Please enable JavaScript.
Coggle requires JavaScript to display documents.
Topic D1 - Threats to Data - Coggle Diagram
Topic D1 - Threats to Data
Malware
What is Malware?
Malicious software is a computer program that is designed to harm or gain unauthorised access to a computer system. We most commonly are aware of viruses, and often use the term virus interchangeably with malware. However, viruses are just one type of malware.
Types of Malware
Viruses
A program that copies and inserts itself into programs running on your computer system. It spreads when the programs or data files it is attached to are passed to another system, such as via an email attachment or files on a USB stick.
Worms
Very similar to viruses in many ways, the key difference is that worms do not need to attach themselves to other programs. They instead are standalone programs and spread through tunnelling through a network and exploiting security hole in systems to gain access.
Trojans
A harmful program that masquerades as a legitimate software application. It spreads by users downloading it thinking it is a program they want, but it hides a harmful payload. It doesn't self-replicate like worms and viruses
Spyware
A malicious program that monitors user activity for the purpose of stealing personal information. An example would be a key logger that records every keystroke a user makes and sends it back to a malicious user. This is commonly spread as part of a trojan.
Impact on Individuals and Organisations
Malware can be used to corrupt or delete data being stored on IT systems. This could cause a lot of inconvenience to an organisation as they will need to spend time recovering the data from backups. If they have no backups then this could be disastrous as the could lose sales records, stock levels, employee pat data, etc.
The impact on individuals could be just as harmful. For example, personal photos that have real emotion value could be lost forever causing a lot of distress. Malware, especially spyware, could also be used to gather personal data, such as back details, in order to steal money from individuals or to commit identity fraud.
Hackers
A hacker is someone who gains unauthorised access to a computer system. This can be performed in many ways, and not all are extremely technical. For example, guessing someone's password and using it to gain access to their computer system without their permission is hacking.
Hackers also use programs that will automatically go through a list of common passwords until it breaks into the computer system by eventually guessing the correct password. This is known as a "brute force attack". This type of attack is why we're encouraged to use complex passwords.
There are many other more technical methods of hacking which require programming knowledge and an understanding of the flaws in a computer system and its software.
Not all hacking is malicious though. So-called "white hat hackers" test systems for security flaws by attempting to gain access to help check the security procedures of an organisation. There are even "bounties" paid out to hackers who detect security flaws in software and report them to the organisation who developed the software.
Impact to Individuals and Organisations
The unauthorised access to an organisation's or individual's data can be used to steal financial information in order to steal money from them. Personal information taken from individuals, or via records stolen from hacking a business, could also be used for identity fraud.
Hackers could also use any private and confidential data for blackmail purposes. Due to hacking causing a big impact on an organisations reputation, a hack could be used to blackmail the business by revealing the hack to the public.
Individuals may loose data, such as photos, with emotional value. Organisations may loose important business data such as sales records.
This is extremely expensive to recover from for both individuals and businesses. You may need to pay a specialist to try and recover the data or will need to recapture and re-enter data from its source.
Finally you need to replace any lost or damaged devices which will be costly too, especially to indivduals.
Phishing
This is where emails are sent purporting to be a reputable company but in fact have been sent by a malicious user for the purpose of gaining personal or financial information.
This email will appear to be from the reputable business and will usually contain a link that appears to be for their website. However, when clicked on it will take the user to another website that is designed to look like the business' but is not. This website will contain a form to be filled out with personal data and when submitted will go to the malicious user.
Most people don't fall for these threats but the malicious user can the email to hundreds of thousands of users at no cost and so ny user who makes the mistake will earn the malicious user profit.
Recently we've also seen phone phishing attempts, where people phone users claiming to be from a legitimate business to try and gain personal and financial information.
Accidental Damage
Not all damage to an IT system is malicious. Through human error, we can lose data and damage our IT systems. Some example of this include:
Dropping laptops tablets, smartphones, etc.
Spilling liquids on IT systems.
Misplacing external storage devices, laptops, tablets and smartphones.
Accidentally deleting or over wirtting files or folders
All of these are done with no malicious intent but can have catastrophic consequences to the business as you could lose a massive amount of data. This is a major reason why businesses will perform regular backups to their data.