Unit2 Business needs Threads Attacks Business needs Every

Unit-2 Business needs, Threads, Attacks

Business needs • Every company needs to have a security program. • No matter how large or small your company is, you need to have a plan to ensure the security of your information assets. Such a plan is called a security program by information security professionals. • Whether yours is five or 200 pages long, the process of creating a security program will make you think holistically about your organization’s security.

• • • Your company’s value is its data Think you don’t have anything of value to protect? The key asset that a security program helps to protect is your data — and the value of your business is in its data. • You already know this if your company is one of many whose data management is dictated by governmental and other regulations — for example, how you manage customer credit card data. If your data management practices are not already covered by regulations. consider the value of the following: • • Product information, including designs, plans, patent applications, source code, and drawings Financial information, including market assessments and your company’s own financial records Customer information, including confidential information you hold on behalf of customers or clients

• Protecting your data means protecting its confidentiality, integrity, and availability as illustrated by the C-I-A triangle. • The consequences of a failure to protect all three of these aspects include business losses, legal liability, and loss of company goodwill. Consider the following examples: • Failure to protect your data’s confidentiality might result in customer credit card numbers being stolen, with legal consequences and a loss of goodwill. Lose your clients’ confidential information and you may have fewer of them in the future.

• Elements of a good security program A good security program provides the big picture for how you will keep your company’s data secure. It takes a holistic approach that describes how every part of your company is involved in the program.

• Your security program defines what data is covered and what is not. It assesses the risks your company faces, and how you plan to mitigate them. It indicates how often the program will be re-evaluated and updated, and when you will assess compliance with the program. The key components of a good security program are • 1. Designated security officer For most security regulations and standards, having a Designated Security Officer (DSO) is not optional — it’s a requirement. Your security officer is the one responsible for coordinating and executing your security program.

• • • 2. Risk assessment This component identifies and assesses the risks that your security program intends to manage. This is perhaps the most important section because it makes you think about the risks your organization faces so that you can then decide on appropriate, cost-effective ways to manage them. Remember that we can only minimize, not eliminate, risk, so this assessment helps us to prioritize them and choose cost-effective countermeasures. The risks that are covered in your assessment might include one or more of the following: Physical loss of data. You may lose immediate access to your data for reasons ranging from floods to loss of electric power. You may also lose access to your data for more subtle reasons: the second disk failure, for example, while your RAID array recovers from the first. Unauthorized access to your own data and client or customer data. Remember, if you have confidential information from clients or customers, you’re often contractually obliged to protect that data as if it were your own. Interception of data in transit. Risks include data transmitted between company sites, or between the company and employees, partners, and contractors at home or other locations. Your data in someone else’s hands. Do you share your data with third parties, including contractors, partners, or your sales channel? What protects your data while it is in their hands? Data corruption. Intentional corruption might modify data so that it favors an external party: think Trojan horses or keystroke loggers on PCs.

• 3. Policies and Procedures The policies and procedures component is the place where you get to decide what to do about them. Areas that your program should cover include the following: • Physical security documents how you will protect all three C-I-A aspects of your data from unauthorized physical access. • Authentication, authorization, and accountability establishes procedures for issuing and revoking accounts. It specifies how users authenticate, password creation and aging requirements, and audit trail maintenance. • Security awareness makes sure that all users have a copy of your acceptable use policy and know their responsibilities; it also makes sure that your IT employees are engaged in implementing your ITspecific policies.

the Most Common Cybersecurity Threats for Businesses? Today, cyber attacks can come from a variety of places and in a variety of forms. Some types of threats are more invasive than others, but they can all be equally jarring for a business left unprepared. A few of the typical attackers and sources of cybersecurity threats include: Organized crime groups Competitors of your business Hackers Terrorists Foreign governments

• Definition - What does Threat mean? • A threat, in the context of computer security, refers to anything that has the potential to cause serious harm to a computer system. A threat is something that may or may not happen, but has the potential to cause serious damage. Threats can lead to attacks on computer systems, networks and more.

Threats The Types of Cybersecurity Threats That Businesses Face The way this harm looks can vary, so we should take a moment to address the most common types of cybersecurity threats that businesses need to watch for, whether they are attacks coming from the outside or from within the organization itself: Phishing. Cybercriminals will try to gain access to your secured network through different means, the most common of which is through phishing. By using social sites or email, these scammers will convince users to click on misleading links, provide sensitive information or company data, or even download content to their computer or server.

Malware. • Malware comes in various forms, tasked with anything from spying on the system to manipulating its code. • Distributed Denial of Service (DDo. S). This is a type of attack that floods the server with requests from multiple sources, leading it to become overwhelmed to the point of slowing down substantially or even crashing. Once this occurs, the system becomes impossible to use effectively until theses numerous interactions are canceled and blocked.

• Brute Force or Password Attacks. These threats involve an attacker attempting to gain access to a network by using a program to ascertain a working password. They’re the primary reason it’s important not to use the same password across the board and why these login details need to be changed regularly.

• Internet of Things (Io. T) or Algorithm Manipulation. As organizations grow to rely more and more on their wearable tech, cloud-computing industrial devices and other Io. T applications, the more vulnerable their data becomes. Similarly, as automation has led companies to trust their algorithms to interpret and apply their data, they may be susceptible to threats in the form of these systems and codes being compromised without frequent monitoring and occasional human interaction. • Ransomware. This is a type of malware that, when opened, locks the system down and encrypts the device so that no one can use it anymore. Ransomware is one of the most sophisticated and damaging threats out there. The computer or server affected will remain locked until a hefty ransom is paid on its behalf, although some hackers are prone to not following through on the unlocking that they promise, causing the business to suffer even further.

The Five Phases of an Advanced Persistent Threat or Intrusion • Reconnaissance and Probing. Employees who are too lazy to check for warning signs may find themselves surrendering confidential information. This phase usually involves a form of phishing that relies on this human complacency. Sometimes the hackers sit back and wait for the unsuspecting victim to visit a fake website and input sensitive info. Other instances involve a physical device being planted by an insider into one of the network’s computers that will gather the data for them. • Intrusion and System Compromise. Without doing anything too suspicious, the perpetrator will then use the login credentials or other access tools to enter the flow of network traffic, seeking information to exploit or critical systems to disrupt. As they blend into the typical workings of the network, the attacker can observe activity for months from a remote location without being detected.

Exploitation and Malware Installation. The hacker moves laterally on the network, gathering additional user account data to expand their foothold and compromising sensitive files. As they go, they begin to insert forms of malware like Trojans to exert further control. They still may be weeks from detection, so the scope of the damage they cause during this phase can take years to discover and repair after the attacker is expelled.

• Data Capture or Manipulation. Next, the hacker will begin to decrypt and remove information from the system that has been infiltrated. Decryption is a process that takes time and skill, but if the imposter has made it this far into the attack, they are likely going to follow through with their objective.

• Track-Covering and Exit. Once the attacker has what they came for, they will either leave the network, create backdoor entries so they can return undetected or even destroy the evidence using ransomware. Even after their mission is complete, unless they set off alarms or shut the system down with malware, their invasion can remain undetected while a large percentage of company data has been compromised. That’s why constant visualization and remaining alert is crucial for network owners.