Information Technology affects all risk professionals – a quick primer to make sure you have the hot topics in mind:
Big Data is an all-encompassing term for data sets so large and complex that it becomes difficult to process using on-hand data management tools or traditional data processing applications. There is however significant value to be extracted from such data.
Aspects of Big Data include volume (increase in data volume), velocity (speed of transfer, response times, turnaround times), variety (structured, numeric, text documents, email, video, audio, stock ticker data, financial transactions etc.), flow/variability (periodic peaks, trending, daily, seasonal and event-triggered peak data loads), and complexity (link, match, cleanse, connect and correlate data across multiple sources). Other challenges include capture, curation, storage, search, sharing, transfer, analysis and visualization.
The trend to larger data sets is due to the additional information made available through new technologies like the Internet of Things, as well as derivable data from analysis of large sets of related data.
Cloud Computing is the delivery of computing as a service rather than a product – resources, software, storage space and information are provided to computers and other devices as a utility (like the electricity grid) over a network (typically the Internet). Clouds can be classified as public, private or hybrid.
At the foundation of cloud computing is the broader concept of converged infrastructure and shared services - moving away from a traditional CAPEX model (buy the dedicated hardware and depreciate it over a period of time) to the OPEX model (use a shared cloud infrastructure and pay as one uses it).
These are an attempt by hackers to damage or destroy a computer network or system. Cyber Attacks use malicious code (or Malware) to alter computer code, logic or data, resulting in disruptive consequences that can compromise data and lead to cybercrimes, such as information and identity theft.
Malware is computer code that has a malicious intent:
Viruses infect a computer and then they hide inside the depths of the computer, replicating themselves, and they survive by attaching to other programs or files.
Spyware monitors or spies on its victims, remaining in hiding, but can log the various activities performed by a user, including what a user types on the keyboard.
Worms also replicate themselves, but do not need to attach themselves to other files or programs, and can also replicate across an entire network of computers.
Methods of attack mostly include:
Trojan Horses that perform legitimate tasks but also perform unknown and unwanted activity. A base for viruses and worms installing through emails, web browsers, chat clients, remote software, and updates.
Phising which tries to fool the user with a decoy into downloading, sharing or giving confidential information.
Unpatched Software is software with known, but unpatched exploits, most commonly Java, Adobe Reader, and Adobe Flash that allow for entry by intruders, or actively contain malware.
Password Attacks are focused on cracking a victim's password so that the attacker may obtain access to a secured system.
Denial-of-Service/Spamming focuses on the interruption of a network service sending high volumes of traffic or data through the target network until the network becomes overloaded and crashes – and is consequently more easily breached.
Current trends have seen an enormous escalation in the potential consequences of this risk, as well as in the occurrence of incidents - a recent Ponemon Institute study found that cyber attacks on companies have leaped by an astonishing 42 percent from 2012 to 2013.
In addition to potential lawsuits, damage to reputation and loss of customers, companies are facing increasing regulatory scrutiny over the adequacy of their data-security measures. In the US alone, the Federal Trade Commission has brought more than 40 actions against companies for data breaches, claiming that failures to prevent unauthorized access to consumers’ information constitute unfair or deceptive acts.
Internet of Things
The term Internet of Things, or IoT, refers to the connectivity between physical machines or ‘things’ via the Internet or some sort of network - the idea being that everyday objects have network connectivity, allowing them to send and receive data. A thing, in the Internet of Things, can be a person with a heart monitor implant, a farm animal with a biochip transponder, an automobile that has built-in sensors to alert the driver when tire pressure is low -- or any other natural or man-made object that can be assigned an IP address and provided with the ability to transfer data over a network.
So far, the Internet of Things has been most closely associated with machine-to-machine (M2M) communication in manufacturing and power, oil and gas utilities. Products built with M2M communication capabilities are often referred to as being smart. (e.g., smart label, s, smart phone, smart meter, smart grid sensor).
IoT has evolved from the convergence of wireless technologies, micro-electromechanical systems (MEMS) and the Internet . An EIU report which was conducted across the globe, found that 96% of organisations polled expect to be using IoT significantly within the next three years
A socialbot is a software program that simulates human behavior in automated interactions on social network sites such as Twitter and is sophisticated enough to be taken for a human. They infiltrate social groups and become influential in them and are usually designed to influence opinions.
To do so, socialbots use artificial intelligence (AI), text mining and data analysis software. Some have access to databases of general knowledge information and current events to allow them to recognize references and craft more convincing messages.
Most socialbots are created for a specific purpose, such as marketing, political campaigning or public relations. The capacity of socialbots to wield influence could enable them to sway voters, mount political attacks or overwhelm dissent, among many other possibilities. Socialbots can also pose a security risk. In 2011, for example, a socialbot network stole gigabytes of user data from Facebook.
Is your organisation aware of IT Risk? Which of these elements poses the greatest threat to your organisation?
Share your thoughts in the comments section below.