Information Security Threats

Online Stealing Credit Card and reputationNo business and IT organization are safe in the present cyber world. As cyber criminals increasingly rely on sophisticated technologies, organizations often feel hopeless as their confidential data and critical assets fall prey to malicious attacks. A threat is any incident that could negatively impact the confidentiality, integrity or availability of an asset.

Here is a list of threats organizations are faced with:

  • Employees going on strike or riots occur
  • Theft of sensitive data
  • Unauthorized access to the information system
  • Unauthorized access to the network
  • Unauthorized changes of records
  • Unauthorized use of copyright material
  • Equipment malfunction
  • Failure of communication links
  • Falsification of records
  • Fraud from a cyber criminal
  • Fraud from an internal party
  • Breach of contractual relations
  • Damage caused by a third party
  • Damages resulting from penetration testing
  • Destruction of records
  • Eavesdropping
  • Embezzlement
  • Improper disclosure of passwords
  • Improper disclosure of sensitive information
  • Industrial espionage
  • Interruption of business processes
  • Lack of data integrity
  • Maintenance errors
  • Malicious code
  • Misuse of information systems
  • Natural or man-made disaster
  • Phishing scams
  • Power failure
  • Sensitive data being compromised
  • Social engineering
  • Terrorism threat in the immediate vicinity or affecting nearby transport and logistics

Vulnerabilities

A vulnerability is an organizational or system flaw that can be exploited by a threat to destroy, damage or compromise an asset.

List of threats your organization may encounter:

  • Passwords not being changed from default settings
  • Passwords not being strong enough
  • Staff duties not being properly segregated
  • Inadequate or irregular system backups
  • Inadequate physical security controls
  • Insufficient processes or technologies to prevent malicious files from being downloaded
  • Insufficient processes or technologies to prevent sensitive data from being copied
  • Insufficient software testing
  • Poor or non-existent access control policy
  • Poor or non-existent of internal documentation
  • Poor staff morale and potential for malicious action
  • Premises is vulnerable to flooding, fire or other disruptive event
  • Sensitive data not being properly classified
  • Insufficient processes or technologies to prevent users from downloading unapproved software
  • Inadequate protection of cryptographic keys
  • Employees not receiving adequate training
  • Equipment not being replaced when it is no longer fit for purpose
  • Hard drives being disposed of without sensitive data having been deleted
  • Improper cabling security and management
  • Improper change management
  • Improper internal audit
  • Improper network management
  • Improper validation of the processed data
  • Lack of systems for identification and authentication
  • No procedure for removing access rights upon termination of employment
  • No protection for mobile equipment
  • Operational and testing facilities not being properly segregate
  • Staff not receiving security awareness training
  • User rights are not reviewed regularly
  • Unprotected public networks
  • Water or heat damage to equipment