Skip to ContentGo to accessibility pageKeyboard shortcuts menu
OpenStax Logo
Foundations of Information Systems

5.1 The Importance of Network Security

Foundations of Information Systems5.1 The Importance of Network Security

Learning Objectives

By the end of this section, you will be able to:

  • Determine the difference between information security and information privacy on a public or private network
  • Define the key principles and concepts of network security and their importance
  • Describe potential network vulnerabilities and threats

Network security is dynamic, requiring ongoing adjustments to counter rising vulnerabilities and threats. What may be considered safe today may not be in the future. The ever-changing nature of this field necessitates a comprehensive understanding of various technologies and advancements that influence security. The implications of a network security breach can be diverse, ranging from minor disruptions in operations, to severe data loss or compromise. Therefore, understanding the significance of network security can contribute to a larger societal benefit. It is important for IS professionals to have a conceptual understanding of network security, its mechanics, and why this protection is a key aspect of modern life, as well as the practical skills needed in securing a network.

Information Security and Information Privacy on a Public or Private Network

In the field of cybersecurity—which is the practice of protecting systems, networks, devices, and data from online threats—information security and information privacy are not identical terms, although they are related. On one hand, information security is the practice of protecting information by mitigating information risks and vulnerabilities, which encompasses data privacy, data confidentiality, data integrity, and data availability and employs methods such as encryption, firewalls, and secure network design. Its aim is to shield both organizational and individual data from unauthorized access or tampering. In contrast, information privacy involves the right and measure of control individuals have over the collection, storage, management, and dissemination of personal information. Information privacy involves policies regarding what data are collected, how they are stored, and who has access to share information.

The two domains of information privacy and information security are not static; they are influenced by technological advancements and emerging threats. This makes continuous learning and adaptation important for anyone interested in the field. Both students and seasoned professionals need to maintain their skills and understanding to keep up with advancements in the field. This may include learning about the latest encryption methods or understanding new data privacy laws that impact the organization.

Although both information security and information privacy are equally important, they tackle different aspects of data protection. Think of information security as a bouncer at a club. Its job is to keep unwanted guests out, so it uses tools such as encryption to hide the important data, firewalls to block unauthorized entry, and secure networks to chase away any intruders. Information privacy, then, is more like getting access to the VIP room inside that club. It manages who gets in, who sees what, and what goes on inside. Imagine you have a list of the criteria for who can access the VIP room. When you’re not updating it, you keep it locked in a special drawer that only you have the key to, thus keeping the contents private. But privacy also includes making sure unauthorized people do not know who is on that list, or even that it exists.

In short, information security is about guarding the perimeter and protecting your assets, while information privacy is about managing access and keeping sensitive data private. Both are essential, but they play different roles in keeping your digital world safe. At the core of both information security and information privacy is a foundational model in cybersecurity that ensures information is protected and readily available to authorized users, called the confidentiality, integrity, and availability (CIA) triad (Figure 5.2).

CIA Triad showing three corners in a triangle shape: Confidentiality, Integrity, and Availability.
Figure 5.2 The confidentiality, integrity, and availability (CIA) triad is the cornerstone framework for information security that aids in promoting the security and reliability of information systems. (attribution: Copyright Rice University, OpenStax, under CC BY 4.0 license)

The CIA triad is the backbone for creating cybersecurity systems, aiming to strike a balance between keeping things secure and ensuring that the people who are authorized to access the data and systems have access to it. As the name implies, the CIA triad is divided into three domains:

  1. The measures that are meant to prevent sensitive information from being accessed by bad actors or by those users who have not been granted access is called confidentiality. The intent is to keep data in the correct hands and away from those who want to cause harm or exploit information for nefarious purposes. Additionally, confidentiality addresses policies involving human error, such as users not keeping strong passwords, failing to secure sensitive information when not in use, and falling prey to scammers. Scams often involve phishing, which is a type of social engineering attack that appears as a trustworthy entity in digital communication but steals user data, such as login credentials and financial information. Two means of applying confidentiality to an IT system are encryption and access controls.
  2. Preserving the fidelity of data over its life cycle is called integrity. Any alteration to database tables, user records, or other data can be very damaging, often causing legal ramifications or loss of operations. Two means of maintaining the integrity of data are hashing and digital signatures.
    • The process of converting data into a fixed-size string of characters, typically used for security purposes to ensure data integrity, is called hashing. Hashing can verify the authenticity of a file by assigning a hash algorithm, such as Secure Hashing Algorithm 256 (SHA-256) that has a 64-character hexadecimal hash value assigned to the file by the algorithm. This results in a hash of characters that represent every point of data in the file, bit by bit. Even the smallest change in the file results in a drastically different chain of characters.
    • An electronic signature that uses cryptographic techniques to provide authentication and ensure the integrity of the signed digital document or message is a digital signature. They are used in online documents such as emails, bank documents, and online forms, and employ the public key infrastructure (PKI) to protect the confidentiality and integrity of data during transit. This method works by supplying a public and private key to each user transmitting information. Aside from protecting the confidentiality and integrity of data during transit, this framework helps to verify the authenticity of a file and its sender.
  3. Ensuring that authorized users can access resources such as networks, databases, and other systems is called availability. This part of the triad often encompasses disaster recovery and response plans. There are several ways to maintain availability, such as keeping up with upgrades on equipment and software, maintaining backups in case of an attack or system failure, and ensuring that redundant systems are in place to protect the IT system.

