Internet usage is the fastest growing technology in the world right now and the world could have been some miles back without it. Many organizations ranging from governmental, Non-governmental, financial, educational, security, military and even social organizations use internet to store their highly privatized and confidential information. Governments and military organizations use internet integrated programs to control trains, radars, stock markets and military equipment (National Institute of Standards and Technology Special Publication, 2002). An increased reliance on the internet exposes organizations to increased risks in terms of threats to information systems security. Cybercafés across the world have no regional boundaries, so, information from one country can be easily accessed in another country. Organizations should take precaution because the exposure of their information on the internet might result in erasure, alteration or recording. This might lead to bankruptcy in cases of financial organizations or breaches in the National Security System in cases of Security and Defense systems. Highly secret information might be exposed through such unethical acts like hacking into a system. The internet is like a loose end, a system that does not provide assurance to its users that their information on transaction activities, banking and many other activities will be secure. In this argument, the following subtopics shall be discussed. They are: vulnerabilities that an organization’s secure information might face, methods used by hackers to get into a secure system and their effects to the victims of internet vulnerabilities. The assignment will also cite an example of a case where confidential information was exposed and provide solutions on risk mitigation.
Vulnerabilities in Information System
Harold & Krause (2009) state instances in which security systems can be vulnerable. The
first one is the gaining access of private and confidential data or information by intruders. If stable and reliable security measures are not put into place, then the transfer of data can easily be read by other people. Many organizations have been falling prey through the transfer of their data from one place to another. According to Stuttard & Pinto (2007), some programs have been designed by intruders or hackers to monitor information being transferred through the internet. This is potentially dangerous because such personal and confidential information like passwords, network drivers and account numbers might be accessed. With such information in their hand, hackers, conmen or even spying agents might decide to destroy, alter or forge it for their own use. The unrestricted global use of the internet makes it too open and too dangerous. People with detailed knowledge about an organization can use it to interfere with the information being transmitted. Data can also be altered or erased inside the organizations’ systems. According to Cerelam magazine (2011), 90% of Gartner Group members believe that their information is being tempered with. The organizations should ensure honesty, responsiveness and high discipline standards among its employees so as to maintain high data integrity.
Poor systems of analyzing the authenticity of people logging into a site also makes the private information in an organization vulnerable to intruders, fro example, when someone finds that his or her facebook page has been opened and then some strange information posted on it. Many organizations rely so much on the use of internet. This is to ensure good control and effective service delivery. In order for a particular person or program to log in, authentication permission is required. Necessary passwords and other formalities must be followed to allow access into the system. For a computer to be connected to the internet, then it needs to be identified by an IP address (a unique numerical system that identifies each computer connected on the internet (Harold & Krause, 2009)). An Internet Protocol identifies a computer by the use of proxy settings. Through IP spoofing (forgery), computers can claim identity of other computers. This is potentially dangerous because one person can actually assume the identity of another and acquire information that was not supposed to be his. If access to the system is only determined by the Internet Protocol, then anyone can easily beat the system and log in without a password (Condon, 2010).
Unauthorized access can also result from the mild or weak security in the system technical formation and design. Application layers, the protocols that are set for a computer to get connected to the internet might not be resilient enough to fight off unauthorized personnel. These layers play different roles and they have an extensive array of exchanging data on the internet. Hyper Text Transfer Protocol, abbreviated as HTTP, allows messages and information both in textual and pictorial form to be transferred across the internet. According to Condon (2010), HTTP is defined as that communicable tool that allows information to be shared on the World Wide Web. If an organization’s application layers do not secure its Hyper Text Transfer Protocol tightly, then confidential data is likely to be exposed to spoofers and hackers (Condon, 2010). The unrestricted use of internet across the globe also makes it easy for systems in organizations to be attacked from anywhere in the world. Systems can be used by rival companies to destroy other systems. When this happens, an organization is likely to suffer more. If it is a marketing firm, then its adverts and price lists might be changed to weaken its sales.
The task of safeguarding user Identification Codes and their passwords has always been challenging. Most organizations like financial associations use online criteria to make communications to their employees. This system requires a database for each employee and it is him or her alone who is supposed to access it. Hackers and other invaders have managed to access the user names and passwords of these employees and come up with shadow websites. Through these copycat websites, the invaders are able to monitor all the activities and communications taking place in a certain organization (Stuttard & Pinto, 2007).
According to Harold & Krause (2009), security problems also arise from the weaknesses in the system’s software. The software might also be faced by other challenges as lack of viable format system that can identify and debug security flaws while on the internet. Software is not a sufficient tool on its own because master hackers have developed their own complex software which can easily get them the information they want. According Stuttard & Pinto (2007), software does not provide enough security because of the flaws and weaknesses that are always associated with it. A good example is when Google system broke down and many people lost their data in their Gmail accounts. Newly manufactured software still faces its own challenges for while on the internet, malicious programs always get downloaded automatically and can easily be installed in the systems of those organizations. The adoption of internet as a substitute to archaic file system to store records and information is an efficient system but with its shortcomings.
Methods used by hackers to access confidential information
Stuttard & Pinto (2007) have come up with methods in which hackers use to break into security systems. The first method used by hackers is called Process Spawning Control. When the software of a system becomes flawed, then hackers use the advantage to get into the system (spawning). This method involves feeding false information into the system and tricking it to believe that it is the right one. They do this by generating executable files that they think are suitable in the system. This method is preferred by hackers because it does not require the start up of other processes and applications for it to function normally.
The second technique employed by hackers and other intruders is the execution of protected files. In this method, hackers now trick the system in coming up with a creation that would see the execution of files they would wish to put in the system. This method copies the system’s main worm code (multiplying malware that is dangerous to the OS) and the code gets activated. Just like the first case, the application only requires the executed files to access the system (Harold & Krause, 2009).
The third method employed by hackers to access the privacy of an organization’s system, according to Harold & Krause (2009), is by making modifications on the most vulnerable areas of the operating system. They include the system’s registry, which is the mastermind behind the operation of other processes in a computer. The strength of this method is based on the fact that the startup processes in a computer do not need to undergo all the processes in order to function.
According to Stuttard & Pinto (2007) other methods involve coming up with Internet Protocol database and then run deep scans in search of those addresses. They also employ Trojan horses and backdoor systems after making changes to the system’s operating system. Hackers always employ the use of Trojans because they will always help them avoid detection at all costs. All these vulnerabilities are as a result of the system’s flawed designs. The most common method used by hackers to get information from organizations is through Social Engineering. Hackers can easily obtain credit card numbers and other valuable information from employees in an organization.
Consequences of information security threats
According to Harold & Krause (2009), organizations that experience instances of hacking into their systems lose a lot. A financial organization that has had its loan transfer messages tapped can undergo great risks in terms of losing money through electronic wiring. Bank clients who do their transactions through the internet are likely to suffer big blows if the system of the bank is hacked into and information stolen, for example, Citigroup bank and Bank of America suffered heavily when their systems were broken into. In some instances, some professional hackers might access the information of a country’s defense system and use it against them. Today, cases of terrorism are on rampage and so, governments, security and defense systems face the risks of great harm if their information is accessed and exposed. A good example is when Al Qaeda gets to know of the US security system.