Zimpapers Logo

Imagine the nuclear codes of the world’s deadliest nuclear warheads in the hands of cyber criminals. Or imagine your hard earned money just vanishes from your electronic wallet without a trace.

If that is thought provoking, then it’s a clear indication of how intense and critical information security is. This article will touch on threats to information security. These are negative entities that pose constant danger to assets.

The modern digital world has allowed more innovation in many areas including social and business activities. It has also opened doors to cybercriminals who are now carefully discovering new ways to tap the most sensitive networks for sensitive data in the world for their own gain. Protecting business data is a growing challenge but awareness is the first step.

Currently, organisations are struggling to understand what the threats to their information assets are and how to obtain the necessary means to combat them which continues to pose challenges. There are different types of threats to information. Some threats are through technical failures, natural disasters and poor management decisions.

Threats beyond our control such as natural disasters require management intervention through disaster management strategies.

Social Engineering – As people are becoming more and more aware of different technologies, cyber criminals are resorting to human hacking.

In the security chain, the weakest link is the human mind and these are known as non-technical methods. This act is unpredictable and mostly involves psychological manipulation. Almost everyone who uses the internet has a digital footprint which can be used against them.

For instance, if you are to Google search your name you will be surprised with the detailed information that comes up about yourself in cases where you have many social media accounts such as Facebook and Twitter.

These kinds of threats mainly target individuals and rarely on corporates.

Inadequate Security Technology – Most organisations are using outdated software that is no longer receiving software updates. A good example is Windows XP. This poses a serious threat if a financial software package is run on it.

Cyber criminals can create a backdoor entrance into your systems and enjoy fruits they did not sow without you noticing it.

A reputable company can suffer huge losses because of poor technological management practices. Malicious software can penetrate these outdated systems undetected.

Information technology professionals must help in upgrading the systems. Investing in software that monitors the security of a network has become a growing trend in the enterprise space lately.

The software is designed to send alerts when intrusion attempts occur, however the alerts are only valuable if someone is available to address them. Companies are relying too heavily on technology to fully protect against attack when it is meant to be a tool managed by skilled manpower in order for the full benefit to be accrued from it.

BOYD (Bring Your Own Device) Policy. A process of allowing employees to bring their own devices like laptops, tablets and other related gadgets to access corporate ICT resources. This is very common in local organisations. Company confidential data can be easily distributed to unintended destinations.

Lack of Encryption – Financial, telecommunication and health care institutions are well aware of the sensitivity of the confidential information which is in their possession.

It is necessary to protect the data when it is being conveyed from one node to the other. Data should be disguised from unauthorised users, which is achieved by a process known as encryption. Using old technologies that use old encryption methods is not safe.

Technology with Weak Security – If you have been following technological trends, you would notice that almost every day new and smart gadgets are released. However security is behind and in some of these gadgets, the suppliers tend to cover up the flaws with software patches.

With the advent of IoT, some of them rely on cloud services. A weak or unsecure connection to the cloud presents a serious risk. Cyber criminals prefer the path of least resistance.

Mobile Malware – Several security experts diagnosed risk in mobile device security since the early stages of device connectivity to the Internet. These mobile devices have now been targeted by spyware which is software that can secretly monitor user browsing habits without their knowledge.

Improper Configuration of Systems – Companies continue to neglect the importance of properly configuring security settings.

Big data tools come with the ability to be customised to fit an organisation’s needs.

Ignorance in this area is a serious threat as it poses a high risk of data breach. It is important to know your systems in order to protect an organisation’s information.

These are a few of the threats to information security corporates face. In the next issue we will highlight mitigation measures that individuals and corporates can apply to protect this valuable business asset.