The main purpose behind this report is to give ABC Technology some suggestions to improve the security of the system and upgrade the policies of company. Also, prepare a document to give an understanding of concept cyber security to the employees of the ABCT. Company ABCT has more than 10,000 customer and worldwide reputable branches too. Company is providing VPN services and use cloud computing to store data of its customers. Company has very good business strategies and under this strategy, company gives free access of WIFI to its customer and visitor. However, company has been a victim of cyber-attacks many times. This report explores vulnerabilities of the company as well as describes some cyber threats that may affect ABCT. In the end, report recommends that strict policy and training for employee and adoption of updated security with the backup in the system can decrease the threat of attack for the ABC Technology’s environment.
Table of Contents
Day by day, the use of internet and interconnected devices is increasing drastically. But with the rapid growth in network services, increased cyber threats are hitting businesses too. These attacks not only manipulate data but also damage the reputation as well as customer-client relations too. ABCT is a company which has more than 10000 customers worldwide and was recent victim of cyber-attacks. ABCT is suffering from these types of cyber-threats and wants to improve its security and policies to secure data and network, and also to maintain the trust of its loyal customers. So, implementation of cyber-security is need of the time to protect system from cyber threats. Cybersecurity becomes wall against the attackers and prevent them to steal data from the network.
The main aim of this report is to provide document which illustrates importance of cybersecurity and how to train employees of ABCT company in concern of cyber security. An analysis on weaknesses of the organisation will be undertaken, including research and evaluation of emerging threats which need attention. Another aim of this report is to suggest some tips to the ABCT and by following these suggestions company can protect its environment.
Our academic experts are ready and waiting to assist with any writing project you may have. From simple essay plans, through to full dissertations, you can guarantee we have a service perfectly matched to your needs.View our services
This report will discuss various types of cyber-attacks and to what extent this attack can harm the company ABCT. In addition to this, this report will describe the techniques used in the attacks and who can be there behind this attack. Moreover, the report also illustrates some strategies to prevent cyberattack as well as recommendation on how to protect home and offices from cyber-attacks.
The easy and straightforward definition of cybersecurity comes from its comparison with information security. On the one side, information security protects the data from any unauthorised activity. On the other side, cyber security protects data from unauthorised online activity or access. The Stranded formal definition of cyber security is given by the International Telecommunications Union (ITU) is “cyber security is not only limited to security of data, but it is collection of policies and guidelines, security safeguards and concepts, approaches to manage risks, training and practices, and protected technology of the generation to save the cyber environment and businesses” (Hopping, & Millman, 2018).
Nowadays, it has been noticed that number of incidents related to cyber-attacks are increased, and these incidents sometimes cause not only steal data but also seriously damage to organizations and governments. Technology and sociological vulnerabilities are exploited by cyberattacks to achieve a malicious objective. These incidents emerge demand of new and sophisticated technologies related to Cybersecurity (Pereira, Santos, & Mendes, 2017,p.47). Now, in the case of ABCT, it has been a victim of cyberattacks for more than one times. It seems like ABCT does not have enough cybersecurity implementation. For example, if ABCT has cybersecurity adoption then there is no fear of data stealing and loosing customer trust. Also, adoption of cybersecurity saves cost of recovering data. So, to get safe from emerging threats and to secure its environment and reputation, it is highly demanding for ABCT to adopt cyber security.
Addressing and minimizing the risk of emerging cyber security are the first things ABCT should do before using technologies to manage IT systems and other web intelligent systems. Because, many such technologies are more vulnerable for attackers that could disrupt building operations and, worse, give hackers access to enterprise systems. Furthermore, for attackers only one weakness is enough to get into the system and take control all over the System (Omar Y. Sharkasi, 2019). In ABCT, Company use VPN, WLAN, Cloud Storage and BYOD policy for its customer and Employee. However, these services without strong security can make ABCT’s system more vulnerable.
The Standard definition of cloud computing provided by the National Institute of Standards and Technology (NIST) as “Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction”. (NIST, 2011)
ABCT uses cloud storage to store its customer-client details (More than 10,000 customers). Cloud Storage gives many advantages to the ABCT such as on-demand self-service, less expansive and so on. However, cloud storage without appropriate security can be more harmful and makes system more vulnerable. Some issues with cloud computing make easy for attacker to attack system such as cloud infrastructure, its public access of cloud-based data and access management with all users.
Also, the Cloud Security Alliance report depicts that huge amount of privacy and data security can be breached in cloud computing due to less knowledge of employee or malicious purpose of individual (Jang-Jaccard, Nepal & Guo, 2013, p.10).
Virtual Private Network is service which is provided by ABCT to its employee. VPN allows computers to connect virtually. ABCT transmits all its data by using Virtual Private Network-VPN. VPN is Strong and secure connection, but it relatively transmits information through public networks. There are many techniques to steal data from VPN. Lack of security in VPN can be most dangerous for organisation because all the information of the organisation is transmitting through VPN Service. A careful installation of Virtual Private Network is one way ahead security of network. Also, sometimes after having strong security connection , due to less bandwidth VPN may be a vulnerable for business. (“The Advantages & Disadvantages of a Virtual Private Network”, n.d.)
