Online security threats are one of the biggest challenges on the Internet today. Most companies continue to enhance their systems and processes as electronic banking system evolves. The question is “Are they protecting their customers’ information from being hack and how safe are their data?” However, in order to cope with the online security threats, many organizations are continually looking for ways to help their customers aware of the threats/fraudsters and to protect themselves.
Looming Online Security Threats in 2008 and 2009:
One of the nontechnical attacks-social engineering, is a type nontechnical attack that uses social pressures to trick computer users into comprising computer networks to which those individuals who have access. With social engineering, an attacker tries to convince someone that he is someone else and also can be as daring as putting on a mask and pretending to be someone else. The social engineering tactics have changed. In the past, they used cleverly worded conversations to get information to launch attacks, this tactic continue to be used because it is extremely effective. But now, social engineering attacks are Web 2.0 attacks. Web-based services including social networks like MySpace, YouTube and Facebook are becoming prime targets for hackers seeking individual personal information.
For example, in September 2008, the information of ten thousands of customers of Automatic Data Processing(ADP) and Sun Trust Banks(STI) were stolen from Salesforce.com which provides online customer management software for these two companies. The incident occurred after a hacker tricked a Salesforce.com employee into disclosing a password.
Major online threats:
http://www.bsagovernment.com/downloads/MajorOnlineThreats.pdf
Apple Macs Becoming "Soft Targets": http://www.readwriteweb.com/archives/top_online_security_threats_for_2009.php
S
everal ways to protect our data:1) Access control mechanism: used to determine who can legitimately use the network resource and define which users have access to which resources and what rights they have with. E.g. window log in system
2) Passive tokens: storage device that contain a secret/hidden code such as ATM card, membership card and credit card.
3) Active tokens: small and stand alone electronic devices that generate one-time passwords used in a two-factor authentication system. E.g. Public bank’s E-payment.
4) Biometric system: Authentication systems that identify a person by measurement of a biological characteristic such as fingerprint and iris (eye) patterns.
5) Encryption: The process of encrypting or transforming data in different way that’s difficult, expensive or time-consuming for an unauthorized person to decrypt it.
No comments:
Post a Comment