3 most common threats of information security
TRANSCRIPT
![Page 1: 3 Most Common Threats Of Information Security](https://reader033.vdocument.in/reader033/viewer/2022052619/5552511cb4c9059a4f8b50e0/html5/thumbnails/1.jpg)
If you don’t want to help yourself,
no one can
Most common threats to
information security
ELSA ConferenceStrumica, 27.11.2008
![Page 2: 3 Most Common Threats Of Information Security](https://reader033.vdocument.in/reader033/viewer/2022052619/5552511cb4c9059a4f8b50e0/html5/thumbnails/2.jpg)
If you don’t want to help yourself,
no one can
Contents
• Introduction
• What is an information security threat?
• Information security threats
• Internet security threats
• Most common threats, possible consequences and protection
• Top 10 internet threats
![Page 3: 3 Most Common Threats Of Information Security](https://reader033.vdocument.in/reader033/viewer/2022052619/5552511cb4c9059a4f8b50e0/html5/thumbnails/3.jpg)
If you don’t want to help yourself,
no one can
Introduction
• Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction
– through implementation of ISMS i.e. implementation of controls (policies and procedures)
– the CIA aspect - Confidentiality, Integrity and Availability
• Computer security is a branch of technology known as information security as applied to computers.
– ensuring the availability and correct operation of a computer system
![Page 4: 3 Most Common Threats Of Information Security](https://reader033.vdocument.in/reader033/viewer/2022052619/5552511cb4c9059a4f8b50e0/html5/thumbnails/4.jpg)
If you don’t want to help yourself,
no one can
What is an information security threat?
• A threat is any circumstance or event with the
potential to harm an information system through
unauthorized access, destruction, disclosure,
modification of data, and/or denial of service.
• Threats can be:
– Natural or Human
– Deliberate or Accidental
![Page 5: 3 Most Common Threats Of Information Security](https://reader033.vdocument.in/reader033/viewer/2022052619/5552511cb4c9059a4f8b50e0/html5/thumbnails/5.jpg)
If you don’t want to help yourself,
no one can
Information security threats
• People / employees
• Low awareness for information security aspects
• Advancing the IT infrastructure, networking and distributive working
• Improvement of complexity and effectiveness of hackers and viruses
• Electronic mail (e-mail)
• Fire, flood, earthquake
![Page 6: 3 Most Common Threats Of Information Security](https://reader033.vdocument.in/reader033/viewer/2022052619/5552511cb4c9059a4f8b50e0/html5/thumbnails/6.jpg)
If you don’t want to help yourself,
no one can
Information Security Breaches Survey 2008 1/3
What type of breaches did UK business suffer?
![Page 7: 3 Most Common Threats Of Information Security](https://reader033.vdocument.in/reader033/viewer/2022052619/5552511cb4c9059a4f8b50e0/html5/thumbnails/7.jpg)
If you don’t want to help yourself,
no one can
Information Security Breaches Survey 2008 2/3
How many UK businesses have disaster recovery
plans?
How many UK businesses have disaster recovery
plans?
![Page 8: 3 Most Common Threats Of Information Security](https://reader033.vdocument.in/reader033/viewer/2022052619/5552511cb4c9059a4f8b50e0/html5/thumbnails/8.jpg)
If you don’t want to help yourself,
no one can
Information Security Breaches Survey 2008 3/3
How did UK businesses address the weakness that caused their worst
incident?
![Page 9: 3 Most Common Threats Of Information Security](https://reader033.vdocument.in/reader033/viewer/2022052619/5552511cb4c9059a4f8b50e0/html5/thumbnails/9.jpg)
If you don’t want to help yourself,
no one can
Internet security threats
• Malware Threat
• Threats to the Security of E-mail
• SPAM Associated Threats
• Social Engineering Threat (Phishing)
![Page 10: 3 Most Common Threats Of Information Security](https://reader033.vdocument.in/reader033/viewer/2022052619/5552511cb4c9059a4f8b50e0/html5/thumbnails/10.jpg)
If you don’t want to help yourself,
no one can
Most common internet threats, consequences and protection
Malware threats
![Page 11: 3 Most Common Threats Of Information Security](https://reader033.vdocument.in/reader033/viewer/2022052619/5552511cb4c9059a4f8b50e0/html5/thumbnails/11.jpg)
If you don’t want to help yourself,
no one can
Malware threat
• Malware is software designed to destroy, steal private information or spy on a computer system without the consent of the user.
