Information Security Threats in Organizations and Ensuring Prevention and Recovery

It has become commonplace in contemporary organizations to have extensive IT (Information Technology) infrastructure and software and hardware assets. Indeed, with the wholesome adoption of IT by organizations, there is no organization worth its name that does not have an IT backbone no matter how small it is. This means that organizations cannot function without IT systems.

Further, IT has become crucial and critical to ensuring competitive advantage for organizations and there is no way in which business can be transacted without IT.

Having said that, it must be noted that having an IT system does not mean success or guaranteed outcomes unless organizations take steps to ensure that their Information Security protocols and procedures are well designed and their IT assets are protected and safeguarded against external and internal threats.

Indeed, with IT becoming pervasive, so are the multiple threats such as hacking by external actors, stealing of confidential and private information by internal actors including employees, cyber attacks that leave the IT infrastructure vulnerable to financial loss, and above all a pervasive threat of all these malign actors gaining access to the organizational IT systems and resorting to acts that can compromise the business of the organizations.

We have listed external and internal threats above. While it is well known that external threats manifest due to hackers and cybercriminals taking advantage of loopholes and vulnerabilities in the IT systems and infrastructure, it must also be noted that threats from within are something that are as dangerous as threats from outside.

Indeed, in recent years, there has been an increasing tendency for the cybercriminals to be assisted by internal actors within organizations who provide them with inside information and details about the organizational systems and IT infrastructure.

Moreover, it has also been found that more often than not, it is the insiders who enable the hackers from outside to break into the organizational IT systems and create chaos and wreak havoc.

On the other hand, one cannot completely ignore threats from hackers who are out to penetrate the IT systems not only with ulterior motives but also from competitors and other entities who have now taken to cyberspace as a means of extending their competitive games.

Indeed, if not anything, the threat from hackers who owe allegiance to rivals and peers is something that is slowly being recognized as a legitimate cause for concern among IS (Information Security) professionals.

Further, even entire countries and their intelligence agencies are now engaged in cyber hacking of their rival countries organizations in order to cause damage and economic loss to them. this is especially so in the context of the rivalry between the United States, China, and Russia wherein hackers from all countries who are aided and abetted by their backers from the commercial and national security interests hack into systems of their rivals so as to inflict damage and cause economic, financial, and reputational loss apart from causing disruptions to business.

Therefore, all these aspects mean that IS professionals in organizations have to foolproof their systems to safeguard them against these multiple threats and ensure that their IT assets and hardware as well as the IT infrastructure are protected. Indeed, with so many threats lurking in cyberspace, it is not uncommon for organizations and the IS departments to erect firewalls and restrict access to their systems from external sources.

This is also the reason why many organizations in recent years have taken steps that would curtail the internet usage of their employees so that they do not leave “digital footprints” in cyberspace that can be exploited by malign hackers and cybercriminals.

Another area of concern for IS professionals is the growing incidence of phishing and identity theft which is far more serious when it concerns the accounts of managers and senior executives apart from the leadership in their organizations.

While identity theft and phishing can cause losses to anyone and to organizations, where it affects the senior employees, it has the potential to seriously harm the organizational objectives as most of these employees would have highly classified and confidential information stored in their systems.

This is the reason why many IS professionals are now advocating secure and protected systems for the managers and senior leaders that are different and more “walled” than that used by rank and file employees.

Indeed, with so much concerns over these aspects, the IS professionals are also ensuring that above a certain level in the organizations, the IT and internet access is through dedicated and standalone lines rather than generic and companywide access that other employees have.

Finally, as the saying goes, prevention is better than cure and offense is the best form of defense, which means that IS professionals would be well advised to take steps to prevent rather than react to cyber breaches and to adopt aggressive postures against potential hackers as well as malign insiders instead of reacting after the breach or the hacking incident.

Further, it is also the case that things as mundane as writing down the passwords on papers that are left unattended and not locked away can also cause IS breaches. In addition, while one thinks that hacking is something that happens “out there”, as simple as visiting a website with inadequate security controls can also become the source of a major breach. In conclusion, it is worth remembering that carelessness and oversight are at the root of IS risks and hence, it is advisable to take measures to minimize these aspects.