Think about the CIA triad like this: Imagine you have a personal diary, and you want to make sure nobody else can read it. When you’re writing in it, you want to be able to access it easily, but when you put it away, you want to feel confident that no one else can access it.

Storing your diary in a safe when you’re not using it is a way of keeping it confidential. You could also put a seal on it, so if someone does try to tamper with it, you’ll know; that’s maintaining its integrity. Keeping the safe somewhere close, so you can get to your diary whenever you need it ensures that it is always available to you. This way, you’ve covered all the bases of the CIA triad.

Information Security

When we think of data, most of us envision pictures, documents, and videos. However, data come in all sorts of formats, types, and sizes. While our media is an important piece of the data puzzle, other types are equally important. Consider the security of passwords, bank account information, employee records, and text messages. These types of data also require both information security and information privacy. For example, in a workplace setting, protecting employee information involves encrypting sensitive data (information security) and implementing privacy policies to regulate who can view or modify this data (information privacy).

Moreover, the landscape of data protection is becoming increasingly complex with the rise of generative AI. Most organizations use generative AI, but only a third of them implement protection from generative AI threats because most companies do not fully understand the dangers. Currently, generative AI benefits attackers more than organizations, but that may change in the near future.1 This intersection of advanced technology with traditional data types underscores the critical need for robust security measures. Acknowledging opportunities and threats posed by generative AI, blockchain, and other emerging technologies can help in developing more effective strategies to safeguard all forms of data.

Intellectual Property

Creations of the mind that are protected by law from unauthorized use or replication are called intellectual property (IP). It can include inventions, literary and artistic works, designs, symbols, names, and images used in commerce. IP is often a target for cybercriminals and nation-state threat actors looking to steal technology for their own benefit. Imagine dedicating years of research and millions of dollars to an expensive project only to lose the information to a hacker in minutes. Unfortunately, hackers may still be able to bypass security controls to access an organization’s IP.

Financial Data

Financial data are considered sensitive information, which is data that require high levels of confidentiality and security. Sensitive data can include financial data related to transactions and personal finance details, and employee data involving personal and professional details. Protecting this information is crucial to helping organizations prevent fraud, maintain stakeholder trust, and comply with governmental regulations. Security measures used to protect financial data often use a layered approach beyond firewalls and encryption that combines multiple security barriers and includes rigorous auditing and multi factor authentication.

Employee Data

Personally identifiable information, such as Social Security numbers and addresses, constitutes an entity such as employee, customer, or student data. Although they may not seem very sensitive, these data are valuable to hackers for identity theft, corporate espionage, harassment, and extortion. Organizations must use measures such as encryption and the principle of least privilege to protect this information.

Network Configurations

Network configurations are the physical and logical elements that form a network, such as servers, routers, switches, and software. A server is a powerful computer or computer program that provides data to other computers (clients) over a network. A router is a device that forwards data packets to the appropriate parts of a computer network. A switch is a device that connects and segments various components within a local network. Access to these systems by bad actors or rogue employees can have dire consequences for an organization. Unauthorized access to network configuration data could allow an attacker to map out a network, identify weaknesses, and access private customer information.