Company ABCT has adopted Bring Your Own Device Policy for its Employee. Under this policy, Employee can bring non-corporate device on workplace and can work on their own devices within or outside of the organisation. Of course, it may increase productivity of the company and make things easier for employees. On the contrast, it has its own challenges such as security where these devices may big issue for the company. For example, under BYOD policy, employee can bring pen drives, hard disk and some other personal devices and sometimes it is possible that these types of devices are used to steal data from organisation. Another major thing that makes ABCT’s System more vulnerable is, lack of control over these devices. For instance, it is possible that device can be stolen or accessed by unauthorised person. Moreover, if these devices are already affected by cyber crime then it may possible that by the use of these device within organisation creates way for attackers to affect whole organisation’s system (Toperesu & Van Belle, 2017,p.20).
The term ‘Social Engineering attack’ is also known as human attack and in technical language it is known as sniffer attack. Standard definition of social engineering is described as it is the simplest methods to get targeted information through pre-planned process by knowing weaknesses of targeted user.” In this type of attack, an attacker uses social engineering as a trick to exploit particular person or whole organisation (Conteh & Schmick, 2016, p.31).
In this attack, data of the ABCT might be stolen. Also, attackers do not attack directly to the system but attack a person who is a part of the organisation. The attackers may call person and create trust to fulfil its malicious aim. Another technique which may use is sending mail or by lure website. Attacker sends email which contains viruses and by opening that email attacker get targeted information. A study conducted in 2013 by TNS Global shows that 30 % of the surveyed people in the U.S. accept that they would open an email even if they had doubt that they may contain viruses (Conteh & Schmick, 2016,p.31).
Figure 1. Motivation Behind Social Engineering Attacks Adapted from “Cybersecurity: risks, vulnerabilities and countermeasures to prevent social engineering attacks”, by goggle Images, 2016. (http://dx.doi.org/10.19101/IJACR.2016.623006)
As per Many cybersecurity experts, the malware attack is favourite among the hackers to fulfil their malicious intensions. In this attack, attackers load huge class of malware into the system. Malware class contains viruses, Trojan horses, Spyware, worms and so on. As a result of this attack, machines infected by it or sometimes it opens some malware websites automatically. Sometimes it may possible that due to BYOD Policy, when employee use USB device in affected device, malware install it self in USB and then spread by this type of portable devices. So, malware can be injected from any point of the entire system. This growing number of malwares is being big issue for today’s Internet technology (Jang-Jaccard, & Nepal , 2014, p.975-976). For company ABCT, if there is no anti-malware software is installed in each device then it can be a threat for its whole environment.
Figure 2. Types of Malware Attacks and how it spreads Adapted from “A survey of emerging threats in cybersecurity”, 2014. (https://www.sciencedirect.com/science/article/pii/S0022000014000178)
The Denial of Service Attack is a type of attack where attacker not only steal or damage data but creates traffic on network. In this attack, attacker manages somehow to take control of the server and then launch Denial of service attack from inside network. To achieve this, attackers start installing virus or viruses on the network and when it goes beyond the capacity of network, traffic is created on network. As a result, no one can use the network and all network be a complex. No Productivity can take place over the network (Ben-Asher, & Gonzalez, 2015, p.55).
Ransomware attacks is the most recent and significant threat of today’s world. It references the stealing of data or access. It can be achieved by locking authorised person and then by offering a key to buy if they want access to the system. There are many effects of this attack such as lock up of scree, encrypting important files, makes threats and slow down entire system. It called ransomware because generally this attack is created for ransom (money). If ABCT has not Properly protected its system, a ransomware attacks may affect its environment and forces ABCT to either go through the complex and long running process of recovering or rebuilding its entire system by giving huge amount of money to access its own network. The main techniques behind entering ransomware into the system is by malware file or website, by clicking on spam mail or sometimes it can come from social media too (Allen, 2017,p.65-66).
In Man-in-the-Middle attack, attacker’s device is located between two participants of the communication channel. And in this attack, attacker behaves like intermediate and meanwhile changes the on-going data or decrypt the file. Sometimes, attacker inject harmful content in on going data of the network. By this attack, all the control over the network traffic goes in attacker’s hand. Also, sometimes attacker sends duplicate certificate to the user via web-browser and by accepting that certificate, user gives system control to the hackers. For ABCT is can be a threat because, user is not aware of the situation and it seems normal, but the system is already hacked (Vondráček, Pluskal, & Ryšavý,2018, p.65).
Either it is home or office, change passwords regularly and never share it with others. If possible then use two-steps authentication process where not only password but text message such as OTP or Code is required to login into the system. Never set weak password, always chose strong password. For example, password contains combination of upper and lowers case, numbers and symbols (“Top cyber security tips for businesses”, 2019).
Always be aware while opening email links or downloading file, even if it is from known person or organisation. Sometimes emails contain malware and can damage to system. By using span filtration, all unsolicited emails go into the Spam and spam alert user about this kind of suspicious content (“Top cyber security tips for businesses”, 2019).
