Threat Analysis (Phase 1 of Final Project)

Executive Summary

Information security research aims to tackle technical issues with information systems and, more significantly, to increase the effectiveness of information security. There have been numerous trials to address individuals who utilize the organization’s computer systems because they are the ones who cause the information system’s various vulnerabilities. The threats that end-users bring to the security of American International Group’s plans are examined and addressed in this study. Human factors have been discovered to be the most significant threat to security, despite the introduction of technology solutions to address system weaknesses.

Introduction

Information security can be defined as safeguarding an organization’s information and data in terms of confidentiality, integrity, and access. It’s worth noting that, no matter how many technical safeguards are in place, organizations will continue to have security breaches. This is because information security is both a technological and a human issue. Employees have been the primary source of these insecurities since they fail to follow the information security policies in place.

Individual hackers aiming to create a name for themselves by employing visible and visible exploits that are impossible to miss have given way to the structured and financially motivated attacker who employs stealthy ways to avoid discovery while slowly taking data from organizations for profit. Information warfare, cyber terrorism, organized crime, and sophisticated insider attacks are just a few of the risks that are becoming more prevalent (Johnson, & Easttom, 2020). Information technology threats include natural calamities, infrastructure failures, internal abuse, accidents, external targeted attacks, and external mass attacks.

Although it is normal for a security professional to assume that threats would come from malicious attackers, organizations must also consider the possibility of human mistake or accidents leading to security breaches. As dangerous as a well-organized hacking gang can be, most security teams spend significantly more time dealing with manual errors that occur in routine operations or other staff mishaps that can inflict just as much damage to the company by accident (Conklin et al., 2018). In general, each danger type will have a different chance of occuring. Many businesses, for example, are grappling with more regular and well-publicized mass attacks such as generic infections and phishing scams.

For many years, information security specialists and those from other media outlets have tried to understand the trends in data breaches. The trends in data breaches have been tracked and displayed, according to Statista (Morana & UcedaVelez, 2021). The records indicate the branches since 2005, with an upward trend in branches (Benson, McAlaney & Frumkin, 2019). For example, 157 data breaches were reported in 2005, exposing 66.9 million people. Seven hundred eighty-three breaches were reported in 2014, resulting in the exposure of 85.61 million records. As the years pass, the number of breaches appears to be increasing. As of 2020, the number of breaches has been 1001 million, with 15.8 million people exposed.

Chart Description automatically generated

Annual Number of Data Breaches and Exposed Records in the United States from 2005 to 2020 (in millions:

Source: https://www.statista.com/statistics/273550/data-breaches-recorded-in-the-united-states-by-number-of-breaches-and-records-exposed/

It is clear from above figure that trend is not continuing to rise. However, the number of breaches documented in 2009 was 498, a decrease from the total records of 656 in 2008. Following that, the number of breaches increased dramatically, from 35.7 million in 2008 to 225.5 million in 2009. Such numbers indicate that, despite a few breaches, individual breaches have been on the rise, resulting in a higher number of file exposures per single breach documented. However, the number declined in 2017 rose again from 2018 to 2019. The numbers recorded since 2019 to 202o reduced significantly from 1257 million breaches to 1001 in 2020.

Notably, between 2010 and 2011, there was a significant decrease in the number of data breaches. Six hundred and sixty-two data breaches were recorded in 2010, and four hundred and nineteen in 2011. The frequency of breaches reported has been steadily increasing since 2011. Six hundred and fourteen violations were reported in 2013, and seven hundred and eighty-three in 2014. In 2016, there were 1,093 breaches, and in 2017, there were 1,579.

Information System Vulnerabilities

Human factors are significant information system vulnerabilities, which include both purposeful and inadvertent acts that might lead to a security breach. Clicking on links from unknown senders, for example, provides a security risk to systems because such links typically contain malware and spyware that will take control of the system once accessed (Johnson & Easttom, 2020). It is important to remember that these unverified links compromise security since phishing attackers use social engineers to persuade individuals to disclose their information and that of others.

The security risk of information systems is further increased by the lack of strong passwords, or rather the usage of incorrect passwords that are too obvious. It may be deduced that actions that could jeopardize passwords include using passwords that are easily guessed by attackers, which poses a significant threat to information system security (Johnson & Easttom, 2020). To ensure that passwords are effective, best practices include choosing unique and long passwords that are difficult for attackers and cybercriminals to guess.

Another information system flaw is leaving computers turned on and unattended. Unauthorized personnel may take advantage of this and move sensitive data to their storage devices for their own nefarious purposes (Johnson & Easttom, 2020). To avoid this, people should make sure that their computers are constantly turned off when not in use to prevent unwanted access. There should also be systems is designed to guarantee that any attempted logins that exceed three are locked until the security administrator determines whether unauthorized persons attempted to access data.

Conclusion

To summarize, critical information system vulnerabilities can be described as human factors, which include both purposeful and unintentional acts that lead to a security compromise. The security risk of information systems is further increased by the lack of strong passwords, or rather the usage of incorrect passwords that are too obvious. It may be deduced that actions that could compromise passwords include using passwords that are easily guessed by attackers, which poses a significant threat to information system security. Another weakness in the information system is leaving computers on and unattended. Unauthorized individuals may take advantage of this chance to move sensitive data to their storage devices for their nefarious purposes.

References

Benson, V., McAlaney, J., & Frumkin, L. A. (2019). Emerging threats for the human element and countermeasures in the current cyber security landscape. In Cyber Law, Privacy, and Security: Concepts, Methodologies, Tools, and Applications (pp. 1264-1269). IGI Global.

Conklin, W. A., White, G., Cothren, C., Davis, R. L., & Williams, D. (2018). Principles of computer security: CompTIA Security+ and beyond (5th ed.). McGraw Hill Professional.

Johnson, R., & Easttom, C. (2020). Security policies and implementation issues. Jones & Bartlett Learning.

Morana, M. M., & UcedaVelez, T. (2015). Risk centric threat modeling: Process for attack simulation and threat analysis. John Wiley & Sons.