How Hacking and Cyber-Attacks Compromise on Sensitive Information - Annotated Bibliography Example

A critical review on 3 journal papers A critical review on 3 journal papers It is undoubtedly certain that with new technological innovations in the IT sector, cases of hacking and rising issues concerning cyber security have equally been on the rise. These three articles take us through the various forms of vulnerabilities that companies face from potential hackers and give us an overview on the steps companies can take to improve security. Fundamentally, the articles address the major issue of prevalent cyber-attacks on small business as they are less vigilant in putting strong security on their data. This issue is important since hacking and cyber-attacks compromise on sensitive information. To the larger information security community, hacking and cyber security pose a persistent challenge to data security and more specifically. Understanding the scope and extent of damage that cybercrimes and hacking can cause in organizations is important. This is because the damages caused have financial as well as administrative implications. Financially, this can result to loss of an organization’s funds. On the administrative level, cybercrimes have their effects on losing or stealing of information such business strategies, research information, financial reports, and other vital information like emails, addresses and names of clients and employees within an organization. According to Eschelbeck approximately 1 % of internet end users usually click on junk mail which subsequently pause a great risk to companies (Ericka 2010 p58). Interestingly, the articles appreciate the fact that hackers are not keen on stealing large amounts of money but rather, are only interested in the security systems that can be accessed with least resistance. The articles also take us through the various measures that businesses should put in place to ensure that their data and online systems are protected from hackers. These measures range from encrypting data to resisting the temptation to use Wi-Fi networks in areas prone to cyber-attacks. First article: Pullen, J. Patrick, (2013). Smooth Criminals: Entrepreneur, p.51-53 The first article by John Patrick Pullen takes us through a case study of cyber-attack with the attackers causing damages amounting to $3 million. The article provides various solutions for safeguarding security systems. Key among the measures is data encryption. This involves encoding information or data in a manner that it can only be accessible to authorized personnel. Moreover, the article insists on the need to protect Wi-Fi systems with passwords and use of motion detectors as wells as security alarms. The article notes that installing the latest antivirus protection and anti-malware programs are a sure fire way of guarding computers from unauthorized access. Finally, the article also proposes a fine idea of outsourcing security experts to take care of a company’s security remotely. Second article: lock down your business: Security essentials By Mah, Paul. Pcworld, Sep2013, Vol 31, issue 9 The second article by Paul Mah makes various suggestions on ensuring data security. First, the article suggests full disk encryption for PCs. Other measures such as setting the computer to sleep and prompt for a password every few minutes as well as users locking the keyboard when they are away from their machines would be equally effective (Reyes 2007, p68). Further, the article proposes the use of multiple passwords for different accounts and a password manager to store the various passwords. This article also recommends use of encrypted external drives to safeguard sensitive data. Finally, the article urges users to ensure they maintain updated security programs. Third article: Sound the alarm by Chickowski, Ericka. Entrepreneur. June 2010. Vol 38 Issue 6, p.54-59 The third article by Chickowski describes the prevalent use of malware to take control of the computer systems. The article advocates the use of URL/web filtering. It further suggests installing antiviruses that locate source of malwares. Further, the article suggests the use of web application firewalls to prevent attacks on a company’s websites. The journal maintains that businesses should scan the vulnerability of their website to ensure all weaknesses through which the business’ website can be infected are put in check. Finally, the article reminds on the essence of training employees the need to be on the lookout for any anomalies in their online systems. The three articles successfully bring out the issue of security and hacking in small businesses. With the appreciation of the fact that businesses have embraced the internet in doing businesses, the articles go ahead to show the potent risks that come with online businesses. Moreover, they provide an analytical approach in guiding entrepreneurs on how to deal with these threats in their upcoming businesses. Priority is put on ensuring security in organizations’’ data and prudence in the conduct of any online activity by employees, with the realization that most hackers primarily target websites, Wi-Fi networks, as well as user accounts. The first and third journals put more attention on the role of the internet in facilitating cyber-crimes. However, the second journal focuses majorly on the tools that a small business with little or no use of online systems will embark on. Moreover, the third article covers the subject of online cyber-attacks in a more comprehensive manner whereby it informs security system experts on the various loopholes that should be closed to ensure safe use of online systems. It introduces