Implementation of new technical and electronic means brings a risk of information leakage. This makes storage of information difficult and highlights the importance of the implementation of innovative enterprise resources security against various means of cyberattacks. Business information assets are stored in network hardware and storage devices, and so are vulnerable to cyberattacks. Weak points in information assets security bring a negative impact by causing financial losses and worsening reputation and clients’ trust. The goal of implementing security measures is to secure information security targets, and various information, physical and service assets such as: servers, switches, routers, hubs, software, information about clients, employees and suppliers (credit card, phone number), web software, and so on.
Fig 1. The security metric as the core module of a security program
Current programs and web pages available in Internet have various vulnerabilities and are prone to attacks. Businesses have a problem with the increasingly various threats to information assets security.
Internet is treated as the primary threat for organizations, as criminals have the access to valuable information. Many threats are caused by weak points in an operating system, network operating system (NOS), OS and NOS configuration, network hardware, firewalls, etc. As the complexity of security threats keeps growing, organizations must take measures to avoid losses these threats cause.
The main measures to reduce security breaches are: vulnerability control, safe web content filtration, immediate incident processing, security trainings, etc. [1]
Technological revolution of information systems and communication means [2] increases concerns about protecting organizations’ information assets against threats. “For many organizations, information and technologies they support are the most valuable business resources.” One of main problems organizations face is how to decrease weak points in information security and protect information security targets.
Information security goals, confidentiality, integrity and accessibility, are the primary problem in information security level classification. Implementation of proper security measures and measuring their information security level will help organizations provide proper security and secure their data.
Every 11 seconds business suffers from ransomware [1]. An Internet user can be deceived or forced to download malware to the computer. The primary threats a business can face are: ransomware, spyware, and remotely-controlled viruses. They affect business’ performance and can cause substantial losses. As the loss of performance and its bankruptcy can be caused only by the first category of malware, encrypting ransomware, it will be examined in our theoretical research.
The virus encrypts popular types of user files: documents, accounting databases, photographs, etc. Decryption is usually promised for money, which means, one needs to transfer a certain amount of money to a mobile phone or a Bitcoin wallet. It should be noted that, while other viruses’ file destruction actions are undoable, an algorithm exists which tries to recover data. On the other hand, ransomware irreversibly destroys files without any chance to recover them [3].
After analyzing some examples of ransomware, we can define typical destructive actions of most ransomware and their steps of breaching an isolated network [4], especially: probing an enterprise network to get all required information for infection, launching the virus with bypassing security systems, cleaning penetration trails, etc.
Implementation of security measures helps organizations protect information, physical, and service assets and minimize security vulnerabilities. The results of the theoretical and research question have concluded that implementation of security measures is what organizations must do in order to reduce any possible loss caused by a security breach.
References
1. Attack Surface Reduction (ASR). [Online]. Access link: https://www.proarch.com/security-managed-services
2. Abdullah, Alshboul. (2010). Information Systems Security Measures and Countermeasures: Protecting Organizational Assets from Malicious Attacks. Communications of the IBIMA. 10.5171/2010.486878.
3. How Ransomware Works and How to Protect Against It. [Online]. Access link: https://tech-geek.ru/how-ransomware-works/
4. How We Fought Ransomware and How Much It Cost for Us. [Online]. Access link: https://www.olly.ru/blog/kak-my-zashchishchalis-ot-shifrovalshchika-i-skolko-eto-nam-stoilo/