Cyber Security Assignment: Mitigation Plan for B&C Insurance Company
Question
Task: For this cyber security assignment, you are required to write a 2500 words mitigation plan for threat report based on knowledge you gained about threat types and key factors.
Cybersecurity help organizations to mitigate threats/risks, reduce financial loss and safety violations, decrease unethical behaviour, improve customer satisfaction, and increase efficiency, as well as to maintain these improved results. Threats can be resolved by Risk Acceptance (doing nothing), Risk Transference (pass risk to an externality), Risk Avoidance (removing the feature/component that causes the risk) and Risk Mitigation (decrease the risk). This assessment gives you an opportunity to demonstrate your understanding of cybersecurity and your capability to explain Risk Mitigation strategies for such threats. Mitigations should be chosen according to the appropriate technology and resolution should be decided according to the risk level and cost of mitigation.
Answer
Introduction:
The assignment is based on mitigation plans against identified threats. Organizational activities are co-related to technical expertise since organizations use the latest technologies in the modern world. As per the case study scenario, a mitigation plan is built for B&C Insurance Organization to mitigate ransomware threats. In this assignment report, 1st part consists of cyber trends and also 2nd part explains the challenges of cyber-security for business. On basis of cyber-security, non-ethical and also ethical queries are discussed. This report's next part highlights the mitigation plan, identification of cyber-threats, ransomware in the B&C Insurance Organization. The recommendation part including the effective mitigation plan is attached.
This assignment report explains threat priorities, ransomware attacks, cyber-security concerns, and mitigation plans, etc. any reader easily analyze each point of this assignment and also utilize how cyber-hackers can access organizational systems and breach several client details. Reader analyzes this whole report with B&C Insurance-related case study scenario.
Threat Priority Settings:
Assignment-related this part is based on threat priorities settings. Also, this portion explains ransomware attacks that may cause cyber-attack. Information technology-related professionals, executive management are all concerned about this ransomware attack. In 2017, cyber-attack occurred close to 36%, and this percentage is gradually increased today. Like, in 2013, about 500,000 malicious applications occurred and in 2015, this attack is grown almost 2.5 million. In 2017, there are 3.5 million ransomware attacks that occurred approximately including 77% of malicious applications.
As per the case study B&C Insurance scenario, the main issue is that this organization has no plan to mitigate ransomware attacks. Because of this main reason, this organization is unable to protect the system as well as sensitive data against this attack, ransomware. Supposed few organizations (20%) have no data recovery plan or mitigation plan to secure organizational system from a ransomware attack and another hand, at least 40-42% of organizations have data recovery plan as well as data backup-plan but all plans are not updated (Bazzoli, 2018). Because of these reasons, organizations cannot secure or protect organizational systems as opposed to malware attacks.
Ethical & Technical Consideration for Cyber-Security:
Ethics can easily manage an individual's behavior, and also it is an essential part of cybersecurity's defense mechanism. Cybersecurity has different kinds of principals including black-hats-criminals. It can secure the system against cyberattacks. System protection is not so possible without legal rules and business ethics (Tavani, 2013). Most organizations or corporations use modern technologies for protecting sensitive data from hacking. All companies ought to protect essential data by implementing Encryption technology, Data-Loss-Prevention, etc. After that, organizations are able to mitigate cyber threats to protect sensitive data.
Risk identification based on case study scenario:
This assignment is based on a case study scenario of B&C Insurance Organization that is founded in 1965. This organization is one kind of health insurance organization and also a private association. H.Q. of insurance organization (B&C) is Newyork and company has several branches in Hong Kong, Spain, Australia. This organization wants to communicate effectively with its branches through a secured network. As per the case study, the CEO of B&C Insurance Organization has received an illegal ransom email from an organization that is unknown to CEO and management department. The illegal email consists of threats and unknown organizations that have Overall 200000client details. It is unbelievable that when the CEO of B &C Company has cross-checked it, then CEO Has noticed that consisted of 200000 client's details are similar to B& Company's client details. All seniors of the management department and CEO have found the dark web. To get relief from hackers or attackers, all seniors & CEOs take decisions to consult with an experienced group of cybersecurity (Rossi, 2014). Group Experts demonstrate risk identification in the below part of this assignment.
i. SIEM solution has been configured for detecting malware attacks with this ability. Then, it is used in malware attack detection and it can do that easily.