a new concept on the role of social media in perpetrating cyber-attacks to the vulnerable small businesses. The first article majorly deals with the relation between physical burglaries in organizations and cybercrimes. Less than one case study, a burglary later leads to loss of funds in the organization. The reality, therefore, is that hackers’ chief interest is to gain access to information regarding a company’s employees and operations with this information they can compromise an organization’s security. Moreover, this article addresses a delicate issue that is missed out in the others: the issue of safeguarding hardware. The writer here points out that securing hardware from physical theft is a key step in upholding security. Besides, locking up computers manually on their desks decreases the chances of physical theft. Further, the article proposes the use of tracking software to locate operations either on the servers or even on the mobile phones. On laptops, the tracking software makes use of the webcam to take pictures of unauthorized users. These are innovative ideas that make this article stand out from the rest. In addition to these, the writer of this article also brings out a unique strategy of initiating a Managed Service Provider to deal with technology infrastructure components such as data encryption, firewall updates, file backups on the server, and in ensuring overall running of security system is an effective strategy to minimize risk of attack. The second article takes a lesser critical approach in addressing online cybercrimes. Instead, the article focuses on the pertinent issue of ensuring computers in an organization are safe from day to day physical data theft. Paul Mah acknowledges the common misconception among small business owners that they are not targeted by cyber criminals. He notes that small businesses are placed in a somewhat delicate position whereby they lack the necessary funds to hire expert personnel and consultants while the lurking danger of cyber-attacks remains relatively high. The third article by Chickowski takes a more critical approach to the issue of cyber-crimes in small businesses. It presents the reality that contrary to common belief, small enterprises are the key target of cyber hackers. The realization by hackers is that big corporations have taken extremely stringent measures to lock down their security systems. Therefore, the small businesses, still unaware of the security loopholes in their systems, are bogged down by hackers who take advantage of their unguarded credit card numbers, unsecured Wi-Fi and other vulnerabilities. This articles stands out in its analysis of cyber-crimes in that it focuses our attention on the financial implication of cyber hacking. Unlike the first two that give us a rough idea of the financial implication of hacking, this article provides us with concrete data with an analogy of the biggest breaches and the annals of assault on business networks between the years 2005- 2010. However, the three articles share striking similarities in their approaches of combating cybercrimes. The essence of securing Wi-Fi networks with strong passwords is well substantiated in the articles. With hackers coming up with crafty techniques such as scripting methods that penetrate web applications and bogus advertising that spam and spoof information from company online systems. Therefore using intrusion detection systems are essential in auditing and keeping the system safe. Moreover, securing the Wi-Fi network with up to date encryption standards such as WPA2 and complex passwords is paramount to curb unauthorized access. Further, the first and second articles highlight the role of encrypting drives to safeguard unwarranted users from accessing it. With Operating Systems such as windows 7 & 8 coming with features such as bit locker, prudent businesses should adopt this innovation to be a step ahead of these attackers. But, with the ability to encrypt data, there is a loophole since this involves users choosing their preferred passwords. In the event a user chooses an easy password, it will be easy for cracking by malicious users. Employees should therefore be urged to use complex passwords to guard them from malware threats designed and targeted at compromising usernames and passwords (Ericka 2010 p56). Moreover, the three articles do appreciate the role that installing and maintaining updated antivirus software plays in keeping at bay cyber criminals. Hackers primarily run virus programs through the background and in this way gain access to login passwords that can be used maliciously. The articles share the common notion that enabling computer within an organization to install the latest updates and regularly checking if there are any failed updates or errors in downloading updates is crucial. This antivirus software prevents virus infection either in individual computers or computers within a network in an organization (Reyes 2007, p72). Moreover, antivirus software assists in locating the source of malware. Most importantly, the articles share a common certainty on the role that the human element plays in facilitating this vice in virtually all organizations. It is an undeniable fact that employees will casually give out sensitive information to strangers without giving it a second thought. Essentially, we deduce that educating a company’s employees on various ways to detect potential cyber-crimes should be the priority of any business seriously contemplating on eliminating cyber-attacks. In this regard, practical measures to enlighten employees such as prohibiting them from opening suspicious emails, reporting any unusual transfer of