Information security. The price of a mistake

Started by JustinC, Aug 24, 2022, 03:25 AM

Previous topic - Next topic

JustinCTopic starter

Quite a lot of people are well aware that any miscalculations and mistakes entail consequences that can turn out to be more than deplorable. At the same time, as was rightly noted in the commentary to the first article "Fundamentals of information security. Part 1: Types of Threats "the concept of information security is much broader than the scope of the IT industry and miscalculations and errors in ensuring which can affect everyone, regardless of the field of activity.

Let's start with the most mundane but no less painful to the more interesting ones.
"Why me" or "For what"?

However, small and medium businesses suffer from knowledge theft much more often than large corporations. Even statistics find it difficult to count the victims in that segment, since many owners do not even realize that the fact of a leak has taken place, since they have no tracking and analysis tools in principle.

In the 21st century, the problem of data leakage, unfortunately, concerns absolutely everyone. There are thousands of reasons for this that a vile insider worked, the employee does not know the basic security rules when working on the Internet. Or, for instance, competitors get access to the latest developments of the company, which has very serious consequences for it, since as a result of such leaks, all the funds spent on research and development are actually donated to competitors.

Leaks of financial documents, especially at those moments when the company is, let's say, not in the best shape, can also quite predictably carry very serious consequences, up to bankruptcy. Or let's say hаckers used various vulnerabilities and so on. If you do not want such an incident to put an end to the company's activities, you should at least make backup copies of information. In this case, they will at least make it potential to restore work if, say, the database or the entire system has been encrypted.

"According to the results of the WannaCry malicious software distribution, the facts of compromising the resources of credit institutions were recorded. The consequences of these incidents were eliminated as soon as possible."

Among the hardest hit by the virus is the British Public Health System (NHS). Many of its hospitals and clinics were forced to send patients home because staff could not access computer information. The systems of the main German railway operator Deutsche Bahn also suffered.

Since the major players in the market understand the consequences of potential threats in knowledge security and spend sufficient funds to ensure protection, medium and small businesses are most vulnerable and the consequences for business owners can be more than deplorable or even terrifying, as in the following instance.

In October 2017, an unknown person found a flash drive on the ground, which revealed detailed info about the security systems of the UK's largest airport, Heathrow.

In particular, maps of the location of security cameras, tunnels, emergency exit shafts, as well as patrol patterns and a description of the ultrasonic radar system used to scan the perimeter and runways were found on the drive.

The airport administration, however, has already stated that it is confident in the effectiveness of its security protocols. Regarding the data leak, the airport has launched an internal investigation with the intention of finding out how this could have happened and preventing recurrences.

In any case, a serious correction of these procedures is now needed. The airport is also facing serious reputational losses and, most likely, an investigation of the incident at the level of the Government and Parliament.

Another of the high-profile examples occurred In September 2017, one of the largest personal data leaks in US history became known. The hаcking of computer systems, which affected almost half of the country's population, took place at the Equifax credit bureau, as reported by the company itself.

According to Equifax, cybercriminals exploited a vulnerability on the company's website and gained access to certain files from mid-May until the end of July 2017.

Lost were social security numbers, dates of birth and, in some cases, driver's license numbers. In addition, the credit card numbers of about 209,000 Americans and a number of claims documents containing personal data of 187,000 Americans fell into their hands. On September 9, 2019, the company's quotes fell by 14% by the time the main exchange trading ended.

Other less painful but no less unpleasant cases include periodically appearing news about the leaking of intiмate photos of celebrities, which may not directly incur commercial losses, but reputational ones for sure. Including in the flesh and up to commercial ones, if someone's affair surfaced in the photo, which could destroy the marriage and significant amounts could be paid under the marriage contract.

So in early September 2015, a massive leak of intiмate photos of American celebrities took place on the network. Among the victims of hаckers were such actresses as Jennifer Lawrence, Kirsten Dunst, Emma Watson.

The photos of which were found on the The Fappening forum, where hаckers posted, including two videos of an intiмate nature and 123 photos of Emma Watson. There were also much more candid shots of Seyfried vacationing with actor Thomas Sadoski, to whom they have been engaged since September 2016.

