Corporate Data Security
Corporate data is one of the prized trophies in the circles of information underground. Despite the fact that there are elaborate corporate data security policies in place, new threats keep on emerging every once in a while. While most of the threats are easily contained if you follow a proactive approach to corporate information security, the process of management of information security is not an easy one and you must be aware of new threats to deploy countermeasures in time.
The main threat in these new generation issues is the emergence of Botnets. Botnets use the power of distributed computing and connectivity provided by the internet. It is mainly used for attacks like distributed denial of service. They are something of an evolution of run of the mill computer virus or a worm. They are something like a set of interconnected computer worms working in tandem.
The process of deployment of a Botnet is simple. Anyone who can write a computer virus can easily modify it to take orders from a precoded computer over an IP connection. Every computer that gets infected with the said virus and is not healed in time becomes a part of the Botnet. As of now, Storm Worm has been the widest spread Botnet. It has since been contained but the worst of Botnet is yet to come.
Phishing attacks are another form of emergent threats to data security management. In fact phishing is turning into the worst nightmare every information security manager. The concept behind phishing emerged on AOL network. The main reason that phishing is becoming a very critical threat is because the attacker poses as the official entity. People find it really hard to differentiate between what is real and what is unreal. The result is that social engineering becomes ridiculously easy.
In most of the cases, the phishing attacks have been launched against banking institutions. Phishers would lure customers of these banks to reveal their account information by present a page which is designed in such a manner that it looks as realistic as can be. In the recent times there has been a wave of phishing attacks where the attackers pose as the Internal Revenue Service. They are known to attack people for procuring their social security numbers and other taxation related data.
Another threat to corporate data security is Pharming. This attack works on the principle of DNS poisoning which allows the attacker to divert the traffic coming to a corporate web site to any other web site. The main victims of Pharming are again banking institutions but they are also known to be used for intra organizational social engineering to steal crucial company data.
A number of technologies are in development to prevent the damage dealt by these corporate data security threats. The best solution as of now is to educate the users and make sure that they do not fall victim to social engineering.
Leave a Reply