ii. Applications of anti-malware software & antivirus program are able to detect malware applications and Ransomware attacks (Yaqoob et al., 2017).
iii. Built-in-functionality in a computer system can determine ransomware attacks.
iv. Hackers develop an application of malware into a system that's why antivirus programs cannot identify this developed malware (100%). So, Overall 50% is identified through using antivirus program and also undefined part has remained.
v. Running software applications has to be eliminated whenever any program or software shows any abnormal behavior (Rashid, 2017). Then ransomware attacks will be mitigated. However, these all ways always assist to identify ransomware attacks and risks also in the company.
Applied standard mitigations strategies against threats:
To minimise risks, B&C Business Insurance Company must take following recommendations (malware threat, ransomware attack). The insurance firm may then safeguard all customer information using threat mitigation methods.
i. While data is being recovered in the cloud, users should verify the security and privacy of the relevant data inside the cloud.
ii. There are other options, such as improved endpoint security, to minimise ransomware assaults. Firewalls and VPNs are commercially available and can be configured on mobile devices, laptops, tablets, and desktop computers to protect the network. This tool's functions are to modify as well as monitor systems on a regular basis (Vacca, 2014). Even when the functional update is not performed, hackers may simply get into outdated systems. In addition, privacy as well as updates must be maintained at the network level. Low risks should be applied to detect ransomware attacks and mitigate them in accordance with this guideline.
iii. According to the survey, an estimated 11.6 million accounts may be compromised by 2020. Using the protected network, you may manage the black web. Ransomware assaults may thus be addressed(Vacca, 2014).
iv. Attackers may employ phishing attempts to steal account numbers and personal information from an organization's customers. Employees are being trained to prevent fraud, social engineering, and phishing schemes in order to minimise a ransomware assault.
v. To reduce ransomware assaults, developing policies, and providing tools to promote effective security. An organization's security hygiene should be maintained. For reducing disruption within the entire system, use the protected network (Death, 2017).
vi. Keeping every network, privacy, and user interface patched to the most current release. Keep the network security with strong login credentials and access controls. In the corporate world, associate IT safe and security with the finest tools and procedures.
vii. Deploy up-to-date anti-virus-based software and prevent working with data in emails, shared folders, and chats. This firewall mechanism must be upgraded and validated in the system(Death, 2017).
viii. Disconnecting compromised devices as quick as feasible is required.
ix. Extract all associated files that have been encrypted through cyber-intruders.
x. A day's worth of shared files is limited. It is solely for the purposes of a business case. Mitigation technologies description against any ransomware attack: Based on the case study scenario of B&C Insurance Organization, this part describes mitigation plans against ransomware attacks. When any developer attempts vulnerabilities improvement on the network over then there will be difficulties. After securing the network in an organization, Cyber hackers are unable to attack the system.
In this related part, I, as a cybersecurity expert, will discuss essential ways to mitigate ransomware attacks.
Recommended ways are following-
Firstly, the Host system ought to be separated within the network. Otherwise, the company or corporation should face losses. If it is not done quickly and carefully, then the system, as well as the corporation or company, will be more vulnerable (Gresham, 2016).
This technique must have to verify and components of technology must be gathered before implementation. Network-Acess-Control, a technical component, has the capacity to close the system by notifying alerts on current occurrences.
Next, it is to separate shared files that are already hacked by cyber attackers. While the network maybe not to be separated, and then it could be done through permission cancellation of sharing files during the disconnecting time(Gresham, 2016). After providing limitations on the encryption process, users are able to access the different files.
Secondary tasks are-
Ransomware Category Findings:
There is a major task to identify the class or category of a ransomware attack. But this is not an easy process. To analyze it, there are different tools. Like, sandboxes provide technical analysis descriptions in order to malware solution.
Clean up:
Firstly, it is needed to clean up the host back to bring recovery. A method is considered a "wiping up" system. The faster process and also restore system has been imaging.
