Common Risks in the PWC Information Security Surveys
The increasing technological developments have led to the rise of various information security risks. The application of advanced technology has significant impacts within organizations. Amongst these challenges, information security issues have been treated with great caution. A lot of research has been extensively done on the issue of information security and their implications on organizational processes.
The PWC is one of the remarkable international agencies that have done extensive research and surveys on the topic of information security (BIDGOLI 2006, pp. 23). It is vital for the organizations and other users to identify the common risks associated with information security. An analysis of the survey reports by the PWC indicates some common risks of information security. Observably, this is presented within a global context.
This paper analyses the PWC information surveys and discusses the various common risks identified by these particular surveys. Apart from this, the paper also indicates some of the in risks that have been prevalent in the past eight years.
An analysis of these reports indicates various risks of information security. It is important to indicate that cyber security has increasingly gained dominance in the global society. This is because to the instances of information breach that has been frequently reported from different organizations (EGAN & MATHER 2005, pp. 50). Most network administrators have specifically remained besieged in the present day.
This is in consideration of the increasing number of common security risks. As indicated within these survey reports, most IT professionals are increasingly getting troubled due to the influx in the number of these risks. The reports indicate that there exist several information security risks that can be dealt with in the present society. There are several wildfires to be dealt with by most information technology specialists.
According to these studies, several security officers indicated to be dealing or getting confronted by many insecurity threats. Some of these in clued the worms as well as the notable viruses (PWC 2004). Apart from these, the surveys have identified other insecurity elements such as “denial of service” attack. Other common information insecurity agents that have existed and caused trouble for a long period of time are notable.
As indicated from these surveys, these include the involvement of hackers (DELTA & MATSUURA 2009, pp. 56). Notably, the hackers are indicated to pose serious threats to the welfare of any information system within any organization. They have exceptional capacities, with abilities to grossly cause interferences with the information system mainstream. It is also noted that cyber terrorism has been widely regarded as a potential threat to information security.
In these surveys, this potential threat is given a global consideration. Another cited common information security concern is emergent or observable from most actions of the employees. Within organizations, there are employees whom are noted to engage in the utilization of instant messenger services. Apart from this, these employees might be downloading highly rated movies on the companies’ PCs.
Principally, these are some of the detrimental practices that interact to propagate the already high level of information insecurity within all global destinations. Most email attachments are indicated to be chief sources or threats to information security (KIZZA 2009, pp. 21). Observably, this has occurred for a very long period. Opening these attachments might lead to the expulsion of dangerous viruses as well as worms. These might be transmitted into the corporate network system.
The surveys have particularly emphasized on the ability of the dangerous viruses released from the attachments to propagate themselves. The VPN tunnel susceptibilities have been indicated within the report as other potential sources of information security. This vulnerability may enable any potential hacker to easily get into the main network mainstream and cause severe damages (Sigismondi 2011, pp. 15).
The combination of both the viruses as well as the notable worms is dangerous. According to these surveys, individuals have indicated that these blended attacks have severe implications within most information systems and networks. Most end users and IT professionals agree that a majority of the potential viruses have the capacity to blend with other marked security threats (FISCHER 2009, pp. 34).
This synergy is observed to lead into very severe implications within the general corporate network. There are other important information security threats that have been highlighted to be very common within these reports. For instance, the diversionary tactics have been widely indicated to be potential causers of the information insecurity within the networks. These tactics have mostly been applied by the hackers.
The tactics are used by the hackers to attack various points of the network and confuse the IT specialists or security officers. Other indications that have been notably identified by the interviewers during these two surveys can be noted. These comprise of the download that are always done from various websites (EC-COUNCIL PRESS 2011, pp. 45). It is vital to indicate that these highlighted threats to information security particularly apply to the organizations or individuals.
These are the major information technology beneficiaries. Addition of the supply chains as well as other external beneficiaries within a specific network chain might be a potential cause of security threat within information systems. The survey interview result indicates that most IT users and specialists regard external users as potential threats to all networks. Particularly, it has been noted that the situation arises when the main access point is not properly safeguarded or closed immediately any work process is completed.
The other potential threats to information security that have been identified in the two surveys include the Microsoft’s SOAP (KNAPP 2009, pp. 54). Basically, the initials refer to the “Simple Object Access Protocol.” This refers to an application that lacks critical features to enhance network or information security. According to these reports, the application does not have the built in security specifications.
The reports also highlighted common user practices that have been widely associated with increase in the level of information insecurity within most networks. For instance, it is indicated that actions such as renaming the documents by workers or individuals might lead to the emergence of information insecurity.
