What is Information Technology Security (IT Security)

Information technology security can mean actual protection of physical computers and computer parts. However, the term information technology security (IT security) typically refers to the security of data stored on computer networks.

  • IT security = the security of digital data.

Attacks against IT security can occur from many sources, including complex targeted attacks or malware delivered to IT systems via phishing.

Cyber Investigator Aptitude Test


Phishing is a confidence trick, and IT security threat, that involves a cyber criminal sending messages to people in order to deceive them and gain sensitive information from them:

  • Phishing attempts to get data via communication replies or getting victims to download malicious software.

  • Phishing can be used to gain data or just to disable computer systems and harm data.

Phishing can be used on mass amounts of individuals at once or can be specifically targeting individuals and the IT security of whole organizations.


In regards to information technology security, phishing is one of two large threats to organizations. The other being focused and targeted attacks.

IT security
IT Security Issue: Malicious Software Via Phishing

Malicious software is software that a cyber criminal places on an organization's IT system via the organization's Operating System.

  • Malicious software is a term used to describe all harmful computer software.

The malicious software can be designed to simply bypass IT security to disrupt data systems or can allow the criminal to spy on an IT network or have sole access to the IT network, preventing victim organization from being able to access the IT system and its data.

Information technology security
IT Security: Types of Malicious Software

Malicious software is a term used to describe all harmful computer software that can harm IT systems and there is a lot of software that fits this description. However, there are three common forms of malicious software:

  1. Ransomware

  2. Spyware

  3. Virus

Ransomware

Ransomware is malicious software that a criminal places on an organization's IT system via the Operating System. The ransomware allows the cyber criminal to have sole access to the IT system's data, preventing the victim organization from being able to access the IT system and its data. The hacker will then request money in exchange for granting data access back to the victim organization.


Spyware

Spyware is secretive malicious software that sends user information to a database. Spyware is downloaded on an IT system without the victim organization being aware. This secret download usually occurs when the employee of an organization visits a web page that forces the organization's IT system to covertly download the malware spyware program.

  • Spyware can also come secretly packaged with a program the victim organization voluntarily downloads.

  • Spyware can also be the entire program, secretly disguised as a safe program.

After the successful download of the spyware, the organization's data on the computer is recorded and sent to the owner of the spyware.


Virus

A computer virus is malicious software that acts like a biological virus: it spreads on its own to other IT systems. Many computer viruses are created to cause chaos and damage the software on computers.


How Does Malicious Software Bypass IT Security?

Malicious software attacks IT security weak points in the victim organization's Operating System:

  • An Operating System (OS) is the software that runs a computer or device. The OS manages the computer's memory and processing. The OS enables the user to operate the computer without knowing coding. Everything that is seen on the computer’s monitor is the OS.

  • OS examples: Apple iOS 14 and Android 10.

Malicious Software Emails

Malicious software is delivered to many IT networks via phishing email:

  • A phishing email is an email that has a downloadable attachment which is the malicious software.

The email will attempt to look innocent or similar to an email the victim organization is expecting. An employee will then download the attachment, thinking it is something else.

IT issues
Malicious Software Pop Up Ads

These are online ads where the links does not go to a product page but rather to a download of the malicious software.


Malicious Software Via Bad Website

A bad website is a compromised website. This website secretly forces the user's IT network to download the malicious software.


Using IT Security to Fight Malicious Software

There are three good ways to practice IT security and fight malicious software:

  1. Use reputable and up to date anti-virus software.

  2. Only download programs from trusted sources.

  3. Not clicking online ads or email links and attachments.

Targeted Attacks Against An Organization's IT Security

Usually, the larger the organization, the more of an IT security threat there is against targeted attacks. Two examples are backdoor attacks and denial of service attacks.

  • Backdoor Attack: A hacker bypasses proper login methods.

  • Data Locking: Access to the organization's IT system is disabled. This is usually the case with ransomware.

What Kind of Data is at Risk From IT Security Attacks?

There is a lot of data a company or organization needs to protect on its IT system, such as

  1. Intellectual property

  2. Employee records

  3. Customer records

  4. Financial and banking information

  5. Operations software

About the Author

IT

Peter Sandru is an Instructor & Co-Founder of NDIL with over 15 years as a Professional Investigator. Peter has spent more than a decade conducting investigations and security operations throughout the world, primarily for corporations, law firms, and government agencies. Peter has assisted in the creation of numerous investigative & security training programs in various capacities