Threats To Data
Threats To Data
Threats To Data
Introduction
There are a various number of threats to data and being affected by one of these
threats is inevitable, however there are methods of reducing the chances of getting
these threats. Some solutions like an anti-virus guard would prove inefficient in
protecting a system against threats if it isnt updated because there are many
viruses and more are being created, an updated anti-virus guard would be able to
recognize more of these viruses than an outdated one.
The Different Legislations like Copyright and Data Protection act and the computer
misuse act etc. are enforced differently in different countries. In a country like Sri
Lanka these laws arent as enforced compared to a country like England.
1. Hackers
Hacker is a term that refers to many different computing topics. However, in the mainstream, a hacker is
any individual or group that circumvents security to access unauthorized data.
Most hackers are highly skilled computer programmers that locate security gaps and access secure
systems via unique analytical skills. A great hacker is known to be able to "think outside the box."
Hacker types are delineated according to intent, as follows:
Black hat hackers break into computer systems illegally and cause harm by stealing or destroying
data, i.e., a banking system to steal money for personal gain.
White hat hackers use their skills to help enterprises create robust computer systems.
Grey hat hackers perform illegal hacking activities to show off their skills, rather than to achieve
personal gain
2. Virus
Viruses are malicious programs that spread throughout computer files without user knowledge. Most
widespread virus infections spread through email message attachments that activate when opened. The
vicious cycle of a virus perpetuates as infected emails are forwarded to multiple users. Viruses also
spread through shared media, such as Universal Serial Bus (USB) drives.
Initially created as pranks, viruses are responsible for widespread and significant computer system and
file destruction. Installing anti-virus software helps prevent, block or remove previously installed viruses.
There are a variety of threats that users may have to face when online, these threats and methods of
preventing these threats will be discussed thoroughly in this document.
a. Logic Bombs : Logic bombs are normally used for malicious purposes, but they can also be
used as a timer to prohibit a consumer from using certain software past a trial basis. In this
case, unless the consumer ends up purchasing the software at the end of the free trial, a trial
bomb will deactivate the program. If the vendor wants to be particularly nasty, it can program
the trial bomb so that it takes other data along with it, not just the program data
b. Worms : A worm is type of malicious software (malware) that self-replicates and distributes
copies of itself to its network. These independent virtual viruses spread through the Internet,
break into computers, and replicate without intervention from and unbeknownst to computer
users.
c.
Trojan Horse : The Trojan horse is named for ancient Greeces apparent gift of peace to the
Trojans, when a giant wooden horse was secretly filled with Greek warriors. After the Trojans
allowed the horse to enter their great city, the Greek warriors emerged from the horse gained
control of the city of Troy.
Backdoor Trojan: opens a back door for a user to access a victims system at a later time
Downloader: This Trojan downloads malicious software and causes harm to the victims computer
system.
Infostealer: This Trojan attempts to steal information from the victims computer.
Remote Access Trojan (RAT): This can be hidden in games or other programs of a smaller variety
and give the attacker control of the victims computer.
Data Sending Trojan: This gives the perpetrator sensitive information like passwords or other
information programmed to be hijacked.
Proxy Trojan: As a proxy server, this allows the attacker to hijack a victims computer and conduct
illegal activities from the victims computer.
3. Identity Theft
Identity thieves have a number of avenues for stealing personal information via electronic means.
These include:
Retrieving stored data from discarded electronic equipment such as PCs, cellphones and
USB memory sticks
Hacking computer systems and databases to gain unauthorized access to large amounts of
personal data
Phishing, or impersonating trusted organizations (such as the IRS, a bank or large retailer)
via email or SMS messages and prompting users to enter personal financial information
4. Phishing
Similar to fishing in a lake or river, phishing is computer lingo for fishing over the Internet for
personal information. The term was first used in 1996, when the first phishing act was recorded.
Phishing uses link manipulation, image filter evasion and website forgery to fool Web users into
thinking that a spoofed website is genuine and legitimate. Once the user enters vital information,
he immediately becomes a phishing victim.
5. Internal Threats to Data
Natural disasters :A natural disaster such as a tsunami or a hurricane may wipe out a business online
workstation, and they may be left with absolutely no data of any of their more recent transactions. This
may hence make customer data unrecoverable, and will result in the business experiencing many
financial losses.
Theft: This happens when customer data stored inside an online business workstation is physically stolen
by a thief. This may occur if a thief manages to infiltrate the workplace of an online business and
physically remove hardware components from the business server computer, which may hence make the
data lost unrecoverable and susceptible to manipulation.
Hackers rely on weaknesses in your computer therefore performing regular operating updates will help
preventing hacking. Install a firewall in your computer, firewalls are a piece of hardware or a software
program that helps prevents hackers, viruses etc from gaining access to your computer through the
internet. Even the firewall needs to be updated regularly for maximum protection. Use different and strong
passwords for your online accounts (strong passwords are those which contain alphanumerical data,
upper case and lower case letters and not too long or too short etc.). Install a well updated anti spyware
software. If spyware is in your computer it collects data such as what you type for example your
passwords and send it to a computer else ware so they can use your passwords to login to your
accounts, anti-spyware prevents this.