Internet protocol addresses, along with media access control addresses, are essential elements of a network that require protection. An internet protocol (IP) address is a unique identifier that allows a computer to be addressed in order to communicate on the internet. A media access control (MAC) address is a unique identifier that allows a computer to be addressed in order to communicate within a local area network. To gain unauthorized access to a network, attackers often use a technique called port scanning for penetration or determining an entry point. These scans allow an attacker to gather information about a network such as the unique addresses of each of the components connected. With this information, hackers can spoof addresses, which allows them to blend into the network undetected. To protect IP addresses and equipment identifiers, organizations use VPNs or proxy servers to mask IP addresses and create a secure tunnel for employees accessing information from remote locations. Passwords account for the largest vulnerability to a network due to the human factor involved. According to Security Magazine, close to 75 percent of users are at risk for compromise due to weak password practices.2 Additionally, it is also estimated that nearly 80 percent of data breaches are caused by poor password management. To prevent attacks due to poor password practices, organizational leaders should implement the policies shown in Table 5.1.

Password Policy Description
Password standards Implement password length standards (at least eight characters) and encourage the use of complex passphrases.
Password expiration Impose periodic password expiration dates, requiring employees to change their passwords semiyearly or annually.
Multi factor authentication Use multi factor authentication to add another layer of protection by requiring an additional form of authentication, such as an access code.
Password policies Ban common passwords that can be easily used by attackers.
Table 5.1 Good Password Practices Best practices in securing data keep information safe from attackers.3

Information Privacy

Information privacy is a critical aspect of cybersecurity and encompasses the practices, policies, and regulations that are designed to protect people and systems from unauthorized access and harm. This includes protection from access to personally identifiable information (PII), health-care records, financial statements, and data from devices such as smartphones, smartwatches, and other wearable tech. Understanding the principles behind establishing and preserving information privacy is key to ensuring that data remains safeguarded while in transit and at rest.

Additionally, the concept of information privacy is based on a variety of policies and regulations that guide leaders and managers on how to safeguard sensitive information. As the scope of data needing protection continually expands, improvements are constantly being made to address the complexities of new, emerging technologies such as the Internet of Things (IoT), cloud computing, and artificial intelligence.

In addition, different sectors have their own specific frameworks and laws. In the United States, institutions such as hospitals or those who deal with sensitive medical information must adhere to the guidelines outlined in the Health Insurance Portability and Accountability Act of 1996 (HIPAA). In the education sector, educational institutions must adhere to the principles outlined in the Family Educational Rights and Privacy Act (FERPA).

HIPAA

Established in 1996, HIPAA was introduced by the Health and Human Services Department (HHS) to devise legislation that would protect the privacy of those seeking medical care. One part of HIPAA, the Privacy Rule, sets standards and guidelines for organizations that manage patient information and medical records of any kind. This includes health plans, health-care providers, health-care clearinghouses, and business associates.

HIPAA provides rigorous standards for companies that possess and interact with a vast range of protected health information (PHI), such as medical history, billing information, and patient identifiers. Moreover, HIPAA’s controls do not apply solely to medical providers, but rather to any entity that may possess or have access to patient data. This includes third parties who provide data hosting services, accounting firms, consultants, or any entity contracted to maintain hosting services such as patient portals and websites.

In addition to the Privacy Rule, HIPAA has a Security Rule, which works with the Privacy Rule to lay out the technical, administrative, and physical measures needed to protect electronic health information, thus tying into the larger world of information security protocols. Failure to comply with HIPAA can result in significant penalties, ranging from fines to criminal charges. These enforcement actions remind organizations to thoroughly adhere to the established guidelines and to continually update their practices.

FERPA

FERPA is a U.S. federal law that was enacted in 1974. Its main goal is to give parents and students who are 18 years and older some control over their educational records. Specifically, FERPA sets rules on who can access these records and under what circumstances. Educational institutions that receive federal funding are required to comply with FERPA’s mandates, and noncompliance could result in the loss of that funding.

FERPA gives students and their parents the right to access their educational records, correct any mistakes, and have a say in how that information is shared. While this sounds simple, the implementation can be complex. For example, schools must have written consent to release information, but there are exceptions such as cases involving subpoenas or emergencies. It is important to note that not all information is protected under FERPA. Some types of directory information, such as a student’s name, address, and telephone number, can be released without explicit consent, unless the student or parent opts out.4

To understand how FERPA protects academic information, consider a student attending a college away from home whose parents demand to know their student’s test scores, homework assignments, and regular activity in classes. Under FERPA guidelines, if the student is 18 years old or older, the only one who can release that information to the parents is the student. Their parents would have no access to this type of information from the school without the student’s explicit permission, except in health or safety emergencies.

Key Principles and Concepts of Network Security

In the complex world of cybersecurity, it is important for everyone to understand the foundational principles of the threats to digital security and the ways to safeguard digital assets. Whether you are a student, a new employee, or a boardroom executive, having a firm grasp on the key principles can help protect you from digital harm.

