date, not only to gain new features, but to close security holes.” Therefore, individuals can help protect themselves by keeping the software on their personal devices updated. However, users cannot necessarily control the security of their information when hackers target vulnerabilities in large companies. For example, in 2016 there was a DDoS attack on Netflix: “intentionally overwhelming a service such as Netflix with potentially millions of simultaneous hits can crash a provider’s servers, and this was one of the biggest attacks in recent history,” (Weber, 2017). These security breaches are damaging because hackers can obtain the personal information of users. According to Weber (2017), “Large data breaches such as what happened at Yahoo can have large financial rewards for the hackers, who then just sell the data in the underground black market. Even if your information is worth only a few pennies, the theft of a million records can pay back the hackers quite nicely for their efforts.” This shows that while large corporations employ methods to keep their systems secure, they are still vulnerable to attack. Therefore, it is important to only provide as much personal information as needed when creating new accounts.
Another major issue involving information security is phishing. This strategy of illegally obtaining data incorporates the use of spam e-mail to trick a user into providing sensitive information, such as account numbers, social security numbers, and/passwords. Often times the e-mail will appear to come from a legitimate company, such as a bank. Typically, the e-mail will include a link that appears to take the user to their account log-in page and will have the user enter their information. However, even though the link appears legitimate, the site that it opens is often an imitation site used to steal the victim’s information (Vahid, 2017). Users can avoid these scams by refraining from clicking on links in e-mails. A user can instead go to the company’s actual website and log-in to check for notifications and updates regarding their account. Phishing scams are constantly evolving, especially as smartphones become more common. One of the newer types of phishing scams is actually referred to as smishing, which comes from SMS, or “short message service.” In this scam, “You get a fake text saying there’s a problem with one of your financial accounts. Or maybe a message offering a low-cost mortgage, a discount cruise, or a free gift card. If you respond by text, the scammer will know that the number is viable and may contact you to try to get more sensitive personal information. If you click on the link in the text directly, the scam artist may be able to install malware that can collect personal information (account numbers, passwords, etc.) from your phone,” (Hickey, 2018). Con artists also phish for personal information via direct phone calls pretending to be a “bank, creditor, insurance company, or government agency,” (Hickey, 2018). Often the scammers use scare tactics to get the victim to divulge personal information before they have time to process whether or not the call is a scam, so it is recommended to never provide personal information over the phone if you don’t know who’s calling. Instead, hang up and look up the phone number, or try calling it back to verify that it is legitimate.
Resources
Hickey, M. C. (2018). Protect Yourself From These 7 Scams. (cover story). Consumer Reports,
83(6), 26-33.
Vahid, F., & Lysecky, S. (2017). Computing technology for all. Retrieved from
zybooks.zyante.com/
Weber, R. M., & Horn, B. D. (2017). Breaking Bad Security Vulnerabilities. Journal Of
Financial Service Professionals, 71(1), 50-54.
One type of attack against a system is called a Denial of Service (DoS). A DoS can occur when a destination server becomes overloaded with access requests. One way that hackers achieve this overload is through a botnet. A botnet is a group of computers that have acquired malware. Once the botnet is established, the hacker can command the devices to simultaneously send large quantities of access requests to a destination on the web (Vahid, 2017). Normally, a ping is a tool used to diagnose network and connection problems by sending test packets of data to determine the roundtrip time and whether or not the packets successfully arrive at their destination. However, in this scenario, hackers may use the ping command maliciously to send access requests. When there are too many access requests received at once, the server becomes overloaded and cannot respond to valid access requests from real users. Therefore, the user experiences a “denial of service.” Their access request cannot be granted, and they cannot access the destination. In some cases, the overload can even cause a server to crash.
One of the biggest issues related to information and system security right now are security holes, or vulnerabilities. Hackers target these vulnerabilities to gain access to a system and steal information or disrupt the functioning of an organization. According to Vahid (2017), “Security holes commonly exist in operating systems. Once discovered, OS makers update the OS to close such holes. Thus, computer users are advised to keep their OS'es up-to-date, not only to gain new features, but to close security holes.” Therefore, individuals can help protect themselves by keeping the software on their personal devices updated. However, users cannot necessarily control the security of their information when hackers target vulnerabilities in large companies. For example, in 2016 there was a DDoS attack on Netflix: “intentionally overwhelming a service such as Netflix with potentially millions of simultaneous hits can crash a provider’s servers, and this was one of the biggest attacks in recent history,” (Weber, 2017). These security breaches are damaging because hackers can obtain the personal information of users. According to Weber (2017), “Large data breaches such as what happened at Yahoo can have large financial rewards for the hackers, who then just sell the data in the underground black market. Even if your information is worth only a few pennies, the theft of a million records can pay back the hackers quite nicely for their efforts.” This shows that while large corporations employ methods to keep their systems secure, they are still vulnerable to attack. Therefore, it is important to only provide as much personal information as needed when creating new accounts.
Another major issue involving information security is phishing. This strategy of illegally obtaining data incorporates the use of spam e-mail to trick a user into providing sensitive information, such as account numbers, social security numbers, and/passwords. Often times the e-mail will appear to come from a legitimate company, such as a bank. Typically, the e-mail will include a link that appears to take the user to their account log-in page and will have the user enter their information. However, even though the link appears legitimate, the site that it opens is often an imitation site used to steal the victim’s information (Vahid, 2017). Users can avoid these scams by refraining from clicking on links in e-mails. A user can instead go to the company’s actual website and log-in to check for notifications and updates regarding their account. Phishing scams are constantly evolving, especially as smartphones become more common. One of the newer types of phishing scams is actually referred to as smishing, which comes from SMS, or “short message service.” In this scam, “You get a fake text saying there’s a problem with one of your financial accounts. Or maybe a message offering a low-cost mortgage, a discount cruise, or a free gift card. If you respond by text, the scammer will know that the number is viable and may contact you to try to get more sensitive personal information. If you click on the link in the text directly, the scam artist may be able to install malware that can collect personal information (account numbers, passwords, etc.) from your phone,” (Hickey, 2018). Con artists also phish for personal information via direct phone calls pretending to be a “bank, creditor, insurance company, or government agency,” (Hickey, 2018). Often the scammers use scare tactics to get the victim to divulge personal information before they have time to process whether or not the call is a scam, so it is recommended to never provide personal information over the phone if you don’t know who’s calling. Instead, hang up and look up the phone number, or try calling it back to verify that it is legitimate.
Resources
Hickey, M. C. (2018). Protect Yourself From These 7 Scams. (cover story). Consumer Reports,
83(6), 26-33.
Vahid, F., & Lysecky, S. (2017). Computing technology for all. Retrieved from
zybooks.zyante.com/
Weber, R. M., & Horn, B. D. (2017). Breaking Bad Security Vulnerabilities. Journal Of
Financial Service Professionals, 71(1), 50-54.
No comments:
Post a Comment