• Malwares - malicious codes, malicious programs or malicious software
• The most popular categories are Trojan Horses, viruses, adwares, spywares, spams, worms and root kits.
![Page 12: 3 Most Common Threats Of Information Security](https://reader033.vdocument.in/reader033/viewer/2022052619/5552511cb4c9059a4f8b50e0/html5/thumbnails/12.jpg)
If you don’t want to help yourself,
no one can
Security and productivity threats posed by malware• Stolen user ID and passwords
• Unauthorized access to confidential information
• Loss of intellectual property
• Remote control of company’s PC
• Theft of customer data
• Reduced network performance and bandwidth
• Increased internet traffic and changes to browser homes pages and search engines
![Page 13: 3 Most Common Threats Of Information Security](https://reader033.vdocument.in/reader033/viewer/2022052619/5552511cb4c9059a4f8b50e0/html5/thumbnails/13.jpg)
If you don’t want to help yourself,
no one can
Protection against malwares
• Good user education is vital in fighting against malwares
• Keep your operating system up to date by installing OS security fixes and program patches.
• Use firewall protection
• Install anti-spyware softwares
• Monitor logs for unusual traffic
![Page 14: 3 Most Common Threats Of Information Security](https://reader033.vdocument.in/reader033/viewer/2022052619/5552511cb4c9059a4f8b50e0/html5/thumbnails/14.jpg)
If you don’t want to help yourself,
no one can
Most common internet threats, consequences and protection
E-mail threats
![Page 15: 3 Most Common Threats Of Information Security](https://reader033.vdocument.in/reader033/viewer/2022052619/5552511cb4c9059a4f8b50e0/html5/thumbnails/15.jpg)
If you don’t want to help yourself,
no one can
Threats to the security of e-mail
• Disclosure of sensitive information
– Loss of confidentiality– Loss of integrity
• Exposure of systems to malicious code
• Denial-of-Service (DoS)
• Unauthorized accesses
![Page 16: 3 Most Common Threats Of Information Security](https://reader033.vdocument.in/reader033/viewer/2022052619/5552511cb4c9059a4f8b50e0/html5/thumbnails/16.jpg)
If you don’t want to help yourself,
no one can
Countermeasures to e-mail security
• Secure the server to client connections
– POP, IMAP over ssh, SSL
– https access to webmail
– Protection against insecure wireless access
• Secure the end-to-end email delivery
– The PGPs of the world
– Still need to get the other party to be PGP aware
– Practical in an enterprise intra-network environment
![Page 17: 3 Most Common Threats Of Information Security](https://reader033.vdocument.in/reader033/viewer/2022052619/5552511cb4c9059a4f8b50e0/html5/thumbnails/17.jpg)
If you don’t want to help yourself,
no one can
When using an e-mail
• Ensure you are addressing the right person prior to sending email
• Beware of e-mails from unknown parties (unsolicited e-mails)
• Do not open unsolicited emails
• Do not click on links in unsolicited emails
• Never respond to unsolicited emails
e.g. ‘You have won $1,000,000. Kindly send your bank details for crediting your account.’ These are scams also known as social
engineering attacks
![Page 18: 3 Most Common Threats Of Information Security](https://reader033.vdocument.in/reader033/viewer/2022052619/5552511cb4c9059a4f8b50e0/html5/thumbnails/18.jpg)
If you don’t want to help yourself,
no one can
Precautions when using a e-mail
• Suspicious attachments must NOT be opened e.g. Executable files (with .exe, .com, .bat, .reg extensions)
• Regularly purge unnecessary emails (including emptying the ‘Deleted Items’) to free storage space
• Do not open/reply to spam messages
• Avoid registering unnecessarily to mailing lists
• Use properly configured & regularly updated spam filter, antivirus and antispyware software
• Use firewall as well
![Page 19: 3 Most Common Threats Of Information Security](https://reader033.vdocument.in/reader033/viewer/2022052619/5552511cb4c9059a4f8b50e0/html5/thumbnails/19.jpg)
If you don’t want to help yourself,
no one can
Most common internet threats, consequences and protection
SPAM
![Page 20: 3 Most Common Threats Of Information Security](https://reader033.vdocument.in/reader033/viewer/2022052619/5552511cb4c9059a4f8b50e0/html5/thumbnails/20.jpg)
If you don’t want to help yourself,
no one can
Security threats from SPAM
• SPAM provides a cover for spreading of:
– Viruses
– Worms
– Trojans
– Spyware
– Phishing
![Page 21: 3 Most Common Threats Of Information Security](https://reader033.vdocument.in/reader033/viewer/2022052619/5552511cb4c9059a4f8b50e0/html5/thumbnails/21.jpg)
If you don’t want to help yourself,
no one can
Countermeasures
• Spam Filters
– MS Outlook, Outlook Express…(e.g. SPAMFight)
– Spamfighter for Outlook and Outlook express
• Antivirus
– AVG, Symantec, McAfee, F-Secure, VIRUSfighter….