Experts suggested that hаckers could steal the pictures by hаcking the "cloud" service iCloud.

However, in my opinion, the most interesting and large-scale cases of errors in knowledge security, which, on the one hand, cost many hundreds, if not thousands of victims, and on the other, saved lives, occurred during the First World War.

An outstanding instance of French electronic espionage was the interception of a long message given to the German ambassador in Paris from the German Foreign Office, containing a note declaring war, destined for transmission to the French government. The French, who had already crаcked the code with which the message was encrypted, not only intercepted the sent message, but also distorted its content to such an extent that the German ambassador at first could not understand anything in it, and the French in the meantime received valuable time to prepare for mobilization.

The British intelligence services also distinguished themselves by crаcking top-secret German codes and for three years were able to intercept and decipher all messages that the German Foreign Office sent to their foreign embassies.
The British managed to keep this under wraps and give only the slightest hint to their American allies when the Germans, who were completely unaware of their intelligence leak, tried to push Mexico into the war with the promise of assisting in the annexation of the US states of Texas, Arizona and New Mexico. .

The German colleagues did not remain in debt either. At the front, between divisions, the telephone was the usual means of communication, and therefore rather cunning ways were invented to eavesdrop on enemy communications. During trench warfare, troops mainly used single-wire, grounded telephone systems. Since the only wire was on its territory, the military command was convinced that the enemy could eavesdrop on their conversations only by directly connecting to the line.
They were not at all concerned about eavesdropping and therefore took no precautions. This belief, as it turned out, was completely unfounded and the first to know about it was the British Expeditionary Force in France, which already in 1916 began to realize that the Germans managed to anticipate and prevent their operations with annoying regularity.

Everything looked as if the Germans were receiving copies of the orders for the planned advances of the British troops. In fact, the Germans created an apparatus that, by means of a network of copper wires or metal rods dug in as close as potential to enemy lines, could receive even the weakest currents created by the grounding of the British telephone system. Ground stray currents and leakage currents were picked up and amplified with a newly invented, very sensitive amplifying tube.
Thus, the Germans had the opportunity to take advantage of the enemy's unsystematic use of telephones, intercepting their messages through grounding. As soon as this original system was discovered, the British immediately came up with an apparatus capable of blocking the propagation of sound through the earth within a certain radius of the radiation source. This device not only put an end to enemy interception of telephone conversations, but also led to the development of a new system for intercepting telephone conversations through the ground.

As you can see, the mistakes made in the development of an information security system, as well as in the use or ignorance of the means and methods of protecting knowledge, in any field of activity can have from insignificant to tragic consequences.


Ensuring and maintaining information security includes a set of diverse measures that prevent, monitor and eliminate unauthorized access by third parties. Information security measures are also aimed at protection against damage, distortion, blocking or copying of information. It is important that all tasks be solved simultaneously, just then a full-fledged, reliable protection is provided.


It is important to pay attention not only to this aspect of security, but also to the fact that now almost all companies doing online business are required to comply with all legal requirements and "know your customer". Any dubious transactions can also lead to the loss of the site, e-wallet, business. Therefore, it is necessary to observe business hygiene first of all. Then there is less chance to get on hаckers and suffer.


The main threat comes from insiders, company employees who have decided to develop their business at the expense of the employer's resources, or find a new job, simultaneously capturing everything that is bad. For example, a customer base.
The last year has clearly demonstrated that even hаckers do not care about small businesses, because their security system is easy to hаck.
The most striking example is the WannaCry and Petya A viruses, which put companies from small to large on both shoulders. Of course, according to tradition, the media got stories about large mastodons of business who felt firsthand what a blackout is. Small companies that have lost their working capacity, for days and even weeks, no one really counted. It's not as interesting and exciting as discussing a big mammoth that has fallen into a lethargic sleep.

"It will never touch me" is a key mistake of business, regardless of shape and size. In the XXI century, the problem of data leakage, unfortunately, concerns absolutely everybody.