Imagine you’re setting up a home network. You notice that your devices receive different IP addresses from time to time. This is because many IP addresses are dynamic, changing with each connection. Now, visualize managing a large corporate network where stability and reliability are critical. Here, a company can use a static IP address, which is a permanent address assigned by an administrator that remains the same over time and is essential for services such as hosting servers, email servers, and network devices, or when remote access is required.

The consistency of a static IP address allows for reliable and straightforward network management, as well as easier implementation of security measures because the address can be precisely identified and controlled. Static IP addresses are used primarily for servers and network equipment. A dynamic IP address is one that is assigned each time a device connects to the internet and changes periodically, although not necessarily every time the device connects. This type of IP addressing is commonly used in residential and small business settings, where internet service providers (ISPs) assign these addresses to customers, and in larger companies for their client machines. Dynamic IP addressing is highly efficient for ISPs as it allows for the reuse and reallocation of a limited pool of IP addresses, optimizing the use of the IP address space, especially given the vast number of devices connecting and disconnecting from the internet.

The Internet Protocol version 4 (IPv4) is the fourth version of the fundamental protocol used for identifying devices on a network and routing data between them over the internet. It consists of four 8-bit groups that make up 32 bits total. In any given IP address under the IPv4 system, the range cannot exceed 256 in any 8-bit group; however, due to system limitations, addresses normally range from 0 to 255. The Internet Protocol version 6 (IPv6) has eight hexadecimal groups that allow up to 128 bits. There are many differences between these standards. For example, IPv6 can supply more security and a nearly limitless number of IP addresses (7.9 × 1028). IPv6 is more secure than IPv4 because it was designed with built-in support for Internet Protocol Security (IPsec), which is a suite of protocols that provides end-to-end encryption and secure data exchange. Additionally, its massive address space allows for more efficient address allocation, reducing the risks of IP conflicts and improving overall network reliability.

Both IPv4 and IPv6 addresses often come accompanied by a subnet mask, which is an address used in routing and network organization that divides the IP address into network and host addresses. One method for allocating IP addresses is classless inter-domain routing (CIDR), which routes IP packets more efficiently than traditional classful IP addressing. CIDR is a key element of the IPv4 addressing method, as it increases efficiency and security by permitting the “borrowing” of bits of information to create a new range of IP addresses to form a subnet, which is a logically visible subdivision of an IP network. The subnet mask and CIDR help in segregating the network portion of an IP address from the host portion. This segregation is important for routing and for defining network boundaries, as it permits for the proper distribution of information and traffic to the intended recipient.

Another vital aspect of IP addressing is the way these addresses are allocated and managed. IPv4 addresses were developed in 1981 and were initially distributed in an erratic manner, leading to inefficient use of the address space. In contrast, IPv6 addresses are allocated based on a more hierarchical and organized structure, allowing for easier management and better security protocols. This process is managed by several organizations globally, such as the Internet Assigned Numbers Authority (IANA) and the five Regional Internet Registries (RIRs), ensuring a standardized approach to address allocation.

The Domain Name System (DNS) translates human-readable domain names to IP addresses, allowing users to access websites using familiar names. Essentially, it acts like a directory of the internet. This process is fundamental to web navigation, as it makes it possible for people to access information online without needing to remember complex numeric addresses. Just like a contact list keeps numbers, a DNS keeps IP addresses. Also, just like a contact list, these numbers must be updated frequently as people and equipment change. Figure 5.3 depicts how a DNS matches the client’s computer (i.e., IP address) to an organization’s website. While DNS is integral to web navigation, it can be exploited for malicious purposes, such as DNS spoofing, an attack where hackers corrupt DNS servers to redirect traffic to another server or website.

Steps aligning correct IP address to URL: Search website; Query made to DNS servers from computer; Outside DNS servers contacted; Records associating IP address to domain retrieved; Website displayed in browser.
Figure 5.3 A DNS helps to identify and align the correct IP address to the URL. (attribution: Copyright Rice University, OpenStax, under CC BY 4.0 license)

It is crucial to implement DNS security measures to mitigate vulnerabilities. One way is to use Domain Name System Security Extensions (DNSSEC), a suite of extensions that add security by enabling DNS responses to be digitally signed and verified. This verification process helps in safeguarding against DNS spoofing and other types of DNS-based attacks. Furthermore, securing DNS resolvers with threat intelligence that prevents users from accidentally visiting sites that could compromise their security can also help block known malicious domains. Implementing these advanced DNS security measures is increasingly considered best practice in both professional and consumer settings. One type of threat DNSSECs can prevent is those involving DNS spoofing, such as a man-in-the-middle (MitM) attack, which is one that manipulates the DNS to redirect a website’s traffic to a different IP address, often controlled by the attacker. This allows the attacker to intercept and potentially modify the communication between the user and the intended website.