• Antispyware
– McAfee Antispyware module, S&D , Ad-Adaware SE personal, SPYWAREfighter….
![Page 22: 3 Most Common Threats Of Information Security](https://reader033.vdocument.in/reader033/viewer/2022052619/5552511cb4c9059a4f8b50e0/html5/thumbnails/22.jpg)
If you don’t want to help yourself,
no one can
Most common internet threats, consequences and protection
Social Engineering Threat (Phishing)
![Page 23: 3 Most Common Threats Of Information Security](https://reader033.vdocument.in/reader033/viewer/2022052619/5552511cb4c9059a4f8b50e0/html5/thumbnails/23.jpg)
If you don’t want to help yourself,
no one can
Social Engineering
• Social engineering is the art of manipulating people into performing actions or divulging confidential information
“Employees without security awareness are security liabilities.”
Gartner Group, 2002
![Page 24: 3 Most Common Threats Of Information Security](https://reader033.vdocument.in/reader033/viewer/2022052619/5552511cb4c9059a4f8b50e0/html5/thumbnails/24.jpg)
If you don’t want to help yourself,
no one can
Security threats from phishing
• Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication
• Use of Email messages and Web pages that are replicas of existing sites to fool users into submitting:
– personal,– financial or– password data
![Page 25: 3 Most Common Threats Of Information Security](https://reader033.vdocument.in/reader033/viewer/2022052619/5552511cb4c9059a4f8b50e0/html5/thumbnails/25.jpg)
If you don’t want to help yourself,
no one can
Prevention
• Don't give out personal information
• Ensure you are on the right website with the right
web address
• Use anti-phishing software – IE7 and Mozilla,
McAfee, Firefox 2.0 (includes a form of anti - phishing technology)
Research shows that employees who are sensitive and knowledgeable about information security provide the
most cost-effective countermeasure against information security violations
![Page 26: 3 Most Common Threats Of Information Security](https://reader033.vdocument.in/reader033/viewer/2022052619/5552511cb4c9059a4f8b50e0/html5/thumbnails/26.jpg)
If you don’t want to help yourself,
no one can
Top 10 internet threats
![Page 27: 3 Most Common Threats Of Information Security](https://reader033.vdocument.in/reader033/viewer/2022052619/5552511cb4c9059a4f8b50e0/html5/thumbnails/27.jpg)
If you don’t want to help yourself,
no one can
TOP 10 threats
1. SPAM mail
2. Phishing mail
3. Wireless attack
4. Hacker attack
5. Web exploits
6. Adware
7. Viruses
8. Spyware/Trojans
9. Identity theft
10. Social engineering
![Page 28: 3 Most Common Threats Of Information Security](https://reader033.vdocument.in/reader033/viewer/2022052619/5552511cb4c9059a4f8b50e0/html5/thumbnails/28.jpg)
If you don’t want to help yourself,
no one can
Conclusion
• Avoid giving unnecessary information online
(e.g. subscribing to a newsletter whereby your
personal details are requested)
• Be sure you are dealing with someone or a site
that you know and trust before giving out
personal information
• Use regularly updated antivirus and antispyware
software
• Use client filters or ISPs based filters