Emerging Information Security Threat Advisory White - Term Paper Example

Emerging Information Security Threat Advisory White Paper Now more than ever, business organizations have to be concerned of the security of the information that they story within their network systems. There has been unprecedented advancement in information and technology that has made most businesses vulnerable to data privacy violations and attacks. Accordingly, businesses have to be prepared on how to address the ever-changing and sophisticated malware and cyber-attacks. Notably, there has been significant advancement in the nature of computer and network security attacks owing to increased literacy on computer systems and networks (Webster, 2006). I have already identified the following four issues as among the emerging information security threats that businesses involved in the financial sector should be ready to address in order to secure their data from unauthorized access. 1. Social Media: Unarguably, the access and use of the social media platforms, such as Twitter and Facebook websites have been on the increase. Some employees access their social media accounts using computer devices provided by the company. Stakeholders in the financial sector have to be careful and ensure that organization’s devices are not used to access social networking sites. The use of the organization’s computer devices and networks can expose the financial institution to cyber-attackers and spammers, which can jeopardize the security of private and confidential data. 2. Social Engineering: Stakeholders in the financial sector should also be aware of individuals who can manipulate legitimate employees after securing their trust to access vital information about the institution, and its clients. The attackers are capable of accessing passwords, IP addresses and other vital information that can be used to access into the institution’s computer networks and thereby fleece the company of its resources. 3. Inadequate backup and data recovery options: It is notable that financial institutions normally gather and store voluminous data about their clients. However, at times, the computer networks may suffer power outage or mechanical problems which may lead to loss of vital data. Financial institutions have to devise appropriate means of backing up any stored information and recovering such in case of any unexpected data loss. 4. Improper destruction of data: Financial institutions must be worry of any information, catalogues, papers and files that are to be discarded or destroyed. Such documents may contain sensitive and vital information that may be a security threat in case they are assessed by unauthorized individuals (Gutwirth, Poullet, & Leenes, 2011). These documents need to be destroyed appropriately in a way that they cannot be retrieved and misused by other parties. Similarly, obsolete electronic devices that may contain important information should be discarded in a manner that permanently erases their contents. Social Engineering and its Threat to the Financial Sector With the new information security threats, organizations must be able to devise appropriate strategies of securing their vital data from unauthorized individuals (Webster, 2006). The financial sector heavily relies on sensitive data which includes personal information on its clients, their credit history, financial reports and transactions, and information on the institution’s employees. Even the account details, passwords and other log in details are stored within the institution’s computer networks (Clark, 2008). Thus, the company has role to secure its computer networks from hackers and malware that may collect such information and use them to compromise the financial institution (Webster, 2006). Thus, it is a matter of fact that no company would want to expose its vital data to unauthorized parties. Investment in data protection strategies, consequently, becomes the option that financial institutions have within their ambit to respond to threats to their data privacy. The Objective of the White Paper This white paper focuses on the challenge that financial institutions face while securing their private data from hackers. This document will particularly focus on social engineering and how the institutions can secure their employees and data analysts from being victims of social engineering. The document observes that there is a severe risk of data loss and misuse by individuals who have been charged with the responsibility to handle the financial institution’s data. If appropriate actions are not taken, some of the employees might, intentionally or without intention, reveal vital information to other unauthorized individuals. This document can be used by the management of financial institutions, such as banks and insurance companies, to reduce any threat of data loss through cyber-attacks due to the collaboration between its employees and the hackers. As firms become increasingly concerned about the privacy of their vital data, the cyber-attackers are also getting wiser on how best they could retrieve vital information from their targets. Most companies have invested in the traditional data protection strategies (Clark, 2008). However, with the advancement in information technology, access to another computer networks has become easier to the extent that the traditional data security approaches may somewhat become ineffective. This is due to the fact that traditional data security approaches, such as the use of antivirus, firewall, data encryption, and the use of password, mainly involve protecting the applications on the computer (Gutwirth, et al., 2011). However, the emerging risk has been on how financial institutions can address the current sophisticated approaches to data invasion. Social Engineering as a Tool to accessing vital company Information Social engineering involves manipulating or conniving with an individual to provide classified or confidential information. This art involves trickery, either for financial or other personal gain, with the intention of gaining access to another person’s password or financial installation. After access to the required information, the hacker may secretly install a malware that gives him or her access to other personal data or even control the computer system altogether. Without a doubt, this is a threat to the financial institutions as in most cases the criminal acts are carried out by people who are respected within the institution (Webster, 2006). Therefore, it can be difficult to identify that an organization’s computer systems are secretly under control by an unauthorized individual or that the data has been compromised (Clark, 2008). As opposed to other threats to data privacy, social engineering appears to be very sophisticated and difficult to identify and address within the financial sector. Strategies adopted in Social Engineering As noted, social engineering schemes normally involve building trust with an employee of a target institution. According to Hadnagy (2010), the employee may receive a message or email with a downloadable link from his or her social networking sites, such as Twitter or Facebook, or even through the email. In case the employee is tempted to open the links, then malware software can be installed in the financial institution’s computer device. The installation of the software may send private and confidential information that is stored in the device, such as clients’ accounts, email accounts and passwords, and other private data targeted by the cyber-attacker (Hadnagy, 2010). Any employee who is victim to the bait of social engineering while using the company’s computer devices can expose the financial institution to severe and unfathomable data security risk. Solution to Social Engineering Importantly, the activities of social engineers do not necessarily require any technical action on the company’s computer networks. Instead, it involves trickery of a legitimate employee to reveal private information by redirecting them to suspicious or fraudulent sites with malware that are capable of revealing passwords and IP addresses (Hadnagy, 2010). As we come to term with this latest form of threat to data privacy, financial institutions have to place a lot of emphasis on the nature of employees that they recruit to manage their information and computer networks. In particular, the financial institutions should discourage their employees from assessing their social networking sites using the company’s computer devices. In addition, they should be sensitized on how to avoid being duped or manipulated online by scammers (Hill, 2009). For instance, the employees should be instructed not to reveal any vital information related to the company or their own account information to any third party or unauthorized individuals. Conclusion I have identified some of the threats to data security in the financial sector owing to the advancement in information technology. It has been noted that the financial sector relies on data to make vital financial investments and decisions. Accordingly, the cyber-attackers have realized that the potentials in the sector. Even as the institutions try to secure any loss of information in the computer devices, the possibility of classified information being accessed by other parties without interfering with the company’s network system is a reality. In that way, social engineering becomes an easier route through which the hackers can access the institution’s data with little effort. After looking at the issue of social engineering and how it operates in the financial institutions, it has been noted that the institutions have to create awareness in their employees. Through awareness creation, the employees will be able to avoid falling victims to the hackers’ trickeries. References Clark, T. (2008). Strategies for Data Protection. New York: Brocade Communications Systems. Gutwirth, S., Poullet, Y., Hert, P. & Leenes, R. (2011). Computers, privacy and data protection: an Element of Choice. New York: Springer Science & Business Media. Hadnagy, C. (2010). Social engineering: The art of human hacking. New York: John Wiley & Sons. Hill, D. (2009). Data protection: Governance, risk management, and compliance. New York: CRC Press. Webster, M. (2006). Data protection in the Financial Services Industry. New York: Gower Publishing. Read More