The Excess Or Inadequate Humidity

Published Date: 02 Nov 2017

Figure : Risk from different anglesIn order to continue through the topic first of all we should have the basic idea about risk. According to the perspective of IT security risk is a weakness that could lead to loss of availability, confidentiality or integrity of a particular computer service or program.

When we are considering about the risks we should have the clear idea of the risk categorization. Risk can be two types where it can be occurred as a result of natural disasters or man-made.

1.1.1 The effect of natural disasters to information assets in the selected organization

Natural disasters can strike in anywhere with the unpredictable loss to the people. A disaster which occurs as physical phenomena, Ex: - floods, earthquakes, Tsunami, hurricanes and tornadoes can be supposed a natural disaster. As an Asian country the word "Tsunami" is really familiar to us since the year 2004. Let see how these natural disasters or environmental behaviors can be mapped with the information assets of the selected organization.

Excess or inadequate Humidity

Figure : Moisture in the airThe mentioned point is directlyaffecteds or threaten to the reliability of the computer network. The well-known fact is most of the banks in our country has been automated their day to day work load with computer systems. All the nodes have been connected to a centralized location which we are known as a server. If the percentage of moisture in the air is high it can increase the oxidation. This will directly affect for the connectors, conductors and electronic circuits which used in the server room. As a result of this activity it can generate current paths which is having high-resistance. This will lead unpredictability of the circuit performance.

If the percentage of the moisture in the air is lacking, this will increase the possibility for peripherals "zapping" because of the static-electricity.

Poor quality of the Power

Figure : Power failureIn many situations of erratic performance of the computers, catastrophic system failures have been attributed to the quality of the power. There are three main reasons have been identified for this problem. The provided electricity often attacked by the circumstances of under voltage, spikes which cannot predict, power drops and pollution from the high frequency noises. As a result of this power fluctuation it affects to the internal temperature of the computers and degradation of the components.

Water damages/floods

When we categorize risk this scenario has been ranked in the second position among the other situations. Rather than the common water problems the well-known fact is computer networks are using air conditioners in order to main/keep a static temperature inside the room. In some times water can be leaked as drops from those A/C. This situation might be caused to huge catastrophes such as power shorts and fire. Floods also can easily make this situation without any argument.

Fire and Smoke

These two conditions are making obvious threats to the computer installation. The particles of the smoke are deposited on the disk surface by rendering the data which cannot recover. Excessive temperature also can lead to make destruction of recorded media and make reasons for the immediate breakdown of computer electronics. Instead of doing permanent harm to peripherals at the process of writing data to disk can lead to destroy the content of the files which are being opened at that process execution. There is also an alternative event can be occurred as a result of the water and the Halon fire retardants. This will be directly affected in destructive of electronic devices. If those computer devices being discharged at the time of applying the power to the circuits the mentioned occurrence will be happen.

1.1.2 How to overcome the risk of Natural Disasters

1.1.3 Man-made events which can be threat to information assets in the selected organization

As I mentioned at the beginning of this report risk can be act in two ways and this is the most threatening or harmful risk type which has spread among the global in a sophisticated manner. According to the IT security experts in year 2011 they have categorized risks by looking from different perspectives which can mislead the day to day operations of bank institutions.

Risk of the Mobile Banking

Smart phones are being used for banking purposes and at the beginning it showed only the plus points to the bank institutions. This was spread out rapidly among the people but in the course of time that mobile security which was used not capable enough to provide the expected security aspects. As a result of the lack security it was a major challenge for banks as well as credit unions. In simple terms when organizations are alternate the traditional online banking into mobile it did not work 100% as their expectations.

There are some good examples, Bank of America, TD Ameritrade, Wells and Chase have implemented the mobile banking applications. But all of them had to suffer from the security flaws. There was a research on vulnerabilities conducted by the Citi Group in the year 2009. Finally what they have discovered was some of the banking applications are stored most sensitive user information by keeping them as hidden on mobile phones.

After considering from all the perspectives mobile banking was fairly limited among the people. But still the robustness of the developing mobile application have improved. "Many banks seem to re-experiencing all the hard lessons of the previous online banking techniques." (McNelly – Analyst of Aite Group). Malware attacks also spread fast among the mobile communication, Zeus attacks such as Mitmo are aimed point blank in the mobile devices.

"Mobile banking applications will not be a prime objective for imposters" (Rivner – Security Researcher from RSA). He trusts mobile browsing will be more focused in the coming future. Reason is most of the people are using their smart phone to browse to the online banking websites in order to execute their online banking transactions.

Web 2.0 and Social Networks

Today the most of the mobile phones have the accessibility of social media. Facebook and Twitter are the most powerful applications among the others. "With more banks on social networks, expect to see more fake sites using social networks, like Twitter and Facebook, to try and trick people into giving up vital personal information" (Rasmussen – Internet Identity’s chief technology officer 2011). This includes banking login information and social security figures. External threats are not only the risk which occurs due to this scenario. The employees who work for the institutions have the freedom for use social networking inadvertently. They can expose most sensitive information via using these networks. There was an incident occurred inside of a hospital in California, five employees had been using a social network to share any personal information about hospitalized patients. This only a significant example what happens if employees are violating social media policies. In order to prevent the internal hazard of information leakage it is really important to inform and practice employees for social networking policies. The employee should know when and how to social networking while they doing their job and what are the information should not share.