The PWC information security surveys reveal a lot of potential issues concerning the status and various applications that are likely to cause insecurity. There are other potential information security threats that are indicated in the reports to have emerged most recently.
Spear-phishing emerged as the most current threat that has caused remarkable trouble (DE BORCHGRAVE 2001, pp. 115). It s capacities to lead to dangerous intrusion within various information systems is also indicated within these reports. Generally, there are many reasons why these common information security threats have prevailed for a long period of time.
Lack of proper and comprehensive research on information technology and associated landscape threats is eminent. This might be viewed as one of the vital impediments towards total eradication of these threats. It is also important to note that the hackers and cyber thieves have increasingly modified and utilized some of these threats (SINGHAL 2007, pp. 38).
The high level of advancement of information technology also increases the level of propagation of these common threats to information security. Most workers, information technology specialists and end users do not possess the adequate or appropriate knowledge to manage these information security threats. Basically, there is great inadequacy in capacity building and knowledge management on information security amongst several user groups.
This is also applicable to the general population (JAKOBSSON & RAMZAN 2008, pp. 57). Lack of effective regulatory measures to deal with these threats to information insecurity is also a potential contributory factor to their persistence within most networks.
Evidently, most governments lack comprehensive polices addressing cyber crimes as well as other associated malpractices. This situation has made most of the hackers to propagate their criminal activities over the internet. Lack of skilled and adequate information security is also another critical factor in the process.
The Reduced or Non-Existent Risks
The transforming technological applications and services have generated a lot of information security issues. Generally, there are potential threats to information security that have been associated with this development (JONES 2004, pp. 23). The impacts of these information security threats on various business processes are globally eminent. Business organizations as well as other entities are increasingly getting concerned on the concept of information security within their system of operation.
The 2004 PWC information security survey highlights important revolutions that are currently observed in the development and extinction certain information security threats. Notably, the developed technological processes have led to the facing out of particular threats to security (STEWART 2010, pp. 30). This has occurred due to many reasons and factors within the information technology arena.
The 2004 survey report indicates a number of information security threats that have significantly reduced in action. According to the report, there are also other potential information security threats that have also been extinct. The reduction in the action of various threats emanating from the malware is indicated in the survey report. The survey indicates that the malware delivery is potentially muted.
There are several reasons for these developments. For instance, it can be noted that the emergence of other options might be a contributory factor for this notable trend. The emergence of other options such as the floppy disks as well as the emails has played a very significant role in ensuring this reduction (VACCA 2009, pp. 76).
The email attachments together with the common word-processor documents have also been responsible for this diminishing trend in the action of malware. Indeed, it is observable that the capacity of information security threat previously potentiated by the malware has significantly been minimized due to these factors (HUNTER & PILTZECKER 2003, pp. 45).
The highly intricate and sophisticate applications presently applied in the delivery of most soft information across different networks is notable. This trend has immensely transformed the threat landscape. The PWC 2004 report indicates that certain information security threats have considerably reduced in action. It is notable that these threats have been reduced compared to the previous periods when they were initially introduced.
The advanced technological developments have led to the extinction or reduction of these previously dangerous threats (RAY 2004, pp. 47). The report indicates that the effects or dangerous impacts of Trojan horse on the information security have potentially been minimized. This was a notable threat during the earlier days. However, presently, this trend has increasingly changed. This program was initially applied in the processes of system administration.
In the past, there has been several security threats associated with the application or presence of the Trojan horse. However, active research and development of powerful antivirus and other potential counteracting software materials have led to the reduction in action of this notorious virus. Nonetheless, it must be noted that this program still has detrimental impacts on information networks when introduced under certain conditions (CORPORATION 2011, pp. 76).
For instance, it is indicated that this program has negative impacts on networks or information when blended with other potentially dangerous forms of threats. In such contexts, the program has the capacity to act in synergy, causing remarkably dangerous impacts. Previously, this program had the capacity to perform several and diverse negative effects on the network (Straub 2008, pp. 61).
For instance, it could allow the total acquisition of the targeted PC. Additionally, it had the capacity to steal any confidential information present on the targeted system or network. However, the development of firewalls and other security mechanisms led to the minimization of these notable detrimental effects.
The effective management and control of most email attachments is critical. Presently, this has been adequately observed by most information technology within most organizations. This is because Trojan horse usually hid in the email attachments (PWC 2012). The survey report also indicates spoofing as another information security threat that has been significantly rendered ineffective.
