Threats to Information Security for e-Business

For all the opportunities that the Internet provides for business and consumers, it can also pose a great risk to information belonging to those businesses and consumers. The Internet provides a gateway to a range of information, but also provides a gateway for malicious programs developed by malicious people to corrupt and destroy information. A key role of the IT manager or e-commerce manager is to protect their business from these threats. Remember that the business is also custodian for customer data and if customer data such as credit card numbers are lost, then this will reflect badly on the business. “Fears over security used to be one of the main barriers to consumer and business adoption to the Internet, but this has declined dramatically over the last 5 years. “”, explains Guy Galboiz, an internet marketing consultant. Nevertheless, demonstrating security is still important to consumer confidence. Witness, the efforts that businesses take to reassure customers about security and privacy.

What then are the threats? General threats to information can be classified as follows:

  • Accidents – These are errors arising from mistakes by staff. For example, it is surprisingly easy for a webmaster to delete many key files of a web site.
  • Natural Disasters – These include fire and flood. If a company host their own e-commerce server or their ISP is affected by such a disaster, then it is possible that their web presence could be lost for several days in the event of a flood.
  • Sabotage (Industrial and Individual) – This is deliberate sabotage of a system possibly for commercial gain or due to an individual grudge such as an ex-employee.
  • Theft – This is theft of information such as credit card numbers, for commercial gain.
  • Unauthorized Use (Hacking) – This can be for the purposes of theft or sabotage, but sometimes it has no malicious intention – it is a challenge for technically minded people to try to break into systems.
  • Hijacking – A company’s web server may be used to mount attacks on other servers. For example, Denial of Service attacks to send a lot of unwanted traffic to major sites such as Yahoo! were mounted by sending messages from many hijacked computers. Similarly, Spammers can hijack a mail server and use it for sending SPAM. This could result in your web operations being shut down by the ISP if they believe you are to blame.
  • Computer Viruses – these are programs which spread between machines with, or without the intention of causing damage. As we will see in a later section, there are a great variety of viruses.

To prevent these types of problems, it is important that someone in the business is responsible. This is typically, the IT manager or e-commerce manager in a larger company, but if a business is small, there may not be an IT manager, so another manager will need to do this as part of their role. In fact, it may not be able to complete prevent these types of problems, since as we will see later there are so many hundreds of thousands of viruses, with a new one discovered every few seconds that it is likely that defenses may be breached. Given this, an approach based on risk management is a useful one. Risk management uses the following approach.

  1. Identify risks including their probabilities and impacts
  2. Identify possible solutions to these risks
  3. Implement the solutions targeting the highest impact, most likely risks.
  4. Monitor the risks to learn for future risk assessment

For all the opportunities that the Internet provides for business and consumers, it can also pose a great risk to information belonging to those businesses and consumers. The Internet provides a gateway to a range of information, but also provides a gateway for malicious programs developed by malicious people to corrupt and destroy information. A key role of the IT manager or e-commerce manager is to protect their business from these threats. Remember that the business is also custodian for customer data and if customer data such as credit card numbers are lost, then this will reflect badly on the business. Fears over security used to be one of the main barriers to consumer and business adoption to the Internet, but this has declined dramatically over the last 5 years. Nevertheless, demonstrating security is still important to consumer confidence. Witness, the efforts that e-tailers take to reassure customers about security and privacy.