This module – 01 – covers threats and provides a description at a higher level, based on broader categories.
So we can get an idea of specifically what these are and how they impact our organizations and us as individuals, what are some specific examples of threats to a company? For the threat you discuss, what are some security controls that can be put into place to defend against that threat?
Examples of Threats
The information security and cybersecurity continue to become of global interest, with most companies now striving to establish outlines related in the defense against the threats posed by information and cybersecurity. This paper provides examples of threats that face companies and the mitigations that can be put in place to defend against the threats.
The first example of the threat to a company is spear phishing, which involves the attempt by an attacker to retrieve or access the company’s sensitive information by imitating one of the trusted entities through email or phone communication. The phishing attack threats have increased in the past decade since most organizations use email as a major form of communication. The attackers send anonymous emails with links when clicked can direct the attackers to their targets (Hayes, Tanner & Schmidt, 2012). Firewall and secure web browsing software should be installed to protect the company from phishing threats. The company should also provide training and awareness among employees regarding the risks and keep their browsers up-to-date.
Another example of the threat to company’s today is the Wi-Fi compromises. Free Wi-Fi provision continues to be a great attraction used by companies these days. However, companies are facing a security threat by providing free Wi-Fi as attackers can exploit the open network to attempt to infiltrate the company network system. Several tools now exist, such as ‘Cana and Able’ and ‘Wireshark’ that attackers use to attempt to access the company system through the Wi-Fi (Pahwa, 2015). The security control that the company can put into place to defend against the threat is setting up a Service Set Identifier (SSID) technology. With the SSID, the company can divide the access points to the network into private network access that is secured and used for employees and the public network access available for guests and customers. The separation of access points will ensure free Wi-Fi is available to customers and visitors, while business information is kept safe and confidential.
References
Hayes, T., Tanner, M., & Schmidt, G. (2012). Computer Security Threats: Small Business Professionals’ Confidence in Their Knowledge of Common Computer Threats. Advances in Business Research, Vol. 3, No.1, 107-112. https://journals.sfu.ca/abr/index.php/abr/article/viewFile/91/65
Pahwa, G. K. (2015). Cyber Business Security Threats & Solutions. CMAI Association of India. Retrieved from http://cmai.asia/cybersecurity/docs/CyberBusinessSecurityTheatsSolutions.pdf
