Computer security can mean physical protection of physical computers and computer parts. However, the term computer security typically refers to the protection/ security of data stored on computer networks.
Computer security = the security of digital data.
Threats to computer security can occur from many sources, including sophisticated targeted attacks or malware delivered to computer systems via phishing.
Phishing is a confidence trick, and computer security issue, that involves a cyber criminal sending communications to people in order to deceive them and gain sensitive information from them:
Phishing attempts to get data via communication replies or getting victims to download malicious software.
Phishing can be used to gain data or just to disable computer systems and harm data.
Phishing can be used on mass amounts of individuals at once or can be specifically targeting individuals and organizations.
In regards to computer security, phishing is one of two large threats to organizations. The other being targeted attacks.
Computer Security Attack: Malicious Software Via Phishing
Malicious software is software that a cyber criminal places on an organization's computer system via the organization's Operating System.
Malicious software is a term used to describe all harmful computer software.
The malicious software can be designed to simply bypass computer security to disrupt data systems or can allow the criminal to spy on a computer network or have sole access to the computer network, preventing victim organization from being able to access the computer system and its data.
Computer Security Attack: Types of Malicious Software
Malicious software is a term used to describe all harmful computer software and there is a lot of software that fits this description. However, there are three common forms of malicious software:
Ransomware is malicious software that a criminal places on an organization's computer system via the Operating System. The ransomware allows the cyber criminal to have sole access to the system's data, preventing the victim organization from being able to access the computer system and its data. The hacker will then request money in exchange for granting data access back to the victim organization.
Spyware is secretive malicious software that sends user information to a database. Spyware is downloaded on a computer system without the victim organization being aware. This secret download usually occurs when the employee of an organization visits a web page that forces the organization's computer system to covertly download the malware spyware program. Using spyware, a criminal can steal business secrets such as intellectual property.
Spyware can also come secretly packaged with a program the victim organization voluntarily downloads.
Spyware can also be the entire program, secretly disguised as a safe program.
After the successful download of the spyware, the organization's data on the computer is recorded and sent to the owner of the spyware.
A computer virus is malicious software that acts like a biological virus: it spreads on its own to other computers. Many computer viruses are created to cause chaos and damage the software on computers.
How Does Malicious Software Bypass Computer Security?
Malicious software attacks weak points in the victim organization's Operating System:
An Operating System (OS) is the software that runs a computer or device. The OS manages the computer's memory and processing. The OS enables the user to operate the computer without knowing coding. Everything that is seen on the computer’s monitor is the OS.
OS examples: Apple iOS 14 and Android 10.
Malicious Software Emails
Malicious software is delivered to many computer networks via phishing email:
A phishing email is an email that has a downloadable attachment which is the malicious software.
The email will attempt to look innocent or similar to an email the victim organization is expecting. An employee will then download the attachment, thinking it is something else.
Malicious Software Pop Up Ads
These are online ads where the links does not go to a product page but rather to a download of the malicious software.
Malicious Software Via Bad Website
A bad website is a compromised website. This website secretly forces the user's computer network to download the malicious software.
Using Computer Security to Fight Malicious Software
There are three good ways to practice computer security and fight malicious software:
Use reputable and up to date anti-virus software.
Only download programs from trusted sources.
Not clicking online ads or email links and attachments.
Targeted Attacks Against An Organization's Computer Security
Usually, the bigger the organization, the more of a computer security threat there is against targeted attacks. Two examples are backdoor attacks and denial of service attacks.
Backdoor Attack: A hacker bypasses proper login methods.
Data Locking: Access to the organization's data is disabled. This is usually the case with ransomware.
What Kind of Data is at Risk From Computer Security Attacks?
There is a lot of data a company or organization needs to protect, such as
Financial and banking information
About the Author
Peter Sandru is an Instructor & Co-Founder of NDIL with over 15 years as a Professional Investigator. Peter has spent more than a decade conducting investigations and security operations throughout the world, primarily for corporations, law firms, and government agencies. Peter has assisted in the creation of numerous investigative & security training programs in various capacities