Top Information Security Threats

Question: Discuss about the Top Information Security Threats. Answer: Introduction As per the given scenario, the ISIA i.e. IT Security and Information Assurance department of Emirates performs various key responsibilities such as designing, planning and creating of secured infrastructure. This department ISIA is led by Chief Information Security Officer (CISO) and other eight security managers those manage business continuity, information privacy and security and management of malware and botnets and other essential factors. I am working as one of the security managers in ISIA department. As we know that Emirates has become largest airline in the Middle East and to provide best airline services to its passengers worldwide. The security of information of all passengers and employees of Emirates is also an essential job to perform by security managers of ISIA department. The main concerning point here is that, with the advancement in technologies, threats of information security are also increasing. So senior management is concerned about preparedness of Emirates to handle these threats. The CISO of ISIA department has strong believe that evaluation of security risks and proactive steps that will be helpful to control these security risks, is required. Therefore, CISO asks me to review global incidents for last two years and discuss major five security threats and ways to overcome these threats. On the behalf of this information, Emirates can know about experience of security breaches of other organizations and major security threats or risks. This information can be used as a good source of knowledge to plan ahead regarding information security maintenance (GTN SCS, 2017). Main Body In last two years various security breaches have encountered by business organizations that were using information technologies for storing huge amount of business information such as records of business customers with their personal and credit card information, employees information with their salaries and other essential information, etc. This information is responsibility of an organization to maintain securely into its databases. But, number of cases of information security breach, hacking and phishing attacks are commonly encountered. In incidents of information security breaches, cases of Kaspersky, Anthem, and Ashley Madison and OPM organizations are so popular (Forbes.com, 2017). As a security manager, I have reviewed these cases thoroughly and found out top five threats that are encountered by these organizations. These organizations have faced vulnerable information security breaches regarding hacking of personal and credit card information of their potential customers, emp loyees information, orders placed by customers, their inventory and other important business information. As we have discussed above that Emirates is also concerned about these issues of information security, so evaluation about main threats of these cases will be a good source of knowledge for further planning. Five Major Information Security Threats Hacking and Phishing Attacks Malware Attacks SQL Injection Attack Lack of Encryption Outdated Security Software Hacking and Phishing Attacks The threat of hacking and phishing attack has found so common among above mentioned incidents of different business organizations. In above incidents, most common is of hacking and phishing of login credentials such as username, passwords, credit card information and personal information of customers and business information of employees. So it can also be a big threat for Emirates that information from its databases can also be hacked or stolen by hackers (Kuranda, 2017). Malware Attacks Malware attack is also a big problem for information security in business organizations. For stealing information from database or system, malware backdoor attack is conducting by hackers. Emails are sent to users with vulnerable attachments of malware. When attachments are opened by users then programming script works and malware spread into system to access information (Caldwell, 2012). In case of OPM organization that we have mentioned above, by using contractors login credentials malware backdoor attack was conducted in the network to access confidential information of company. OPM was unable to detect reason for 343 days. From this, we can notice vulnerability of malware attack (Databreachtoday.in, 2017). SQL Injection Attack SQL injection attack is mostly implemented on SQL databases by attackers to steal information. It is a code injection technique which is used to attack data driven applications. In this attack, wicked SQL statements are inserted into an entry field for execution. Through SQL injection attack, attackers inject a code into companys database to access personal and credit card information of customers. It is actually a programming script that can pick customers records from databases. If database is not kept secure by security departments of business organizations then this type of attack can be easily conducted by hackers. Therefore, in case of Emirates organizations, it is responsibility of ISIA department to be careful about these types of SQL attacks (Data breach activity is getting worse, 2007). Lack of Encryption Lack of encryption in data storage or transferring data over network is a vulnerable threat for users. Encryption is an effective way to encrypt data into unreadable form that is harder to guess or understand by hackers. If developers and security experts will not be careful about encryption of databases information then