Safety of the electronic data is often regarded as the key aspect of a company’s successful performance on the market, as it helps to keep the secrets of success in a safe place. Moreover, the confidential information associated with consumers will not be disclosed, which essentially affects the customer care policy. The aim of this paper is to analyze the cases of software attacks that are closely linked with business network security drawbacks. These cases are closely linked with the matters of the company’s data security, as well as the opportunity to protect the important data from malware, Hackers targeted attacks, information system destruction, etc. The cybercrime instances are closely linked with the banal violation of the security rules, as users often neglect the basic network safety, thus, causing infection of a single PC or the entire network. Then, cyber-criminals make attempts of stealing protected information.
Information and Business
Information and business are regarded as the two integral elements. This is explained by the fact that information is the key ruling force of business development independently of its origin and background. Whether it is marketing information, business analysis, customers’ database, etc, it plays an important role in business development and decision-making. Information security is one of the burning issues for business, as the technical revolution has promoted not only the ways of information storage and promotion but tools for network attacks as well. Hence, the key principle of informational safety depends on network security and defense from hacking attacks.
As for the importance of data security for business, numerous researches are based on the concepts that network safety and protection is the key aspect of data security. While databases may contain confidential information, business safety, in general, depends on the reliability of securing this information. The consequences of confidential information disclosure are various, ranging from lack of consumers’ trust and to the destruction of the entire informational structure of a company, which may end with the termination of the company.
Network Security Issues
The aspects of network security are generally defined by the technical opportunities of network attack specialists. In general, these are the software tools and hacking attacks, targeted at disclosing the protected information. These attacks may be targeted at protected systems, and end with password deciphering, or at collecting the protected information from databases and further use of this information with the aim of getting benefits.
One of the most widely spread ways of targeting protected information is malware. As it is stated in Cherry (75):
It is important to ensure data security through regular housekeeping such as backing up files, password routines, and system logs. It is important to remove access from employees who leave, otherwise they may still be able to access customer records. As your data will be stored in one location on the server, physical security is very important. See our guide on keeping your systems and data secure.
In the light of this statement, it should be emphasized that the actual importance of malware protection is explained by the importance of protecting the information by complicated passwords and restricted access to the information (Morris, 231).
In general, malware is the term for numerous programs that are closely linked with offensive software aimed at infecting and infiltrating computers. This infection is performed without owners’ knowledge of infiltration. The damages may range from stealing the required information (documents, passwords, system information), to damaging system files causing system failure. In fact, business network security is the most vulnerable sphere for information attacks, as it is targeted the most. As the key aim of the attack is getting a benefit, the benefits of attacking the business informational network is higher in comparison with attacking a private computer.
The key types of malware are viruses and worms. However, the technical basis of attackers is wider. It involves Trojans, backdoors, keyboard loggers, root-kits, and various types of spyware (Sandler, 48). Hence, the key aim of the malware attack is the quiet penetration into the system, and stealing the required information. In fact, these software types are intended to provoke a computer user to make a mistake and ignore security rules, as experienced users, who know the mechanisms of information-stealing are too accurate and watchful.
Spam may be regarded as a related problem, as it is often used for spreading malware and phishing techniques. The network bots that are involved in sending spam and malware are generally remote-controlled in order to secure the position of the network criminal, and spam messages that are sent by these net-bots are aiming at the users’ security negligence, often trying to get benefits from curiosity, love to free rides, unexpected surprises, etc. In accordance with ITU Report (1), the following statement should be emphasized:
Spam and malware have multifaceted financial implications on the costs and the revenues of participants in the ICT value chain. Costs of all stakeholders across the value network of information services, such as software vendors, network operators, Internet Service Providers (ISPs), and users, are affected directly and indirectly. Cost impacts may include but are not limited to, the costs of preventative measures, the costs of remediation, the costs of bandwidth and equipment, and the opportunity costs of congestion.
In the light of this statement, the security measures against malware will require users’ awareness on the matters of network security, and security training, as in accordance with the research by Morris (345), the security costs may be decreased by 70% if users observe at least basic security rules.
Hacking Cases Analysis
Attacking various business networks is the general tool for getting confidential business information. It may be performed either by infecting a selected computer or by direct attacking without infecting by targeting any port open. The aspects of cyber security, as well as protection against hacking attacks, are closely associated with the matters of implementing information protection policies and security rules.