Another fundamental concept in network and information security is encryption, which transforms legible data into a coded format, making it unreadable to unauthorized entities. The encrypted data can only be converted back into its original format, a process called decryption, with the proper cryptographic key, which is a string of data used by encryption algorithms to encrypt and decrypt data. Encryption is particularly effective for safeguarding sensitive information during transmission or storage, making it an important tool for protecting data privacy and integrity.

The two most common types of encryption are symmetric and asymmetric. With symmetric encryption, the same key encrypts and decrypts the data. This approach can quickly and easily handle a lot of data all at once. The tricky part, though, is that both parties need to have the key, and sharing it securely can be challenging. In asymmetric encryption, also known as public-key cryptography, a public and a private key secure the connection. This eliminates the need to securely share a key, but it is slower than symmetric encryption. Each type of encryption serves specific use cases: symmetric is often used for data at rest, and asymmetric for data in transit. Asymmetric encryption is used in Secure Sockets Layer (SSL), a communication protocol that establishes a secure connection between devices or applications on a network by encrypting data sent between a browser and a website or between two servers, and Transport Layer Security (TLS), an updated version of SSL that uses an encrypted tunnel to protect data sent between a browser, a website, and the website’s server. TLS prevents unauthorized access to messages and protects against hackers hijacking connections. The standard symmetric encryption algorithm used globally to secure data, known for its speed and security, is advanced encryption standard (AES), while RSA encryption is a commonly used asymmetric cryptographic algorithm used for secure data transmission that is particularly useful in public-key cryptography.

The mechanism of authentication is the process of verifying the identity of a user, application, or device trying to access a network or system, often through credentials such as passwords or digital certificates. This can range from simple methods such as username and password combinations to more sophisticated techniques involving multi factor authentication (MFA), which is a security measure that requires users to verify their identity using multiple forms of credentials, such as a password, a security token, or biometric data, to access a system. MFA might require something you know (password), something you have (a mobile device for a token), and something you are (biometrics such as a fingerprint). Proper authentication methods are vital to ensuring that only authorized personnel have access to sensitive data and systems. However, if mismanaged, they could also become a massive security risk, such as if someone gained access to your biometric data to imitate your likeness.

Other key components in network security include firewalls, intrusion detection systems (IDSs), and virtual private networks. A virtual private network (VPN) is a service that creates a secure, encrypted connection over a less secure network, typically the internet, ensuring private data remains protected. A firewall is a network security system that uses security rules to monitor and control incoming and outgoing traffic, typically between a trusted network and an untrusted entity (such as local area networks or the internet). Intrusion detection systems (IDSs) are more advanced in their capability, as they use pattern detection. Firewalls are mostly a preventive measure, whereas IDSs are a detective measure. IDSs can watch network traffic to detect anomalies that could be a security breach. VPNs, on the other hand, are network configurations that can supply a secure virtual tunnel for data transmission, often used for establishing secure remote access to a network. Think of a VPN as a private, secure, virtual tunnel through the internet. This tube ensures that no one can intercept or access the data during its journey. Similarly, a VPN encrypts your internet connection, creating a secure tunnel that protects your data from hackers, spies, and other potential threats, ensuring that your online activities remain private and secure. Together, these technologies form the foundational layers of a comprehensive network security architecture, each serving a specific role but collectively contributing to the robustness of the entire system.

Network Vulnerabilities and Threats

Network vulnerabilities and threats are critical issues that impact the security posture of any organization. Weak configurations, outdated software, and lax security policies often make networks susceptible to a range of malicious activities. Understanding these vulnerabilities is a fundamental step in fortifying a network’s defenses.

Types of Network Vulnerabilities

When it comes to network security, software vulnerabilities often serve as an open door for attackers. A software vulnerability is a weakness or flaw within a software system, particularly in outdated or unpatched systems, that can be exploited by cybercriminals to gain unauthorized access or to disrupt the software’s normal functioning. Outdated software and unpatched systems are particularly risky because they may have known flaws that have not been addressed, making them a target for cybercriminals. Imagine your software as a building: If everyone knows there is a broken lock on one of the doors, it is only a matter of time before an unauthorized individual enters. Therefore, keeping software up to date is essential.

