Information Technology Future Threats

The extent and speed with which information security challenges are growing in the twenty-first century endangers the reputation and integrity of trustworthy businesses. Although cyberspace provides huge opportunity for corporations and leading organizations, the environment is fraught with uncertainty and potentially dangerous threats. Cyberspace is a learning environment for cybercriminals and hacktivists. As a result, risks to digital information have expanded at an exponential rate, resulting in zero-day vulnerabilities with enhanced sophistication and reach (Nadeau, 2017). Furthermore, the global interconnection brought about by the exponential rise of internet technology and access has attracted social and corporate prospects. Therefore, organizations are at risk of emerging risks and how best to respond to these risks. As such, the paper tackles future threats to information security and how best to avoid a security breach.


Introduction


We live in a dynamic world where everything is changing including the internet and most importantly, the technological advancements in information technology (IT) and security. The massive reliance on information security has increased the volume of corporate and personal data as rewarding targets to cyber crime and state-sponsored sabotage. Consequently, the high levels of interconnectivity have provided a potential attack vector. Therefore, it is uneasy to prepare for future threats due to changing technology and the use of sophisticated software systems sold and used in the deep web. However, as new security threats emerge so does new anti-threat security features to minimize the risks (Susilo & Mu, 2014). Therefore, to understand the future threats in information technology, it is important to understand information security.


According to Kessler (2012), information security means the protection of information and information systems from third-party unauthorized use and access, information disclosure, information disruption, modification and the destruction of the integrity and confidentiality of information (23). Confidentiality is a very important aspect of information security because it avoids intrusion of data from unauthorized entry. Modern organizations and governments, strive to protect and maintain the value of information using information security systems (Kessler, 2012). Information security varies from one institution to another, and it affects the behavioral and structural aspect of the organization. Similarly, different employees and departments have access to specific information about the organization that creates their efficiency towards fulfilling the goals and objectives of the organization. Therefore, information security guides how the employees, management, and employers interact within an organization. As such, information security plays a significant role in maintaining autonomy and a competitive edge for an organization, an aspect that is under threat due to rising information security challenges. With this note, large organizations are heavily investing in information security to protect against targeted unauthorized access that could ruin their operations. Adaptive Access Control and Cloud Access Security Brokers are among the top technologies adapted to maintain the integrity and security of information. Also, to safeguard data security, large organizations have resolved to contract security groups to secure information (Kessler, 2012).


Ransomware


Ransomware is a malware infection that limits data and system access by locking and encrypting data or preventing users from accessing information until a ransom is paid. Crypto-ransomware is a threat to future information technology because it encrypts important information on infected systems and forces the system users to pay the attackers using specific online money transfer systems like Bitcoin to get the decryption key. The rise of crypto currencies presents future opportunities for ransomware because they operate on a blockchain where the digital currency cannot be traced. The price for ransom varies depending on the variant of the ransomware and the current digital currency exchange rate. Furthermore, recent ransomware attacks have listed alternative online payment options such as Amazon gift cards and iTunes giving attackers a variety of payment modes. However, in certain ransomware attacks, the ransom payment does not guarantee the decryption of the locked data or the unlock tool needed by the users to regain access to infected file systems (Palmer, 2017).


Ransomware infection can occur through a variety of means. Unwitting system users can download the virulent malware into the system through visits to compromised or malicious websites. It can also be spread through infected software applications and email spasms where attachments are added into a spammed email. Also, the system attack is known to be downloaded through malvertisments when users click to malicious adverts that are present on the internet. A rising number of attacks have occurred via the remote desktop protocol that does not require user interaction. Once the infection is executed depending on the variant, ransomware can lock the screen or targeted accounts. In a lockscreen subset of ransomware, the malware attack changes the login credentials of the user to a computing device. A full-screen notification or image can be displayed on an infected computer system preventing the user from accessing the system. For instance, pornographic materials can appear on the screen when the user tries to access the system after a malware attack. Similarly, in the second scenario, the attackers can target specific files that encrypted using the crypto-ransomware variant of the attack. The system user is denied access to predetermined valuable files using sophisticated encryption software until a certain amount of ransom is paid (Kshetri, 2013).