One of the most widely spread ways of attacking is called DDOS attack (Distributed Denial of service) when the webserver of any selected company is overloaded by the avalanche of ping requests. This causes failure of the entire web server, and possible loss of important data. Thus, the largest instance of DDOS attacking was registered in 2000, when CNN, Yahoo, Amazon.com, e-Bay, and some other commercial sites had been subjected to attack. The NIPC reports that these attacks are rather common for the sphere of e-commerce, and it has also created a software tool that helps to detect the attack. After the attack instance, NIPC cooperated with the FBI, as well as National Infrastructure Protection for creating the critically important logging of the attacks. Hence, in a few days, the roots of the attack had been found in Canada, and Royal Canadian Mountain Police was attracted for cooperation. The suspect had been arrested, and the case, in general, showed that an immense breakthrough is made in the sphere of electronic investigation. This example reveals the fact that the criminal actions aimed at causing a web server failure are generally regarded by criminals as entertainment, as the suspect arrested was a juvenile, and did not mean to have any material advantage. (Committee on Government Reform, 24)
Another example of a hacking attack was registered in 2000. Multiple e-commerce websites were attacked with the only aim – to steal credit card numbers available. The estimated losses were up to $ 3.5 million. Furthermore, the credit card numbers were posted in various open databases. The hacker was arrested a few months in the UK with the assistance of Dyfed Powys Police Service (Wales, UK). In spite of the fact that the legislation sphere had not been extensively developed by that time, UK’s Computer Misuse Act 1990 was applied. (Reed, 2)
Considering these cases, it should be emphasized that the main aim of hackers is information. Sometimes that act using their own knowledge, courage, and insolence. Sometimes, they use ignorance of the elementary safety rules that are revealed by PC users. Anyway, independently of the reasons and roots of the numerous crimes fixed, the safety rules should be steadily observed. The safety rules for the business sector are as follows:
- The company needs to have a strong firewall and proxy in order to keep unauthorized and unwanted visitors out of the network.
- Reliable antivirus software, as an Internet Security package, should be installed and properly adjusted.
- Reliable password protection and policy should be implemented. Passwords should be changed regularly.
- The use of wireless connections should be minimized, and if used, the passwords should be reliable and robust.
- Employees and users should be properly trained in order to observe at least basic security rules.
- Network monitor may be used as an inevitable part of the network security regulations. (Simmonds, 320)
Regardless of the fact that the general reasons for hacking are closely linked with the values of internet security, one of the most widely spread attacks is aimed at collecting passwords for further access to closed databases. The techniques are described in various sources, and the key classification of these techniques are as follows:
- Brute-force. This is the simplest way of password attacking, as it presupposes trying to guess passwords by entering new combinations. This may be performed either manually, or automatically when a software pack uses a dictionary and tries to suit password in accordance with the given rules (length, range of symbols, etc)
- Packet sniffers are aimed at catching the transmitted information, and the main aim of this software is to glean data from the compromised networks.
- IP-spoofing. This tool is based on the principle of making the malicious computer to be regarded as a reliable or trusted resource.
- Trojans are regarded as the invasive tools of stealing confidential or closed information. These methods are used for poorly protected networks.
The preventions measures for password hacking protection are described by Amberg (98):
Automated testing (e.g., dictionary scanning), human behavior (e.g., lack of diversity in usernames and passwords), and other security flaws make it easier for password attackers to succeed. Unfortunately, there is no single method to prevent password attacks, though combining network traffic analysis along with the old stalwarts of email scanning, virus protection, firewalls, and an educated workforce can all together form a strong defense for any network.
Network security, the instances of hacking attacks, and violations of the network security rules are closely associated with the matters of security in general, as well as national security. If business organizations are subjected to attacks, and various instances of data-stealing are registered, national security is also endangered. On the one hand, the regarded instances show the clear intention of the governmental organizations to cooperate, however, healing of the consequences is less effective than prevention, hence, governmental organizations should care about protecting their information in advance. In accordance with Morozov (18), the following statement should be emphasized:
From a national security perspective, cyber-attacks matter in two ways. First, because the back-end infrastructure underlying our economy (national and global) is now digitized, it is subject to new risks. Fifty years ago it would have been hard—perhaps impossible, short of nuclear attack — to destroy a significant chunk of the US economy in a matter of seconds; today all it takes is figuring out a way to briefly disable the computer systems that run Visa, MasterCard, and American Express.
