Cmgt 400 – Common Information Security Threats
Common Information Security ThreatsCMGT 400 The internet is still expanding and growing more quickly and profoundly than most could imagine. Due to the rapid growth and the aspect that every day activities are intertwined within causes a great many vulnerabilities and consequently increase in threats. Criminals, governments, and curious patrons are leveraging security on major websites making headlines with obvious breaches that expose a good deal of information. Information Security is of the utmost priority for any business, institution, or group that utilizes the internet. At this point larger organizations with more resources are more susceptible to compromise in larger part due to the attraction of challenge or benefit of even minor information leaching. Amazon is a large company with a spectacular rise and a hefty reliance on the internet as well as technologies encompassing the network. Amazon began in 1995 and went public in 1997. “Amazon flourished with yearly sales that jumped from $510,000 in 1995 to over $17 billion in 2011” (Jeff Bezos Biography, 2015). Amazon spans the globe with services and products through Amazon.com and other associated sites (Amazon, 2012). Amazon has persisted for 20 years with continual success. The success of the company comes from adoption of several developments one of these is notably ventures in information security. Amazon maintains information in regards to the company operation and its customers on servers globally. This information is vast and sensitive as it includes personal information of customers. Information Amazon sustains includes product information, customer account data, financial records, computing controls, and peer reviews (Amazon, 2012).
Regardless of impenetrable defenses there is always risk to a business’s information due to advancing technologies and continuing pursuit of exploits. One example occurred August 7, 2012, a hacker named Phobia compromised a wired magazine reporter’s Amazon account. Information was subsequently deleted from other accounts using the Amazon passage. The exploit used allowed the hacker to reset passwords by using the stolen information through the customer service phone line (Kerr, 2012). Amazon returned, “We have investigated the reported exploit, and can confirm the exploit has been closed as of yesterday afternoon” (Kerr, 2012). These attacks are constant and pervasive. A major security breach targeted Zappos.com, an Amazon subsidiary, compromising 24 million accounts. Account information such as billing addresses, shipping addresses, phone numbers, and email were pilfered (Vilches, 2012). Tony Hsieh, Zappos CEO, addressed the incident writing that hackers accessed the internal network leading to a channel to the server in Kentucky. Another case in 2011 found a colossal security failing in Amazon’s service for the cloud (Hickey, 2011). Researchers identified scripting through sites and signature wrapping which allowed hackers to gain access to customer accounts. Additionally the password system showed flaws were older passwords would be accepted if they were nearly to correct (Snyder, 2011). Amazon invaders, such as hackers that directly target the site, are a significant threat both in operations and public credibility. While remote attacks are a concern physical security is imperative in order to prevent direct access to the infrastructure. A breach to the internal network of this sort can have irreparable damage because of the level of extensiveness in unsanctioned access.