What is Information threats ? Cryptography
Modern technology and society’s constant connection to the Internet allows more creativity in business than ever before – including the black market. Cybercriminals are carefully discovering new ways to tap the most sensitive networks in the world. Protecting business data is a growing challenge but awareness is the first step. Here are the top 10 threats to information security today:
Technology with Weak Security – New technology is being released every day. More times than not, new gadgets have some form of Internet access but no plan for security. This presents a very serious risk – each unsecured connection means vulnerability. The rapid development of technology is a testament to innovators, however security lags severely1.
Social Media Attacks – Cybercriminals are leveraging social media as a medium to distribute a complex geographical attack called “water holing”. The attackers identify and infect a cluster of websites they believe members of the targeted organization will visit2.
Mobile Malware – Security experts have seen risk in mobile device security since the early stages of their connectivity to the Internet. The minimal mobile foul play among the long list of recent attacks has users far less concerned than they should be. Considering our culture’s unbreakable reliance on cell phones and how little cybercriminals have targeted them, it creates a catastrophic threat.
Third-party Entry – Cybercriminals prefer the path of least resistance. Target is the poster child of a major network attack through third-party entry points. The global retailer’s HVAC vendor was the unfortunate contractor whose credentials were stolen and used to steal financial data sets for 70 million customers3.
Neglecting Proper Configuration – Big data tools come with the ability to be customized to fit an organization’s needs. Companies continue to neglect the importance of properly configuring security settings. The New York Times recently fell victim to a data breach as a result of enabling only one of the several critical functionalities needed to fully protect the organization’s information4.
Outdated Security Software – Updating security software is a basic technology management practice and a mandatory step to protecting big data. Software is developed to defend against known threats. That means any new malicious code that hits an outdated version of security software will go undetected.
Social Engineering – Cybercriminals know intrusion techniques have a shelf life. They have turned to reliable non-technical methods like social engineering, which rely on social interaction and psychological manipulation to gain access to confidential data. This form of intrusion is unpredictable and effective.
|
|
|
Lack of Encryption – Protecting sensitive business data in transit and at rest is a measure few industries have yet to embrace, despite its effectiveness. The health care industry handles extremely sensitive data and understands the gravity of losing it – which is why HIPAA compliance requires every computer to be encrypted.
Corporate Data on Personal Devices – Whether an organization distributes corporate phones or not, confidential data is still being accessed on personal devices. Mobile management tools exist to limit functionality but securing the loopholes has not made it to the priority list for many organizations.
Inadequate Security Technology – Investing in software that monitors the security of a network has become a growing trend in the enterprise space after 2014’s painful rip of data breaches. The software is designed to send alerts when intrusion attempts occur, however the alerts are only valuable if someone is available to address them. Companies are relying too heavily on technology to fully protect against attack when it is meant to be a managed tool.
Cryptography or cryptology is the practice and study of techniques for secure communication in the presence of third parties called adversaries. More generally, cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages; various aspects in information security such as data confidentiality, data integrity, authentication, and non-repudiation are central to modern cryptography. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, and electrical engineering. Applications of cryptography include ATM cards, computer passwords, and electronic commerce.
Modern cryptography is heavily based on mathematical theory and computer science practice; cryptographic algorithms are designed around computational hardness assumptions, making such algorithms hard to break in practice by any adversary. It is theoretically possible to break such a system, but it is infeasible to do so by any known practical means. These schemes are therefore termed computationally secure; theoretical advances, e.g., improvements in integer factorization algorithms, and faster computing technology require these solutions to be continually adapted. There exist information-theoretically secure schemes that provably cannot be broken even with unlimited computing power—an example is the one-time pad—but these schemes are more difficult to implement than the best theoretically breakable but computationally secure mechanisms.
|
|
|
Дата добавления: 2018-06-01; просмотров: 391; Мы поможем в написании вашей работы! |
Мы поможем в написании ваших работ!