6.3 - Impacts

Exam Board:

OCR

Specification:

2016 - Unit 2 

If a risk to data (see 6.2occurs then there are a number of different impacts that may consequently negatively affect an organisation. ​

Loss of Intellectual Property

This term refers to anything that an organisation or individual has designed, developed or created themselves.

 

For an individual, this could be a manuscript, artwork or piece of music. For an organisation, it could be primary data they have collected, blueprints for an upcoming design or a report following data analysis. The subsequent impact of having intellectual property depends on the property itself and how easy it would be for the victim to recreate or recollect the data. Competitors that stole intellectual property could use it at their advantage or the effect of an upcoming announcement to the public would decrease if it was leaked ahead of time.

 

In 2017 HBO suffered large property leaks when Game of Thrones episodes were stolen before air date resulting in pirated versions appearing online well before they were due to be shown on TV. 

Loss of Service and Access

If usernames and passwords are stolen then individuals may be unable to access services that they have paid for, an example being if WiFi details were stolen so that a hacker can access the internet using someone else's account. If a hacker is permitted access to a system they can change the account settings such as the password to lock out the original owners of that account, leaving them without access.

 

Other services can be targeted with malicious attacks like a DDOS attack so that users cannot log into a web page or online service. If users cannot access an account they may use alternative methods and providers, such as avoiding one type of cloud storage provider that has let them down and choosing another.

Breach of Confidential Information

Confidential information is of a highly sensitive nature and could lead to other negative impacts if it got into the hands of unauthorised people. Confidential information, such as medical histories, should be stored securely with multiple physical and logical protections in place to ensure that it keeps its integrity.

 

If confidential information was breached then it could lead to a loss of reputation as the holder would be regarded as ineffective at protecting the data. Legal consequences would also follow as the Data Protection Act (2018) would be broken: fines, court cases and even imprisonment would be possible further impacts. An organisation would expect to see penalties from the Information Commissioners Office (ICO) if they failed to protect personal details by breaking the DPA.

Loss of Third Party Data

Many organisations will store data not only for its own purposes but for other individuals and businesses too; a key example being cloud storage providers. Users can store data on public cloud services such as Google Drive or DropBox and access their information using the internet from any networked device they please.

 

If services like cloud storage services are hacked or knocked offline (e.g. because of an attack or network problems) and data is lost then customers, especially those that pay, will be furious. This will lead to a loss of reputation, trust and even legal proceedings if personal and sensitive data is lost. Larger businesses will use private cloud storage, hosted in data centres that they maintain themselves, to avoid relying on third parties.

Loss of Reputation

Organisations spend years to build up a reputation where customers trust them and want to use their products or services. Data loss can immediately destroy that reputation and cause once-loyal customers to look elsewhere and choose their competitors.

 

Failing to keep data safe means that an organisation has been unable to follow their legal and moral duty of keeping information secure and could lead to a loss of trade, resulting in reduced earnings and sales.

Identity Theft

If an individual's personal information is stolen by attackers then one impact is identity theft - when the attacker uses the victim's data for fraud or impersonation. Identity theft can lead to financial loss to the victim if loansproducts or services are purchased in their name. The victim may have to contact their bank and other organisations to cancel transactions and there is no guarantee their money will be returned. Credit checks may be affected, leading to future financial difficulty for the victim.

Threat to National Security

If data of a classified nature (such as military arrangements, security weak-points or upcoming government plans) is lost and falls into the hands (most probably by hacking) of those who intend to bring harm to the country then the consequences can be disastrous. Spies of foreign countries or terrorists could use classified information to target vulnerable locations or events resulting in casualties. Threats could also be economic in nature if large amounts of money are stolen or redirected to malicious bodies.

Recent Examples of Security Failure 

Questo's Questions

6.3 - Impacts:

1. Describe how each of the impacts above could affect a bank storing large amounts of customer data including financial records. [12]

2. Research three recent hacking examples. For each situation describe the impacts that occurred as a result of data loss. [12]

Click the icons to read BBC News articles about recent examples of hacks and security breaches.

© CSNewbs 2020