CYBER SLIDES
Threats
Cybersecurity threat refers to abnormal or malicious activities that strive to alter, damage or steal data and disrupt the entire system life. Examples of cybersecurity threats include Denial of Service(DoS), data breaches, and computer virus attacks.
Malware
Malware is a software intended to harm computer systems, clients, servers, and networks by installing malicious code to gain unauthorized access to the computer. The malicious code does not allow the computer systems to follow commands and bait the user into loading a malicious program. Malicious Software Attack includes unauthorized access, computer viruses, worms, ransomware, spyware, trojan horse, adware, rogue malware, and scareware. The main goal of cyber attackers is to access your device and network without your permission and to alter or destroy your data. (Johnson, 2015).
Ransomware malware restricts users from accessing their own machines, devices or files and usually target individuals or organizations with a lot of money. Attackers use phishing emails to penetrate into the organization’s network by sending an email with a link or attached document that will entice the user to click (Hassan, 2019.
Phishing
Our organization experiences some phishing threats. Phishing attacks occur when attackers send emails appearing to be from trusted sources to gain personal identifiable information (PII). Targeted phishing emails used as clickbait on employees. Phishing emails can be used by an attacker to trick a user into clicking a malicious link to lunch a ransomware attack. A phishing attack can be termed as a type of social engineering that uses fraudulent means to gain access to confidential information of end-users such as PII, username, password, bank, passport information, and network credentials. The Cyber-attacker begins by, infecting the computer, then request for a ransom that must be paid before they give access back to the user. Once the user’s computer has been infected and the attacker wants them to become aware of the Ransomware, they will receive a message to pay the money, and in most cases, the payment does not guarantee that attackers will hand over the secret key or give back access to the user. Cybersecurity best practices suggest that attackers never give the user back their access users, and users must desist from paying the ransom to attackers (Wiener, 2018).
Man-in-the-Middle attack
Man-in-the-middle is deploying attacks such as IP spoofing, email spoofing, session hi-jacking, and WiFi eavesdropping to steal data to gain access to confidential information and PII. (Johnson, 2015).
Unauthorized Access
Cyber-attackers use dubious methods to gain access to an organization’s network, data, applications, website, server, and username and password, in order to access data in a system without the permission to do so (Johnson, 2015).
Cross-site scripting (XSS)
The attackers utilize the cross-scripting to collect and discover network information, capture screenshots, steal cookies and access and control the unsuspecting user’s machine and ultimately steal the PII and other credentials sensitive to the organization (Johnson, 2015).
Denial of service (DoS)
DoS is a volume-based attack that includes UDP floods, spoofed floods, and ICMP floods. The target of the attack is to overwhelm the bandwidth of the attack web server, which generally uses single internet connectivity and a single computer to disrupt the network and alter data.
Loss or Theft
The stolen assets of an organization can be used by an attacker to compromise the integrity, confidentiality, and availability of data. An attacker can utilize information on a stolen laptop, switch, or hard disk to get access to log files and internal network information to log in remotely or to acquire administrative rights to cause damage to the network.
Insider Threat
Disgruntled third parties, vendors, former employees, contractors, and business associates within an organization can use sensitive information against the organization. An employee may use Inside information like legitimate access to computer systems, servers, data, security practices, and user privileges to attack the organization’s network system or database system (Johnson, 2015).
Social Engineering
A Social Engineering attack utilizes more human factors by using psychological tricks to bait an employee for confidential information. Phishing, spear phishing, whaling, and setting up pre-texting attacks are some of the methods used for social engineering (Johnson, 2015).
Vulnerabilities
Vulnerability in the realm of cybersecurity refers to a weakness that the cyber attacker can exploit to gain access, alter, steal or destroy unauthorized information in an information system.
Information System Hardware
Information system hardware represents the physical components that are part of an information system. There are several vulnerabilities associated with the hardware components of an information system, making it accessible and easily exploited by attack vectors. Weaknesses in hardware are due to old devices with expired security mechanisms or hardware drives incapable of self-encryption, old routers, computers with conventional BIOS, and the use of computers without Trusted Platform Module (TPM) or PreBoot Authentication (PBA) (Sengupta, 2017). These are myriad loopholes cyber attackers exploit in hardware to infiltrate and stealthily manoeuvre to gain access to secured levels. Malware is an attack vector for a device. Malware is a generic name used to represent malicious codes such as viruses, worms, rootkits, and Trojans. Cyber attackers use malicious codes because these codes live within the firmware’s physical components; it will survive the reimaging of the system or complete hard drive(s) replacement (Eclypsium, 2018). Attackers deploy malware in devices for numerous purposes, to test the system, or exploit it.
