There are a lot of ways by which Information Systems can be compromised. Aside from the usual viruses that are known to plague computers, there are various more sinister threats sometimes bordering along the lines of action spy movies.
Yet apart from the sophisticated threats that have been discussed in class, for me, the biggest threat might be that of ignorance. It is a threat that I have constantly encountered where I work and which I am grateful for that our operations are fairly limited in their dependency on information systems that errors due to ignorance are easy to trace and repair.
When one is working with people who have lived in a time when technology developed at a leisurely pace, one will see that their level of adaptation to technology is also in a leisurely pace. Hence, when one introduces new systems, they take their time in adapting to them that soon enough a new system has arrived and they haven’t even warmed up to the old one. This then leads to several compromise in the data treated that more often than not results to poor results or below-par performance.
But a bigger threat than ignorance is outright refusal to embrace change. There are people also, who, when faced with systems too far out from their imagination, simply refuses to acknowledge the system thus ignoring it completely to the detriment of the company. It is these people that prevents progress with any kind of IS from being achieved since they flat out refuse to work with the system, stubbornly clinging to the manual processes they have grown accustomed to.
Such challenges faced above are threats in my line of work especially when one tries to convert everyone to adapt to using sophisticated information systems. One might say that those who cannot adapt must be forced to leave but such is not an easy thing to do in real life. Thankfully though, the company is still at that stage when ignorance and stubbornness can still be tolerated.
Perhaps the real actual threat to information in our company will be the fact that the servers we use for information transfer are actually web servers. Our email client is web based and we pass around sensitive company information via this channel. I have raised the alarmingly threat this may pose if the unsecured web server is hacked or if the person in possession of the sensitive files leaves and takes the files with him, but then the hint of the threat has been scoffed at. Like the ignorance and stubbornness prevalent, there is a general lack of acceptance that anything passed around via web servers is unsecured. Generally, the consensus is that, no employee in their right frame of mind would willingly sell out the company by exposing its deep dark secrets. The trust in each and every employee – from the lowest of rank to the topmost manager is absolute when it comes to the data they handle.
Although there have been proposals to migrate from a web-based server to an internal one, the costs connected are what impedes management from making the transition.
Why did I share the above sordid tale? Simply because the reality in our business is I believe true for any other business of our size and scale. The tale presented above can well be the tale of any other company plus or minus some details. Although there is a general consensus of the threats surrounding the data we hold dear to us, the move to secure those data remains elusive and not within the immediate priority. Hence, we remain stuck to our wits end, trying to secure data in a relatively unsecured environment.
- Information Systems for Managers: Text & Cases, 2nd Edition (net-security.org)