Security risks in IT incorporate a wide range of threats and vulnerabilities that can compromise the foundations of information security; confidentiality, integrity, availability and non-repudiation of an organization’s systems and overall assets. The explanations of these foundations is found in our Foundations of Information Security article. Today we shall go deep into the threats experienced by the IT world and to an extent, how to mitigate some of them. It is important to note that no systems are safe, no matter how far precautionary measure are undertaken. This is largely because threats do evolve from time to time.

 

Definitions

Threats is sometimes being confused with risk. Whilst risk is the likelihood of a threat happening and the potential impact it could have, threat on the other hand is simply a potential cause of harm. Basically, Risk = Threat + Vulnerability. More explanations of the terms can be found in my IT risks assessment  article.

 

Impact of risks

The risks if not managed well can lead to;

Data breaches: Loss of sensitive information, such as customer data or financial records that can be misused by the threat actors.

Disruptions to operations: Cyberattacks resulting from the unhandled risks, can take down systems and networks, causing downtime and lost productivity. This can be achieved via ransomware attacks or denial of service (DoS).

Financial losses: The affected entities may incur costs related to data recovery, forensic investigations and remediation efforts. To some extent, payment of  law suits and fines.

Reputation: The well being and good standing of a company can easily be affected by the impact of uncovered risks. This will definitely affect their customer base and their earnings.

 

Common IT Security Threats

Now, the threats being faced by information systems can never be exhausted. Every day, new threats are being discovered because of how dynamic the technology is. We shall cover the major and well known threats.

Malware

This is a short form for ‘malicious software,’ and it’s an overall term referring to any software developed by cybercriminals (often called threat actors) with intention to steal information, damage or destroy data and computer systems. Some examples of malware are; those programs that replicate and attach themselves to legitimate files and programs so as to spread across the network, storage systems and servers, corrupting information and causing disruptions when executed (Viruses), type of malware that self replicates to spread to other computers (Worms). Though unlike viruses, worms can spread across information and network systems on their own, whereas viruses need some sort of activity from the targeted user in order to commence the infection process. We also have malicious programs disguised as legitimate software and then used to gain unauthorized access to systems without the user’s knowledge (Trojans) and lastly a malware that encrypts user files and systems and later demand payment for the files to be decrypted (Ransomware).

Phishing and Social Engineering

Phishing is a deceptive effort to get hold of sensitive user information such as passwords and bank details. This is achieved by pretending to be a trustworthy or legit entity or individual and always performed using electronic means like emails. Spear Phishing is a version of phishing attacks with specific targets. Social Engineering on the other hand is manipulating people into performing actions that may result into divulging of confidential and sensitive information. Tailgating in this case, is also categorized as form of social engineering. The threat of social engineering and phishing can be avoided through regular employees training and sensitization on best information security practices and how to identify phishing attempts.

Insider Threats

Some risk are as a result of people who are inside a protected organization. Some disgruntled employees who intentionally harm the information systems and reputation of the company are called Malicious Insiders. There are those that, maybe due to phishing, social engineering, sheer negligence or lack of awareness, accidentally expose their credentials, protected access rights or confidential information. These are identified as Accidental Insiders. Extensive human resource training and background checks eases this risk.

Unpatched Software

Occasionally, bugs exist and are unknown by the programmers before release and sometimes incompatible software update may cause software instability. These vulnerabilities in software that are not fixed by updates or patches often leave systems exposed to attacks. This calls for regular software updates, patch management, periodic information systems audits and penetration testing.

Lack of Multi-Factor Authentication (MFA)

Multi-factor authentication adds an extra layer of security by necessitating additional forms of verification. The added form of authentication can be a code sent to a mobile device or E-mail. Not necessarily requiring an additional method of verification is a form of threat.

 Overall Weak forms of Authentication

Use of easily predictable passwords or the same password across multiple accounts (shared passwords) often gives threat actors a way to compromise systems. There should exist a way to control the use of passwords such as deployment of security policies to mitigate such risks.

 Network Security Issues

Securing the network prevents unauthorized access and protects the data on transit. Networks that are not properly secured can inadvertently allow unauthorized access. The use of 802.1X authentication and WPA3 (Wi-Fi Protected Access 3) protocols help mitigate such threats. Man-in-the-Middle Attacks is a threat that can occur from poorly managed network systems whereby an attacker eavesdrops on communications between two communicating devices to steal or alter information. Use of Public Key Infrastructure (PKI) and secure channels such as Secure Shell (SSH) for remote access and (Secure File Transfer Protocol) SFTP diminishes the threats of Man-in-the-Middle Attacks.

Denial of Service (DoS)

Denial of Service (DoS) and Distributed Denial of Service (DDoS) are well known attacks that overwhelm systems, networks or websites with bogus traffic, rendering them unavailable and unresponsive to legitimate and actual users. These attacks are avoided by use of load balancers to distribute traffic across multiple servers and systems. Although data is not lost in such cases, the threat is viable.

 Advanced Persistent Threats (APTs)

This is kind of attack that operates in a way that threat actors intrude a system and focus on staying undetected for an extended period of time so that they can steal sensitive information, like organisation secrets (intellectual property) or personal information. Use of network security monitoring and having a practical response plan mitigates the APTs.

Cloud Security Threats

These are threats that are experienced on the cloud environment. They include malware, compromised Application Programming Interface (APIs) and environmental power loss.

 

 Conclusion

IT security threats are diverse and constantly evolve making it vital for organizations to adopt a comprehensive, proactive and practical approach to information security. The weakest point of any system is the user. Therefore, investing in user training and awareness is key. This also has to be applied in capitalizing of robust information security systems to mitigate the associated threats.

 

Related Articles