In the light of this statement, it should be emphasized that the actual importance of cybercrime protection is closely associated with the protection of the existing economic and informational network. Stealing numbers of credit cards are one of the most serious forms of the cyber-crime, and the key reason for these violations is the low cyber-security awareness of the end-users, like banks, credit card companies, and other e-commerce organizations do everything possible for securing the data of their users and clients. Additionally, all the developed, and some of the developing states care about the economic safety of their citizens, hence, they protect the networks which are used for the economic data exchange, let alone military, political, scientific data, etc.
Network Security Protection Issues Analysis
In general, the increasing numbers of cyber-security problems are closely linked with resource scarcity (Morozov, 2009). This is explained by the fact that the actual significance of network security is closely linked with the values of data protection. The key danger of a possible cyber attack is explained by the fact that such an attack may involve thousands of computers all over the world. Small Trojans, infecting other computers, may involve them in the DDOS attack process, while the owners of these PCs know nothing about it. This means that the investigation process becomes even more complex, as while experts need to find the suspect, they will inevitably come across the victims of the Trojan infection. Hence, the common PC users become the participants of the crime only because of their negligence and ignoring of the safety rules.
As for the matters of DDOS attacks analyzed in this paper, it should be emphasized that the protection measures involved are based on the traditional crime investigation measures, while cyber-crimes require the involvement of principally new measures, as well as protection tools. Regardless of the structure, whether it is a business or governmental organization, the informational space should be protected reliably in order to avoid possible losses associated with the disclosure of the protected information. Unfortunately, some leaders do not realize the importance of cyber-protection measures, however, the losses will be essentially higher in comparison with the potential expenses.
The protection issues are not too complex; however, they need to be observed. The key rules are few: change passwords, do not disclose the protected information, delete the information which is not used, and do not install suspicious applications, as they may contain viruses and worms. On the one hand, most people clearly realize the importance of these rules, on the other hand, curiosity rules them. Hence, most of the protection measures, implemented by the organizations, are aimed at protecting people from themselves, as hackers and cyber-criminals are basing their activity on human sins and foibles.
An essential part of cyber attacks is closely linked with the spread of malware, viruses, and Trojans. They are aimed at infecting a wide range of users and participants for performing the tasks of cybercrime by attacking other computers. These attacks may be either directed at decreasing the productivity of a computer included in a network, or for stealing important information. The protection measures involve the simplest safety rules as well as the most complex technical appliances which are aimed at protecting users and computers from network attacks and viruses. However, business networks and governmental structures are inevitably subjected to the danger of cyber-attacks.
Amberg, Elizabeth. “Software Focus on Security.” T H E Journal (Technological Horizons In Education) (2000): 98.
Committee on Government Reform. Computer Security: Cyber Attacks — War Without Borders. House of Representatives. One Hundred Sixth Congress, 2000.
Cherry, Michael, and Edward Imwinkelried. “The Causation Issue in Computer Security Breach Cases.” Judicature 93.2 (2009): 75.
ITU Report. ITU Study on the Financial Aspects of Network Security: Malware and Spam. ICT Applications and Cybersecurity Division, Policies and Strategies, department ITU Telecommunication Development Sector. 2008. ITU Home.
Morozov, Evgeny. Cyber-Scare: The exaggerated fears over digital warfare. Boston Review, 2009.
Morris, Martina, ed. Network Epidemiology: A Handbook for Survey Design and Data Collection. Oxford: Oxford University Press, 2004.
Reed, Robin. Raphael Gray internet “hacker” exposes Microsoft security weaknesses. MJReedSolicitor, 2001. Web.
Sandler, Irene. Road Warriors on Trojan Horses: Ensuring End User Compliance Reduces the Cost of Network Security. T H E Journal (Technological Horizons In Education) 33.1 (2005): 48.
Simmonds, van Ekert. An Ontology for Network Security Attacks. Lecture Notes in Computer Science 3285: 317–323. 2004.