1. Risks to Privacy from Collecting and Storing Data on a Computer
Explanation: Risks to privacy from collecting and storing data on a computer are the chance of losing control of a program or personal information that is stored on a computer. This can also refer to the destruction of personal data that is being stored. Possible hackers, viruses, malware, and more getting into your personal information and programs can be a risk caused by many factors, such as data breaches, lapses in personnel online security, or failure to be cautious about suspicious sites, emails, or messages.
Real-World Examples: A real-world example of risks to privacy on computers is the Equifax data breach that occurred in 2017. This leak happened due to the company not updating its software in order to fix a vulnerability in its security. As a result, hackers were able to get into the systems and leak over 147 million people’s personal information, including their social security numbers, birthdays, addresses, and more. Another example of risks to privacy from storing data on computers is the Target data breach that happened in 2013. In this situation, hackers were able to get into Target's databases using a third-party vendor, allowing them to leak 40 million people's debit card information and 70 million people’s personal information. One last example of risks to data stored and collected on computers is the Aadhaar data breach that took place in India. After the database was hacked into, over one billion people’s information was leaked, and hackers were then able to sell this data.
Risks and Concerns: There are many risks and concerns to how personal data is stored on collected online, including, but not limited to, data loss, viruses, and data privacy violations. Data loss on computers can be really horrible, as the files lost may potentially be gone forever if no backups are in place. Viruses can be easily accidentally installed on computers if you’re not careful with suspicious links, and these viruses can also lead to massive data losses, data breaches, and personal information leaks. Lastly, when storing information on a website, the owners may violate privacy laws, leading to unwanted leaks of your information on the site.
Solutions: Some solutions to help stop data losses, data leaks, malware, and more could be to do virus and malware scans often, as they can help find, locate, and stop a virus or malware before it’s too late. Another solution to this problem would be to encrypt data to ensure that you’re the only one who can access your data.
2. Misuse of Computing Resources and How They Can Be Protected
Explanation: The misuse of computing resources and how they can be protected refers to the protection of computers from being used inappropriately for illegal and unethical reasons. The protection can come in many forms, such as access control, extra security, and more.
Real-World Examples: In 2019, a hacker broke into Capital One’s customer records, resulting in 100 million people’s personal records being stolen. The hacker was able to break into the files due to a misconfigured firewall, which allowed him to gain unauthorized access to these personnel files. A way to protect from this misuse could be to limit access so that users can only get into the bare minimum of places they need to go to do their jobs, thus preventing unauthorized access to sensitive files. Tesla was also attacked by cryptojackers in 2018, causing the cryptojackers to plant cryptomining malware in Tesla’s Amazon Web Services in order to mine cryptocurrency. The cryptojackers were able to break into the Web Services, allowing them to corrupt it with malware. Protection from this type of misuse could include having multiple strong and hard-to-guess passwords riddled in the systems, making it incredibly hard for outside hackers to get into sensitive databases. Finally, in the case of Accenture in 2016, their customer data was leaked because of misconfigured Google Cloud storage buckets. Because of this lapse in judgment, many people’s personal data was left publicly available. This was the fault of Accenture, as they accidentally left this data exposed for anyone to see. Protection in this case could have been to have firewalls put in place, allowing for the prevention of the personal data being exposed to the public.
Risks and Concerns: Risks and concerns with misuse of computing resources can include the risk of cryptomining via cryptojackers, as they can break into systems and corrupt them with cryptomining malware systems. Another risk is that of insider threats, as employees from within the company can, depending on their role, gain access to personal data of many, and if that person decides to steal that information and use it for malicious purposes, they can easily do so.
Solutions: There are many solutions to stopping the misuse of computing resources and protecting personal data. One of these solutions is allowing only a minimal amount of access to employees at a company, thus limiting the chance of an insider threat. Another solution would be to provide training to company employees on safe online practices. This training could include educated staff members on online attack tactics, such as phishing, suspicious links, and more.
3. Unauthorized Access to Computing Resources
Explanation: The unauthorized access to computing resources refers to how hackers get into sensitive and personal data, files, or information when they’re not supposed to have access to these files. Hackers can gain access to these computing resources by exploiting weak passwords, using phishing tactics, and tricking users into downloading malware.
Real-World Examples: SolarWinds was hacked in 2020 by hackers who were able to place unauthorized malware code into the SolarWinds software update. Once users, including agencies in the U.S. government, downloaded the new software update, the hackers were given a backdoor into systems involved with these users. In 2020, hackers attacked Twitter employees with a social engineering scheme designed to trick these employees. The plot eventually worked, as the hackers were able to gain access to an internal administrative tool, allowing them to hijack popular accounts in order to promote a crypto scam. In 2022, a former Cash App employee decided to improperly gain access to millions of customers' data. He then downloaded this data, resulting in financial losses for customers. This occurred due to Cash App failing to terminate his access to sensitive data when he left the company.
Risks and Concerns: Unauthorized access to computing resources can come with many risks and concerns. These include risks to government security, like what happened in the SolarWinds case, individuals, such as what happened with the Cash App situation, and risks to employees, as like what happened in Twitter’s case.
Solutions: Solutions to stopping all of these unauthorized cases of access to computing resources include multi-step authentication, as this can drastically decrease the chances of a hacker successfully getting into a system. Another solution is regular security updates, as this can ensure that software always has the best security available to fend off hackers.