funds to foreign accounts and caution when giving out sensitive information should be put in place. Overall, the articles create an undeniably realistic perspective to small business owners as well as security system analysts regarding the delicate position that these businesses lie in the cyber-crime world. The revelation that cyber criminals have found a new gold mine in the small businesses is well substantiated and the articles give extremely sound and practical advice on how to alleviate these crimes. Ideally, it is a shared responsibility between business owners and the employees to ensure not only the safety of the business but also that of their clients. Typically, the ideas presented in these articles provide amicable solutions to the cyber-crimes in our society. However, before embarking on any changes in a company’s information security, caution should be taken to ensure that the real issues in the organization are addressed (Ghosh & Turrini, 2010 p156). In this regard, it is necessary that businesses understand the possible threats and put in measure relevant to these threats. It is a prudent initiative to outsource security experts, but do all businesses have that financial capability? Moreover, while some of these measures such as locking down computers in metal bars may call for complete restructuring of the security information system, some are relatively easy and brilliant strategies. The ideas presented in these articles provide security experts with rather unique approaches of addressing the issue of information security. Particularly, the articles enlighten us on initiating logical security controls. This mechanism involves providing due protection to information systems from attackers who have already gained physical access. This is a relatively modernistic approach and this can be incorporated into security systems through installing webcams to capture photos of adversaries seeking to gain access, use of CCTV cameras as well as other tracking software (Ghosh & Turrini, 2010 p85). Further, the articles challenge the common misconception that vulnerabilities in information security are dependent on the business size. On the contrary, we realize that hacking and cybercrimes occur across the board irrespective of business size or financial records. In this regard, the articles urge upcoming institutions should make a concerted effort to safeguard data even in the absence a huge capital to hire external information security experts. Introducing measures such as reviewing of access authorization, distributing a written security policy among employees and rewarding employees who report suspicious activities are prudent measures to take (Ghosh & Turrini, 2010 p88). Moreover, visible enforcement of security rules and simulating security incidents so as to improve security procedures are effective measures to enhance information security and create security awareness among employees. Implementing measures such as data encryption is on one hand an effective and easy strategy that can prevent loss of valuable data to unauthorized persons. However, it is not quite effective to encrypt external drives as this measure is still prone to abuse. Brilliant techniques such as reputation based antivirus scanning which detects the source of malwares are a sound tactic of combating cyber-crimes. This technique can be implemented in a business and help to identify and track down these cyber criminals. Moreover, businesses should invest in educating employees on the need to be extra cautious when using internet in business. This can prevent threats such as malware infection through viruses or even gain of access by hackers through unsecured Wi-Fi networks. In addition to this, training employees on proper ethics such as having their computers password protected will in the long run save the business the risks of enormous financial losses and data theft. Business security planning in the 21st century has become a critical issue ranging from small businesses to multi-million dollar businesses. External threats of data theft as well as hacking into a company’s security systems have become as real as physical burglary in companies’ premises. Essentially, hacking is considered to be a cybercrime all over the world. Cyber criminals are notorious for breaking into computer networks and illegally obtaining sensitive information (Ghosh & Turrini, 2010 p47). Moreover, these hackers spend considerable time assessing vulnerabilities in target companies before attacking. Data security, on the other hand, refers to shielding an organization’s database from malicious forces and unauthorized access by other users. It is the primary responsibility of every business to tighten security in its online system as well as taking considerable caution before giving out sensitive information to non-members of their organization. Reported cases of hacking in banks and other financial institutions have sky rocketed over the recent past, with records indicating on average $1 trillion is lost through these criminals. Equally contributing is the fact that security is hardly a priority for most software developers (Reyes 2007, p73). Whilst companies may put in place the latest software, it is up to the software developers to ensure that this software is resistant to potential risks. References: GHOSH, S., & TURRINI, E. (2010). Cybercrimes: a multidisciplinary analysis. Berlin, Springer. PULLEN, J. PATRICK, (2013). Smooth Criminals: Entrepreneur, p.51-53 Lock down your business: Security essentials By Mah, Paul. Pcworld, Sep2103, Vol 31, issue 9 Sound the alarm by Chickowski, Ericka. Entrepreneur. June 2010. Vol 38 Issue 6, p.54-59 Read More