Page 336 -
P. 336
Chapter 8 Securing Information Systems 335
In general, cyberwarfare attacks have become much more widespread,
sophisticated, and potentially devastating. There are 250,000 probes trying to
find their way into the U.S. Department of Defense networks every hour, and
cyberattacks on U.S. federal agencies have increased 150 percent since 2008.
Over the years, hackers have stolen plans for missile tracking systems, satellite
navigation devices, surveillance drones, and leading-edge jet fighters.
Cyberwarfare poses a serious threat to the infrastructure of modern societ-
ies, since their major financial, health, government, and industrial institutions
rely on the Internet for daily operations. Cyberwarfare also involves defend-
ing against these types of attacks. The Interactive Session on Organizations
describes some recent cyberwarfare attacks and their growing sophistication
and severity.
INTERNAL THREATS: EMPLOYEES
We tend to think the security threats to a business originate outside the
organization. In fact, company insiders pose serious security problems.
Employees have access to privileged information, and in the presence of
sloppy internal security procedures, they are often able to roam throughout an
organization’s systems without leaving a trace.
Studies have found that user lack of knowledge is the single greatest cause
of network security breaches. Many employees forget their passwords to access
computer systems or allow co-workers to use them, which compromises the
system. Malicious intruders seeking system access sometimes trick employees
into revealing their passwords by pretending to be legitimate members of the
company in need of information. This practice is called social engineering.
Both end users and information systems specialists are also a major source
of errors introduced into information systems. End users introduce errors by
entering faulty data or by not following the proper instructions for process-
ing data and using computer equipment. Information systems specialists may
create software errors as they design and develop new software or maintain
existing programs.
SOFTWARE VULNERABILITY
Software errors pose a constant threat to information systems, causing untold
losses in productivity. Growing complexity and size of software programs,
coupled with demands for timely delivery to markets, have contributed to an
increase in software flaws or vulnerabilities. For example, a software error in
an iPad app for paying bills caused Citibank to double the charge for customer
payments between July and December 2011. Some customers using their iPads
to settle their cable bill or mortgage payment, for example, actually paid twice
(Protess, 2012).
A major problem with software is the presence of hidden bugs or program
code defects. Studies have shown that it is virtually impossible to eliminate all
bugs from large programs. The main source of bugs is the complexity of
decision-making code. A relatively small program of several hundred lines will
contain tens of decisions leading to hundreds or even thousands of different
paths. Important programs within most corporations are usually much larger,
containing tens of thousands or even millions of lines of code, each with many
times the choices and paths of the smaller programs.
Zero defects cannot be achieved in larger programs. Complete testing simply
is not possible. Fully testing programs that contain thousands of choices and
MIS_13_Ch_08 Global.indd 335 1/17/2013 3:10:20 PM