The information system software is a program used to manage the resources of the computer system. There is several system software such as the operating systems, networking software, computational science software, game engines, and some software utilities. Information system software can be a source of various cybersecurity vulnerabilities. Some of the software vulnerabilities that attackers exploit include unpatched plugins, web browsers, operating system, and legal custom applications. Patching and updating software help improve the functionality and bring security features up to par with more secure versions. However, failure to patch and update software leaves them vulnerable to attacks. Other software vulnerabilities include bugs during software development, issues with libraries, components, and dependencies. With these vulnerabilities, attackers can launch various attack vectors to exploit the vulnerabilities. Attackers can use multiple malicious codes that target to paralyze the normal functioning of the targeted software. Cyber attackers also often use code injection attack vectors to take advantage of programming bugs in software. Code injection attack vectors that a cyber-attacker can use are SQL injection to tamper with the database or use Cross-site scripting (XSS) (Guedez, 2018). Hackers and actors who employ these attack vectors are black hat hackers whose intentions are to exploit the vulnerability for malicious purposes. Spy hackers employ these attack vectors to gain access to confidential information.
An operating system is system software that provides a platform for essential computer functions such as hardware management, software resources, and standard services for computer programs. The operating system falls under the categories of the system software. Like other software, an operating system has several vulnerabilities that can be exploited using various attack vectors. Some operating systems can have security weaknesses due to the design or operation and management. Also, during programming, an operating system can be deployed without proper debugging, leading to exploitable bugs (Nord, 2017). Failure to update and patch the operating system to newer and improved versions creates potential vulnerabilities.
Attackers can exploit these operating system vulnerabilities utilizing various attack vectors. Like in the case of the information system software, the vulnerabilities in the operating system can be exploited using deploying malware attack vectors. Malware attack vectors include the use of viruses, worms, and Trojans deployed by cyber attackers to spy or affect the integrity and availability of the operating system (Guedez, 2018). SQL code injections are another common attack vector used by cyber attackers targeting the operating system. An attacker can insert malicious codes or SQL statements to the operating system that can affect its interaction with the database or even expose sensitive data (Tunggal, 2020). The actors who employ these attack vectors are hackers with malicious intentions, such as to interfere with the normal functioning of the operating system or steal information use these attack vectors to improve the security posture of the operating systems.
With the recent increase in the reliance on the internet, many organizational activities have transitioned to the internet. The internet presents a huge security problem because of the vulnerabilities associated with the use of internet services. Telecommunications also involves the use of a network to facilitate communications between systems and between systems and users. There are several vulnerabilities in telecommunications that can easily be exploited by cyber attackers when there are no proper security mechanisms. Some of the network vulnerabilities include open wireless access points, data leaks in network cables, misuse of email, and insider job. Internet vulnerabilities are due to broken authentication and session management, inability to limit access to URLs, network misconfigurations, invalid redirects and forwards, and inadequate safety of the transport layer. (Rafique, 2015).
Due to these vulnerabilities, attackers can utilize various attack vectors such as Cross-site scripting, Distributed Denial of Service ( DDoS), session hijacking, phishing, brute force attacks, SQL injections spoofing, modification, sniffing or traffic analysis, eavesdropping and keyloggers (Tunggal, 2020). A cyber attacker can use one or a combination of these attack vectors to gain entry into the telecommunications system, with each of these attack vectors achieving specific goals. In most cases, the actors and hackers who employ these attack vectors are white and black hat hackers. White hat hackers exploit vulnerabilities and propose how to improve security while black hat hackers use these attack vectors to achieve malicious activities. Some grey hat hackers and hacktivists use these vectors to bring specific information to light or bring attention to a social issue.
Humans play a significant role in cybersecurity. However, they can be the cause of various cybersecurity vulnerabilities. With the increasing trend of bringing your own device (BYOD), many organizations do not have proper security policies on BYOD hence presenting a wide array of vulnerabilities when employees connect to the company network or use these devices to access and manipulate company data. Human factors also include unprotected email or data, malicious insiders, compromised or weak credentials, insecure downloads, and weak access policies (Sebescen, 2017). Also, vulnerabilities emerge due to careless employees such as those who knowingly or unknowingly give away critical information and security administrators who fail to patch and update systems, perform security checks, configure security settings and set up security policies. As a result, cyber attackers try to get to employees using various attack vectors. Most attackers utilize social engineering attack vector against organizations and individuals. A cyber attacker uses social engineering to obtain confidential information from people in an organization for malicious purposes and, in rare cases, to help improve security mechanisms (Guedez, 2018).
Cybersecurity Risks
In the cybersecurity field, risk refers to an event or occurrences that cause damages to organization reputation and direct financial loss as a result of compromise or failure of interconnected information system.
BYOD
Our organization embraced Bring Your Own Devices policy allowing employees to carry their own devices to work and utilize with the organization’s information, network or systems software. Bring Your Own Devices has several advantages to the organization incorporating enhanced productivity, higher employee retention and hiring, lower operation, and IT costs. However, such benefits come with adverse impacts on security. Bring Your Own Devices can lead to data breaches in an organization. Endpoints
Endpoints can be weak links in network security attacks, and for an organization to adequately protect itself from a cyber-attack, it must strengthen its in-depth defence strategies. Endpoint security is the practice of offering safeguards to machines that connect to the organization network with the ultimate goal of protecting the network and information. Endpoint security is the organization’s overall security posture. Examples of endpoints are the WiFi and routers, tablets, smartphones, computers and desktop and internet of things (IoT).