Several new vulnerabilities have been introduced into the digital world with the advent of artificial intelligence (AI), the branch of computer science focused on creating intelligent machines capable of performing tasks that typically require human intelligence, such as visual perception, speech recognition, decision-making, and language translation. One beneficial use of AI is to generate complex passwords. However, the technology can also be used in damaging ways. For example, computer-generated voices have increased robocalls, causing excess cell network traffic, and have been used by attackers to exploit and steal money from victims in social engineering attacks. Attackers have also used this same technology to crack passwords through brute-force attacks.

Software updates not only provide new features and improve system performance, they also often deliver critical patches that resolve these vulnerabilities. Cybersecurity demands continuous monitoring and control from a proactive and reactive perspective. Unpatched systems may function normally, which can lead to a false sense of security. Breaches of such systems can compromise the entire network’s integrity. The risks include unauthorized data access, identity theft, or even denial of service attacks that can bring business operations to a halt. By understanding the risks posed by software vulnerabilities, organizations can make educated decisions about how to protect their network assets effectively.

Hardware Vulnerabilities

Hardware vulnerabilities can be just as dangerous as software vulnerabilities, but they are often overlooked. A hardware vulnerability is a weakness or flaw within the physical components of a network, such as routers or IoT devices. For example, unsecured routers and other networking devices can be weak points in an organization’s cybersecurity defenses. Imagine a router that’s still using the default password or is not properly configured; it becomes an easy target for cyberattacks. While it may seem trivial, the hardware that connects your network to the outside world should be as secure as the information it is supporting.

Issues can also arise with IoT devices. These gadgets, such as smart thermostats and smart coffee makers, are increasingly popular but are not always designed with security in mind. Even in an environment where computer systems are well protected, these seemingly harmless devices can be weak points for cyber threats. Without robust security measures, such as strong passwords and regular firmware updates, IoT devices can be manipulated to spy on an organization or serve as a launch pad for broader network attacks. Recognizing these hardware vulnerabilities is the first step toward developing a more comprehensive approach to network security.

Configuration Issues

Poor configuration can be a significant threat to security. Default settings on hardware and software are especially dangerous because they often turn into easy entry points for cybercriminals. For instance, leaving administrative credentials at their factory settings can provide an all-access pass into sensitive systems, compromising the entire network’s integrity. Similarly, poorly configured firewalls can be likened to having a state-of-the-art lock but leaving the key under the mat. Even advanced intrusion detection systems become largely ineffective if the firewall rules are not appropriately configured to filter malicious or unnecessary traffic. Poor configurations can lead to unauthorized access, data leaks, and theft of sensitive information.

Real-world incidents have underscored these risks. In 2017, the WannaCry ransomware attack exploited a vulnerability that could have been mitigated with proper security configurations.5 The malicious software that encrypts users’ files such as photos, documents, or other sensitive information and demands a ransom for their release is called ransomware. The WannaCry ransomware attack exploited a vulnerability in Microsoft Windows known as “EternalBlue,” which allowed the attack to spread across networks, encrypting files along the way (Figure 5.4). Microsoft published a fix for the vulnerability; however, many organizations were slow to make the update, which ultimately resulted in organizations losing billions of dollars. Additionally, numerous data breaches have occurred due to misconfigured cloud storage solutions, exposing sensitive customer data to the public.6 These incidents serve as cautionary tales, highlighting the need for mindfulness in system and network configurations.

Screenshot of ransomware message with directions for payment to unlock encrypted files.
Figure 5.4 Ransomware such as Eternal Blue is malware that encrypts a user’s files and demands payment in return for the decryption key. (credit: “Petya (malware)” by Petya/Wikimedia Commons, Public Domain)

Ensuring proper configuration is not just a task for the IT department but requires an organization-wide commitment to adhering to the best practices in cybersecurity. Properly configured settings are the first line of defense in a multilayered security approach, and lapses in this area can have catastrophic implications for any organization.

Types of Network Threats

As we navigate our day-to-day online activities at work, school, or home, there are multiple threats that we must mitigate for our safety. Threats from natural disasters and storms can disable a network, and threats from an external attacker can result in loss of operations or theft. Moreover, an internal threat that originates from within an organization can result in sabotage, data loss, or network compromise. There are three types of network threats: environmental, external, and internal, as Figure 5.5 illustrates.

