Information technology has greatly advanced in the 21st century, with increasing global interconnectivity. Data and information used by organizations are mainly stored or carried through cyberspace. This comes with many vulnerabilities or risks that can be exploited by criminals, competitors, terrorists and unauthorised agencies to access organization resources. Cybersecurity can be described as the utilisation of technologies, standard processes and practices to protect information systems including data, computers, software programs and network, from attack, unauthorized access and modification, destruction or theft. The roles of cybersecurity in an organization are explained below:
- Protection of assets: Intangible assets of organizations such as computer software, patents, intellectual property (IP), company information, literary work, licensing agreements, employment contracts and trade secrets are mainly stored, managed and shared on network systems. Securing these data and information protects the mission or function of the organization. Cyber insecurity can result in theft of IP, trade secrets and valuable company information, which can cause financial loss, business shutdown or breakdown of business relations. In 2010, for example, Google reported IP theft by operators from China, who exploited weaknesses in Internet Explorer to hack into their Google China Operation [1, 2]. This incident affected business relations between Google and China.
- Protection of business functions/activities: Many organizations provide several services using the internet. Financial institutions operate electronic banking services which provide 24-hour access to funds and secure banking transactions. Without adequate cyber security, network systems can be overloaded in a ‘denial of service’ attack, shutting down electronic services temporarily. For example, in January 2016, HSBC UK suffered a ‘denial of service’ attack where customers were denied access to internet banking for several hours . Such incidents can frustrate clients and potentially lead to loss of customers. Further, it can ruin the reputation of the organization.
- Protection of company records: Organizations manage records of finances, employees, physical assets, passwords and access codes to sensitive information or to carry out specific tasks on network systems. These sensitive information must be secured from unauthorized modification or access by both employees and hackers. In 2014, for example, it was reported that over 1.2 billion passwords were stolen by Russian hackers . These criminals were able to extract records from compromised network systems. Quite recently, hackers were able to modify chemical levels used by a water treatment facility by exploiting vulnerabilities in their outdated IT network system .
- Protection of customers/clients: Many organizations store personal records of clients on network systems. A breach of security controls or exploitation of system vulnerabilities by hackers or sometimes unauthorized employees can result in data privacy issues. Unauthorized persons or agencies can gain access to sensitive personal information leading to identity theft and misrepresentation. In 2015, LastPass, a password–storing company, suffered from brute force attack where master passwords of customers, email addresses and password reminders were stolen . Such incidents put privacy of clients at very high risk since the passwords could be used to access other information such as bank and social media accounts, and health records. Another example is the eBay cyber-breach in 2014 where personal details of over 145 million accounts were stolen .
Cybersecurity plays a critical role in an organization. Information security controls protect the business function of an organization and must be considered throughout the business life cycle. It is recommended that organizations subscribe to periodic cybersecurity audits to identify its unique security needs. This can help the organization plan, develop and implement effective measures to secure organization resources.
- Harvey M, Correspondent T. China accused of cyber attack on Google and “global industrial targets” [Internet]. The Times. [cited 2016 May 26]. Available from: http://www.thetimes.co.uk/tto/technology/article1859862.ece
- Branigan T. Google to end censorship in China over cyber attacks [Internet]. the Guardian. 2010 [cited 2016 May 26]. Available from: http://www.theguardian.com/technology/2010/jan/12/google-china-ends-censorship
- Osborne H. HSBC suffers online banking cyber-attack | Business | The Guardian [Internet]. the Guardian. [cited 2016 May 26]. Available from: http://www.theguardian.com/money/2016/jan/29/hsbc-online-banking-cyber-attack
- The Irish Times. Russian hackers “steal 1.2bn passwords in largest ever breach” [Internet]. The Irish Times. [cited 2016 May 26]. Available from: http://www.irishtimes.com/news/world/europe/russian-hackers-steal-1-2bn-passwords-in-largest-ever-breach-1.1889059
- Jerome S. Hackers Infiltrate Water Plant Modify Chemical Levels [Internet]. Water Online. [cited 2016 May 26]. Available from: http://www.wateronline.com/doc/hackers-infiltrate-water-plant-modify-chemical-levels-0001
- Pagliery J. Irony alert: Password-storing company is hacked [Internet]. CNNMoney. 2015 [cited 2016 May 26]. Available from: http://money.cnn.com/2015/06/15/technology/lastpass-password-hack/index.html
- RT International. eBay cyber-breach: 145 million records hacked [Internet]. RT International. [cited 2016 May 26]. Available from: https://www.rt.com/news/160480-ebay-hack-change-passwords/
By: Aaron O. Amankwaa (BSc (Hons), MSc), Forensic Scientist
©2016 Scientect e-mag | Volume 1 (1): A8