Threats of e commerce information security can arise mainly as a result of computer crimes, actions of professional hackers, acts of sabotage, as well as errors of maintenance personnel, equipment malfunctions and natural disasters.
Computer crimes (industrial espionage)
Industrial espionage is a source of threats of e commerce aimed at unlawfully mastering the commercial secrets of enterprises with the aim of using the confidential information contained in them to gain advantages in entrepreneurial activities or to organize subversive actions against a competitor (rivals). As subjects of industrial espionage it could be:
1. firms as competitors;
2. creditors who are afraid of investing in insolvent enterprises;
3. firms-buyers seeking to purchase goods at a lower level price;
4. firms-sellers of raw materials, equipment and components, setting the goal of obtaining the maximum possible profit
6. criminal elements, preparing the ground for physical acquisition
7. property through assault and extortion
Professional hackers. These are the most qualified attackers who are well versed in computer technology and communication systems. Their goal is to identify and overcome the protection system, to study the capabilities of the computer system and then to leave, having established themselves in the possibility of achieving the goal.
Acts of sabotage. Acts of sabotage can arise as a result of dissatisfaction of employees of the company and enterprises with their official and material situation, as well as mental disorders.
Errors of attendants. Threats to e commerce security can arise from human errors during the operation of computer networks, during repair work and unskilled or careless management of the computing process.
Hardware failures. In the process of functioning of computer networks, there may be malfunctions in the operation of hardware and software of computer facilities and communication lines. Random malfunctions can lead to loss, distortion of information or unauthorized access to it, therefore they are considered as a source of threats of e commerce information security.
Natural disasters. This source of threats of e commerce to computer networks includes such natural phenomena of nature as earthquakes, floods, fires (lightning), hurricanes, etc.
The main sources of threats to e commerce information security are divided into intentional (intentional) and random (unintentional). Intentional threats are actions of people prohibited by law, aimed at gaining access to protected information. Random threats can come from such sources of threats as errors in personnel activities, equipment malfunctions and natural disasters. For the purposes of access or the impact of threats to information, the following types of threats of e commerce are identified:
· interception (leakage) of information; distortion (modification) of information; the imposition of false (fake) information; destruction of information; blocking access to information.
· Threats to information leakage. The main sources of this type of threat are industrial espionage.
· Threats of distortion of information. Modification (distortion) of information processed by means of technical means is a deliberate or accidental act that leads to a change in the content of information. Sources of this type of threats can be acts of sabotage, errors in the activities of personnel, equipment malfunctions.
· Imposing false information. Forgery of information processed by means of technical means is deliberate actions to modify (create false) information, aimed at influencing decisions made on the basis of this information.
· Threats to the destruction of information. Destruction of information processed by means of technical means is an event consisting in the fact that information ceases to exist physically for the owner of information.
· Blocking access to information. Blocking of information processed by means of technical means is an action, as a result of which information becomes inaccessible to entities that have the right of access to it. Passive and active methods are distinguished by ways of arranging threats. A passive method is a way to implement threats without compromising the integrity of the computer network and any impact on its elements. With the active method, the source of threats contacts the elements of the computer network through some kind of impact. The advantage of passive methods is that they are usually harder to detect. Passive ways to implement threats to information security include unauthorized access to information by regular means using: errors in assigning powers to users; malfunctions in the equipment; errors in the software; analysis of the flow of users' access to information (even if the information remains hidden) for the development of access methods.
Active methods of implementing security threats to e business information with software include methods based on:
· circumvention of existing protection mechanisms;
· unauthorized expansion of their powers on access to information;
· modification of the software by adding new functions;
· blocking the work of applied or system-wide software;
· hidden transmission of some information;
· change log of work registration for imposing false information.
Active actions of an attacker can lead to the destruction of computing facilities, as well as to the imposition of false information, such as: the refusal of the fact of the formation (transfer) of information: the statement about the receipt of information from some user, although in fact it is formed by the infringer; the statement that the recipient at a certain point in time was sent information that was not actually sent (or was sent at another time); refusal to receive information that was actually received, or giving false information about the time it was received. To avoid such problems with ecommerce security and don’t give a chance for hackers to steal the data, work with the appropriate platforms and use TEA Software services to be sure that your online store is under a good protection.
In general, the plan for implementing access to information is generated by an attacker on the basis of an assessment of the following initial factors:
· the thematic focus of the information of interest;
· information about the system of security measures;
· data on the shortcomings of information security tools;
· technical and software security breach
· access to technical means and their communications, which are
· sources of informative signal;
· the ability to access the software.
· information about message templates, the types of codes used in various
· technical means, but they are hidden, because they are collected on the basis of
· mass-serial equipment, the characteristics of which are known.
Go on and read more about possible ways to prevent and deal with security threats of e commerce in the modern world of online trade.