5.

1 Information Systems Security

Information systems are frequently exposed to numerous styles of threats which might
cause differing kinds of damages which may cause significant financial losses. Information
security damages of a corporation like SHOBKICHU can range from small losses to entire data
system destruction. The results of assorted threats vary considerably: some affect the integrity of
knowledge while others affect the supply of a system. A threat is additionally outlined as “A
potential for violation of security, that exists once there are a circumstances, capability, action, or
event which may breach security and cause damages. That is, a threat could also be a possible
danger which can exploit vulnerability."

Currently, organizations like SHOBKICHU is struggling to know what the threats to their
information assets are and the way to get the required means to combat them which continues to
pose a challenge. There are many security risks in e-commerce business, but we wish to say top
five that may impact within the competitive market. They are:

1. Phishing: The business if attacked by phishing will lose its sensitive information like username,
passwords and customer are going to be gifting away MasterCard details as phishing is commonly
finished malicious reasons by disguising as a trust worthy entity in a transmission

2. DDoS attack: A DDoS attack happens when a hacker sends a flood of traffic to a network or server so
as to overwhelm the system and disrupt its ability to work . These attacks are usually wont to knock an
internet site or application offline temporarily and may last for days at a time, or maybe longer. This
attack can make the knowledge system stop and make their e-commerce site out of service.

3. Malware may be a combination of two terms- Malicious and Software. So, Malware basically means
malicious software which will be an intrusive program code or a anything that's designed to perform
malicious operations on system. In an e-commerce business any sorts of malware (like virus,
ransomware, trojan etc.) are often dangerous and harm company’s Security system and make it
vulnerable. So, SHOBKICHU’s Reputation could also be in danger at some point.

4. Third-party Entry – Cybercriminals prefer the trail of least effort. Senior management and therefore
the board of directors are ultimately liable for the danger that third-party vendors, contractors and
systems impose on the enterprise. It can impact several damages like- Reputational damage to brand,
products, and/or services, loss of customer trust and relationship.
5. SQL injections: The injection of malicious SQL parameters pass to the database in the server
could damage the whole database or steal data so we can conclude that it can merely destroy an
e-business. Database can manipulate by hackers than any e-business can not stand a chance to
complete against other e-businesses. So, the security employee should make the cloud server
more secure and using a two-step authentication for data management.

Two IT security risks cause severe damage:

So, from these identified risks Phishing and DDoS attack are most likely to cause severe
damages to Shobkichu.

Phishing: Phishing is the fraudulent use of electronic communications to deceive and take
advantage of users. Phishing attacks pose a continuing threat to the e-commerce and are
becoming more and more complex. The potential business effects of spear phishing are quite
serious in e - commerce. Breaches of customer data are costly and embarrassing. Almost any
kind of organizational data can be valuable, whether it be to commit fraud or access an
organization’s network. (VadeSecure,2018)

How to Prevent Phishing Attacks

SHOBKICHU should educate employees to stop phishing attacks, particularly the way to recognize
suspicious emails, links, and attachments. For shobkichu, variety of steps are often taken to mitigate
both phishing and spear phishing attacks:

Two-factor authentication (2FA) is that the best method for countering phishing attacks, because it
adds an additional verification layer when logging in to sensitive applications. 2FA relies on users
having two things: something they know, like a password and user name, and something they need, like
their smartphones. Even when employees are compromised, 2FA prevents the utilization of their
compromised credentials, since these alone are insufficient to realize entry.

Email filters that use machine learning and tongue processing to flag high-risk email messages.
DMARC protocol also can prevent against email spoofing.

DDoS attack:
A distributed denial-of-service (DDoS) attack is an attack during which multiple compromised
computer systems attack a target, like a server, website or other network resource, and cause a
denial of service for users of the targeted resource. For these reasons, learning the way to stop
and stop these attacks is crucial to business operations and success.

How to Prevent DDoS Attacks

It’s possible to stop a DDoS attack with careful planning and security measures. the primary
thing to know is that DDoS attacks can happen to anyone, albeit your business is little or
relatively unknown. While many attacks occur for business reputation issues, even smaller
businesses are often targeted by DDoS hackers. There are several measures that you simply can
use to guard your business from a DDoS attack:
1.Planning and Recognizing the Signs of a DDoS Attack

Precaution is usually the simplest defense against a DDoS attack. Recognizing a DDoS attack in
its early stages is incredibly helpful though not all DDoS attacks are easy to defend and identify.
Investing in the right technology, training, and expertise can help in analyzing the difference.
Using an Anti-DDoS service is usually recommended, and planning an excellent incident
response program is typically helpful. To start, set up a DDoS response plan.

3. DDoS Protected VPN: Anti-DDoS VPN service hides the real IP from the attackers and
filters the incoming traffic to website or server through its anti-DDoS mitigation servers. After
connected to the VPN, all the unwanted traffic will route to VPN provider’s server. It’s only
possible through the “DDoS Protected Dedicated IP”.

4. Contacting ISP provider

Not only a company suffers from a DDoS attack, but also ISP feels the effects. A company can
call their ISP in the event of the DDoS attack and request them to trace the source of the attack
and re-route their traffic as per their recommendations.

Furthermore, while choosing an ISP, a company can make sure if they have any DDoS protective
services available.

5.Specialized On-Premises Equipment

This is almost like “Do It Yourself” therein an enterprise is doing all the work to prevent the
attack, along-side purchasing and deploying dedicated DDoS mitigation appliances. These are
specialized hardware that sits in an enterprise’s data center ahead of the traditional servers and
routers and are specifically built to detect and filter the malicious traffic.

Tools for Preventing DDoS Attacks

There are a few tools we recommend for preventing and stopping DDoS attacks.

Security Event Manager: For keeping track of network behavior and flagging threats before
they become overwhelming for a security information system.

Cloudflare: Cloudflare offers a resilient and scalable tool that mixes multiple DDoS mitigation
techniques into one solution.

Imperva: The Imperva DDoS protection tool keeps the whole network safe and shielded from
attack by using high-capacity packet processing.