Everyone knows the saying “Who owns the information, he owns the world.” And whoever owns information about competitors, gets unprecedented advantages in the fight against them. Progress has made companies dependent on information systems, and at the same time – vulnerable to attacks by hackers, computer viruses, human and government factors to such an extent that many business owners can no longer feel safe. The issue of information security is becoming a cornerstone of the organization’s activities, but this same progress offers solutions that can protect data from external encroachments.
What is information security and why are its support systems so important?
So what is (cyber security)information security? Usually it is understood as the protection of information and the whole company from deliberate or accidental actions, leading to damage to its owners or users. Ensuring information security should be aimed primarily at preventing risks, not eliminating their consequences. It is the adoption of preventive measures to ensure confidentiality, integrity, and accessibility of information and is the most correct approach in the creation of an information security system. Any leakage of information can lead to serious problems for the company – from significant financial losses to total liquidation. Of course, the problem of leaks did not appear today, industrial espionage and enticement of qualified specialists existed even before the era of computerization. But it was with the advent of the PC and the Internet that new methods of illegally obtaining information arose. If earlier it was necessary to steal and take out a whole stack of paper documents from the company, now a huge amount of important information can be easily merged into a flash drive located in a purse, sent over the network, using the family of rootkits, trojans, backdoors, keyloggers and botnets, or simply destroy by means of viruses, having arranged a sabotage. More often, financial documents, technological and design developments, logins and passwords for entering the network of other organisations are “leaking out” from companies. But serious damage can cause and leak personal data of employees. This is especially true for Western countries, where lawsuits because of such leaks often lead to huge fines, after paying which companies suffer serious losses.
In July 2017, one of the biggest personal data leaks occurred at the Equifax credit history bureau in the US. In the hands of intruders came personal information of more than 143 million consumers, 209,000 credit card numbers. As a result, according to data on September 8, 2017, the shares of the bureau fell by 13%.
It also happens that the leak causes damage to the company in a few months or years after it happened, falling into the hands of competitors or journalists. That is why protection should be comprehensive. It is not necessary to divide the information into a very important and less important one. All that relates to the company’s activities and is not intended for publication, must remain inside the company and be protected from threats.
Topical threats to information security
Analytical Center InfoWatch published data on data leakage in Russia for 2016. According to the study, the media published 213 cases of information leakage from Russian state bodies and companies, which is 14% of the global number of leaks. The most frequent cases are the leakage of payment information and personal data – 80%. In 68% of cases, employees of organizations are guilty, and only 8% are management. Compared to 2015, the number of leaks increased by 89%. Today, Russia ranks second in the list of countries most heavily affected by information leaks after the US.
But because of what most often there are threats to information security?
1. Inattention and negligence of employees. The threat to information security of the company, strangely enough, can be quite loyal employees and not thinking about the theft of important data. Unintentional harm to confidential information is caused by simple negligence or ignorance of employees. There is always the possibility that someone will open a phishing email and inject the virus from a personal laptop to the company’s server. Or, for example, copy a file with confidential information to a tablet, flash drive or PDA to work on a business trip. And no company is immune from the sending by an inattentive employee of important files at the wrong address. In this situation, information is very easy prey.
In 2010, the prototype of the iPhone 4 smartphone was left in the bar by one of Apple’s employees Greyme Powell. Before the official presentation of the gadget, there were still several months, but the smart student who sold the smartphone sold it for $ 5,000 to Gizmodo journalists who made an exclusive review of the novelty.
2. Use of pirated software. Sometimes executives try to save on buying licensed software. But you should know that unlicensed programs do not provide protection against scammers who are interested in stealing information using viruses. The owner of unlicensed software does not receive technical support, timely updates provided by the developer companies. Together with him, he also buys viruses that can harm the computer security system. According to the Microsoft research, in 7% of the studied unlicensed programs, special software was found for stealing passwords and personal data.
3. DDoS attacks. Distributed-Denial-of-Service is the flow of false requests from hundreds of thousands of geographically dispersed hosts that block the selected resource in one of two ways. The first way is a direct attack on the communication channel, which is completely blocked by a huge amount of useless data. The second is an attack directly on the resource server. Inaccessibility or degradation of the quality of public web services as a result of attacks can last a fairly long time, from several hours to several days.
Typically, these attacks are used in the course of competition, blackmail of companies or to distract the attention of system administrators from certain unlawful actions such as abduction of funds from accounts. According to experts, it is theft that is the main motive of DDoS attacks. Banks’ websites become the target of cybercriminals, in half the cases (49%) they were affected.
In 2016, DDoS attacks were recorded in every fourth bank (26%). Among other financial structures, 22% of companies were affected. The average damage to credit institutions was $ 1,172,000 per bank.