The first ransomware attacks first occurred in Russia in 2005 and 2006. During these attack instances, the infection locked access to the Windows desktop or browser in ways that could be easily reverse-engineered and reopened. In 2006, attackers used a ransomware variant that compressed and zipped specific files that were password-protected, and a note text file specified the amount of ransom to be paid. According to a report by Trend Micro, $300 was charged as a ransom for a zip-file attack in Russia. However, attackers have since then created advanced versions of ransomware, and in 2012, attacks spread to Europe and in 2013, the ransomware attacks were global. The widely spread ransomware attack that is commonly known is a Trojan horse named Cryptolocker. Cryptolocker was widely used in 2013 attacks that demanded ransom using Bitcoin (Palmer, 2017).


On the other hand, availability of ransomware kits on the deep web has facilitated cyber crooks to buy and use the tools to create ransomware infections with unique capabilities. Cybercriminals then generate the malware for their distributions and generation of revenue. In May 2017, WannaCry an advanced crypto-ransomware penetrated information systems and infected an estimated 250,000 systems worldwide (Palmer, 2017). According to information security experts, WannaCry uses asymmetrical encryption so that affected users cannot recover the decryption key. Bitcoin was used as the ransom payment method which implied that the ransom payment recipient remained anonymous, but the transactions were visible amounting to $100,000 in Bitcoin transfer. Ransomware attacks have affected many large organizations, and according to an IBM study, 70% of surveyed executives reported to have paid ransoms. Similarly, another study carried out in 2016 by Kaspersky Security stated that 20% of businesses did not regain access to their files after paying ransom fees. To avoid ransomware attacks, it is important to regularly update the security features to keep up with emerging threats. It is also recommended to use regular data backups such as crowd storage of data and ensure high-level encryption and limited access to only the authorized personnel. Most importantly, infected users should not pay the demanded ransom because they may not get the decryption key. Paying the ransom could be used to blackmail the user for other future (Heickerö, 2013).


Privacy Regulations


Privacy is a fundamental right in the US, and the United States’ policies on privacy have been focused on fair information practices such as data quality, collection limitation, use limitation, accountability, individual participation, purpose specification, and accountability. These principles are intended to ensure that individuals control their personal information and protect human dignity. However, the development of the digital age has helped companies to collect consumer information without reasonable safeguards. Online behavioral targeting and tracking is an invasion of privacy. Consumers get distressed especially without the awareness of who is tracking them (McMahon et al., 2016).


Information security laws also know as privacy regulations pose a big threat to the security of data. According to the Electronic Communication Privacy Act (ECPA), the government has the right to access digital information without any warrant. The law permits the government to fully access Facebook communication, emails, and public cloud data stored in cloud databases. In a recent Google report, the company stated that it processed 18,000 government requests for information in the second half of 2016. However, some Congressmen still feel that ECPA should be amended further to meet more stringent access to data that will further challenge information security. ECPA also dictates the federal government’s access to cellphone GPS tracking. The House of Representatives notes that there is growing support for the proposed GPS Act that would set guidelines and policies on how the government can access the location of its citizens which most people argue is an invasion of privacy (Layton & Watters, 2014). CFAA is another important legislation that stands for Computer Fraud & Abuse Act (1996) that prohibited unauthorized access to computer information systems. Before its amendment, federal authorities feared that computer-related crimes would go unpunished. Furthermore, the previous version of the Act limited federal intervention in computer fraud cases that were in the interest of the central government. The CFAA was initially misunderstood that it could prosecute employees for violation of organization’s privacy policies or the acceptable terms provided by the ISP. In the 2011 amendment of the CFAA, employees are not liable for privacy violation for non-governmental institutions. The 2011 Act also focused on prosecuting illegal access to personal information privacy and security. However, following the 9/11 terrorist attacks on the US homeland, the CFAA was amended further by the USA PATRIOT Act in 2001 (McMahon et al., 2016).