There a re a number of simple, straightforward actions we can all take to protect our online identity and
guard against online fraud.
Choose strong passwords: This is particularly important for the extra verification services used
on some websites. Never pick obvious passwords like your date of birth or simply 'password.' The
strongest passwords contain letters, numbers and symbols. Pick two random words and then change
some of the letters (e.g.b00kshep1).
Stay secure: Before entering payment details online check the link is secure. There should be a
padlock symbol in the browser window frame (not the page itself), and the web address should being with
'https://'. The 's' stands for 'secure'.
Always look out for the padlock symbol and 'https' when entering details online
Destroy documents: Make sure you shred documents before binning them if they contain
important personal information.
Avoid Cold Calls: If you have not had a conversation with someone before then do not hand
over money or personal details over the phone.
Set privacy settings: Make sure that it is not possible for the public at large to view personal
information about yourself online or on social networking sites. This may provide an avenue for criminals
to build up a picture of your identity.
Keep your details close: Writing passwords down on your mobile phone or forgetting to cover
your pin at ATM's are just some of the ways that physical fraud can take place. The safest place for a
password is in your head.
Your bank will never ask you to send your passwords or personal information by
mail. Never respond to these questions, and if you have the slightest doubt, call
your bank directly for clarification.
2. NEVER GO TO YOUR BANKS WEBSITE BY CLICKING ON LINKS INCLUDED
IN EMAILS
Do not click on hyperlinks or links attached in the email, as it might direct you to a
fraudulent website.
Type in the URL directly into your browser or use bookmarks / favorites if you want
to go faster.
3. ENHANCE THE SECURITY OF YOUR COMPUTER
Common sense and good judgement is as vital as keeping your computer protected
with a good antivirus to block this type of attack.
In addition, you should always have the most recent update on your operating
system and web browsers.
4. ENTER YOUR SENSITIVE DATA IN SECURE WEBSITES ONLY
In order for a site to be safe, it must begin with https:// and your browser should
show an icon of a closed lock.
Physical Data Protection
There are many things you can do to make your equipment more secure:
Legistlation .
Data Protection Act( 1998)
During the second half of the 20th century, businesses, organisations and the government began using
computers to store information about their customers, clients and staff in databases. For example:
names
addresses
contact information
employment history
medical conditions
convictions
credit history
Databases are easily accessed, searched and edited. Its also far easier to cross reference information
stored in two or more databases than if the records were paper-based. The computers on which
databases resided were often networked. This allowed for organisation-wide access to databases and
offered an easy way to share information with other organisations.
The Data, information and databases section has more on searching databases.
Misuse and unauthorised access to information
With more and more organisations using computers to store and process personal information there was
a danger the information could be misused or get into the wrong hands. A number of concerns arose:
The Computer Misuse Act 1990 (CMA) is an act of the UK Parliament passed
in 1990. CMA is designed to frame legislation and controls over computer
crime and Internet fraud. The legislation was created to:
your business;
Right to cancel period of 7 working days (known as the cooling off period);
The Regulations should also be read in conjunction with the E-commerce Regulations 2002. These
Regulations set down clear guidance on promoting online trust and confidence when selling goods and
services online. You should also check out the 2004 regulations that apply to the purchase of financial
services
You must give consumers 7 working days in which they can decide to withdraw from the contract (the
'cooling off' period). This doesn't apply to goods and services (1) made to the consumer's specifications;
(2) audio and video records, computer software unsealed by the consumer; (3) newspapers, periodicals
and magazines; (4) gaming, betting or the lottery.
The cooling-off period is 3 months where you haven't given notice of the 7 working day cooling off
period. Unless agreed otherwise, consumers have a right to receive goods or services within 30 days. If
your sale is to another business the Distance Selling Regulations do not apply.
CONCLUSION
There are a variety of threats to data and a being affected by one of these threats is inevitable however
there are methods of reducing the chances of getting these threats. Some solutions like an anti-virus
guard would prove inefficient in protecting a system against threats if it isnt updated because there are
many viruses and more are being created, an updated anti-virus guard would be able to recognize more
of these viruses than an outdated one.
Biometric Security although may seem impossible to hack or break through can be done for example a
padlock could be broken by a large force applied to it like from a bullet. Also security guards can be bribed
for access of the information there were paid to protect.
The Different Legislations like Copyright and Data Protection act and the computer misuse act etc. are
enforced differently in different countries. In a country like Sri Lanka these laws arent as enforced
compared to a country like England, therefore people living in Sri Lanka can easily break these laws.
Technology is rapidly expanding and therefore there will be more threats to data and more solution to
counter these threats. There is no 100% guarantee that these solutions will stop every single threat but
they will stop whatever threats they can.