Our nation’s digital processing infrastructure functions in what is known as an “asymmetric threat environment”. The exact nature of the multiple threats arrayed against a business or an organization’s information assets is ever changing and the timing of attacks is unpredictable. So are the specific targets.
Among the sources from which threats against information assets originate are amateur crackers and hackers, disgruntled employees or former employees, dissatisfied customers, organized cyber criminals and cyber terrorists and even natural disasters. Any individual with an Internet connection can pose a threat to your information infrastructure.
Any threat to an information system, other than a natural disaster, is likely to fall into the category of being an unauthorized intrusion, the purpose of which can be malevolent. Among active threat vectors are: a.) Cyber terrorism, b.) Cyber crime, c.) Cyber warfare, d.) Industrial espionage, e.) Crackers or Hackers and f.) Disgruntled Employees. There may be other threat vectors as this list isn’t meant to be all inclusive.
Each of the potential threats will be briefly discussed below.
A cyber terrorism threat to an information infrastructure can be directed against the organization or general population. Such a menace could be an explosive device, malicious software designed to compromise information or a non-descript threat. One such threat could be a terrorist posing as a customer in a bank and leaving a soft drink can on the counter top that later detonates an EMP pulse that locally wipes out delicate servers or network infrastructure.
One of the fastest growing threats against individuals and businesses is organized cybercrime. Identities are being routinely stolen, sometimes sold on the open market, and bank accounts are being ravaged and drained.
Cyber warfare is a somewhat lesser danger that faces America’s heartland for the time being. Potentially the entire nation’s digital processing infrastructure could be destroyed in an instant by a directed EMP pulse. A rogue nation could explode a small nuclear weapon in the upper atmosphere over the central United States and the resulting damage would be catastrophic.
The problem of industrial espionage is widespread, serious and expanding. Millions of dollars of intellectual property are stolen from private computer sites each year. The payoff for the perpetrators is that they can avoid investing money in research and development and simply steal what they want from an organization’s information infrastructure.
Crackers/Hackers(malevolent or otherwise) enjoy the thrill of beating the security of an information system. Some intruders do inflict intentional damage just for the thrill of it and to advertise the fact that they can do so.
Disgruntled employees or insiders pose one of the most significant threats to an organization’s information assets. People who work within the system can innocently harm the system or do intentional damage.
A secure digital processing infrastructure is the result of a deliberate information assurance plan. Establishing one is the only way that the effects of any cyber assaults, born in an asymmetric threat environment, can be mitigated.
You can learn more about securing your computer and information assets by visiting Alliant Digital Services – 2010