Always secure devices with password wherever it is, because information can be stolen in a minute. Never leave devices such as PC, Laptop and even phone unattended without lock. Also, keep all portable devices such as USB or hard-drive at safe place too (“Top cyber security tips for businesses”, 2019).
Check every WIFI before connecting, either it is public or private, never share personal information or online transaction. Never trust public WIFI while working on private files and even some unknown private WIFI can steal information too. So, always use secure and trustworthy wireless network (“Top cyber security tips for businesses”, 2019).
After going through ARE Process (Area, Research and Analysis), It is concluded that ABCT Company must implement cyber-security to ensure security of its customer’s data and to maintain trust and reputation of the company ABC Technology. To reach to this conclusion, report has analysed importance of cybersecurity for victim company ABCT. The report has also deeply analysed the vulnerabilities (Virtual Private Network, Cloud computing and Bring Your Own Device Policy) of the system which could be the main reason behind previous cyber-attacks. Some research is undertaken to identify emerging cyber threats for company. Different emerging threats for the company and attacking techniques has also been evaluated. Moreover, different ways to protect home and office are suggested in the report. The report has presented recommendations on prevention of cyber activities such as setting up strong password, use spam filters, check WIFI before connecting and lock the device before leaving will be a great start. So, by giving training to staff about cybersecurity and cyberattacks and by improving security standards, company can secure environment from cyber-crime.
It is recommended to ABC Technology that after becoming victim of cyber-attacks, now company should increase the level of security in system. Company has very good reputation and customer base, but after these attacks is under question mark. Company should encourage all employees to take training about cybersecurity and also learn to keep safe. As a multi-national organisation, it is suggested that ABC Technology must upgrade the security of VPN and WLAN. Also, encrypt the data before storing it on cloud. Another thing ABC Technology should do is, day to day back up of the data. Even if in the attack company lost its data, company will not have to spend money for recovery due to advantage of back up files. Finally, company should control over the access of the system and remove ex-employees or client’s account and access from the system.
- Hopping, C., & Millman, R. (2018). What is cyber security? IT Pro, p. 1-4. https://search.proquest.com/docview/2108675837?accountid=10016
- Pereira, T., Santos, H., & Mendes, I. (2017). Challenges and reflections in designing Cyber security curriculum. 2017 IEEE World Engineering Education Conference (EDUNINE), 47-51. https://ieeexplore.ieee.org/document/7918179
- Omar Y. Sharkasi, C. (2019). Addressing Cybersecurity Vulnerabilities. Retrieved from https://www.isaca.org/Journal/archives/2015/Volume-5/Pages/addressing-cybersecurity-vulnerabilities.aspx
- The NIST Definition of Cloud Computing. (2011). Retrieved from https://csrc.nist.gov/publications/detail/sp/800-145/final
- Jang-Jaccard, J., Nepal, S., & Guo, Y. (2013). Cybersecurity threats in cloud computing. Australian Journal Of Telecommunications And The Digital Economy, 1(1), 1-17. https://telsoc.org/ajtde/2013-11-v1-n1/a4
- The Advantages & Disadvantages of a Virtual Private Network. n.d. Retrieved from https://itstillworks.com/advantages-disadvantages-virtual-private-network-8560489.html
- Toperesu, B., & Van Belle, J. (2017). Organisational Capabilities Required for Enabling Employee Mobility through Bring- Your-Own-Device Concept. Business Systems Research Journal, 8(1), 17-29 .DOI: https://doi.org/10.1515/bsrj-2017-0002
- Conteh, N., & Schmick, P. (2016). Cybersecurity:risks, vulnerabilities and countermeasures to prevent social engineering attacks. International Journal Of Advanced Computer Research, 6(23), 31-38. DOI: http://dx.doi.org/10.19101/IJACR.2016.623006
- Ben-Asher, N., & Gonzalez, C. (2015). Effects of cyber security knowledge on attack detection. Computers in Human Behavior,48(4), 51-61. DOI: https://doi.org/10.1016/j.chb.2015.01.039
- Jang-Jaccard, & Nepal. (2014). A survey of emerging threats in cybersecurity. Journal of Computer and System Sciences, 80(5), 973-993. https://www.sciencedirect.com/science/article/pii/S0022000014000178
- Allen, J. (2017). Surviving ransomware. American Journal of Family Law, 31(2), 61-68. https://search-proquest-com.ezproxy.cqu.edu.au/docview/1915305812/fulltextPDF/2C3456E0F40A4544PQ/1?accountid=10016
- Vondráček, M., Pluskal, J., & Ryšavý, O. (2018). AUTOMATED MAN-IN-THE-MIDDLE ATTACK AGAINST WI-FI NETWORKS. The Journal of Digital Forensics, Security and Law : JDFSL, 13(1), 59-80. https://commons.erau.edu/jdfsl/vol13/iss1/9/
- Top cyber security tips for businesses. (2019). Retrieved from https://www.ato.gov.au/General/Online-services/Identity-security/Protecting-your-information/Top-cyber-security-tips-for-businesses/
Cite This Work
To export a reference to this article please select a referencing stye below:
Related ServicesView all
DMCA / Removal Request
If you are the original writer of this essay and no longer wish to have your work published on UKEssays.com then please: