IT is a broad subject concerned with all aspects of managing and processing information, especially within a large organization or company. Because computers are central to information management, computer departments within companies or universities are often called IT Departments. Some companies refer to this department as IS (Information Services) or MIS (Management Information Services). IT professionals must possess the right combination of knowledge and practical, hands-on expertise to take care of both the organization’s information technology infrastructure and the people who use it.
Planning and managing an organization’s IT infrastructure is a difficult and complex job that requires solid foundation in applied computing as well as management and people’s skills. There are important software systems concerns such as reliability, security, usability and effectiveness and efficiency for their intended purposes and all these concerns are vital. There are many reasons why organizations use IT in running of their businesses.
These are the reasons why organizations move from manual processes to automated ones using information technology: i) Reduce Uncertainty Turning data into information is now within the control of the computer. Computers can do things which human are unable to perform. Data are rendered in a very fast manner, so computers are used to manage the flow so that the end result is very certain. Ii) Reduce Cycle Time Using IT can really save a lot of time in doing things. Any process that is repetitive like building cars, drawing animations for movies, or drawing blueprints, can be sped up through the use of IT based automation. Ii) Reduce the cost of creation This is obvious in a movie making company. All those computer generated special effects in an animation movie are excellent examples of products that can be created for a fraction of the price using computers iv) Improve Archiving Records are kept or archived effectively using computers than people. Accurate record keeping is a function that we have turned over to computers. V) Mining Data Because computers allow us to review data, we can produce knowledge much more effectively.
IT excels at filtering huge quantities of data to create context and relevance. Vi) Speeding Up Decision-Making Computers operates data in a very fast manner which makes it generates the end result efficiently and effectively. Thus, users can make fast decision making at any given time. A growing reliance on computers to work and communicate has made the control f computer networks an important part of information security. Protecting the security of computer networks, especially when they are connected to the internet has become a real challenge to a company.
Most large organizations have their own local computer network, or intranet, that links their computers together to share resources and support the communications of employees and others with a legitimate need for access. Information technology security is controlling access to sensitive electronic information so only those with a legitimate need to access it are allowed to do so. There are three main objectives or information technology security and they are confidentiality, integrity and availability of data.
Using of IT is so important in this modern era that every company create a department just to explore and enhance their IT capabilities. The following talks about the importance of IT security in a company. i) Communication Policies The main step to implementing information policy is ensuring that the staff understands the steps they are taking as well as the reasons for taking those steps. The information security policies imposed have to be not so strict so that it could serve everyone according to their working needs. ) Password Implementation Password security policies should be set only as restrictive as they need to. A password security policy that requires passwords to be rotated too often or a policy that complicates password, can annoy staff and increase the likelihood of subversion. Iii) Physical Access Nearly any commercial technology can have its security overridden by a knowledgeable person who has the capacity to modify its hardware. So it should not be made physically available to these people. Iv) Networks Interactions Networks should be separated into public and private zones.
Information that is ally private should never have physical connections to the internet or any other public network v) Encryption All sensitive documents should be encrypted before they are stored on hard drives or sent over through any network. Therefore, files should be encrypted automatically by the software that is being used. SQ: Cellos is focused on high growth low penetration emerging markets. Its core business is to provide prepaid and postpaid mobile communication services besides providing many other services.
Always striving to be the best telecommunications service provider in the country and to outperform its vials mainly Maxis and Dig, Cellos continues to struggle to invest in network coverage, capacity and performance. It intends to maintain its technology leadership and positions itself as the country’s best mobile service provider. In line with its market focus and positioning strategy, we focus on a more sophisticated segment management, enhancing as well as creating new products and services beyond voice.
As a telecommunication company, Cellos rely so much in the use of IT and always finding ways to enhance their systems so as to be able to compete in the market and to meet its target as the best network revived in Malaysia. A device called Wife is connected to a network resource such as the Internet via a wireless network access point within range of a wireless network at their premise. Moreover, Cellos network coverage is wide, cheap and fast. All employees are using email as the primary communication tool to receive news, updates, memos and so on from the upper level and headquarters.
Meeting is also held via e-Meeting or meeting conference by using live video camera. Another way to connect with their employees is via IBM, SMS, MS and G. In order to protect their confidentiality of the company, each branch has a ere strong firewall to protect the system and website from hacking activities. A Fingerprint Attendance System is used to record Cellos employees’ attendance. Telecommunication companies like Cellos are a big target for cyber-attacks because they build, control and operate critical infrastructure that is widely used to communicate and store large amounts of sensitive data.