Malware, DDoS attacks and Botnets

The distribution of denial of service or DDoS attacks can seen as a result of the WikiLeaks incidents. Inspired by this WikiLeaks attacks now it is a major threat to e-commerce sites and the Botnet attack are another area which brings additional income for fraudsters. While banking institutions take down the attacks of the "Mariposa Botnet" they also had to recover from the challenges coming from the DDoS attacks as well.

Now a days attack has been more sophisticated. The world famous banking credential stealing Zeus, the Trojan has been used by number of criminal stations among the world. In year 2011 Zeus attacks had made $100 million losses in the finance around the worldwide according to the investigation by Federal Bureau. In year 2007 same kind of situation had been spread named Trojan and Zeus is the latest version which is having varieties. "There is a good opportunity that intruders will soon arise with more powerful methods to steal" (Rasmussen - Internet Identity’s chief technology officer 2011 ). Concerted attacks had been spread against the online banking systems. At this point Eisen who is the inventor of the "41st Parameter" said "The amount and velocity of fraud could force new and stronger authentication methods and more stringent procedures, such as dual signatures and dual authentications".

Phishing attacks

Phishing attacks also moderate into new versions named smishing and vishing. These Phishing and vishing have ranked in the 3rd among the other fraud threats. One recent attack was identified from the account holders who belongs to military forces in the USA. And also there is another separate attack for the World Bank officials. It is just the latest spree attack for the banking security. They used some spoofed websites in order to fraud the users, malicious emails and telephone calls. All these various approaches that use in order to steal the banking credentials. On the other hand,

The basic idea of this is stealing someones username and password and uses it for credits, merchandise purposes and use it for services by acting as the real user. "Phising attack" is the most famous scenario of the given criteria. The following example provides the idea to understand the problem.

Assume a person is using an American Express credit card. He/she has got an email saying that he/she has won the $10000 from an annual raffle which was conducted by the bank. At the end of that it is asking from user "if you are the actual user click on this link to identify the identity of the user". Actually the well-known fact is we also click on that link without thinking twice. Reason is the format of this email is 100% similar to the actual email formats which are sent by the bank. After clicking on that link page will connect to a page which is actually similar to the official site of the bank and there it is asking the user to give the username and password and card details. This place that the hacker is really hacked the user. Reason is now the user has given all the required details and those details will be passed to the hackers database instantly via clicking on the submit button.

This is the most critical side of the identity theft that most of the people are caught today. Finally as a result of this the reputation of the bank gets totally or partially damaged.

Inside Attacks

There is a possibility of make malicious threats or attacks and intrudes to the organization of the unhappy employees. But this inside threat can be direct by an outside party who require to access to the system and the servers via using fake credentials act as an internal employee. Kirk Nahara who is a privacy expert and attorney, he says many compromises internal data can be copied back to the employees. This is especially true when the data that compromises causes of the identity theft. But Nahra mentioned as soon as possible pointed out all the compromises are not malicious and intentional. The problem was financial institutions have not set the proper limitations to the databases where that contain the most sensitive and confidential information.

WikiLeaks is the most prime example of how the internal party can generate a significant risk to the organization.

1st Party Fraud

1st Party Fraud continuously poses challenges in the banking security. This is also known as "application fraud", "sleeper fraud", "advances fraud" and "bust out fraud". This is happening like, naturally involves a client applying for and accept credit with negative intention of payback. The 1st Party Fraud candidate can use fake identification or impersonate their actual identities. Jasbir Anand (Senior Solutions Consultant & Security Expert at ACI Worldwide) mentioned between 10% to 15% of bad debt losses were occurring as a result of the 1st Party Fraud. And he already says criminal gangs who specialized and equipped in the field now focus on financial institutions with fake identifications and expert knowledge of leading practices. Once the identity is being established intruder makes credit and apply those credits for many financial products.

Skimming

The technology which comes behind the skimming is more sophisticated and act in rude by challenging the banking security. Both flash attacks and Blitz involve the concurrent withdrawal of credits from number of ATMs in multiple locations. Sometime this scattered all over the world.

Avivah Litan (VP and Analyst at Gartner) says, flash attacks poses by growing the challenges, still those flash attacks not detected by the fraud detection systems.

Director for the Payment Card Industry of Security Standards Council in Europe region, in order to transfer skimmed credit card data fraudsters are relying on wireless technology.

Chuck Somers (VP of ATM Security & Systems for Diebold Inc) says, if anything away from the real authentication would break the ice to change the entire infrastructure. Some card holders are having the privilege to use the authentication type as contactless radio frequency or chip technology (EMV) in order to handle payments. These two areas have addressed certain fraud concerns which are emergent.