Embed Size (px)
DESCRIPTION
Citation preview
Jackey ChinEileen Perez
Businesses are a major part of our society. We rely on businesses to provide us with jobs,
services, and goods. There are many types of organizations in the
Business Industry, which include (not limited to): Education Financial/Banking Government Legal Medical Professional/Business Services Retail Logistics And many others!
We hope to provide you with an overview of:
◦ The Security issues concerning the nature of Businesses.
◦ Data from reputable sources.
◦ The types of attacks that are targeted towards Businesses.
◦ How organizations can prevent attacks.
◦ How these attacks can be resolved.
The most common type of security breach in Business is theft of data. This includes theft of:
Sensitive information Proprietary information And other intellectual property stored in Corporate
computer systems
◦ 7 out of 10 data breaches are committed by company employees
◦ One out of 100 (1%) employees are thought to adhere consistently to corporate data and security policies
(http://www.prweb.com/releases/2007)
Data breaches and computer theft are growing problems in the corporate world.
27% of companies reporting data breaches.
55% experiencing laptop thefts.
Worse yet: 33% of IT managers believe that data breaches and computer thefts have occurred and gone undetected within their organization.
1 in 5 data security breaches involves customer information
1 in 5 data security breaches involves employee information
1 in 5 data security breaches involve social security numbers and/or credit card numbers
The rest is involved in other information
(http://www.prweb.com/releases/2007)
Usually theft of corporate information is done by employees of the company.◦ The thief may want to profit from stealing the information and
potentially sell it to a rival business. For example: Pepsi alerted Coca-Cola to Stolen-Coke-Secrets offer.
(http://www.foxnews.com/story/0,2933,202439,00.html)(http://www.comicsonduty.com/images/Pepsi_Logo.jpg)
(http://www.northfloridafair.com/images/upload/coca-cola-logo-w-ice.jpg)
To protect customers, employees, and shareholders, data loss prevention needs to become a top priority at every level of the organization from the board room to the lunch room.
Just last week, the U.S. Department of Agriculture announced that it had exposed the personal identifying information on about 150,000 people over the last 26 years.
(http://www.informationweek.com)
The vast majority of security threats imposed on organizations are possible because of the Internet.
This connection of millions of computers all over the world that allows for the exchange of information and data has brought with it many security issues which must continue to be addressed.
(Dixon, 2005: 9)
◦ A virus is designed to "infect” a program file or boot sector of a computer.
◦ A worm is designed to make copies of itself
◦ A logic bomb is designed to execute (or “explode”) under certain conditions
◦ A Trojan horse appears to be useful or benign but actually conceals a smaller program that is designed to be damaging, annoying, or “humorous”
◦ A denial of service (DOS) attack is an explicit effort to prevent legitimate users from accessing computer systems
(NW3C, 2005: 2)
According to the FBI and the Computer Security Institute annual survey of 520 companies and institutions, more than 60% reported unauthorized use of computer systems over the past 12 months and 57% of all break-ins involved the Internet.
(Sukhai, 2005: 131)
It’s important for an organization to adopt a reactive approach to information security. The vulnerability of systems is usually evaluated after
an attack takes place, resulting in money spent of fixing the security holes and recovering from the data and business loss.
◦ It is recommended that companies have awareness training Includes specific security policies for employees,
incident respond plans and visual reminders such as posters.
◦ Housekeeping – backing up files, password routines and system logs. It is important to remove access from employees who
leave.
(http://www.businesslink.gov.uk)
◦ Enhance your system security to protect your business from potential virus attacks and hacking This should include anti-virus software, firewall, or
software barrier)
◦ Keep this up to date and download relevant patches – updates to software that fix security threats. Viruses are frequently released
◦ If your staff needs to access the network while off-site, consider a virtual private network. This creates a secure link and protects information sent
and received.
(http://www.businesslink.gov.uk)
In Businesses, as many as 60% of attacks go undetected and only 15% of exposed attacks are reported to law enforcement agencies.
Why?◦ Companies just don’t want the publicity.◦ A successful attack may challenge other hackers to repeat the
crime.◦ Bad publicity can seriously undermine the image and reputation
of the company, as well as public trust.
There are a number of reasons why companies are hesitant to report cybercrime to FBI and Computer Security Institute, but they should so it will lead to less cyber crimes being committed.
(Sukhai, 2005:131)