Mitigation
Intrusion Detection System (IDS)
One of the most efficient ways to counter the above cybersecurity threats in the organization is the utilization of network security tools such as Intrusion Detection System (IDS). The IDS or intrusion prevention system has a couple of known common attack signatures and compares it to the incoming traffic signatures list. Although IDS plays a crucial role in the examination of a potential attack, it does not have the capability of preventing the attackers from entering the organization system or network. IDS enables our organization to analyze the individuals attacking our network or system and what they are injecting on it.
After a known event is recognized, the IDS generate a log report describing what occurred for analysis. Intrusion Prevention system situated between the firewall and the other parts of the network prevents abnormal or malicious activities from entering and spreading to our system or network. IPS system act as a security guard who can stop attackers from entering a network such as blocking connections, and when it recognizes a familiar incident, it rejects the packet based on preconfigured rules and Indicators of Compromise (IOCs). Intrusion Prevention Systems act based off of malicious behaviours. IDS report the attack whiles IPS will act to prevent the attacking from happening; that is why it is important to have both an IDS and IPS work together as a good security strategy for the network against future attacks.
The organization can strengthen their IDS/IPS systems to include classification of malware files, operating system files, malicious URLs, network traffic, or known malicious email addresses. It a must that a security expert updates the IPS or IDS with policies and threats, and all traffic controlled 24/7 while the organization is functioning as a mission-critical. It is very important to tune the IDS/IPS devices properly so as to avoid the generation of false responses to true threats that makes it difficult to identify true threats and mitigating these threats promptly. If your security devices repeatedly send false alarms, the security team can ignore the actual alert/attack that results in a massive breach or attack.
Encryption
Encryption is a technique of converting data to make it unusable or unreadable unless the user has the correct key to decrypt. Encryption protects data on devices during transmission and keeps intruders from copying or transferring information. Our organization can utilize full disk encryption as it makes it possible to encrypt the entire hard drive. Most commonly utilized encryption standards are the Advanced Encryption Standard-256 and Rivest, Shamir, Adleman standard.
Policy on BYOD
The organization practices BYOD, and as such, it should expect the employees to utilize personal gadgets for various purposes. With the accessibility and ease of smartphones and laptops, employees can access their own accounts, such as emails despite the BYOD policy. Creating a firm BYOD policy and incorporating it in the handbook for new and existing workers so that all are aware of what is and is not acceptable will help curb the number of attacks on the organization’s network. Updated regularly as new work practices and new technologies emerge.
Use of Two-Step Verification
Two-step verification should be a must when accessing the organization’s sensitive data and information. The organizations should also encourage the employees to enable two-step verifications in their online applications or personal apps. Two-step verification reduces the chances of cyber-attackers to successfully gain access to employees account that may make them obtain information that can facilitate their ill motives on the organization’s network.
Virtual Private Network (VPN) Connectivity
Cyber-attackers can spy on people’s internet activity and potentially obtain key information from unsuspecting individuals who utilize unsecured WiFi networks in an organization. The organization must enforce that employees should use VPN when accessing certain organizations services. The use of a VPN helps to curb the possibility of revealing critical organization information while utilizing unsecured networks. Utilizing VPN encrypts and secures connection as well as safeguarding the information send online from cyber-attackers.
Employees training
Annual security awareness training is a necessity to ensure that employees understand the risks associated with using personal devices on corporate networks. Educate employees on why they should inform the management when they change devices, why the organization needs a VPN to gain access to some services. Training employees on the new cyber threats and risks, and keeping them updated is important towards overcoming cybersecurity challenges in an organization. Training will help workers comply with the laydown rules or lead to a better chance they will comply with them.
Mobile device management (MDM)
It is software that helps the organization to protect its information when a device is stolen, lost, stolen, or incorrectly given to a new owner. It allows the IT departments to wipe the device of the organization data remotely. Mobile device management also enables the organization or an individual wipe hard drive or factory reset the device entire before it lands on the hands of a wrong person.
Implementing Agile Endpoint Security System
The organization should also implement Agile Endpoint security software. The agile endpoint security system consolidates everything ranging from antivirus software to different security tools such as logging, patching, whitelisting, encryption and Firewalls. All of these tools function under one system to safeguard an organization’s multiple endpoints and many other types of threats to security.
COSTS
With the recommendations mentioned above, some costs need consideration before implementing them. With patch management, annual patch management costs involve the cost of patching events against the number of reported vulnerabilities and the number of patch events. It is also dependent on the cost of the organization patch management tools. With such tools, the hourly efforts of endpoint patching estimate at around ten hours per system annually. The time includes the system assessment, assembly, and testing, deployment, failure resolution, and helpdesk.
Security software maintenance costs such as IDS/IPS, firewalls, and antiviruses depend on the organization’s number of devices used and the duration. Ensuring security is a great benefit to the organization, although it cost the organization financially. Overall, the return on investment on these recommendations is high since the cost of a cyber-breach is more than the cost of these preventive measures.