The Effects of Data Breaches on Costs and Sales, Essay Example

User credential related risk

VPNs avail multi-level access to the internet as well as the internal resources within the corporate network. However, some of the procedures that are employed to authenticate the devices and users at the remote end of the connection are more robust that its security. Two factor authentication is critical for the enhancement of security in such networks.

Integrity of the Internal Remote Network

Remote computer access is normally a major threat vector to the network security of the company. The remote computers may forward a potential infection to the corporates internal network from its local network environment. Worms, viruses and Trojans can infiltrate the network from a remote computer.

Public Computers’ Host Security Software

A corporate internet network can be accessed by use of Secure Sockets Layer and Virtual Private Network. However, the local computer may lack antivirus software properly installed hence they may spread worms, Trojans horses, viruses, and may create a potential weakness, back door for malicious attackers. Network virtualization is the process of combining software and hardware network resources and network usage into one software-based administrative entity called a virtual network. Network virtualization includes platform virtualization and resource virtualization.

Network virtualization can either be internal or external. External network virtualization combines several networks or portions of networks into a virtual unit, while internal network virtualization provides network-like capabilities to the software containers on a specific system. Network virtualization is one of the main building blocks of multi-tenant cloud hosting. Network virtualization technology compliments server hypervisors by allowing seamless workload mobility regardless of the underlying protocol choices and network addressing.

Keystroke loggers

When public computers are used, SSL VPN client terminals are potentially more susceptible to keystroke loggers since they may fail to meet the organization’s security standards and policies.

Man in the middle attacks

This type of attacks entail traffic interception by an attacker, accessing credentials and any other critical information. This information may be used by the attacker to access the real destination network. The attacker who serves as a malicious proxy/gateway presenting a false SSL VPN site to the user is passed the authentication to be used to access the actual destination site. These possess a security risk to the organization.

Intellectual Property and Sensitive Information Loss (End Points)

Sensitive information ranging from user credentials, customer information, and internal personnel information can be retrieved from an inadequately protected computer system. This requires endpoint type of protection to limit this type of risk.

In the event that a data breach event takes place, an organization incurs huge liability costs as a result of the breach. These liability costs include:

Exposure of clientele information that may lead to law suits from the clientele. Such law suits have huge financial implications on the company as it is pivotal and mandatory that organizations protect clients’ information.

Leakage of the organizations sensitive information pertaining to finances and operational procedures. This may lead to the organization losing the competitive advantage in the market as competition would develop strategies to counter any strategies the organization had put in place.

A data breach may lead to the organization facing further risk of theft. (De Marco, Te’eni and Albano) This is because when sensitive information on an organizations assets and their positions is leaked, in the wrong hands, this information can lead to theft of such assets as bank balances from the organization’s bank account.

A data breach may lead to an organization losing face in the market and reducing their competitiveness. This is because clients and suppliers do not wish to deal with business entities whose information security is questionable (Kim and Solomon). This leads to the organization losing clientele and suppliers, leading to considerable financial loss.

In conclusion, network virtualization is one of the most innovative advances in networking in the past two decades. It is the foundation of cloud computing, an effective and efficient technique of storing and managing data. Network virtualization has enabled the reduction of maintenance costs and has increased efficiency in management of information. However, it has also exposed its users to new types of threats.

Works Cited

De Marco, Marco, et al. Information systems: Crossroads for organization, management, accounting and engineering ; ItAIS: The Italian Association for Information Systems. Heidelberg: Physica-Verlag, 2012. Print.

Kim, David and Micheal Solomon. Fundamentals of information systems security. Sudbury: Jones & Bartlett Learning, 2012. Print.

“Networking 2005: networking technologies, services, and protocols : performance of computer and communication networks : mobile and wireless communication systems : , , , May 2-6, 2005 : proce.” 4th International IFIP-TC6 Networking Conference. Waterloo: Springer, 2005.

Peltier, Thomas R. Information security risk analysis. Boca Raton: Auerbach, 2001.