The Patriot Act gave the federal government and all law enforcement agencies the power to carry out mass surveillance to thwart terror and criminal activities. The law broke all barriers that prevented sharing of information among enforcement and defense agencies. The Act raised concerns over the infringement of civil liberties concerning the privacy rights of US citizens. However, following the leaking scandal when Edward Snowden, an NSA contractor leaked government information, the Patriot act was significantly heightened. Therefore, the act has threatened information security because it compels organizations to provide information access both in digital data and hard data (books, documents, and papers etc.) during investigations. The law also facilitates the use of wiretaps that anonymously target devices remotely without alerting the user. On the other hand, the Federal Privacy Act that was passed in 1974 that governs the use and collection of information maintained in the data records. The federal government is prevented from disclosing private data without consent unless under certain exception (Nadeau, 2017). As such individuals have the right to change inaccurate data and to be protected from data invasion.


Falsified Data Compromises


As the world progresses into the future, there is an exponential growth in the number of interlinked components reliant on the internet such as critical infrastructure related to corporations and nations. The possible devastation of falsified data compromises has become a major threat to information security. Experts indicate that successful kinetic attacks will not result in one or two information security break-ins or tweaks. Rather, information security system attackers will use a variety of elements and different procedures to breach data. As a result, hacktivists have resulted to aggressive data sabotage that threatens the integrity of secure data (Kessler, 2012). This has led to the growth of cybercriminals and unscrupulous business or nation rivals to result in falsified data compromise where they attack and destroy data sets of organizations and governmental institutions. In this type of threat, hackers delete parts of the data record; make modifications to destroy the data integrity and reliability. In the end, organizations using undetected falsified lack the capacity to make proper decisions leading to sever financial loss. Besides, manipulated data could lead to the manipulation of stocks and the leakage of confidential information destroying the reputation of an organization. According to research, data sabotage has been occurring in recent years. In 2010, Iran’s nuclear program was destroyed a minor Stuxnet worm that forced changes in targeted devices. Similarly, in 2013, the Associated Press Twitter account was hacked by Syrian hackers who claimed that President Obama was injured in a White House bomb attack. The news of the attack led the Dow Jones to drop by 150 points. Therefore, targeted data sabotage on both local and international scale can lead to severe consequences on the integrity of information and credibility of organizations (Heickerö, 2013).


Some potential catastrophic data sabotage attacks are carried out through the Internet of Things (IoT) which has grown drastically. According to IT professionals, the IoT is a massive platform for attacks because it allows users to interfere with systems that were previously untouchable. According to a survey by Gartner, there are currently 8.7 billion IoT endpoint devices a number that is expected to rise to 29 billion by 2020 (Gartner.com, 2014). Due to the immense opportunities offered by the internet, criminal groups take advantages of the levers of the society that have economic incentives. Therefore, hackers interfere with information such as tweaking a credit card to get a better rate.


Another threat that is crippling companies is the attack from company insiders. However, the debate over whether internal or external threats pose more risks is ongoing raising contentious issues. Nevertheless, most people argue that insiders are a great threat to information security. According to a recent survey, 43% of attacks were caused by internal elements in an organization such as IT professionals, contractors, and managers (Gartner.com, 2014). Companies are on high alerts due to the risks posed by insiders because historically outsiders were the main threats. In a recent series of lawsuits, Alphabet, Google’s parent company sued their former engineer Anthony Levandowski currently working at Uber for copying around fourteen thousand files and presenting them at Uber. Malicious employees are consistently causing daily data breaches and leaks. Furthermore, employee negligence leading to loss of credentials has resulted in phishing and the attraction of malware through spams or accidental sending of information to the wrong recipients. Insiders are a great threat because they know the whereabouts of an organization and can be under the radar for years. It is also hard to distinguish between regular works from harmful activities. Moreover, employees can carefully cover their actions making it hard to detect, and when detected, it is hard to prove that they were culpable for malicious actions (Susilo & Mu, 2014).


