Threats2

.docx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

549

Subject

Information Systems

Date

Jan 9, 2024

Type

docx

Pages

6

Uploaded by MinisterField10017

1 Threats Jerome Bowers SNHU IT 549 Dr. Waithe August 27, 2023
2 Threats In the digital world, threats must be mitigated for information assurance. The threats must be identified to determine how to protect the company from cyber threats. Once identified, the severity of the danger can be selected, and a course of action to prevent or minimize damage can be implemented. Although many types of threats exist, some are common to all industries. Insider Threats Many times, the most significant threats are internal threats. Although the organization may have procedures that, if followed, would protect the organization, carelessness by users may present opportunities that hackers can exploit. Some examples are customer data inadvertently being emailed data to external parties, clicking on phishing links in emails, and sharing login information with others. Although security measures are in place, some users intentionally bypass those measures out of convenience to be more productive. Sometimes, some users have ill will and maliciously elude cybersecurity protocols to delete data, steal data to sell or exploit, disrupt operations, or harm the business (Rosencrance, n. d.). Virus and Worms Malicious software, such as viruses and worms, are common threats. They aim to destroy the organization’s systems, data, and network. Typically, they are dormant until activated. Once activated, they are self-replicating. Often, malicious code results from P2P file sharing and clicking on ads from unfamiliar brands and websites. Phishing Social engineering is often used to secure critical information, such as names, addresses, login credentials, social security numbers, credit card information, and other financial
3 information (Rosencrance, n.d.). Hackers gain this information through fake emails that appear to come from legitimate sources. Unsuspecting users click on links in emails, which leads to fraudulent websites. These actions install malware on the user’s device. Distributed Denial of Service Compromised machines attack a server, website, or network resource and make them inoperable by flooding them with connection requests, incoming messages, and malformed packets (Rosencrance, n.d.). This type of attack results in a slowdown, crash, shutdown, and denial of service to legitimate users or systems. Ransomware Ransomware locks a victim’s computer through encryption. To regain access, the victim must pay the hacker in virtual currency. Ransomware is spread through malicious email attachments, infected software apps, external storage devices, and compromised websites. Prevention Cyber attacks can wreak havoc on systems and cost companies millions of dollars. However, there are ways to prevent these attacks from occurring. Many of these prevention measures are familiar to each risk. Since human negligence or maliciousness tends to be the first point of failure, it is essential to address what users and administrators can do to mitigate risk. Insider risk threats can be caused because users have access to more resources than they should; therefore, correctly assessing their needs and limiting their access to what is necessary is good practice. Each employee and contractor should be trained in security awareness. Contractors and freelancers should have temporary accounts with a start and end date. Two- factor authentication helps to secure access to accounts. Finally, install monitoring software to
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help