The threat of online security: How safe is our data?

Nowadays, people rely on computers to create, store and manage critical information. Consequently, it is important for users to aware that computer security plays a major role in protecting their data from loss, damage, and misuse. Similarly, online security has been online trader’s main concern in protecting their websites from potential threats.

Since the Internet is a public system in which every transaction can be tracked, logged, monitored and stored in many locations, it is important for businesses to understand possible security threats to their business.

Confidentiality, integrity, and availability are the three main concepts of security. First, confidentiality allows only authorized parties to read protected information. Second is integrity that ensures data remains as is from the sender to the receiver. Lastly is availability which is ensures you have access and are authorized to resources.

Evidence from variety of security surveys provides a mixed picture of cyber attacks and crimes in e-commerce. Some of the trends which had been collected by Computer Security Institute (CSI) and the San Francisco Federal Bureau of Investigation’s (FBI) Computer Intrusion Squad through surveys include the following:

- Most of the organizations conduct security audits and employ a variety of technologies and procedures like antivirus software and firewalls to defend against cyber attacks. Between 65%-70% use access control lists, intrusion detection, and data encryption.

- Organizations still are reserved to report computer intrusions to legal authorities because they feared negative publicity or were worried that their competitors would use it against them.


There are many threats to e-commerce that may come from sources within an organization or individual. Followings are some of the potential security threats that can be found such as:

1. Sniffing the network - Here, the attacker monitors the data between the shopper’s computer and the server. He collects data about the shopper or steals personal information, such as credit card numbers.

2. Snooping the shopper’s computer - Most users’ knowledge of security vulnerabilities of their systems is vague at best. Additionally, software and hardware vendors, in their quest to ensure that their products are easy to install, will ship products with security features disabled. In most cases, enabling security features requires a non-technical user to read manuals written for the technologist. The confused user does not attempt to enable the security features. This creates a treasure trove for attackers.

3. Using known server bugs - The attacker analyzes the site to find what types of software are used on the site. He then proceeds to find what patches were issued for the software. Additionally, he searches on how to exploit a system without the patch. He proceeds to try each of the exploits. The sophisticated attacker finds a weakness in a similar type of software, and tries to use that to exploit the system. This is a simple, but effective attack.

4. Tricking the shopper - It is one of the easiest and most profitable attacks, also known as social engineering techniques. These attacks involve surveillance of the shopper’s behavior, gathering information to use against the shopper. For example, a mother’s maiden name is a common challenge question used by numerous sites. If one of these sites is tricked into giving away a password once the challenge question is provided, then not only has this site been compromised, but it is also likely that the shopper used the same logon ID and password on other sites.



Our advice is check your computers frequently for possible conficker infection as well as other vulnerabilities and take the appropriate action. Use protective security sofeware (antivirus, firewalls, and antiphishing tools) and keep up to date.