Types of Network Threats: Environmental (Natural disasters, Hardware failures), External (Cybercriminals, State-sponsored attacks), Internal (Disgruntled employees, Human error).
Figure 5.5 Network threats typically fall into three categories: environmental, external, and internal. (attribution: Copyright Rice University, OpenStax, under CC BY 4.0 license; credit top left: modification of work “Noun storm 2616921” by Uswatun Hasanah/Wikimedia Commons, CC BY 4.0; credit top middle: modification of work “Noun Project 469419 Run Icon” by Gregor Cresnar/Wikimedia Commons, CC BY 3.0; credit top right: modification of work “Noun frustration Luis 163554” by Luis Prado/Wikimedia Commons, CC BY 4.0; credit bottom left: modification of work “API - The Noun Project” by “Five by Five”/Wikimedia Commons, CC0 1.0; credit bottom middle: modification of work “Noun Project problems icon 2417098” by “Template, TH”/Wikimedia Commons, CC BY 3.0; credit bottom right: modification of work “Noun confused 274449” by Ben Davis/Wikimedia Commons, CC BY 4.0)

Environmental and External Threats

An environmental threat in cybersecurity is an uncontrollable external factor such as a natural disaster or hardware failure that can damage data centers and disrupt business operations. These threats often get overshadowed by the dramatic nature of hacker attacks and internal espionage, yet their impact can be equally catastrophic. For instance, natural disasters such as earthquakes, floods, or hurricanes can severely damage data centers that host critical information and applications. The inability to access or recover this data not only interrupts business operations, but can also have legal and reputational ramifications. Moreover, as these calamities are beyond human control, they are particularly difficult to mitigate. In recent years, the increasing frequency of extreme weather events attributed to climate change has escalated this environmental risk, necessitating an urgent review and adaptation of existing disaster recovery and business continuity plans.7

Another common environmental threat is hardware failure. Servers, storage systems, and networking equipment can wear out over time. Without proper monitoring and maintenance, these failures can cause data loss or service interruptions. Unlike natural disasters, hardware failures are often preventable through regular inspections, timely upgrades, and redundancy systems. Many organizations employ real-time monitoring tools that alert them to potential hardware issues before they escalate into full-blown failures. Nonetheless, the commonplace nature of these threats should not lead to complacency; both natural disasters and hardware failures require strategic planning, investment in robust infrastructure, and ongoing vigilance to ensure organizational resilience.

An external threat in this context refers to a threat that originates from outside an organization, typically posed by cybercriminals or state-sponsored attackers who aim to exploit vulnerabilities for financial or strategic gain. Cybercriminals often appear as resourceful yet malicious actors who continually refine their tactics to evade detection and maximize their gains. Various methods, such as phishing schemes, malware deployment, and ransomware attacks, are among their preferred tools. These individuals or groups are not the only external threats, however; state-sponsored attacks present an even more daunting challenge. Orchestrated by nations aiming to steal critical information or disrupt infrastructures, these attacks benefit from considerable resources and advanced capabilities, turning cybersecurity into a complex game of geopolitics.8

Understanding the techniques of these external threats is necessary for developing effective defensive measures. For example, a common method used by cybercriminals is social engineering, which involves manipulating employees into revealing sensitive information, often leading to unauthorized system access. At the other end of the spectrum, state-sponsored attacks might employ highly sophisticated methods such as advanced persistent threats (APTs) to gain and maintain long-term access to target networks. These types of threats can include software such as a rootkit or malware. A rootkit enables attackers to have access to a system by masquerading as operating system processes, and malware is malicious software designed to damage, exploit, or infect systems, or otherwise compromise data, devices, users, or networks, using viruses, worms, and spyware that is installed into the basic input-output system (BIOS) of a computer. While cybercriminals are motivated primarily by financial gains, state-sponsored actors often have a more complex agenda, which could include espionage, destabilization, or strategic advantage. This complexity demands a full understanding, not just of the technological aspects of these threats, but also of the political dimensions that underlie them.

Internal Threats

An internal threat is one that originates from within an organization, such as disgruntled employees or poor security training for employees resulting in social engineering attacks. In cybersecurity, internal threats are particularly tricky because they relate to the risk of someone inside a company using their access to systems to cause damage or steal data. While organizations spend a lot on protecting their assets from external hackers, the risks from within can be just as damaging. Disgruntled employees, for instance, already have access to the organization’s network and thus can bypass one of the organization’s first lines of defense. As the motivations of such people can range from revenge to financial gain, they function as unpredictable actors within the cybersecurity landscape. To further complicate matters, insider threats may not even be intentionally malicious; they could simply be employees who unknowingly compromise security through poor practices, such as using weak passwords or falling victim to phishing scams.