Particularly, this is observable in the present state of high technological development. The ability of most hackers to deceive others has potentially been reduced. Previously, spoofing has been applicable within various domains. The mechanism enabled hackers to successfully deceive other PC users to imagine that their information sources were very legitimate. However, within the present day, spoofing has been minimized.
The report indicates that although certain types of spoofing are still eminent, there are particular types that have significantly been minimized (AXELROD, BAYUK & SCHUTZER 2009, pp. 112). According to the 2004 report, sniffing is another threat of information security that has been potentially minimized. Originally, the technique was widely applied in the repair of various challenges emanating from most networks in application.
Presently, the possible application of sniffing by most hackers has been seemingly reduced. A lot of developments within the technology industry have led to the development of applications. These contemporary applications have the capacity to monitor and block the targeted actions of sniffing processes.
The “denial of service” has also been indicated to be significantly minimized (PWC 2004). This is in terms of its present capacity to cause disruptions within various information centres. In the past years, this has been widely applied in the stealing of critical data of information. This dangerous application targeted at disrupting the system and blocking the dispensation of vital services to most legitimate users or beneficiaries.
The general risk of losing information through the breakages of hardware was eminent in the past duration. The PCs that were in use during the past durations also increased the susceptibility of critic al information to losses and contamination. However, this notable trend has since changed. Presently, organizations and individuals have more access to highly advanced and improved technologies.
These technologies have played a critical role in the increase of information safety (GALLAHER, LINK & ROWE 2008, pp. 67). For instance, the discovery of other data managment and storage technologies or approaches has led to the reduction of these earlier challenges.
The most recent developments have also played a critical role in the observable minimization. The development of technologies such as cloud computing technology has led to the development of significant contributions. With the application of cloud computing technology, organizations presently store and utilize the important information remotely. Observably, this also occurs for the individual users who have adopted the high nature of technological development.
Indicatively, the process increases data safety to significant levels. Apart from this, the risk of physical intrusion on vital data within organizations is significantly reduced (PROBST 2010, pp. 122). Generally, it is notable that many factors have led to the extinction or reduction of the capacity of most information security threats to cause detrimental impacts.
The increase in the level of technological development has potentially led to these developments (WESTBY 2004, pp. 61). There has been a remarkable research and education on the topic of global landscape threat as well as information security. These initiatives have played an important role in the development of proper information security management strategies.
The effective education has led to the rise of potentially qualified and skilled human resource within the information technology arena (JANCZEWSKI & COLARIK 2008, pp. 87). The personnel have been readily available to offer significant services within various corporations. Particularly, the security officers have played a critical role in enhancing this process.
There has also been an increased awareness creation and advocacies within different populations. These have led to high level of sensitivity and monitoring by most individuals as well as the end users. Indeed, there are bound to be significant transformations in information technology and its various applications in the future.
The New Types of Risks to Be Identified In the 2020 Survey
The increasing complexity in the application of technology has an important role. Generally, it is observable that this increase also leads to the complication on most problems concerning the information and network security (RICHARDSON & THIES 2013, pp. 35). As technological applications develop nd expand, an equal growth in the information security threats develop.
Therefore, it is necessary to indicate that the 2020 PWC information security is set to unveil very unique and sophisticated threats or challenges of information security. The survey is more likely to reveal very sophisticated security threats. Some of these future threats are set to be more advanced, causing very severe damages within the various networks and information security centres (EC-COUNCIL PRESS 2010, pp. 56).
The security threats involving serious personalization and complete damage of the hardware are more likely to emerge. It is vital to consider the fact that many security attacks are observed to get increasingly dangerous with time. The redevelopment of other security attacks such as malware is projected to result into such increased threats. The increased manipulation and use of most security threats by malicious hackers and cyber criminals will be observed. This is expected to increase due to many reasons.
Lack of proper monitoring and regulation systems for information and network systems is potentiated to cause a serious in the pattern of development of cyber theft. There is also a speculation of a high level of evolution in the action capacities of tools as well as techniques in 2020 (Prince 2010). This has the potential to offer adequate protection for various networks and information storage and conveyance sources.
It is expected that there might be development of various security threats capable of issuing general computer commands. These commands may have the capacity to interfere with the general uniform pattern of operation of most networks and information security sources. The 2020 PWC information security report may also reveal the attacks that are predominantly residence within the network transfer channels.
These are more likely to cause significant interferences in information exchanges and operations between various area networks (ETATS-UNIS 2007, pp. 51). Basically, there is set to be a great transformation in the landscape threat industry. The notable present stubborn viruses and worms are likely to be phased out of the system by 2020.