Recommendations for mitigating risk depended on risk impact and risk level within the system:
Threat Number:1
Description: Bugs Risk
|
|||||
RiskLevel: High |
LikelihoodandConsequencesRating: Possible |
||||
Explanation: Cyber-attackers can easily attack the system through bug risk. This risk can make a system more vulnerable. Later, attackers can access the system and breach security privacy (Mandel, 1998). |
Explanation:
It might be possible. |
||||
ImprovementandRecommendation: There are required updated server machines and client-machine software for mitigating this risk. This is because; most of the time, old versions have bugs risk. |
|||||
Techniques(AvoidRisk): An upgraded security patch requires to be updated. |
|||||
Extreme |
High |
Medium |
Low |
VeryLow |
Threat Number:2
Description:
Security Risk |
|||||
RiskLevel: Extreme |
LikelihoodandConsequencesRating: Almost certain |
||||
Explanation: Security risk can breach client details that are too much important for the organization (Wheeler, 2011). |
Explanation: This risk is occurred at any time. |
||||
ImprovementandRecommendation: To mitigate this risk, firewalls and antivirus have to be updated into the computer system. Later, the system will be strong to prevent this security risk. |
|||||
Techniques(AvoidRisk): Firewall and antivirus requires to be updated. |
|||||
Extreme |
High |
Medium |
Low |
VeryLow |
Threat Number:3 Description: Incompatibility Risk |
|||||
RiskLevel: Low |
LikelihoodandConsequencesRating: Unlikely |
||||
Explanation: Employees in companies use old systems connected with the network with low security that’s why cyber-hackers easily access old system’s security to theft private data of organizations. |
Explanation: Old version is not applicable in company. It cannot connect with few devices. |
||||
Recommendation: Must use the standard device to interconnect with the secured network in the company. To access data, there is required another segment in the network. This way can mitigate incompatibility risk. |
|||||
Techniques(AvoidRisk): Modern or updated version is required. |
|||||
Extreme |
High |
Medium |
Low |
VeryLow |
Threat Number:4
Description: Employee Risk |
|||||
RiskLevel: Medium |
LikelihoodandConsequencesRating: Rare |
||||
Explanation: Few times, it has seemed that employees in the company break down the system. |
Explanation: Employees have no proper skills. |
||||
Recommendation: To mitigate or prevent this employee risk, there is a required authenticity protocol prior to allowing any access to the system. |
|||||
Techniques(AvoidRisk): Employees should require proper knowledge on cyber-security. s |
|||||
Extreme |
High |
Medium |
Low |
VeryLow |
Prevention methods against ransomware attacks:
This section of the study discusses preventive methods for ransomware in companies. Thus, all preventative measures are-
• Data recovery & Data backup:
Data backup and also data recovery may assist in the customization of data and the recovery of all material after a threat of ransomware attack. Tested to ensure data can be retrieved promptly in the event of a cyber-attack using encrypted information (Thakkar, 2017).
• Use MSSP:
MSSPs (Managed-Security-Service-Providers) contribute to security and safety planning. MSSP offers comprehensive security services like as network management and simulated phishing assaults. For combating the ransomware or any cyber-attack, a managed security service provider (MSSP) must be engaged.
• User Security training:
The most effective method to avoid the ransomware or cyber threat is via security awareness training. Customers are granted security training to help them prevent typo squatting and phishing. The corporation can then avert cyberattacks (Kok et al., 2019).
• Employ endpoint security:
Endpoint security should be used by businesses to avoid malware assaults. Only the effective antivirus software can completely protect against harmful malware. To protect the system, updated or enhanced the endpoint privacy and security that employs (Artificial Intelligence) AI and (Machine Learning) ML for data capture must be utilised.
Recommendation action for Risk Prevention to the CEO:
The suggested method for mitigating the CEO's danger is described in more detail in the next section of the assignment-related report.
• Devices connected to the organization's network should also be disconnected if they have previously been compromised by antivirus software or malware.
• It was critical to notify the security personnel as soon as possible when a traumatic event like this occurred.
• It is not permitted for anybody within the group to restart the computer system.
• It is also required in order to fully purge the system of harmful PCs and viruses.
• After a computer has already been compromised, it is necessary to clean the accessories associated with the machine.
