SONYIA WILLIAMSLos Alamos World Futures Institute
As stated in the last column, with the increased use of technology comes an increased vulnerability of having one’s privacy breached. Computers (including smart phones) have become an integral part of our everyday existence.
Computer networking technologies – intranet, extranet, and internet – have advanced to the point where information can be stored, transmitted, and available to people accessing and conducting their business anytime and from anywhere. Internet-based technologies integrate corporate applications, knowledge management applications, decision support systems, internet search and repository, and external third party systems such as suppliers, customers, and business partners.
With all the capabilities offered by computer, networking, and internet technologies, organizations receive many benefits. These benefits push companies to implement internet-based technology without pondering the security threats that come with this technology. A company’s proprietary information about products, processes, customers, and suppliers is a critical business asset to its daily operations and survival. The most common threat in a networked system is unauthorized access to information and computer resources.
This may cause the loss of confidentiality, integrity, and availability of information and technology assets. To ensure business continuity and minimize potential damage, companies need to establish computer-based access control to protect their proprietary information from intentional or accidental disclosure, modification, erasure, or copying, as well as their IT resources from misuse. This control provides an organization with the ability to restrict, monitor, and protect their resources.
Internal threats are threats from individuals that have legitimate access due to their position within an organization, such as employees, students, and contractors. Inside threats can be extremely difficult to detect or to protect against because they have legal access to the system, know what to look for, and most likely know how to avoid intrusion detection systems.
They can misuse the company’s IT resources to perform port scans on outside systems and initiate attacks from inside the company; access unauthorized information; spread SPAM, SCAM, and/or malicious code; implement unauthorized changes to data or programs; steal data files for personal gain; or install illegal software into their computer, sometimes without being aware of the implications.
Passwords are an important line of defense against unauthorized access to an IT system but, when used improperly, provide access to information by those for whom it might not be intended. Outside intruders can be hackers/crackers, saboteurs and thieves. If the network is compromised, intruders can attack or misuse the system.
One common technique used by intruders to gain unauthorized access to the system is password theft. The intruder obtains the password of an authorized users’ account by using a method as simple as coming across the password or by using a password-cracking application or program. These programs work with the same speed as the spelling check feature used on our phones and computers and are used for passwords that are very complex and difficult to guess.
Other access techniques include: sniffing, wiretapping, eavesdropping on network traffic, or putting a device in place or implementing a program to intercept or monitor packets sent over the network.
As a result, sensitive information such as passwords and trade secrets can be captured. Once the intruders gain access to the internal network, they can approach, trespass within, communicate with, store data in, retrieve data from, interfere with, or otherwise intercept and change the system.
They can obstruct computer services by placing malicious programs to overload computer resources; use the system as a stepping-stone to invade other systems; relay viruses, worms, or SPAM; install malicious programs to destroy or modify files; insert an undetectable program into an authorized application used to transfer money; or send trade secrets/credit card numbers to remote servers.
This breach of information can result in a variety of risks, the most crucial being the unauthorized disclosure of information. Disclosure of confidential, sensitive or embarrassing information can result in loss of credibility, reputation, market share, and competitive edge.
Other negative effects can include the disruption of computer services, disruption of services during critical processing time, loss of productivity, misuse of IT resources such as network bandwidth that may cause slow response times, financial loss, legal implications, and the potential to be blackmailed.
Even though the increased use of technology and the ability to store and transfer information via electronics has brought many benefits and higher efficiency to individuals and businesses alike, it has left them vulnerable to having their information infiltrated and used against them. This is something that needs to be brought to attention and methods of protecting ourselves against this vulnerability must be put into use.
The Los Alamos World Futures Institute website is at LAWorldFutures.org. Feedback, volunteers, and donations (501.c.3) are welcome. Email andy.andrews@laworldfutres.org or bob.nolen@laworldfutures.org. Previously published columns can be found at www.ladailypost.com or www.laworldfutures.org.

































