Importance of Security and How to Become Victim in Social Media

What is Information Security

Information is one of the most important non-tangible assets of any organization, and like other assets, it is the responsibility of the management to protect it appropriately. Upcoming news about missing data scares organizations as they rely completely on information technology which carries an abundance of sensitive data and customer information. It is dated back to 1980 when the use of computers was limited to computer centers and the security of the computer stands for the physical computing infrastructure. However, the openness of internet has simplified processes with in-house information storage, but it also happens to be a great weakness in terms of information security.

The internet has evolved with the exchange of communication from a reliable group of trusted people to millions of frequently interacting anonymous users. Those on the internet are not bothered by lack of information but are more worried about handling excess unnecessary information that they come across.

Information security, also known as InfoSec, is a process of formulating strategies, tools, and policies to detect, document, prevent, and combat threats targeted on digital and non-digital information devices. Information security in direct context is establishing well-defined security processes to protect information irrespective of its state of presence — transit, processed.

Sensitive data is one of an organization’s most important assets, so it makes sense that you priorities its security. When anyone thinks of securing information, the first tip that they would come across is to create a password that is tough to crack, but protecting information is beyond just protecting data under a password. More and more businesses are becoming victims of cybercrime.

Reason for cyber security is important

Cyberattacks affect for all people

“Cyberattacks are now so common, recent reports show that hackers attack a computer in the US every 39 seconds! Once an attack happens millions of people could be harmed. State-run organizations can be shut down, services can’t be provided to citizens. Case in point, the city of Atlanta was attacked using the infamous SamSam ransomware. The attackers asked for a ransom of $51,000. The SamSam ransomware was so harmful that the city of Atlanta was offline for five days. This caused several significant citywide operations being halted. It ended up having a recovery cost of $17 million. Businesses face over 4000 hacks every single day using ransomware alone.”

The fast changes in technology will cause a boom a cyberattacks

The advent of modern technologies such as IoT is exponentially increasing the number of connected devices to the extent that there will be around 200 billion connected devices by the end of 2020. Cyberwarriors are increasing their knowledge while hackers can now utilize artificial intelligence and machine learning to trigger automated cyberattacks that can easily compromise secure systems without any human intervention. These automated cyberattacks pose a global scare and can be done on a mass volume.

Damage business and loss jobs

There has been an influx of hacks and breaches of name brand companies in recent years. It is causing millions of dollars in damages to recover the data and penalties paid through fines. All these expenses will cause not only C level executives to lose their jobs but associates can lose their position due to the company cutting cost.

Facebook, the social media giant had over $540 million user records exposed to Amazon’s cloud computing service.

Cybersecurity threats faced by individuals

Not only do nations and businesses face threats from the actions and intentions of hackers, but individuals face many risks as well. Identity theft is a huge issue, where hackers steal an individual’s personal information and sell it for profit.

This also puts the personal safety of an individual and his or her family at risk. This happened numerous occasions and millions of dollars lost at the expense of the victim. In other cases, the hackers use blackmail and extortion after stealing their identity and demand ransom money to take no further action.

Common types of cyber attacks

Malware:

Malware is a term used to describe malicious software, including spyware, ransomware, viruses, and worms. Malware breaches a network through a vulnerability, typically when a user clicks a dangerous link or email attachment that then installs risky software

Phishing:

Phishing is the practice of sending fraudulent communications that appear to come from a reputable source, usually through email. The goal is to steal sensitive data like credit card and login information or to install malware on the victim’s machine. Phishing is an increasingly common cyberthreat.

Man-in-the-middle attack(MitM):

Man-in-the-middle attacks, also known as eavesdropping attacks, occur when attackers insert themselves into a two-party transaction. Once the attackers interrupt the traffic, they can filter and steal data.

Denial-of-service attack (Dos)

A denial-of-service attack floods systems, servers, or networks with traffic to exhaust resources and bandwidth. As a result, the system is unable to fulfill legitimate requests. Attackers can also use multiple compromised devices to launch this attack.

SQL injection:

A Structured Query Language (SQL) injection occurs when an attacker inserts malicious code into a server that uses SQL and forces the server to reveal information it normally would not. An attacker could carry out a SQL injection simply by submitting malicious code into a vulnerable website search box.

Now a day lot of social media users become victim of attack due to carelessness.

Let’s see how they become a victim

01.Baiting

Victims pick up the bait out of curiosity and insert it into a work or home computer, resulting in automatic malware installation on the system.

Baiting scams don’t necessarily have to be carried out in the physical world. Online forms of baiting consist of enticing ads that lead to malicious sites or that encourage users to download a malware-infected application.

02.Phishing

As one of the most popular social engineering attack types, phishing scams are email and text message campaigns aimed at creating a sense of urgency, curiosity or fear in victims. It then prods them into revealing sensitive information, clicking on links to malicious websites, or opening attachments that contain malware.

03.Scareware

Scareware involves victims being bombarded with false alarms and fictitious threats. Users are deceived to think their system is infected with malware, prompting them to install software that has no real benefit (other than for the perpetrator) or is malware itself. Scareware is also referred to as deception software, rogue scanner software and fraud ware.

Above attacks are called social engineering attack. Social engineering is the term used for a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.