4. Viruses. One of the most dangerous threats to information security today are computer viruses. This is corroborated by the multimillion-dollar damage that companies incur as a result of virus attacks. In recent years, their frequency and level of damage have significantly increased. According to experts, this can be explained by the appearance of new channels of virus penetration. In the first place is still mail, but, as practice shows, viruses can penetrate through messaging programs, such as ICQ and others. The number of objects for possible virus attacks also increased. If earlier attacks were mainly on the servers of standard Web services, today viruses can also affect firewalls, switches, mobile devices, routers. Recently, the so-called cryptographic viruses have become particularly active. In the spring and summer of this year, millions of users were affected by attacks of the viruses WannaCry, Petya, Misha. Epidemics have shown that the victim of a virus attack can be, even if you do not open suspicious letters. According to Intel, 530,000 computers were infected with the WannaCry virus, and the total damage to the companies was more than $ 1 billion.
5. Threats from co-owners of business. It is legal users – one of the main causes of information leakage in companies. Experts say such leaks are insider, and all insiders are conventionally divided into several groups:
“Violators” – The middle link and top managers who allow themselves small violations of information security – play computer games, make online purchases from work computers, use personal mail. Such disorder can cause incidents, but most often they are unintentional. By the way, most external attacks occur through personal mailboxes or ICQ employees.
“Criminals.” Most often, insiders are top managers who have access to important information and abuse their privileges. They independently install various applications, can send confidential information to third parties interested in it, etc.
“Moles” are employees who intentionally steal important information for material compensation from a competing company. As a rule, these are very experienced users who skillfully destroy all traces of their crimes. Due to this, it is very difficult to catch them.
Another category is dismissed and resentful employees who take with them all the information they have access to. Usually stolen information is used by them at a new place of work, the purposeful sale of data in Russia is not yet very relevant.
6. Legislative vicissitudes. State bodies in Russia are entitled to confiscate equipment and information carriers during inspections. Since most of the company’s important data is stored electronically on servers, in the event of their withdrawal, the company simply stops operating for a while. No downtime can compensate for the downtime, and if the inspection is delayed, large losses can lead to the termination of the firm’s activities. The seizure of equipment is one of the most acute problems of modern business, while anything from the investigator’s decision to the court decision within the framework of any criminal case can serve as an excuse for him.
Methods of information protection
Although the number of threats is constantly growing, more and more new viruses are appearing, the intensity and frequency of DDoS attacks are increasing, the developers of information security tools are also not standing still. For each threat, new security software is developed or the already existing one is being improved. Among the means of information protection can be identified:
Physical means of information protection. These include the restriction or total prohibition of access by unauthorized persons to the territory, checkpoints equipped with special systems. HID-cards for access control were widely distributed. For example, when implementing this system, only those who are granted such access through the protocol can go to the server or other important business unit of the company.
Basic means of protection of electronic information. This is an indispensable component of the information security of the company. These include numerous anti-virus programs, as well as e-mail filtering systems that protect the user from unwanted or suspicious correspondence. Corporate mailboxes must be equipped with such systems. In addition, it is necessary to organize differentiated access to information and a systematic change of passwords.
Anti-DDoS. Proper protection against DDoS-attacks by its own forces is impossible. Many software developers offer an anti-DDoS service that can protect against such attacks. Once the system detects traffic of unusual type or quality, a security system is activated that detects and blocks harmful traffic. At the same time, business traffic is unimpeded. The system is capable of triggering an unlimited number of times, until the threat is completely eliminated.
Backup data. This solution involves storing important information not only on a specific computer, but also on other devices: an external medium or a server. Recently, the service of remote storage of various information in the “cloud” of data centers has become especially urgent. It is this copying that can protect the company in the event of an emergency, for example, when the server is seized by the authorities. Create a backup and restore the data at any time convenient for the user, at any geographical point.
Disaster recovery plan. The ultimate measure of information security after data loss. Such a plan is necessary for each company in order to eliminate the risk of downtime as quickly as possible and ensure the continuity of business processes. If the company for some reason can not access its information resources, the availability of such a plan will help reduce the time to restore the information system and prepare it for work. It must necessarily provide for the possibility of introducing an emergency operation mode for the period of failure, as well as all actions that should be taken after data recovery. The very process of recovery should be worked out as much as possible taking into account all changes in the system.
Encryption of data in the transmission of information in electronic format (end-to-end protection). To ensure the confidentiality of information when it is transmitted in electronic format, various types of encryption are used. Encryption makes it possible to confirm the authenticity of transmitted information, protect it when stored on open media, protect software and other information resources of the company from unauthorized copying and use.
So, the protection of information should be carried out in a comprehensive manner, immediately in several directions. The more methods will be involved, the less likely the occurrence of threats and leaks, the more stable the position of the company in the market.