B1 Threats to data GapFill

Data is key to businesses, and trying to access that data has become a lucrative business to hackers and malware writers. If you own a business that’s been subject to a  ransomwarephishingviralworm attack, you may stump up thousands of pounds to decrypt your data if you don’t have a recent backup. Long gone are the days when viruses arrived on a floppy disk and slowed down your computer or deleted a few files, or sent a cute message to everyone in your email address book. Today’s threats are much more dangerous – and if we’re not careful, we can be very vulnerable to them – even if it’s just human error accidentally clicking on a link in an email.

There are three types of hacker. The type of hacker who deliberately breaks into computer systems are called  greengreyyellowblack -hat hackers. The other two are less dangerous, just trying to see what they can do for a challenge and some may even be invited to hack a computer system to find weaknesses. Sometimes, hackers try to steal digital property owned by businesses. We call this  financial gainindustrial espionagenon-fungible token theftpersonal attack. Some hackers may use a botnet to flood a server with dummy requests – this will take down a web server, making it unavailable for customers. This is an example of a/an  information theftchallengepersonal(distributed) denial of service (DDoS) attack. Sometimes, attacks are personal. For example, a former employee with a grudge against their former employer might  log in to the system remotely and install malware or damage the systemsend the boss a letter of complaintdownload illegal material from the Internetconduct shoulder surfing in order to case damage or disruption.

There are two types of attack on a business, depending on whether the attack is carried out by an employee or a stranger. In May 2017, a major ransomware outbreak of WannaCry brought down IT systems throughout the world including those belonging to the NHS. We don’t know who started the attack, but they were unconnected to the affected businesses and organisations. Rather than being an internal threat, this was a/an  externalspywarepharmingespionage attack. This attack was possible because of a vulnerability in Windows. A software update called a  patchthreatanti-virusdenial of service had been released, but many people hadn’t installed it, or were still using an unsupported operating system.

When talking about malware, we often talk about viruses and worms as being the same, but they are very different. A virus  automatically runs and self-replicatesopens up a back door for other attackersencrypts all of your filesneeds to be run by the user. A worm on the other hand,  opens up a back door for other attackersencrypts all of your filesautomatically runs and self-replicatesneeds to be run by the user. Sometimes, attackers try to get users to give away information, such as sending phishing emails, making phishing phone calls, or leaving a malware-infected USB drive in a carpark for people to find. These types of attack are collectively called  social disruptionsocial engineeringsocial mediasocial surfing.

Internal threats can be deliberate. An example is when an employee  accidentally discloses dataaccidentally picks up someone else’s printingforgets to lock a doorleaks or steals data. But sometimes the threat is accidental such as  stealing confidential datatrying to access the human resources databasesending an email to the wrong person by mistakestealing paper from the shredding bin.

When a major company is subject to a data breach, and customer data such as passwords or credit card details are stolen, it can break on national news. This exposure can cause  damage to public imagepharmingdata lossloss of productivity and customers may cancel contracts with the service. If the company doesn’t report the breach to the relevant authorities, or dries to cover it up, they could face  legal actionphishingdowntimeshoulder surfing such as fines.