Telecommunication companies control very critical infrastructure and the impact of an attack can be very devastating. Even false claim of an attack can force a telecommunication company to shut down its critical services that customers and businesses rely n. Telecommunication companies store personal information of their customers such as names, addresses, identification numbers and financial data. This sensitive data compel cyber-criminal to blackmail customers, conduct identity theft, steal money online or launch further attacks.
Another critical threat unique to the telecommunications sector is the attack of leased infrastructure equipment, such as home routers or modem from Internet Service Providers (Sips). Hackers would steal data, launch attacks, store ex-filtrated data, or access to expensive services such as international phone calls. The following are some f the most frequent attacks on Cello’s IT security. Identifying the problems, contributing causes to the problems and impact the problems caused to Cellos are discussed here. ) Government-sponsored hackers launch privacy attack Cyber spies could gain access to Cello’s communication channels for surveillance purposes by incorporating malicious software on a spoofed social media page of privileged users within the company. The attackers could be associated with a government agency that wanted to spy on large groups of mobile phone users. The attack is an extremely sophisticated combination of several techniques. They would first spoof the personal social media pages of these privileged users.
Then they install malicious software on the spoofed pages of the user’s computers, taking advantage of their elevated system privileges to penetrate deeply into Cello’s network. Thus, enable them to access to mobile communication data for surveillance purposes. The size and scope of the attack will do significant damage to Cello’s reputation and confidentiality of its infrastructure. This also could cause the customer concerns about privacy, which is a major issue for Cellos as a whole. Ii) False claims could do real damage to
Cellos A large telecommunication company like Cellos could host the nation’s critical infrastructure. For example, a teenage hacker COUld gain access to hundreds of Cello’s servers and then publishes a list of user names and passwords he claims to have stolen from Cellos. This could force Cellos to temporarily suspend their entire network channels causing services to a halt. It later turns out that the data is obtained from a different company instead of Cellos. The attacker could be an individual teenager who is hacking for fun and ego gratification, bragging about his accomplishments in online forums.
A website not related to Cellos is exploited to export data from the database containing customer information. The hacker then selects users from Cello’s domain in order to make the public believe that Cellos has been compromised. Cellos does not have the proper processes in place to determine if it has been compromised, thus, assumes the published data is stolen from its systems. In response, Cellos is forced to suspend all affected network channels which could anger a lot of customers and prompts many to switch to another service provider.
The fact that Cellos is unable to conclusively determine if the leaked ATA has actually originated from its systems gives the impression that it does not handle security breaches well. Iii) Thief steals laptop or PC containing sensitive customer information It could happen that one of Cellos network staff, in violation of the company policy, has stored a lot of unencrypted sensitive customer information on his laptop or PC. The sensitive customers’ information could be mobile numbers, names, identification numbers, email addresses, postal addresses, genders and banking information.
The attacker could be a petty thief who is only interested in stealing the laptop or PC, not the data. Although the technique of stealing a physical laptop or PC is not sophisticated or specifically relevant in a telecommunication sector, the type of data that resides in the laptop or PC could bring very high impact on Cellos if this happens. The thief may not have any need or have no intention of violating the data that is in the laptop or PC, but all affected customers need to be informed of the incident by Cellos. This could lead to loss of trust on Cellos.
Extensive media coverage on the incident could cause significant embarrassment and reputation damage on Cellos. Iv) Security Attack on Wireless Broadband WIFE that is not password protected is not safe as it tend to be open to virus attack by hackers. Any security attack that might reach a PC must be done through LANA. It cannot pass through WAN (internet) because only the internet router would be attacked. WAN has a build-in firewall which could ignore the attack. Virus attack by hacker through WAN becomes visible when a user is connected directly to the net, like broadband service offered by Cellos.
WAN network that Cellos is providing is not strongly monitored and the network hackers are hard to be detected. Cellos offers a low and small IP address range which causes it easy to be hacked. This problem, if not attended to seriously by Cellos will cause it to lose its broadband subscribers to another broadband service provider which is more advanced, reliable and secure. V) Sharing of intellectual property (IP) Today organizations share increasingly more data with third parties, vendors, partners, and customers.
One type of data that should not be freely allowed to leave the enterprise, however, is intellectual property (IP). Among operators, IP can include sensitive data such as long-term marketing plans, documents pertaining to mergers and acquisitions, financial data, and research and velveteen documents. This type of information which may be targeted for long-term economic gain is becoming increasingly valuable. As with any type of data, as the value of IP increases, so does its appeal to cyber criminals. People have been hacking telecommunication companies for decades.
