The Threat of Online Security: How Safe is Our Data?
Most businesses that have made the move towards an online presence have experienced some kind of security threat to their business. Since the Internet is a public system in which every transaction can be tracked, logged, monitored and stored in many locations, it is important for businesses to understand possible security threats to their business.
Security has three main concepts: confidentiality, integrity, and availability. Confidentiality allows only authorized parties to read protected information. Integrity ensures data remains as is from the sender to the receiver. Availability ensures you have access and are authorized to resources.
Evidence from variety of security surveys provides a mixed picture of cyber attacks and crimes in e-commerce. Some of the trends which had been collected by Computer Security Institute (CSI) and the San Francisco Federal Bureau of Investigation’s (FBI) Computer Intrusion Squad through surveys include the following:
- Most of the organizations conduct security audits and employ a variety of technologies and procedures like antivirus software and firewalls to defend against cyber attacks. Between 65%-70% use access control lists, intrusion detection, and data encryption.
- Organizations still are reserved to report computer intrusions to legal authorities because they feared negative publicity or were worried that their competitors would use it against them.
There are many threats to e-commerce that may come from sources within an organization or individual. The followings are some of the potential security threats that can be found.
- Tricking the shopper – It is one of the easiest and most profitable attacks, also known as social engineering techniques. These attacks involve surveillance of the shopper’s behavior, gathering information to use against the shopper. For example, a mother’s maiden name is a common challenge question used by numerous sites. If one of these sites is tricked into giving away a password once the challenge question is provided, then not only has this site been compromised, but it is also likely that the shopper used the same logon ID and password on other sites.
- Snooping the shopper’s computer – Most users’ knowledge of security vulnerabilities of their systems is vague at best. Additionally, software and hardware vendors, in their quest to ensure that their products are easy to install, will ship products with security features disabled. In most cases, enabling security features requires a non-technical user to read manuals written for the technologist. The confused user does not attempt to enable the security features. This creates a treasure trove for attackers.
- Sniffing the network – Here, the attacker monitors the data between the shopper’s computer and the server. He collects data about the shopper or steals personal information, such as credit card numbers.
- Using known server bugs – The attacker analyzes the site to find what types of software are used on the site. He then proceeds to find what patches were issued for the software. Additionally, he searches on how to exploit a system without the patch. He proceeds to try each of the exploits. The sophisticated attacker finds a weakness in a similar type of software, and tries to use that to exploit the system. This is a simple, but effective attack.
With a brief write-up here about the threat of online security would help us (consumers and organizations) to beware and take necessary precautions in order to enhance the security of online information. The next few post will tell more about safeguards and prevention methods on how to handle these threats.
Recommended news: http://www.ecommercetimes.com/story/31171.html?welcome=1213803356