What is information security and why webmasters need it

Information security is the comprehensive protection of information and its supporting infrastructure against any accidental or malicious influences that could result in damage to the information itself, its owners or the supporting infrastructure. The objectives of information security are to minimize damage, as well as to predict and prevent such impacts.

Since the 2000s, cyber threats have become a concern for everyone from major government information systems to the computers of ordinary citizens. A cyber threat  –  is the illegal penetration or threat of malicious intrusion into virtual space to achieve political, social or other goals.

Cyber warfare between countries

The largest cyber conflicts are between states with the greatest computing and intellectual resources for cyber warfare. Information about electronic non-aggression agreements and virtual space confrontation between countries is highlighted in a separate article.

The eternal cyber war between Russia and the United States

Cybercrime has become the world’s largest area of criminal activity. 

Chronicle of events in the article:

  • Cybercrime in the World

Cybercriminals inflict enormous economic losses on individual organizations and entire countries every year:

  • Cybercrime Losses

Banks are cybercriminals’ biggest targets. The losses of financial institutions are reported in a separate article:

  • Banks’ Losses from Cybercrime

Often it is not criminals who cause financial damage to organizations, but rather their own employees who steal, delete data, or lose media outside the organization’s loop:

Losses from data breaches

Industry Specific

  • Information security in the company

Automobiles

  • Automotive information security

Banks

  • Information security in banks

Healthcare

  • Information Security in Medicine

Logistics and Transportation

  • Information Security in Logistics and Transportation

E-Commerce

  • Information Security in Electronic Commerce

Energy

  • Information Security in the Energy Industry

The market for information security solutions and services.

For example, for its reliability and security can compete with the Top Online Casinos Canada, as these sites with gambling themes installed the latest web security, which allows you to repel almost 99% of all known hacker attacks

Cybersecurity’s reach is expanding to become Digital Security.

To prevent losses associated with cybercrime, governments and companies are purchasing information security equipment, software and services. Information security tools for protecting information from unauthorized access.

Systems of identification and management of access to information resources of enterprise – IDM.

Information security threats

Analyzing potential cyber threats to an organization is a service that can be purchased in the marketplace.

Cyber Threat Research Services

Actions that threaten information systems can be divided into two main categories: internal (intentional and unintentional actions of employees) and external (network cyber attacks, media theft).

  • Internal threats

Internal threats are primarily related to data leaks:

Data leaks

The most common leaks are caused by the following actions taken by authorized users (employees, insiders):

  1. Deliberate theft, replacement with deliberately false or destruction of data on a workstation or server;
  2. Data corruption caused by the user’s careless or negligent actions;
  3. loss of data carriers outside the organization perimeter.

External threats

Electronic methods of influence carried out by hackers:

  • Unauthorized intrusion into computer networks;
  • DoS and DDoS attacks;
  • Computer viruses;
  • Spam;
  • Natural threats: A variety of external factors can affect the company’s information security: improper storage, theft of computers and media, force majeure and other circumstances can result in data loss.

Main problems of data protection in information systems

The ultimate goal of implementing security measures. Improving the consumer properties of a protected service, namely:

  • Service usability
  • Security when using the service

With respect to RBS systems it means preservation of money

For systems of electronic interaction this means control over the rights to an object and preservation of resources

Loss of any security features means loss of trust in the security service

What undermines trust in security services?

  • Information about theft of money and property, often presented in a hypertrophied manner;
  • People become fearful of unintelligible and therefore uncontrollable threats (cyberattacks, hackers, viruses, etc.);
  • Poor performance of the service provided,(failures, errors, inaccurate information, loss of information);
  • Not strong enough identity authentication;
  • Facts of fraud that people encounter or hear about.

On a legal level

  • Loss of security service legitimacy on a formal basis (expiration of certificate, site certificate, activity license, end of support);
  • Failures in ACS – OVC, confidentiality breaches;
  • Weak trust in the authentication service.

Failures and flaws in security systems, allowing to challenge the legitimacy of performed operations.

The construction of any computer network begins with the installation of workstations, hence the subsystem of information security begins with the protection of these objects.