These hacking activities are resulted from systems not really protected and it is easy to evade and redirect calls for high-tech professionals. Other attacks could be attacks on metering, attacks on signaling, attacks on switching and configuration, attacks like mobile phone cloning, attacks on the billing systems and many more. These re very much related to networks and specifically high-tech systems are used to hack them by very well trained individuals and companies who have different reasons for launching the attacks.
The mechanism adopted to prevent this has proved inadequate as the rapidly growing complexity of the systems opened up to many more vulnerabilities. It could be ranges from social engineering attacks on users through poor design and management of terminal equipment to the exploitation of various feature interactions which are hard to predict. Overall, the security problems that telecommunication companies are facing have been the exult of environmental changes which include deregulation, which cause many competitions in the market.
SQ: A successful security attack on a telecommunications operator could disrupt service for thousands of phone customers, sever Internet service for millions of consumers, cripple businesses, and shut down government operations. Today’s telecommunication companies like Cellos are constantly sharpening and evolving their capabilities to exploit new vulnerabilities of IT security attacks. Addressing these threats will require that Cellos approach activities and investments with comprehensive, up-to-the-minute knowledge about information assets, ecosystem threats, and vulnerabilities.
Operators like Cellos have made many longstanding contributions to critical infrastructure and technology innovation to safeguard their systems from various attacks. The following are my proposal that should be implemented to enhance Cello’s information system security. i) Getting Malaysian government to involve in the security measures Cellos needs to work closely with the relevant authorities to assure its customers information is protected in accordance with Malaysian law. The Malaysian Communications and Multimedia Commission play a role n implementing information network security.
It is empowering it to “ensure information security and network reliability and security. ” The Malaysian Communications and Multimedia Commission conducts grass root level awareness programs to promote understanding and implementation of sound security measures for users and service providers of communications and multimedia services. A holistic approach is the best as technology can only go so far towards information security and adopting the correct attitude that cement it further.
It is high time for the Malaysian government to recognize that IT security s a national security issue, and that it is time for the various IT security-related government and quasi-government agencies to come together and strengthen the nation’s IT attacks defense. Malaysia has the expertise to protect cyberspace security to ensure the systems of the administration and other main institutions in the country are not intruded by foreign elements. Cellos needs to be extra vigilant and perhaps a bit more circumspect in addressing all these issues to protect their systems. i) Using Fierier security solutions Malaysia is one of the top 10 countries exposed to advanced persistent threats Apt) in Asia Pacific and Japan, with variants from the mallard families. Half of the mallard detected in the region are targeted mallard. This means there is a person behind the attack specifically going after the companies. Hackers can just simply disguise themselves as job applicants and send documents or resumes to the human resource department. The malicious code, embedded inside the Word document, would become active once the file is opened.
Fierier is a company that offers security solutions to telecommunication companies. Fierier will help Cellos to build specific environment that will allow Cellos to see all he behavior of the piece of code. Fierier has a sophisticated algorithm that can classify any sets of code, traffic and documents, into whether they are malicious or not. Fierier could also assist Cellos by offering Cellos security solution via their cloud platforms. It would be bundled as a service, fully equipped Cellos lines to address targeted threats. Cellos customers who want to address these threats can just add the service on top of their existing platforms. Ii) Using of BABE Systems Another alternative for Cello’s information system security is using of BABE Systems. BABE Systems has developed a product called Mobile Protect which can be deployed into the core telephone network. It can filter out viruses that attack mobile devices such as smartness and tablets, enabling them to browse company data securely and at the same time be protected from attacks that steal sensitive data from these devices. BABE Systems and Cyber Security Malaysia has signed a memorandum of understanding to establish a general framework for potential future collaboration in IT security.
Thus, any company in Malaysia who wish to strengthen their company IT security measure can now do so. Both BABE Systems and Cyber Security Malaysia have agreed that it is necessary to establish and strengthen cooperative efforts related to the development of capacity and capacity in information security and tap commercial opportunities in the provision of IT security solutions in Malaysia. Iv) Using of Massive systems Massive COUld also assist Cellos in minimizing IT security risks. Their special intelligence services helps firm to grow safely in a risky digital environment.