Understanding the risks from internal threats means thinking beyond just technical fixes. The human factor is an important factor. Organizations must create a workplace where employees feel comfortable talking about their concerns. This can help reduce the chances of anyone becoming disgruntled. Simultaneously, companies must implement robust monitoring systems to identify unusual activity that could signal an internal threat. By recognizing the multifaceted nature of internal threats, organizations can develop a holistic strategy that integrates technological, psychological, and administrative measures to safeguard their assets.

Future Technology

The Future of Cyberattacks

Emerging technologies such as quantum computing and AI pose novel threats that organizations must prepare for. Quantum computing, a method of computing that uses qubits (a measurement of four states as opposed to two), with its unparalleled computational speed, has the potential to break existing encryption algorithms, rendering most current data protection measures obsolete. Initiatives such as post-quantum cryptography are in the works to counter this impending threat, but widespread adoption and implementation remain a challenge.

Alternatively, AI-driven cyberattacks are becoming increasingly sophisticated. Advanced machine learning algorithms can quickly analyze network vulnerabilities and execute complex attacks with little to no human intervention. Moreover, these algorithms can adapt and learn from each cyberattack, making them more effective with each iteration. This intensifies the need for cybersecurity measures to evolve in tandem, incorporating AI-driven threat detection and response systems that can match the capabilities of next-generation threats. Therefore, staying abreast of these future trends is not just advisable; it is imperative for long-term security resilience.

Footnotes

  • 1Jim Tyson, “Only One-Third of Firms Deploy Safeguards Against Generative AI Threats, Report Finds,” Cybersecurity Dive, May 13, 2024, https://www.cybersecuritydive.com/news/generative-ai-safeguards-splunk/715897/
  • 2Security Staff, “3 in 4 People at Risk of Being Hacked Due to Poor Password Practices,” Security, June 21, 2023, https://www.securitymagazine.com/articles/99529-3-in-4-people-at-risk-of-being-hacked-due-to-poor-password-practices
  • 3“Password policy recommendations for Microsoft 365 passwords,” Microsoft, last modified May 28, 2024, https://learn.microsoft.com/en-us/microsoft-365/admin/misc/password-policy-recommendations?view=o365-worldwide
  • 4U.S. Department of Education, “FERPA: 34 CFR PART 99 --Family Educational Rights and Privacy,” accessed January 31, 2025, https://studentprivacy.ed.gov/ferpa
  • 5Josh Fruhlinger, “WannaCry Explained: A Perfect Ransomware Storm,” CSO, August 24, 2022, https://www.csoonline.com/article/563017/wannacry-explained-a-perfect-ransomware-storm.html
  • 6Edward Kost, “Top 5 Security Misconfigurations Causing Data Breaches,” UpGuard, updated November 18, 2024, https://www.upguard.com/blog/security-misconfigurations-causing-data-breaches
  • 7Renaud Guidee, “The Next Decade Will Be Defined by Climate Change and Cyber Risk,” World Economic Forum, October 7, 2021, https://www.weforum.org/agenda/2021/10/the-next-decade-will-be-defined-by-climate-change-and-cyber-risks/
  • 8Adam Hunt, “State-Sponsored Cyberattacks Aren’t Going Away—Here’s How to Defend Your Organization,” Forbes, May 10, 2021, https://www.forbes.com/sites/forbestechcouncil/2021/05/10/state-sponsored-cyberattacks-arent-going-away---heres-how-to-defend-your-organization/?sh=7acb1aad230b
Citation/Attribution

This book may not be used in the training of large language models or otherwise be ingested into large language models or generative AI offerings without OpenStax's permission.

Want to cite, share, or modify this book? This book uses the Creative Commons Attribution-NonCommercial-ShareAlike License and you must attribute OpenStax.

Attribution information
  • If you are redistributing all or part of this book in a print format, then you must include on every physical page the following attribution:
    Access for free at https://openstax.org/books/foundations-information-systems/pages/1-introduction
  • If you are redistributing all or part of this book in a digital format, then you must include on every digital page view the following attribution:
    Access for free at https://openstax.org/books/foundations-information-systems/pages/1-introduction
Citation information

© Mar 11, 2025 OpenStax. Textbook content produced by OpenStax is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike License . The OpenStax name, OpenStax logo, OpenStax book covers, OpenStax CNX name, and OpenStax CNX logo are not subject to the Creative Commons license and may not be reproduced without the prior and express written consent of Rice University.