Hacking systems are yet to transform, with a possible application of complex robotics in the managment of physical hacking centres globally. There is yet to be an evolution of the system of action of new viruses (CALABRESE 2004, pp. 98). Probably, the physical initiation of intrusion of various viruses, worms or malware into most networks and information sources may be alienated.
Instead, insecurity factors or elements emergent from the application of more advanced and interconnected technology are more likely to be predominant within the systems. Some of the notable technological applications such as cloud computing technology are likely to increase the level of threats and attacks.
Already, there are eminent threats recorded from the execution of various cloud outsourcing operations. These are eminent within business and organizational information technology systems. Generally, it is projected that the nature or threat landscape is set to be very unique from the one experienced within the present operations.
List of References
AXELROD, W, BAYUK, L & SCHUTZER, 2009, Enterprise information security and privacy, Artech House, Boston.
BIDGOLI, H 2006, Handbook of Information Security Volume 3, John Wiley & Sons, Hoboken.
CALABRESE, T 2004, Information security intelligence: cryptographic principles and applications, Delmar Learning, Clifton Park, NY.
CORPORATION, M 2011, Improving Web Application Security Threats and Countermeasures, Microsoft Press, Sebastopol.
DE BORCHGRAVE, A 2001, Cyber threats and information security: meeting the 21st century challenge, CSIS Press, Washington, D.C.
DELTA, B & MATSUURA, H 2009, Law of the Internet, Aspen Law & Business, New York.
EC-COUNCIL PRESS 2010, Threats and defense mechanisms, Course Technology Cengage Learning, Australia.
EC-COUNCIL PRESS 2011, Security policy and threats, Course Technology Cengage Learning, Clifton Park, NY.
EGAN, M & MATHER, T 2005, The executive guide to information security: threats, challenges and solutions, Addison-Wesley, Indianapolis.
ETATS-UNIS 2007, Department of defense sponsored information security research: new methods for protecting against cyber threats, Wiley publishing, Indianapolis (Ind.).
FISCHER, A 2009, Creating a national framework for cybersecurity: an analysis of issues and options, Nova Science Publishers, New York.
GALLAHER, P, LINK, A & ROWE, R 2008, Cyber security: economic strategies and public policy alternatives, Elgar, Cheltenham.
HUNTER, E & PILTZECKER, T 2003, MCSE exam 70-296 planning, implementing and maintaining a Windows Server 2003 environment for an MCSE certified on Windows 2000: study guide & DVD training system, Syngress Pub, Rockland, MA.
JAKOBSSON, M & RAMZAN, Z 2008, Crimeware: understanding new attacks and defenses, Addison-Wesley, Upper Saddle River, NJ.
JANCZEWSKI, L & COLARIK, M 2008, Cyber warfare and cyber terrorism, Information Science Reference, Hershey.
JONES, A 2004, 3rd European Conference on Information Warfare and Security: Royal Holloway, University of London, UK, 28 – 29 June 2004; [ECIW 2004]. Reading, Academic Conferences.
KIZZA, M 2009, A guide to computer network security, Springer, London.
KNAPP, K J 2009, Cyber-security and global information assurance threat analysis and response solutions, Information Science Reference, Hershey, PA.
Prince, K 2010, Top 10 Information Security Threats of 2010. Web.
PROBST, W 2010, Insider threats in cyber security, Springer, New York.
PWC, (Price Water House Coopers) 2004, Information security breaches survey 2004, technical report. Web.
PWC, (Price Water House Coopers) 2012, Information security breaches survey 2012, technical report. Web.
RAY, A. K 2004, Information technology: principles and applications, Prentice-Hall of India, New Delhi.
RICHARDSON, T & THIES, C 2013, Secure software design, Jones & Bartlett Learning, Burlington, MA.
Sigismondi, P 2011, The Digital Glocalization of Entertainment: New Paradigms in the 21st Century Global Mediascape, Springer Science+Business Media, LLC, New York, NY.
SINGHAL, A 2007, Data warehousing and data mining techniques for cyber security, Springer, New York, N.Y.
STEWART, M 2010, Network security firewalls & VPNs, Ont, Jones & Bartlett Learning, Mississauga.
Straub, W 2008, Information security: Policy, processes and practices, Sharpe, Armonk, NY.
VACCA, R 2009, Computer and information security handbook, Elsevier, Amsterdam.
WESTBY, R 2004, International guide to cyber security, ABA Publ, Chicago, Ill.