Security procedures, Software Whitelisting, as well as Reliable Backup techniques must all be readily resolved by the Business & Communication Foundation's Insurance in combination with this strategy in order to merely reduce ransomwareattack(Thakkar, 2017). Having a thorough understanding of the main elements and potential dangers is essential for reducing the likelihood of being attacked through external parties, including such those in the healthcare-based insurance industry that need access to information connected to client’s privacy information. In information security, the most suitable kind of data is detected and saved via the evaluation of different types of electronic information, guaranteeing that it really stays genuine and kept until it is desired to be used in the future. Computer devices are increasingly being utilised by criminals and computer hackers in the course of fraud, online crime, and the distribution of malware (Thakkar, 2017). The expansion of Digital Forensic investigations in law enforcement, homeland security, and public administration has helped in the prevention of a wide range of cyber-related crimes and dangers. To effectively monitor for and track down thieves who attempt to penetrate a corporation's network infrastructure, it is critical to assess the infrastructure on a continual basis. Providers of property and casualty insurance should exercise extreme caution in the information they collect, preserve, and retain.
Conclusion:
As per the above-mentioned study conducted by the Business and Communication (B&C) Foundation, identification theft and unauthorised access were caused mostly by the inability or lack of skills of the foundation's employees, as well as the foundation's weak and inadequate infrastructure. The inadequate technical competence of the foundation's workers is a significant danger that may result in a catastrophe within the industry at any moment, as well as the leaking of business-related information to the general public, at any time. A further, and perhaps more significant, point is that the previous technical paradigm portrays the system as very susceptible when it is connected to a network link or the internet. The comprehensive information required by the foundation is often kept securely using database software, and as a result, the recorded data should be accessed as soon as possible. Nevertheless, if the information or data transmission channel is not sufficiently robust and secures the potential of data privacy being violated as well as the possibility of information being scammed exists, and must be considered. It is possible to get the company under control even after a ransomware assault has exposed customer personal information and business plans. Also recommended is that insurance company having a comprehensive ransomware mitigation strategy.
References:
Bazzoli, F. (2018).Ransomware attacks drop as organizations raise defenses. Health Data Management (Online), (jul 17, 2018). https://lesa.on.worldcat.org/v2/oclc/9023081066
Death, D. (2017).Information security handbook : develop a threat model and incident response strategy to build a strong information security framework. Packt Publishing. https://lesa.on.worldcat.org/v2/oclc/1019827284
Gresham, T. (2016).Mitigating ransomware.Sc Magazine, 27(2), 50–50.https://lesa.on.worldcat.org/v2/oclc/6019400798
Kok, S., Abdullah, A., Jhanjhi, N. Z., &Supramaniam, M. (2019).Prevention of crypto-ransomware using a pre-encryption detection algorithm.Computers, 8(4), 79–79.https://doi.org/10.3390/computers8040079
Mandel, C. E. (1998). Risk managers have important role to play in exterminating millennium bug problem. Business Insurance, 32(47), 25–25. Mandel, C. E. (1998). Risk managers have important role to play in exterminating millennium bug problem. Business Insurance, 32(47), 25–25.https://lesa.on.worldcat.org/v2/oclc/5272358704
Rashid, F. Y. (2017). Fault for ransomware attacks lies with challenges security teams face. Computerworld Hong Kong, N/a. https://lesa.on.worldcat.org/v2/oclc/7115532193
Rossi, C. (2014). A risk professional's survival guide : applied best practices in risk management (Ser. Wiley finance).Cyber security assignmentWiley.https://lesa.on.worldcat.org/v2/oclc/879469587
Tavani, H. T. (2013). Ethics and technology : controversies, questions, and strategies for ethical computing (Fourth). Wiley.https://lesa.on.worldcat.org/v2/oclc/809789615
Thakkar, D. (2017). Preventing digital extortion : mitigate ransomware, ddos, and other cyber-extortion attacks. Packt Publishing. https://lesa.on.worldcat.org/v2/oclc/990784725
Vacca, J. R. (Ed.). (2014). Cyber security and it infrastructure protection.Syngress.https://lesa.on.worldcat.org/v2/oclc/861526594
Wheeler, E. (2011). Security risk management : building an information security risk management program from the ground up (Ser. Itpro). Syngress.https://lesa.on.worldcat.org/v2/oclc/722800242
Yaqoob, I., Ahmed, E., Rehman, M. H. ur, Ahmed, A. I. A., Al-garadi, M. A., Imran, M., &Guizani, M. (2017). The rise of ransomware and emerging security challenges in the internet of things. Computer Networks, 129, 444–458. https://doi.org/10.1016/j.comnet.2017.09.003