Here are possible:

  1. operating system protection means;
  2. anti-virus package;
  3. additional user authentication devices;
  4. means of protection of workstations from unauthorized access;
  5. means of application level encryption.

On the basis of the above information protection means the first level of information security subsystems in automated systems is built. At the second stage of system development individual workstations are united into local networks, dedicated servers are installed and Internet access from local networks is organized.

At this stage the second level information security tools are used – the level of protection of the local network:

  1. security means of network operating systems;
  2. means of restricting access to shared resources;
  3. means of protection of the local network domain;
  4. user authentication server;
  5. proxy server firewalls;
  6. means of detection of attacks and vulnerabilities of local network protection.

When combining local networks into a common intranet used as a communication environment of public networks (including the Internet), security information exchange is provided by using VPN technology, which is the basis of the third level of information security.

Physical means of ensuring information security

Physical protection measures are various kinds of mechanical, electrical and electronic-mechanical devices and facilities specifically designed to create physical barriers to possible paths of penetration and access by potential violators to components of the information system and protected information. The list of physical methods of information protection includes:

  • Organization of a pass regime;
  • Organization of accounting, storage, use and destruction of documents and media containing confidential information;
  • Distribution of access control requisites;
  • Organization of covert control over the activities of users and maintenance personnel of the information system;
  • Activities carried out in the design, development, repair and modification of hardware and software.

When physical and technical methods are not available, administrative measures to ensure information security are applied. The experience of organizations with a complex information system organization has shown that the best results in achieving information security are achieved by using a systems approach.

Why IS risks are high in SMBs

Many small business leaders underestimate the importance of information security, believing that small companies are not as interesting to hackers as large ones. This is a misconception. Small businesses are very attractive to cybercriminals. First and foremost, they are not too concerned about security.

Not every small business has an IT specialist on staff, but illegal software and “left-handed” antivirus are common. Data may be stored in public folders, keys to remote banking systems (RBS) – in the drawer of the manager’s desk. The use of smartphones and tablets also increases the risk of corporate data leakage.

As analysis of incidents shows, as a rule, attackers do not go after any particular company, “siccing” viruses on everyone who gets their hands on them.

“And those who are less protected or not protected at all become the first ‘victims’ of hackers who, penetrating a company’s information network, steal secret keys, transaction or customer data,” as well as a host of other sensitive information.

Security Rules

There are a few mandatory information security rules that you simply must follow (2014).

Viruses and spam protection

Viruses and spam screen. The biggest threat to company security, according to experts, is malware. As of August 2014, about 200 thousand new samples of malware appeared every day. According to IS market participants, 95% of global companies were attacked by hackers at least once in 2013. An equally serious threat is the leakage resulting from unsecured sharing of corporate information via employees’ mobile devices.

To prevent these threats, it is necessary to give up “left-handed” software, install a firewall, and regularly update the antivirus.

Use the RBS computer only for RBS

The computer on which RBS is installed must be disconnected from local networks. You may not access the Internet from it, except for communications with the bank.

Not to use social networks and open Wi-Fi from work computers

If you use smartphones and tablet PCs at work or for storing information, you should not use them for accessing social networks or using public Wi-Fi.

Keep keys and passwords under lock and key

Moreover, some careless employees of a company don’t take a usb flash drive with the RBS key out of the computer at all. In case a hacker gains control of a computer it will result in stealing all secret keys and an intruder will use the RBS system on behalf of an organization. The information must be kept in a safe or other secure location and must not be accessible to outsiders.

Corporate data must be stored on a remote server

Commercial and personal data is best entrusted to cloud services. This is safer than in a folder on your desk or computer, on a thumb drive or removable drive. Data in data centers is stored encrypted and can only be accessed with digital signature keys.

Distinguish access to data between employees

It is also important to prevent internal threats – intentional or accidental violations of information security policy by company employees. These risks can be minimized by setting access to corporate information depending on the level of employees’ permissions. For example, the sales manager has information only on his customers, while the full database and the entire history of sales is available only to the head of the sales department. The chief accountant must have access only to accounting information, and the management accounting will be available only to the general director. Of course, in a small company it is difficult to achieve complete separation of functions, but you still have to try to separate information flows between employees. All of this will also reduce the likelihood of data leakage.