Friday, June 26, 2009

The threat of online security: How safe is our data?



Online security threats are one of the biggest challenges for most of the organizations today. Organizations continue to experience cyber attacks from inside and outside of the organization. In addition, the types of cyber attacks that organizations experience were varied. These made organizations started to worry that the user's break into the server purposely is to alter the pages and content at the site. Besides, they would also worried about the disruption of server by user, because by doing that would possibly made it unavailable to other.

Cyber attacks fall under several general categories:
(i) accidental actions
- A large number of computer security risks are contributed by accidental actions. Most of the users nowadays are lack of knowledge about online security concepts, these includes poor password choices, accidental disclosure, erroneous or even using a outdated software. For example, many people are using facebook, friendster, ebay and others. All of these are actually need user to enter their user name and password to log in. The problem is people are tend to use their IC number, birthday, or even an "easy memorize number" like "1234"as their password. This make it easy for people to figure out their password and break into their account. However, this form of cyber vulnerability is avoidable if education and prudence are being considered.

(ii) malicious attacks
- Attacks that specifically aim to do harm. It is at root of so-called "crackings" and "hackings"-notable examples of which include computer viruses, denial-of-service (Dos) attacks, and distributed denial-of-service (DDos) attacks.

* computer viruses
- a piece of software code that inserts itself into a host, including the opearating system, to propagate; it requires its host program be run to activate it. A virus will simply infect and spread over the operating system and consequently cause the server system broke down. As an example, the May 2000 "I LOVE YOU" virus. A small piece of code attached to electronic mail (E-mail),and double-clicking on the executable caused it to send an e-mail to everyone in an address book, subsequently damaging victim's machines. The virus caused over $100million in US damages and over $1million in worldwide losses.

* denial-of-service (Dos) attacks
- an attack on a web site in which attacker used specialized software to send a flood of data packets to the target computer with the aim of overloading its resources. It may cause a network to shut down, making it impossible for users to access the site.

* distributed denial-of-service (DDos) attacks
- a denial-of-service attack in which attacker gains illegal administrative access to computers on the Internet and uses them to send a flood of data packets to the target computer. Such attacks were witnessed in a number of large corporate computer shutdown in 2000.

(iii) online fraud
- A broad term covering Internet transactions that involve falsified information. There are 2 major form of online fraud: identity theft and data theft.

* identity theft
- the theft of personal identity on the internet is the newest form of fraud. A person may open a credit card account by using a false identity such as the victim's name, address, or bank account. Besides, since it's impossible to identify the identity of buyer through online, a person can also do online transaction using victim's identity if they can get the victim's personal information.
- Talking about identity theft, I have an experience before. My sister's boyfriend (A) ever used my account to chat in messenger with my friend and my friend didn't aware about it even until they finished the conversation. Sounds so funny! At the moment, I realize that there is "online security threat" in messenger too. "A" using my identity while my friend can't even recognise who is she dealing with. These shown that there is lack of proper security to detect people's identity and thus enable a person to do whatever he/she want using other people's identity.

* data theft
- the theft of information , unauthorized data, or manipulation of private data. Data theft is a problem primarily perpetrated by office workers with access to technology. Since employees often spend a considerable amount of time developing confidential and copyrighted information for the company they work for, they often feel they have some right to the information and are inclined to copy/delete it when they leave the company. Besides, they might also misuse it while they are still in employment.
- In April 2001,2 employees of Cisco System were obtained unauthorized access to Cisco stock and they broke into the computer system that handled stock distribution. They were able to transfer stock shares nearly $6.3million to their private portfolios.

As the conclusion, the financial losses from a cyber attack can be substantial. Except the financial losses, it also bring other effect to users. These shown that the online security still need to be improved. Security requirements such as authentication, authorization, and confidentiality also need to be considered.

Posted by: Shu Hui

No comments:

Post a Comment