Today’s telecommunication industry is a complex mix of varied technologies deployed over the years. It is being increasingly targeted by hackers looking o disrupt and intercept network communications. Attacks are coming from individuals, companies and even government-sponsored agencies. It is found out that the telecommunication industry such as Cellos is still using old security practices that may be ineffective in detecting and counteracting today’s sophisticated IT attacks. Missive’s Stratus, Global Early Warning System provides cyber intelligence and internet monitoring solution with unrivalled accuracy and quality.
The platform is proactive in locating data loss, threats, and impending attacks to an organization. Massive aligns its pioneer technology to locate ND flag security incidents which are violating regulatory policies. These can be customized for any areas of concern for telecommunications companies, including internal security infrastructure. V) Using Vast system for broadband users Vast system is a good IT security measure for Cello’s broadband users. Vast will alert the users about any attack being performed by the WAN through different ports and different ways.
It is able to prevent all attacks from entering and thus will keep the laptop or PC safe from attacks. In most cases, users do not see their virus attacks clearly because they do not have strong antivirus that an keep an eye on everything like files, downloads, emails and even websites that are surfed. The Vast system that is used should be the latest and advanced version. If the users have such strong antivirus, they will receive notification from Vast warning them about the attack in real-time. Vast is very strong to monitor the network and activity of the PC or laptop to ensure it is free from all kinds of attacks.
Vast has a build-in on boot scanner which is really powerful and helps to kill the virus by scanning the virus without starting the normal windows. Vi) Strengthening company rules on policy violations Cellos needs to strengthen its company rules in terms of violation or breach of policies. Strict monitoring should be done especially to customer service, marketing and network personnel as these are the groups that deal directly with the customers on a daily basis and who have direct access to the information data of the customers such as names, mobile numbers, identification numbers, address, income details and so on.
Only a few trusted executives should be appoint to hold the alarm combination of the office so that no authorized personnel is allowed to enter the office or access to Cellos customer information systems as and when they wish out of office hours. During operational hours, computers or laptops of these personnel should be monitored in the company’s efforts to avoid leakage of sensitive or protected data from leaving the office. Feeling of sense of belonging and trust should be embedded in every staff so as to be able to carry their duties in a very sincere and trustworthy manner.
Often times, attacks on company’s data are violated by the employees themselves so Cellos should take strict measures to avoid this from happening to its organization. Trainings should be given to the employees on the impact f breaching the company rules. Employee awareness is a key component of fighting this type of attack, which often originates as well-researched pashing exploits that prompt specific users to click a link or document contained in an e-mail. No security program will be effective without employee awareness, unfortunately a security basic knowledge is lacking at many organizations. i) Proper agreement with third-party cloud providers It’s imperative that Cellos implement policies that form the basics of cloud security, including data encryption, protection of business-critical data, ensuring hat service providers adhere to security standards, and regulations regarding where data can be stored, among others. They should also require that third- party cloud providers agree to follow Cello’s security practices. There are certain sensitive data that must not be shared with third parties.
These data if wrongly shared or released to unauthorized company or individuals will bring great negative impact to Cellos as a whole. Thus, if the business dealings are forced to share the information, agreement must be done between Cellos and its business partners so that those information is kept confidential amongst hem only and the third-party should not release those information to another company. It is found out that very few telecommunication companies have taken steps to ensure the privacy of these data. Cellos should start by implementing it in their efforts to prevent attacks on their systems.
Relatively little research has been done outside phone company and intelligent agency lacks on issues related specifically to phone fraud and wiretapping. However, there is growing interest in protocols and other mechanisms for use with novel telecommunications services. Next-generation value-added services are bound to introduce new vulnerabilities. The interaction between all these communications and security protocols, and the mechanisms used for distributed systems security, is fertile ground for both interesting research. Ways to enhance these protection tools to make sure our technology is safe from IT attacks are evolving all the time.
The systems or measures used to protect a company system at present might not be of any use in the future as technology is always enhancing to higher levels. Telecommunication businesses tend to be comparatively adept at managing information security risks. And many are taking action to achieve an enhanced level of ongoing insight and intelligence not ecosystem vulnerabilities and dynamic threats. Companies like Cellos must be ready to invest in this expensive research so as to be able to aggressively compete in the intense telecommunication market and to be able to sustain itself in this industry.
Today, information security is a discipline that demands advanced technologies and processes, a skill set based on counterintelligence techniques, and the unwavering support of top executives. As telecoms operators become more similar to technology companies, they will face a raft of new challenges. Core practices like employee awareness and training, policies and lolls to reduce insider risks, and protection of data, including intellectual property, will need to be updated.