BYOD and Unsecured Mobile Devices


The smart phone market has grown drastically in the last few years due to a high level of competition among smart phone makers who entice consumers with their high-end, performance made devices. Smartphones have also led to the increase in a number of people with internet access across the world leading to interconnectivity. Majority of smart phone users lack the knowhow of securing their devices or lack the money for a premium subscription to top tech security companies. Maintaining high-level security in a company is therefore difficult due to the reliability of mobile devices. It is even more difficult if an organization uses the bring your own device (BYOD) policy. Employees also use their personal, organizational duties making organizations loss control over passwords, security and application downloads. Therefore unsecured employee personal devices can be used to launch an attack on an organization remotely. Therefore, organizations should ensure they have in place strict security protocols to avoid a data breach. Employees should also be advised to secure their devices using with affordable security packages that are highly available in the market (Kshetri, 2013).


Conclusion and Recommendations


In conclusion, the growth in information technology and security has also led to the growth of security threats through crooks that use sophisticated technology to breach data. As a result, organizations and government institutions should invest in information security to tackle emerging and future threats. As such, organizations and government bodies should implement high-end security encryptions that protect the integrity of data. Adopt crowd storage to avoid data transfer from one external source to another. Downloads should also be restricted to avoid downloading spam and other hacker-affiliated attachments. Security training is also important as it creates awareness among employees. Last but not least, data audits should be carried out regularly, and unencrypted devices should be banned in the workplace. Lastly, the security system should be automated to regularly update security passwords and build firewalls as well as track data to avoid future incursions (Goucher, 2016).


References


Gartner.com (2014). Gartner identifies the Top 10 technologies for Information Security. Retrieved from https://www.gartner.com/newsroom/id/2778417


Goucher, W. (2016). Information security auditor. Swindon, England: BCS, The Chartered Institute for IT.


Heickerö, R. (2013). The dark sides of the Internet. Frankfurt am Main, Germany: Peter Lang.


Kessler, G. (2012). Information Security: New Threats or Familiar Problems?Computer, 45(2), 59-65. http://dx.doi.org/10.1109/mc.2011.262


Kshetri, N. (2013). Cybercrime and cybersecurity in the global south. Springer.


Layton, R., & Watters, P. A. (2014). A methodology for estimating the tangible cost of data breaches. Journal of Information Security and Applications, 19(6), 321-330.


McMahon, R., Bressler, M. S., & Bressler, L. (2016). New Global Cybercrime Calls for High-Tech Cyber-Cops. Journal of Legal, Ethical and Regulatory Issues, 19(1), 26.


Nadeau, M. (2017). Future cyber security threats and challenges: Are you ready for what's coming?. CSO Online. Retrieved 25 November 2017, from https://www.csoonline.com/article/3226392/security/future-cyber-security-threats-and-challenges-are-you-ready-for-whats-coming.html


Palmer, D. (2017). Ransomware: An executive guide to one of the biggest menaces on the web | ZDNet. ZDNet. Retrieved 24 November 2017, from http://www.zdnet.com/article/ransomware-an-executive-guide-to-one-of-the-biggest-menaces-on-the-web/


Susilo, W., & Mu, Y. (2014). Information Security and Privacy. Cham: Springer International


Publishing.

Deadline is approaching?

Wait no more. Let us write you an essay from scratch

Receive Paper In 3 Hours
Calculate the Price
275 words
First order 15%
Total Price:
$38.07 $38.07
Calculating ellipsis
Hire an expert
This discount is valid only for orders of new customer and with the total more than 25$
This sample could have been used by your fellow student... Get your own unique essay on any topic and submit it by the deadline.

Find Out the Cost of Your Paper

Get Price