chances of hacking will be increased. In case of above companies, lack of encryption was also a major threat for information security threat. The airlines industry consists of sensitive data into its databases. Therefore, encryption of this sensitive data is required. Outdated Security Software Outdated security software considers an information security threat because outdated software are not able to maintain security of information for long time that is stored into it. Any malicious code can be infected this software easily and it is difficult to detect that problem in outdated software solutions. Emirates Airlines must be careful about regular updates of software solutions. Otherwise, above problems can be faced by this company. These are major threats of information security and privacy that I have reviewed in security incidents that are happened in last two years. Now in next segment of this report, we will emphasize on ways that can be used to overcome these threats. Ways to Overcome Threats Following are some essential ways to overcome threats: Advanced Anti-Virus Solutions Encryption Authorized Access of Database Firewall Advanced Anti-Virus Solutions The use of advanced anti-virus into system is important to get prevention from virus attacks. In a business organization like Emirates, all systems should be equipped with anti-virus. Anti-virus scans whole system and database resides into system to identify virus and after deducting virus, it is also removed by anti-virus (Greene, 2017). Encryption Encryption is a type of cryptography that is used to encrypt data into unreadable form. To prevent information from hackers, most of the companies send information in encrypted form over network, so that hackers cannot understand this information or can guess. The information security officers of ISIA department must use this technique for maintain information security (World Economic Forum, 2017). Authorized Access of Database In an organization, the access of confidential information should not be provided to every employee. The administrator of database should have access of server and all computers in organization and he should also decide that to whom permission of database access should be provided. The login credentials of every user should also set by administrator. If authorized access policy will not be implemented into database then every employee will try to access important information and may some employees try to leak information to hackers (Ravelin, 2017). Firewall Firewall is a software that is in-built into operating system. It is used to prevent system from unwanted entities. If firewall is in on mode and finds an unknown entity, then it will give alert message to user to aware about it. After getting this information, user try to block that entity by using blocking software (Densham, 2015). It is an effective to keep away bugs and vulnerable things from system. Therefore by using above ways the CISO of ISIA department can maintain security Emirates Airlines information. The information of airlines companies is very sensitive and need to be kept secured and confidential. Above discussed solutions will provide appropriate results if these will be implemented properly by security experts, developers and employees in an organization. Conclusion After this whole discussion we can say that in this report major security threats are discussed that can be faced by Emirates airlines, if proper security will not be maintained for information. Now, the security threats encountered by other business organizations are in notice of Emirates Airlines and on the behalf of this information, organization can make strategic plans to enhance level of security. It is matter of reliance of customers on an organization regarding security of their information. Therefore, business organizations must do all potential efforts to keep this trust. References GTN SCS. (2017). Top 10 Threats to Information Security. [online] Available at: https://scsonline.georgetown.edu/programs/masters-technology-management/resources/top-threats-to-information-technology [Accessed 11 Apr. 2017]. Forbes.com. (2017). Forbes Welcome. [online] Available at: https://www.forbes.com/sites/quora/2015/12/31/the-top-10-security-breaches-of-2015/9/#bd0f3cef78c3 [Accessed 11 Apr. 2017]. Kuranda, S. (2017). The 10 Biggest Data Breaches Of 2015 (So Far). [online] CRN. Available at: https://www.crn.com/slide-shows/security/300077563/the-10-biggest-data-breaches-of-2015-so-far.htm?itc=refresh [Accessed 11 Apr. 2017]. Greene, T. (2017). Biggest data breaches of 2015. [online] Network World. Available at: https://www.networkworld.com/article/3011103/security/biggest-data-breaches-of-2015.html [Accessed 11 Apr. 2017]. Databreachtoday.in. (2017). Latest breaking news articles on data security breach. [online] Available at: https://www.databreachtoday.in/news [Accessed 11 Apr. 2017]. World Economic Forum. (2017). Four threats to aviation security and four responses. [online] Available at: https://www.weforum.org/agenda/2016/07/four-threats-to-aviation-security-and-four-responses/ [Accessed 11 Apr. 2017]. Ravelin. (2017). Fighting fraud in the airline industry. [online] Available at: https://www.ravelin.com/blog/fighting-fraud-in-the-airline-industry [Accessed 11 Apr. 2017]. Caldwell, T. (2012). Reporting data breaches. Computer Fraud Security, 2012(7), pp.5-10. Data breach activity is getting worse. (2007). Network Security, 2007(4), p.16. Densham, B. (2015). Three cyber-security strategies to mitigate the impact of a data breach. Network Security, 2015(1), pp.5-8.